ITSolutions|Currie Network Security Seminar


Published on

Computer security is an ever changing environment. It is essential that you stay educated on how to protect yourself and your organization!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Recently, ITSolutions did a poll to understand those issues that most concerned and affected our clients and B-2-B partners. The return rate for our questionnaires was fantastic. I’d like to give a BIG thank you, now, to those who participated. We have a good 50,000’ view of those issues that are impacting our clients, but you are in the trenches, and your perspective is invaluable.The survey included many issue catagories, which respondents rated on a scale from 1 to 5, 5 being the most important. We simply added up the scores. As you can see, Security continues to top the list, followed by spam filtering, an issue that continues to concern responsible organizations both because it wastes the time of businesses most valuable resource, their employees, and because it is an ever increasing vector for network attacks. Proactive network monitoring was next, a very hot topic that will get quite a bit of coverage by the industry and by ITSolutions as a Proactive Maintenance provider. And next came Disaster Recovery, the topic of today’s discussion.
  • ITSolutions|Currie Network Security Seminar

    1. 1. Computer Network Security<br />For Small to Medium Sized Organizations<br />Speaker: James Dempsey<br />Contact:<br />Phone: 209-578-9739<br />
    2. 2. Why are we here?<br />
    3. 3. Getting started<br />Please turn off cell phones<br />Bathrooms<br />
    4. 4. Myth:<br />“I don’t have anything a hacker would be interested in.”<br />
    5. 5. “Money is driving the growth of targeted attacks against financial institutions, enterprises, and governmental agencies”<br />-<br />
    6. 6. Revenues from cybercrime, at $1 trillion annually, are now exceeding those of drug crime.<br />This was the testimony from AT&T’s Chief Security Officer Edward Amoroso, which he gave to a US Senate Commerce Committee<br />-<br />
    7. 7. Myth:<br />“Hackers are usually just geeky kids screwing around.”<br />
    8. 8. C2C – Criminal-to-Criminal<br />Criminal #1 creates a crimeware toolkit with easy, step by step instructions… and sells it<br />Criminal #2 buys the toolkit, and uses it to collect private data… and sells it<br />Criminal #3 buys the private data, and exploits it for profit <br />
    9. 9. What is at risk<br />Your money<br />Hackers steal from companies all the time<br />Your data<br />Your identity<br />Once your system has been compromised, you have lost control of your personal information.<br />Your hard earned reputation<br />
    10. 10. MalWare / SpyWare<br />Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner&apos;s informed consent. <br />- Wikipedia<br />
    11. 11. It’s all in our heads?<br />Have you been hacked?<br />How does that make your feel…<br />
    12. 12. Dealing With Specifics…<br />How, exactly, can this affect my organization?<br />
    13. 13.
    14. 14. The setup…<br />Sign Designs is a well established, responsible local company<br />They work with the Bank of Stockton, a well know and responsible institution<br />They contract with an independent, local computer consultant<br />All employee’s have internet and email access<br />They did not embrace a proactive security/stability maintenance program<br />They have never had any form of network security audit or review<br />
    15. 15. On July 23, 2009, Sign Designs lost nearly $100,000 when cyber-crooks initiated a series of transfers to 17 accomplices at 7 banks around the country.<br />-<br />
    16. 16. The Repercussions<br />Employee moral issues – was it an inside job?<br />The FBI is interviewing all employees<br />The FBI confiscates key equipment, causing further business disruption<br />The banks seldom return money stolen from businesses in this fashion<br />If confidential data is stolen as well, the business must report the theft to all affected clients, vendors, and employees<br />
    17. 17. SB-1386<br />Senate Bill 1386, operative since July 1, 2003, require all businesses to report any loss of confidential data.<br />“a person or business that conducts business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” <br />Fines of up to $250,000 <br />and/or 5 year prison sentence<br />
    18. 18. Attack Profile<br />#1<br />Malware specializing in on-line banking hacking<br />
    19. 19. Zeus –Crimeware for sale<br />Zeus is a Trojan “kit”<br />Average black market price: $700<br />Very mature with &gt; 70,000 variants<br />
    20. 20. <ul><li>Does not have the right to distribute the product in any business or commercial purpose not connected with this sale.
    21. 21. May not disassemble / study the binary code of the bot builder.
    22. 22. Has no right to use the control panel as a means to control other bot nets or use it for any other purpose.
    23. 23. Does not have the right to deliberately send any portion of the product to anti-virus companies and other such institutions.
