Jim Slick is the President and CEO of Slick Cyber Systems. He has over 30 years of experience in IT, including building data centers. His presentation covers various topics related to enterprise security, including gateway security, unified threat management appliances, email security, server security, desktop security, remote user security, disaster recovery and backup, social engineering, security policies, and outsourcing IT functions. He emphasizes the importance of having proper security measures, policies, and expertise in place to protect a business and its data.
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Enterprise Security Essentials
1. Security in the Enterprise
Jim Slick
President and Chief Executive Officer
2. Presenter
Jim Slick, the President and Chief Executive Officer of Slick
Cyber Systems has been in the IT industry, professionally,
since 1984. In his career, Jim has built many data centers
ranging in size from single small-business servers to
massive 300+ server fully clustered environments with
real-time replication and disaster recovery. Jim’s
educational background covers an Electrical Engineering
degree as well as a BS degree in Business Administration
and an MBA. He has also graduated from the Disney
Institute in Florida, has earned his Microsoft Certified
Systems Engineer status, as well as many other
certifications in the industry.
3. Security and data theft is the single most important topic any IT
professional should consider when reviewing their own
infrastructure.
Data is the core... the past, present, and future of any business.
Data is finance, your intellectual property (IP), your
communications, and the list goes on. Without any single
component, the company would not survive.
Data IS the business!
Make sure you have all of your bases covered.
5. UTM Appliances
• Unified Threat Management: What is it?
– Gateway Anti-Virus
– Gateway Anti-Spyware
– Gateway Intrusion Detection and Prevention
– Gateway Content Filtering
– State full Inspection Firewall
– VPN (Virtual Private Networking)
6. Security Statistics
• Crimeware or APT? Malware’s “Fifty Shades of Grey”
– Some cybercriminals build massive botnets to use unsuspecting endpoints for
SPAM, distributed denial-of-service (DDoS) attacks, or large-scale click fraud.
With the aid of banking Trojans, other cybercriminals create smaller,
specialized botnets that focus on stealing bank credentials and credit card
information.
– Remote access tools, or RATs, are an integral part of the cybercrime toolbox.
For example, a recent FireEye investigation into XtremeRAT revealed that it
had been propagated by SPAM campaigns that typically distribute Zeus
variants and other banking-focused malware. This tactic may stem in part from
the realization that compromising retailers can net millions of credit card
numbers in one fell swoop.
– APT (Advanced Persistent Threat) is a set of stealthy and continuous computer
hacking processes, often orchestrated by human(s) targeting a specific entity.
APT usually targets organizations and or nations for business or political
motives. APT processes require high degree of covertness over a long period
of time. As the name implies, APT consists of three major
components/processes: advanced, persistent, and threat. The advanced
process signifies sophisticated techniques using malware to exploit
vulnerabilities in systems. The persistent process suggests that an external
command and control is continuously monitoring and extracting data off a
specific target. The threat process indicates human involvement in
orchestrating the attack
7. More Security Statistics
• The extent to which such attacks are targeted, and not opportunistic, is unclear.
The attackers could be singling out specific retailers in advance. Or they could be
targeting an entire industry, simply capitalizing on opportunities that arise.
• The world of cybercrime features a broad spectrum of bad actors: On one end,
highly focused state-sponsored attackers use custom tools and zero-day exploits.
On the other end, “commodity” cybercriminals use widely deployed exploit kits
that indiscriminately compromise thousands of systems around the globe.
• In the middle are (at least) “fifty shades of grey.” One class of attacker mixes
publicly available malware platforms and custom tools. These latter cases suggest
that it is not always easy to estimate the size or sophistication of an adversary
simply by finding one piece of what may be a far larger puzzle.
• Bottom line, the puzzle is very complex and very large.
8. Even More Security Statistics
• Medical Facts:
• The Identity Theft Resource Center® recorded 614 breaches on the 2013 ITRC
Breach List, a dramatic increase of 30% over the total number of breaches tracked
in 2012. The Healthcare sector accounted for 43.8% of the total breaches on this
list, overtaking the business sector at 34.4% for the first time since 2005, when the
ITRC first began tracking data breaches. This comes as no surprise to the ITRC,
with more and more breaches being reported to the Department of Health and
Human Services (HHS). Additionally, due to the mandatory reporting requirement
for healthcare industry breaches affecting 500 or more individuals, 87% of these
healthcare breaches publicly stated the number of records exposed. The fact that
a sector with a large percentage of breaches, with most entities publicly reporting
the number of records, stands out significantly when compared to the 40.1% of
incidents in 2013 in which the number of records exposed is unknown!
