Cyber Security Workshop
Setting the Context <ul><li>Attain program objectives </li></ul><ul><ul><li>Establish need within Community College custom...
Setting the Context <ul><li>Two day workshop </li></ul><ul><ul><li>Day 1 focus </li></ul></ul><ul><ul><ul><li>Establish th...
Setting the Context <ul><li>Six modules </li></ul><ul><ul><li>Introduction </li></ul></ul><ul><ul><li>Threat & Vulnerabili...
Cyber Security
Cyber Security <ul><ul><li>Assets </li></ul></ul><ul><ul><li>Financial Data </li></ul></ul><ul><ul><li>Personal informatio...
Cyber Security <ul><li>Threats </li></ul><ul><ul><li>Hackers, crackers </li></ul></ul><ul><ul><li>Black hats and White hat...
Threat Characteristics
Internal Threats <ul><li>Unauthorized access </li></ul><ul><li>Accidental access  </li></ul><ul><li>Negligence </li></ul>
External Threats <ul><li>Hackers, crackers, script kiddies </li></ul><ul><li>Freelance information brokers </li></ul><ul><...
Cyber Terrorism & Cyber Crime <ul><li>Cyber Terrorism focuses on controlling critical infrastructure </li></ul><ul><li>Cyb...
Cyber Security <ul><li>Identify vulnerabilities to current systems </li></ul><ul><li>Plans, Policies, Procedures </li></ul...
Cyber Security <ul><li>Vulnerabilities </li></ul><ul><ul><li>Physical and procedural </li></ul></ul><ul><ul><ul><li>Firewa...
Cyber Attack Methodologies <ul><li>Various methods from simple to complex </li></ul><ul><li>Simple are often more effectiv...
Malicious Software (Malware) <ul><li>Software designed to infiltrate or damage a computer system, without the owner's cons...
Malware <ul><li>Viruses & worms </li></ul><ul><li>Trojan horses & rootkits </li></ul><ul><li>Spyware </li></ul><ul><li>Bot...
Methods of Introduction <ul><li>Email attachments </li></ul><ul><li>Phishing </li></ul><ul><li>Stegography </li></ul><ul><...
Network Architecture
Network Architecture <ul><li>OSI Model </li></ul><ul><ul><li>Establish correlation between attack mode to layer </li></ul>...
Network Architecture <ul><li>Perimeter  </li></ul><ul><li>Demilitarized Zone (DMZ)  </li></ul><ul><li>Wireless </li></ul><...
Basic Structure
DMZ Basic Structure <ul><li>A semi-trusted segment  </li></ul><ul><li>Supervisory Control and Data Acquisition (SCADA)/ Di...
DMZ Basic Structure .                                                                                            
DMZ   Advanced Structure
Intrusion Detection <ul><li>Appliance in the DMZ </li></ul><ul><li>Real time analysis and reaction </li></ul><ul><ul><li>P...
Wireless Access Points <ul><li>Wireless encryption protocol (WEP) must be enabled </li></ul><ul><li>Semi-trusted environme...
Mitigation <ul><li>Combination of Active and Passive defenses </li></ul><ul><ul><li>Active involves physical structure of ...
Active Defenses <ul><li>Access Control and Intrusion Detection  </li></ul><ul><li>Network design enhancements </li></ul><u...
Access Control  <ul><li>Passwords </li></ul><ul><li>Biometrics </li></ul><ul><li>Smart tokens </li></ul><ul><li>User manag...
Network Assurance <ul><li>Authentication </li></ul><ul><li>Logging </li></ul><ul><li>Encryption </li></ul><ul><li>Configur...
Passive Defenses <ul><li>Emergency response plans </li></ul><ul><li>Employee training </li></ul><ul><li>Regular updates of...
Employee Training <ul><li>Standardized training program </li></ul><ul><li>Key to compliance </li></ul><ul><li>Password man...
Audit and Monitoring <ul><li>Traffic analysis and correlation of data </li></ul><ul><li>Event monitoring </li></ul>
Assessments
Vulnerability Assessments <ul><li>Blue Team </li></ul><ul><ul><li>Physical security assessment </li></ul></ul><ul><ul><li>...
