Your SlideShare is downloading. ×
Secure IT 2014
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Secure IT 2014

178
views

Published on

Secure IT 2014

Secure IT 2014


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
178
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Sanjay Sahay, IPS., ADGP, Police Computer Wing, Bangalore
  • 2. Text Presentation Structure • Introduction • Attack Methods • Hacking groups • Best Security model • KSP Security model • Tool and technology in use • Challenges / Bottleneck • Gaps • Wish list • Conclusion. •
  • 3. Information Security: Preservation of confidentiality, integrity and availability of information
  • 4. Protection from what ?
  • 5. Protection from whom ?
  • 6. Text Is technology is enough ?
  • 7. Text PEOPLE PROCESSES TECHNOLOGY •User Awareness •Guidance •Administration •Monitor • Policies •Standards •Guidelines •Audit •IPS •Firewall •AV •DLP •SIEM What builds the best information security
  • 8. Text KSP Infrastructure and Security solution
  • 9. KSP Computerization Model Enterprise Model People Process Technology Infrastructure Governance • Internal Champions • Capacity Building • Nodal Officers • Sys Admins • Handholding • BPR • Integration • Automation • ERP • Web Service • Active Directory • SMS Gateway • e-Pen • KSP DC • KSP WAN • DR Centre • EMS • Centralized AV • Automated Backup • Core Team • SCRB Nodal Officer • District Nodal Officer • Central NOC • Helpdesk
  • 10. Text Core Infrastructure
  • 11. KSP Wide Area Network Text 45 locations 1,2 & 4 Mbps leased line 1458 locations 512 Kbps and 1 Mbps VPNoBB 45 Mbps aggregation bandwidth 16 Mbps Internet leased line KSPWAN • LAN infrastructure at All locations • Fixed IP for all VPNoBB connections • Network Monitoring Software to monitor the availability. • End router security through ACL • Zone based LAN architecture through VLANs • MAC authentication servers • Hardening of Network Devices • SOP for network management. • Warranty / Support
  • 12. Text Karnataka State Police Wide Area Network Type of Network Number of Links at Initiation Number of Links at Present MPLS 39 45 VPNoBB 1350 1458 ILL 2 2 • Karnataka State Police Wide Area Network, (KSPWAN) was created in the year 2009 with BSNL • This was successfully implemented jointly by BSNL and the Karnataka State Police. • This Network is a combination of 45 MPLS and 1458 VPNoBB connections • Connects all police station and higher offices across the state. • Fixed IP has been implemented on VPNoBB connection • In addition 16 Mbps Internet leased line has also been provided. 10 Mbps 16 Mbps 32 Mbps 45 Mbps DC Aggregation Bandwidth Up-gradation
  • 13. Core Functionalities • Crime • Law & Order • Traffic Administration • Administration • Finance • Stores Ancillary support • Armed Reserve • Motor Transport • Training Technical Modules • Wireless • Forensic Science • Laboratory Police IT - ERP 11 Modules 64 Roles 522 Screen 417 Reports MIS
  • 14. Police IT - ERP
  • 15. Police IT - ERP  Layered architecture  Authentication and Authorization process  Encrypted communication  Fail over Clustering to avoid single point of failure.  .Net Framework used to develop the application for better availability, performance and security.
  • 16. Police IT – ERP Security Guidelines  Prevention of un-authorized access, Role based access  Auditing should be enabled for DML statements.  User name and password for authentication  Standard password policy.  The process for removing unnecessary code from the application after it is released should be documented  Application code should not contain invalid references to network resources The solution should not display the entire path of URL in the browser based application  The solution should support multi-tier authentication where required  Solution should provide logout option to terminate the session  Data Encryption at traveling and at rest.  All the credentials and sensitive data always will store at Database end  The Solution should not be vulnerable for OWASP top 10 attacks.
  • 17. Text Security Solution of KSP Defense in Depth technology has been adopted for KSP to ensure the maximum protection at each layer from attacks. • IT Security Policy • Regular audits. • End user awareness program. • DC protected with surveillance and biometric access • Two Tier Security Architecture. • Full fledge Intrusion Prevention System. • SIEM for log management and Event Analysis for real time alerts. • Internal Zone are created based on the functionality • Centralized End point protection antivirus for Servers and Desktops • Centralized Authentication and Authorization through LDAP Server. • Role based Access. • Hardening of OS, Applications and Network devices. • Regular patch management. • Data Stored in Encrypted format
  • 18. DC / DR Technology / Tools used Unified Threat Management System Network Intrusion Prevention System Firewall Security Information and Event Management Centralized Antivirus Software Patch Management Software LDAP Server IP Sec Tunnel Between Branch and DC Access Control List for end router security Network Monitoring Software Traffic Monitoring Software Role Based Access Hosted in Secured zone and accessible only on Intranet Role based Access Audit logs CAB to control the changes Application Monitoring Software Stored in Encrypted mode Stringent testing policy Security layer Network layer Application layer
  • 19. End Computer/ User Security • Computers are under the supervision of LDAP Server • Centralized Authentication, Authorization and Accounting through LDAP Server • Computers are operated with least Privileged account. • Local administrator and user accounts are restricted. • End Point Protection installed on all computers to battle against the advance threat. • Stringent Policies to enforce end computer security through LDAP and Centralize AV Management Server. • Regular patch management to fix the OS and application level Vulnerabilities. • SOP for computer usage • Usage of External Device is strictly prohibited. • Authorized / Approved applications are allowed to use. • Centralized Log monitoring through SIEM to identify and mitigate the internal threats. • Computer security is a part of Basic computer training program. • Regular Security awareness program to end users.
  • 20. Text Internal Resources of KSP Resources Number Key Security resources MCSE, CCNA, VCP, CEH, CHFI 3 Middle tier security resources System Administrators (MCSE and CCNA) 75 Security Enforcement Team 120 Police IT Operators 3000
  • 21. Text Operation Principals of KSP Secure MonitorAudit/Test Manage/ Improve Policy Training Awareness
  • 22. Text • Challenges / Bottleneck Challenges • Creating of security awareness. • Resistance to change • Management skill • Regular Monitoring • Knowledge upgradation • Rediness for DDoS attack • Fighting against distruptive attacks. • Bottlenecks • No Direct control on the other country cyber criminals • Zero day attack • TOR based communication •
  • 23. Safe and Seurece Internet Forensic Rediness Security Awereness Program. Wish list
  • 24.  Security architecture should be a dynamic process that consistently enforces security among all users to protect corporate information.  Regular IT security audit would help the organization to find the vulnerabilities and gaps to fix it proactively before it get exploited by an hacker.  People are the major pillar of the security, should be trained regularly better security.  As 100% security is impossible, you need to decide what needs to be secured and how well it needs to be secured. Conclusion