• Don’t think it won’t happen to you. These statistics are real. Chances are one of
you have already had a brush with it.
Average number of U.S. identity fraud victims annually 11,571,900
Percent of U.S. households that reported some type of identity fraud 7 %
Average financial loss per identity theft incident $4,930
Total financial loss attributed to identity theft in 2012 $24.7 billion
Total financial loss attributed to identity theft in 2010 $13.2 billion
10. E-Mail Security
• Do you host e-mail internally or externally?
– Externally?
• POP3? Exchange?
– Internally?
• Exchange? Other?
• Are YOU protected from SPAM and phishing
attacks? If you are using POP3, good luck. If
you are using Exchange, we have a solution.
11. E-Mail Security
• If you host externally, there are outsourced
scanning options available.
• If you host internally, there are both
outsourced and in-sourced options. Both are
good. Think security first and what is YOUR
exposed risk.
12. E-Mail Security
• SPAM: Also known as junk mail. Most of these are harmless.
Interesting statistic: 98.7% of all e-mail is SPAM. How’s that
for clogging your internet connection or mail server (and how
about backup costs for that junk)!
• Phishing: These are the nasty folks who are actively trying to
steal your user names, passwords, SS numbers, etc. They
succeed all too frequently. Look for improper diction and mis-
spellings or domain names that just don’t ‘look right’.
• Virus Activity: Joke messages. Most are just jokes, some are
not. Once it hits your server (especially if it’s polymorphic or
a worm), you’re about done without the proper protection.
• When it doubt, delete it without opening it. If you think it
may be real, call the sender and verify its authenticity.
13. E-mail Security
• What should I use?
– Gateway: Install an e-mail appliance that will do the
initial scan of mail or use an external scanning product
like our Intel SCS EagleWing Ultimate Defense. Most
is stopped here.
– E-Mail Server (Exchange): Microsoft Forefront or Gfi’s
Mail Security. It will stop infected messages that
happen to make it in and will definitely stop worms.
– User Education: This is the most important … Educate
your users on what SPAM and phishing looks like!
15. Server based antivirus and
anti-malware protection
• Server based antivirus and anti-malware protection
– IF I have anti-virus on the gateway, why do I need this too?
• No one device or software package is perfect. It adds the final
level of protection your servers and clients require. What if they
bring in an infected file themselves from a pen drive or CD and
drop it right on your network drive? It’s the only line of defense
then.
• Messaging level antivirus and anti-malware protection
– If I have an e-mail security device, why do I need this?
• As mentioned before, not everything is perfect. It adds that extra
protection. If you have a company white listed on your external
appliance you are now relying on them to be 100% secure … do
you really trust anyone that much?
16. Server Security
• Is antivirus software all I need?
– No. You should also have anti-spyware software
as well. Some packages do both, that doesn’t
mean they are that good. Be careful and know
your options.
17. Hosted Systems Security
• How do I protect a hosted solution?
– You can’t. You, unfortunately, need to rely on the
hosted solutions providers ability to control
security. Most EHR/EMR systems are hosted.
– Be careful when selecting a vendor … know your
vendor and your options if a breach occurs!
– Make sure you have your gateway and desktops
secured.
– Educate your users!!
19. • Desktop based antivirus and anti-malware
– Why do I need these too?
• This is the last level of physical defense. Why would
you go this far and not protect the very machines the
users are working on?!?
– Will it protect me from phishing sites?
• No. Phishing sites aren’t local to your network. Users
are lured into the trap. The firewall thinks the user
knows what they are doing and allows the traffic to
pass. User gives passwords … end of story.
20. • Browser Choices:
– IE, Firefox, Opera, Google Chrome? What to use?
• I am a firm believer that IE is just fine.
• Firefox is still the number one hacked browser. They
need to play ‘catch-up’ with their security.
• Chrome is okay, but lacks the level of support that
Microsoft has.
• Everything else is a joke … stay away!
– Is IE really as bad as ‘they’ say?
• No, it is the most patched and watched browser available. It
comes with your OS making it less work (i.e., IT $$).
• Like anything in IT ... keep it patched!!!
21. • Operating System Choices
– Windows 8, Windows 7, Windows Vista, or Windows XP: Which is more secure and
should you upgrade?
• XP
– Windows XP is now retired and no longer support. It’s was the 2nd most hacked
OS in the history of Windows (95 was the most).
• Vista
– Very stable. More difficult to hack than XP or other OS’s.
– Had a bad ‘rap’, but was more robust than XP.