Audit and Monitoring <ul><li>Transparently samples e-mails, chats, </li></ul><ul><li>website activity, keystrokes, disk mo...
Legal Environment
Compliance <ul><li>External requirements for legal and ethical business practice </li></ul><ul><ul><li>Sarbanes – Oxley </...
Legal Requirements <ul><li>Agreements and contracts </li></ul><ul><li>Confidentiality </li></ul><ul><li>Proprietary data  ...
Case Histories <ul><li>TJ Maxx </li></ul><ul><li>Scada systems </li></ul><ul><li>Proprietary data  </li></ul>
Criminal Investigations <ul><li>Process of identifying, preserving, analyzing, </li></ul><ul><li>and presenting digital ev...
Criminal Investigations <ul><li>Requires detailed and precise process to prevent loss of evidence </li></ul>
Criminal Investigations <ul><li>Gathering evidentiary information  </li></ul><ul><ul><li>Requires thorough incident docume...
Criminal Investigation Results <ul><li>Internal actions </li></ul><ul><ul><li>Dismissal </li></ul></ul><ul><ul><li>Evaluat...
Post Attack Efforts <ul><li>Network Repairs  </li></ul><ul><li>Policy changes </li></ul><ul><li>Training </li></ul><ul><li...
Cyber Security Workshop
Upcoming SlideShare
Loading in …5
×

ppt

882
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
882
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ppt

  1. 1. Cyber Security Workshop
  2. 2. Setting the Context <ul><li>Attain program objectives </li></ul><ul><ul><li>Establish need within Community College customer base </li></ul></ul><ul><ul><ul><li>Small/Medium businesses </li></ul></ul></ul><ul><ul><ul><li>Interested Faculty, Staff and Students </li></ul></ul></ul><ul><ul><ul><li>50 Participants per delivery </li></ul></ul></ul><ul><ul><li>Generate interest in attending follow-on VNEL based classes </li></ul></ul><ul><ul><ul><li>Focus on liability and vulnerabilities </li></ul></ul></ul><ul><ul><li>Demonstrate virtual training capabilities </li></ul></ul><ul><ul><ul><li>Introduce WAES/VNEL environment </li></ul></ul></ul>
  3. 3. Setting the Context <ul><li>Two day workshop </li></ul><ul><ul><li>Day 1 focus </li></ul></ul><ul><ul><ul><li>Establish threat environment and vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>Provide roadmap to reducing vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>Risk and Consequence model </li></ul></ul></ul><ul><ul><li>Day 2 focus </li></ul></ul><ul><ul><ul><li>Practical demonstrations </li></ul></ul></ul><ul><ul><ul><li>Mobile equipment package </li></ul></ul></ul><ul><ul><ul><li>VPN tunnel to VNEL </li></ul></ul></ul><ul><ul><ul><li>Remote identification of vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>In class mitigation </li></ul></ul></ul>
  4. 4. Setting the Context <ul><li>Six modules </li></ul><ul><ul><li>Introduction </li></ul></ul><ul><ul><li>Threat & Vulnerability </li></ul></ul><ul><ul><li>IT System Design and Architecture </li></ul></ul><ul><ul><li>Mitigating Server Vulnerabilities </li></ul></ul><ul><ul><li>Post Intrusion Response </li></ul></ul><ul><ul><li>VNEL </li></ul></ul>
  5. 5. Cyber Security
  6. 6. Cyber Security <ul><ul><li>Assets </li></ul></ul><ul><ul><li>Financial Data </li></ul></ul><ul><ul><li>Personal information </li></ul></ul><ul><ul><li>Critical design information </li></ul></ul><ul><ul><li>System control functions for Dams etc </li></ul></ul><ul><ul><li>Proprietary data </li></ul></ul>
  7. 7. Cyber Security <ul><li>Threats </li></ul><ul><ul><li>Hackers, crackers </li></ul></ul><ul><ul><li>Black hats and White hats </li></ul></ul><ul><ul><li>Criminals and Terrorists </li></ul></ul><ul><ul><ul><li>Russian invasion of Georgia </li></ul></ul></ul><ul><ul><li>War Driving </li></ul></ul><ul><ul><li>Social engineering </li></ul></ul>