    24. 24. Commits to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.</li></ul>“In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to anti-virus companies.”<br />
    25. 25. Zeus – Helps a hacker to:<br />Detect when banking information is being entered<br />View screen shots real-time and remotely control what is shown on the monitor <br />Steal passwords and other log-in information using advanced key loggers <br />Encrypt stolen information, then transmit it to the attacker’s servers<br />
    26. 26. Zeus according to Symantec:<br />
    27. 27. URLZone –More Complex…<br />Checks with a central server for updated instructions, regularly <br />Watch for HTTPS web traffic <br />If the Web site matches the banking portal targeted, the malware will capture screenshots from the victim’s computer and send them to a command and control server <br /><br /><br />
    28. 28. URLZone –Very specific…<br />When the user confirms the financial transaction, URLZone changes the account number and amount<br />The banking portal receives the transaction information and completes the transfer <br />URLZone presents transaction information the user expects to avoid suspicion. <br />As far as the victim knows, the transaction was a success, which it was. It’s just that the amount of money is most likely different and the money was transferred to a money mule account, not where the victim intended<br />
    29. 29. Attack Profile<br />Crimeware toolkit for “drive-by” download<br />#1<br />#2<br />Malware specializing in on-line banking hacking<br />
    30. 30. LuckySploit<br />A webpage is “armed” with LuckySploit<br />It checks to see if visiting computers are missing security patches in:<br />Internet Explorer, FireFox, Opera<br />Adobe Flash, Acrobat Reader<br />Numerous Microsoft vulnerabilities<br />Exploits identified vulnerabilities to deliver the “payload”<br /><br />
    31. 31. Attack Profile<br />Crimeware toolkit for “drive-by” download<br />#1<br />#2<br />#3<br />A way to trick you into getting to my hacked webpage<br />
    32. 32. Spam + Social Engineering<br />
    33. 33. Spam + Social Engineering<br />
    34. 34. Attack Profile<br />#3<br />Website armed with <br />LuckySploit<br />#2<br />#1<br />URLZone Trojan<br />Social Engineering<br />
    35. 35. How can you protect yourself<br />Be proactive about software patch management<br />Use business-class anti-virus / anti-malware software<br />Filter your email<br />Deploy a business-class firewall<br />Restrict internet access<br />Use Group Policies to control workstation security<br />A password policy is a must!<br />Understand and secure all remote access points<br />Wireless Access Points (watch for rogues!)<br />
    36. 36. There is a big difference between being<br />Proactive<br />and<br />Reactive<br />
    37. 37. Patch Management<br />Know where you are vulnerable!<br />All Microsoft software – workstations and servers<br />All Mac’s<br />Key 3rd party applications<br />Adobe Acrobat<br />Adobe Flash Player<br />Java<br />iTunes<br />QuickTime<br />
    38. 38. Microsoft Patch Management<br />Manual deployment<br />Very time consuming<br />Difficult to do consistently<br />Automatic deployment – independent workstations<br />Success must be tested monthly using special tools<br />No granular control<br />May impact internet bandwidth of multiple PC’s download simultaneously<br />WSUS<br />Free from Microsoft!<br />All workstations report success failure to a central console<br />You can choose what patches to deploy<br />You can choose to have only the server download the patches<br />Server pushes patches to workstations<br />May take 20-60GB of hard disk space – Use an inexpensive USB drive<br />
    39. 39. 3rd Party Applications<br />The secret to success: You need a plan!<br />Updates can be pushed out through Group Policy<br />Create an update checklist spreadsheet<br />
    40. 40. Antivirus Software<br />The reality…<br />It is intrusive<br />It slows down your computers and network<br />It must be monitored and maintained<br />It occasionally creates compatibility issues<br />There are annual renewal fees<br />… and you can’t live without it. Period.<br />
    41. 41. Business Class Antivirus<br />Workstation status and licensing can be managed from a central software “console”<br />You don’t need to touch 20 workstations to check status’<br />Central policies can be “pushed” down from the server<br />IE: All workstation are to do a full scan once per week, and users aren’t able to cancel the scan<br />You can “Exclude” critical files and directories from virus scans<br />This can help performance significantly, and prevents instability and corruption issues<br />
    42. 42. Business Class Antivirus<br />Scan Policies<br />Real Time Scanning<br />Protecting your system 24/7<br />Typically scans only the most dangerous file types and locations<br />Scheduled Scanning<br />Typically scans everything, beginning to end<br />Has a performance impact on the workstation<br />Users can be broken into groups with scans occurring at convenient times<br />
    43. 43. Email -A Primary Portal<br />Minimize your exposure by breaking your users into groups<br />Group A – Internal email access only<br />Group B – Can receive email from “outside” the company<br />