• Windows 7
– Very stable. More difficult to hack than XP or other OS’s.
– Still the most used OS in business
• Windows 8
– Is all of the hype worth it?
» Yes. It’s networking subsystem alone is tuned so well (for performance)
that your network traffic will be reduced by 18+% and you will notice a
significant performance gain in accessing network shares and apps.
» It is extremely secure.
» Get the right resources to help you deploy. It is NOT XP!
– Mac’s? Do you really think they are impervious to virus activity and hacking?
• It’s the hackers new frontier. Being a subset of Linux, it’s a very ‘hackable’ platform.
98% of all hacking software is developed on Linux.
• The SUN story. 1992 … the keystroke hack that took UNIX by storm.
22. Server OS Choices
• Still running 2000 Server? You are really pushing
your luck. Upgrade now.
• Windows 2003: Good server OS. Stable, secure.
Will be obsolete next year.
• Windows 2008: Even better. More stable. More
secure.
• Server 2012: The most secure server platform to
date (based on Windows 8 code). Why would
you not want to run it? Applications will decide.
Push your vendors to certify their code on 2012
now!
24. Remote Users – What do they do?
• Notebooks
– Remote Access / VPN
– Tons of wireless connectivity, especially in public
places like airports, coffee shops, and hotels.
• SmartPhones & Tablets
– Remote e-mail
– iPhone/Droid/Windows
25. Remote Users
• How do we protect them?
– Start with a good set of policies and procedures
• Restrict certain types of public access
• Restrict certain web sites
– Local Antivirus and anti-spyware
• Make sure you have a policy to keep it up to date.
– Don’t allow data storage on the local drive
• Make them connect to VPN to store their files on a file
server. This protects the company from data loss as well as
data theft.
– Force all updates (Microsoft, AV, etc) daily
26. BYOD
The greatest threat posed to IT in years.
• What is BYOD?
• Bring Your Own Device (tablet, phone, etc)
• Why is it unsafe?
• You have no idea what that person does at night!
• Have a policy … better yet, don’t allow it!!
28. Why do I need a DR plan?
• Do you have a plan?
• If so, is it just IT (Disaster Recovery) or the entire business (Business
Continuity)?
• Don’t have one?
– Who should be working on it?
– What else would I need other than my computer data?
• Paper: Sometimes you need it…
• Have you considered an offsite backup solution?
– Don’t be fooled by ‘cheap’ solutions. You get what you pay for.
• Real-time replication may be a better fit depending on data criticality.
• At least get your data off site … daily!
• What about DR centers? What do they have to offer?
• Have you tested your plan?
– Tests should be conducted at least once a year
30. What is Social Engineering Anyway?
• Colleagues / employees / friends sharing
passwords
• Screens not being locked when walking away
• Access to the building … posing as an
employee when you are not.
• Training for all employees .. especially
executives!
– Test your employees … see if your training has
paid off.
32. Policies … how will that help?
• Data retention
– If you have a data retention policy and you get sued, you are only responsible for whatever
your policy states. If you do not have one, the prosecutors can put a freeze on your servers
(not allow access) and you are responsible for every piece of data and e-mail that you have on
your systems. They will search everything. Remember, users will keep everything given the
chance.
• Security
– Have policies that state clearly what corporate software is to be used and how it is to be
updated.
– Don’t let your programming staff tell you that OS patches cannot be installed. This is a pile of
rubbish in most instances. It becomes an excuse for not keeping their code up to date.
• Internet usage
– Keep your employees from the ‘bad’ sites and avoid HR issues by clearly telling them what
they can and cannot do.
– Install monitoring tools if necessary.
– Content management … your friend and your enemy.
• Train your employees when they are hired, not six months later!
33. Hire Professionals when you need them
•Outsourced IT consulting and service
•Get it right from design to implementation.
•Just because your in-house person can
reformat a PC doesn’t mean they know how
to install a server (let alone a security device!)
•This is a critical problem that most
companies fail on. Let experts do what
they are trained to do. You’ll get it right
the first time and save money doing it!
34. Outsourcing part or all of your IT
• If you have never considered this?
– Most companies that do this realize savings of up
to 50% in the first year alone.
– Upfront costs mean nothing. Look at the big
picture.
• Design and install are right the first time.
• Zero unplanned down time.
• Pay as you need and get an expert every time.
35. Summary
• Do you buy car insurance?
• Do you buy health insurance?
• Do you buy life insurance?
• Do you buy business insurance?
• Why would you risk your data … your
Company … your Patients’ … to not have the
proper IT expertise, equipment, policies, and
procedures in place. Do IT right!