  8. 8. Threat Characteristics
  9. 9. Internal Threats <ul><li>Unauthorized access </li></ul><ul><li>Accidental access </li></ul><ul><li>Negligence </li></ul>
  10. 10. External Threats <ul><li>Hackers, crackers, script kiddies </li></ul><ul><li>Freelance information brokers </li></ul><ul><li>Competitive espionage </li></ul>
  11. 11. Cyber Terrorism & Cyber Crime <ul><li>Cyber Terrorism focuses on controlling critical infrastructure </li></ul><ul><li>Cyber Crime focuses on competitive advantage and financial gain </li></ul>
  12. 12. Cyber Security <ul><li>Identify vulnerabilities to current systems </li></ul><ul><li>Plans, Policies, Procedures </li></ul><ul><li>Equipment </li></ul><ul><ul><li>Hardware </li></ul></ul><ul><ul><li>Software </li></ul></ul><ul><ul><li>Networks </li></ul></ul><ul><li>Employees </li></ul>
  13. 13. Cyber Security <ul><li>Vulnerabilities </li></ul><ul><ul><li>Physical and procedural </li></ul></ul><ul><ul><ul><li>Firewalls </li></ul></ul></ul><ul><ul><ul><li>Intrusion detection systems </li></ul></ul></ul><ul><ul><ul><li>Password policies </li></ul></ul></ul><ul><ul><ul><li>Attack recognition </li></ul></ul></ul><ul><ul><ul><li>Restricting access </li></ul></ul></ul><ul><ul><ul><ul><li>Need to Know </li></ul></ul></ul></ul><ul><ul><ul><li>Patch management </li></ul></ul></ul>
  14. 14. Cyber Attack Methodologies <ul><li>Various methods from simple to complex </li></ul><ul><li>Simple are often more effective </li></ul>
  15. 15. Malicious Software (Malware) <ul><li>Software designed to infiltrate or damage a computer system, without the owner's consent </li></ul>
  16. 16. Malware <ul><li>Viruses & worms </li></ul><ul><li>Trojan horses & rootkits </li></ul><ul><li>Spyware </li></ul><ul><li>Botnets </li></ul>
  17. 17. Methods of Introduction <ul><li>Email attachments </li></ul><ul><li>Phishing </li></ul><ul><li>Stegography </li></ul><ul><li>Bots </li></ul><ul><ul><li>Botnets </li></ul></ul>
  18. 18. Network Architecture
  19. 19. Network Architecture <ul><li>OSI Model </li></ul><ul><ul><li>Establish correlation between attack mode to layer </li></ul></ul>
  20. 20. Network Architecture <ul><li>Perimeter </li></ul><ul><li>Demilitarized Zone (DMZ) </li></ul><ul><li>Wireless </li></ul><ul><li>Intranet </li></ul>
  21. 21. Basic Structure
  22. 22. DMZ Basic Structure <ul><li>A semi-trusted segment </li></ul><ul><li>Supervisory Control and Data Acquisition (SCADA)/ Distributed Control System (DCS) commands allowed </li></ul><ul><li>Used for placement of database and application servers </li></ul>
  23. 23. DMZ Basic Structure .                                                                                            
  24. 24. DMZ Advanced Structure
  25. 25. Intrusion Detection <ul><li>Appliance in the DMZ </li></ul><ul><li>Real time analysis and reaction </li></ul><ul><ul><li>Packet review </li></ul></ul><ul><ul><li>Recognition of heuristic signatures </li></ul></ul>
  26. 26. Wireless Access Points <ul><li>Wireless encryption protocol (WEP) must be enabled </li></ul><ul><li>Semi-trusted environment </li></ul><ul><li>Ease of access and installation causes configuration control concerns </li></ul>
  27. 27. Mitigation <ul><li>Combination of Active and Passive defenses </li></ul><ul><ul><li>Active involves physical structure of the network </li></ul></ul><ul><ul><li>Passive involves the plans, policies and procedures </li></ul></ul><ul><li>Simple network management protocol (SNMP) </li></ul>