    44. 44. Spam Filtering<br />Spam has become a primary delivery point for malicious code<br />Several things to watch for:<br />Hyperlinks that direct you to unknown places on the web<br />Attachments that carry a malicious payload<br />Social Engineering – The art of tricking a human into performing an action or providing information they typically wouldn’t<br />IE: Critical Microsoft Patch!<br />
    45. 45. Spam Filtering<br />Methods of protection<br />Install spam filter software on each workstation<br />Install spam filter software on your e-mail server<br />Route all company email through a spam filter “appliance”<br />Barracuda<br />Route all email through a spam filter service (a 3rd party)<br />Spam-a-Side<br />Only cleaned emails will be received by the company<br />Lock your firewall down to only receive email from the host<br />
    46. 46. Business Class Firewall<br />
    47. 47. Why simple a home-class firewall isn’t always sufficient<br />First door to<br />your right!<br />Gee, thanks!<br />That was easy…<br />An email<br />server<br />Well then surely you must be a safe<br />secure message<br />from a legitimate<br />source!<br />Where to?<br />Umm…<br />Trusted<br />Network Resources<br />The Cruel, Hard World<br />( a/k/a: The Internet )<br />E-Mail (?)<br />Web<br />Request<br />E-Mail<br />FTP<br />Locked!<br />Locked!<br />A basic firewall “pin holed” to allow public email<br />
    48. 48. A Business Class Firewall Looks Inside the Data Packet<br />Gee, ok…<br />Don’t you trust me?<br />An email<br />server<br />Is that an attachment? That type isn’t allowed. It stays at the door.<br />Soon. Please step behind the privacy screen and hand me those latex gloves…<br />Where to?<br />Umm…<br />*Squeak!*<br />Ok. I’ll need your name, ID#, shoe size, and a DNA sample.<br />Trusted<br />Network Resources<br />The Cruel, Hard World<br />( a/k/a: The Internet )<br />E-Mail (?)<br />Web<br />Request<br />E-Mail<br />FTP<br />Locked!<br />Locked!<br />A Business-Class firewall “pin holed” to allow public email<br />
    49. 49. Firewalls Oversimplified<br />Three major firewall classes:<br />#1 - Simple home/small bus ($80-$200)<br />Helps to hide you on the internet<br />“Locks the doors” from the public side<br />#2 – Business Class ($450-$900)<br />“Layer 7 protection” – It looks inside the data packets to be sure they aren’t “mal-formed”<br />Strips out inappropriate content (IE: Dangerous attachments)<br />Includes extra layers of protection<br />Web Blocking<br />Antivirus Boarder Protection<br />#3 – Corporate Class ($1200-$???)<br />Much greater bandwidth<br />The ability to support many branch offices and VPN connections<br />Advanced security, routing, and configuration features<br />
    50. 50. Firewalls – What do you need?<br />Simple firewalls work if you:<br />Have no “in-bound” data traffic<br />Have another way to control internet usage<br />Web blockers don’t just prevent internet abuse…<br />Business Class firewall is appropriate if you:<br />Host Email, public Web Server, or FTP Server<br />Need to control outbound access as well as inbound<br />Have a server and need to control web access based upon Active Directory Group membership<br />
    51. 51. Myth:<br />“Only people who go to ‘bad’ websites get spyware.”<br />
    52. 52. Restricting Web Access<br />Only give access to people who really need it<br />Restrict people to explicitly approved sites<br />Use a Web Blocker<br />Break your users into groups. IE:<br />Management – Full Access<br />Day Crew – Partial Access<br />Night Crew – Restrict to only approved sites<br />Consider a web usage monitor - Cymphonix<br />
    53. 53. Choosing a Firewall<br />
    54. 54. Password Policies<br />Passwords are the keys to your network<br />Policies are centrally controlled through Group Policy:<br />Password changes – How often?<br />Account Lockout<br />If you strike out 10 times, you’re locked out for 10 minutes<br />Password Complexity<br />
    55. 55. Security is an active part of your company culture… or it isn’t …<br />
    56. 56. There are two ways to learn about network security vulnerabilities:<br />A Trained Professional<br />A Trained Professional<br />- or -<br />
    57. 57. Engaging a Professional<br />Begin with a network audit<br />Clearly define responsibilities<br />Choose an engagement method<br />
    58. 58. Methods of Engagement<br />Reactive<br />“I’ll call for help if I think I’ve been hacked”<br />Scheduled, proactive maintenance<br />Allocates time and resources to address core issues<br />Be sure there is a plan that addresses all issues<br />Work with the consultant! Ask questions!<br />Managed services<br />A true partnering and aligning of business models<br />
    59. 59. Several More Security Myths<br />I have a firewall so I’m protected<br />I have virus protection software so I’m OK<br />I can protect myself once and be OK forever<br />My Mac doesn’t have all of these security issues<br />
    60. 60. Serious Suggestions<br />Audit your internal network<br />Audit external access<br />Restrict access as much as possible<br />Update everything, proactively, regularly<br />Use strong passwords<br />Implement a proactive maintenance plan<br />Engage a professional<br />
    61. 61. Questions?<br />
    62. 62. Please!!!<br />Please fill out the evaluation form!<br />On the bottom of the evaluation, there is an opportunity to request more info about network security<br />Survey<br />Next seminar topic<br />