  28. 28. Active Defenses <ul><li>Access Control and Intrusion Detection </li></ul><ul><li>Network design enhancements </li></ul><ul><li>Simple network management protocol (SNMP) </li></ul>
  29. 29. Access Control <ul><li>Passwords </li></ul><ul><li>Biometrics </li></ul><ul><li>Smart tokens </li></ul><ul><li>User management </li></ul>
  30. 30. Network Assurance <ul><li>Authentication </li></ul><ul><li>Logging </li></ul><ul><li>Encryption </li></ul><ul><li>Configuration controls </li></ul>
  31. 31. Passive Defenses <ul><li>Emergency response plans </li></ul><ul><li>Employee training </li></ul><ul><li>Regular updates of security software patches </li></ul><ul><li>Audit and Monitoring </li></ul>
  32. 32. Employee Training <ul><li>Standardized training program </li></ul><ul><li>Key to compliance </li></ul><ul><li>Password management </li></ul><ul><li>E-Learning works for annual refresher </li></ul>
  33. 33. Audit and Monitoring <ul><li>Traffic analysis and correlation of data </li></ul><ul><li>Event monitoring </li></ul>
  34. 34. Assessments
  35. 35. Vulnerability Assessments <ul><li>Blue Team </li></ul><ul><ul><li>Physical security assessment </li></ul></ul><ul><ul><li>Includes an IT component </li></ul></ul><ul><li>Red Team </li></ul><ul><ul><li>Penetration testing </li></ul></ul><ul><ul><li>Off site script run against IT system </li></ul></ul><ul><ul><li>Post assessment report identifying Vulnerabilities </li></ul></ul><ul><ul><ul><li>Provides mitigation direction </li></ul></ul></ul>
  36. 36. Audit and Monitoring <ul><li>Transparently samples e-mails, chats, </li></ul><ul><li>website activity, keystrokes, disk moves and </li></ul><ul><li>changes using define parameters </li></ul><ul><li>Requires traffic analysis and correlation of </li></ul><ul><li>packets of data </li></ul>
  37. 37. Legal Environment
  38. 38. Compliance <ul><li>External requirements for legal and ethical business practice </li></ul><ul><ul><li>Sarbanes – Oxley </li></ul></ul><ul><ul><li>PCI and protection of credit card data </li></ul></ul><ul><ul><li>Identity theft </li></ul></ul><ul><ul><li>Financial and Accounting disclosures </li></ul></ul>
  39. 39. Legal Requirements <ul><li>Agreements and contracts </li></ul><ul><li>Confidentiality </li></ul><ul><li>Proprietary data </li></ul>
  40. 40. Case Histories <ul><li>TJ Maxx </li></ul><ul><li>Scada systems </li></ul><ul><li>Proprietary data </li></ul>
  41. 41. Criminal Investigations <ul><li>Process of identifying, preserving, analyzing, </li></ul><ul><li>and presenting digital evidence </li></ul>
  42. 42. Criminal Investigations <ul><li>Requires detailed and precise process to prevent loss of evidence </li></ul>
  43. 43. Criminal Investigations <ul><li>Gathering evidentiary information </li></ul><ul><ul><li>Requires thorough incident documentation </li></ul></ul><ul><ul><li>Information Manager provides guidance into the intruder‘s methodology </li></ul></ul><ul><ul><li>Damage assessment </li></ul></ul><ul><ul><li>Security Manager provides forensic guidance in evidentiary gathering </li></ul></ul>
  44. 44. Criminal Investigation Results <ul><li>Internal actions </li></ul><ul><ul><li>Dismissal </li></ul></ul><ul><ul><li>Evaluations </li></ul></ul><ul><ul><li>Demotions </li></ul></ul><ul><li>External actions </li></ul><ul><ul><li>Criminal prosecution </li></ul></ul><ul><ul><li>Civil prosecution </li></ul></ul>
  45. 45. Post Attack Efforts <ul><li>Network Repairs </li></ul><ul><li>Policy changes </li></ul><ul><li>Training </li></ul><ul><li>Compliance Reports </li></ul>
  46. 46. Cyber Security Workshop
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×