knowthyself : Internal IT Security in SA

Internal IT Security in SA Problems & Solutions

Agenda 1. Introduction 2. Considering the global Risk 3. Understanding your own Risk 4. Case Study 5 . Setting the Stage 6. Implementing Solutions 7. The role and value of IDS 8. Questions

Introduction About me About Roelof SensePost Objective Approach References: http://wips.sensepost.com/knowthyself.zip http://www.sensepost.com [email_address] [email_address]

Understanding the global Risk What we know: There is a threat to our Information Resources The threat has direct financial implications The threat is growing A large part of the threat is internal There are a number of distinguishable trends http://www.gocsi.com/prelea990301.htm http://www.saps.org.za What we don’t know: How accurate are the statistics? Are international statistics relevant in SA? What does this all mean to me?

Universal Threats Data Confidentiality Information is the currency of business today Customers, Strategy, Financials, HR, Personal Data Integrity The accuracy and reliability of the information Determines the value of information Reputation / Credibility The market’s perception of your competence Web site defacement Denial of Service Prevent a system from performing their intended function EBay, Yahoo, Edgars

Agenda 1. Introduction 2. Considering the global Risk 3. Understanding your own Risk 4. Case Study 5. Setting the Stage 6. Implementing Solutions 7. The role and value of IDS 8. Questions

Understanding your own Risk What is Risk? Valuable resources + exploitable technology What is “Secure”? When the financial losses incurred are at an acceptable level Your “Risk-Profile”: The value of your Information The degree of technological vulnerability A level of loss that is acceptable to you Unique to your organisation. Today. The value of surveys and statistics Highlight the existence of threats Indicate trends and phases Create an awareness

Your own unique risk profile IT Security Assessment Make informed decisions on how to spend Time Money People An effective assessment: Independent and Objective Business aware but technology focused Prove its worth Concrete, practical recommendations Finite Honest Recursive...

Recursive Security Assessments Delta Testing Monitor the effect of changes New exploits and vulnerabilities Staying secure in a global battlefield Improved Methodologies Tools, techniques, philosophies etc. Innovation A chance to get to know you Extended Scope There’s never enough time Enhanced Scope Moving toward a zero-default environment...

Welcome to the case study Mind of the cybercriminal journal style, informal methodology Sensitivity examples only Effort vs Exposure roelof temmingh

CAT5 from me to you Obtaining a IP on the internal network already have one RAS the little black box concept walking in with a notebook Trojans splicing copper roelof temmingh

Get to know your neighbours The difference between MS and services network MS network is a service (File Sharing) Other services - FTP, HTTP, SQL, SMTP servers. Intelligence gathering Protocols Services Identify important hosts Ping sweep roelof temmingh

Easy cash The guy next to you Microsoft network network neighbourhood shares are published Services network Anonymous FTP, webpages roelof temmingh

Scratching the surface Your wannabe admin Microsoft network password guessing offline cracking real time cracking Service network sniffing the network (SMTP,POP3,FTP) default passwords password guessing (known services) portscanning roelof temmingh

Knocking on the door Your (closet hacker) admin Microsoft network user enumeration brute force id/password Service network vulnerability scanners customized for ports (IDS!) scans for known product problems commercial (ISS, CyberCop) share/freeware (Nessus, whisker) roelof temmingh

Blowing the door down Your previous administrator turned black hat hacker We are inside, now what? Microsoft network search for XLS, DOC files copy and enjoy application encryption worthless Service network password files passwords to backends (SQL) text copy of databases mailboxes Publish to Internet, sell to competition. Assumed full control roelof temmingh

Keeping in touch Your previous administrator's current employer Keeping a grip on your network Service network & MS network Rootkits Backdoors Not only from internal Internet RAS roelof temmingh

Setting the Stage - a security culture Assign responsibility Security Officer Empower the Security Officer Authority, Money, People Measure Progress Project Plan, Certification, Audits Develop an IT Security Policy Guide, mandate & measure Should be: Endorsed by management Effectively communicated Specific Enforceable Practical

Setting the Stage - a security culture Communicate with key people Emphasise the value of data to business leaders Awareness training and programmess Buy-in at every level is essential Positive / Negative reinforcement Use security as a performance criterion Consider Security Certification Global standards for the implementation and assessment of security…

Thoughts on Certification Objective To enforce structure on your security program As a means of assessing your security As a means of measuring against best-of-breed As a means of convincing others of your security Is Certification for you? Recognition Focus Local Presence Cost Endurance Objectivity

Implementing Solutions - Overview Value your information and IT resources Know what you’re protecting and what its worth Assess your vulnerabilities Know exactly where you stand Evaluate actual risk versus acceptable risk You don’t have to be completely secure Develop a Security Strategy Know where you’re going and where you are Implement Controls 80/20 rule Assess the effect of the changes Security is a cycle

Internal Security Cheat Sheet Publish a policy Guide, mandate and measure Content security Viruses, trojans, scripts Zoning Segment data, people, hosts and services Centralise It’s much easier to protect something if its in one place Host & service security Basics! Account Policies Passwords are an essentially weak mechanism Switch to the desktop It’s simple and it works Consider your RAS systems RAS is the soft underbelly of your network

IDS - An Overview Intrusion Detection System Identify and report or react on an unauthorised or malicious action on a host or a network Types of IDS Host Distributed Network Typical Features (NIDS) Packet Sniffing Technology Attack Pattern Library Traffic Patterns , Viruses, Trojans, Signatures Rule Set Source, Destination, Time, Period, Signature Response capabilities Active or Passive Distributed Architecture Centralised Management

The Role of IDS Identifying an “Intrusion” Acceptability Parameters: Destination Source Signature Time Period Effective implementation Access to traffic Acceptability Parameters Response Capabilities Good Example - DMZ Finite area to monitor Existing security infrastructure Clearly defined acceptability parameters Limited number of events to respond to

IDS & Internal Security For: Large, open environments eg Corporate Extranet or University Effective zoning, segmentation & consolidation Basic issues addressed Dedicated security personnel Against: Technology driven decision There are no point-and-click solutions to security Closed system Acceptability parameters Response capabilities In SA Address basic issues Consolidate valuable resources Do an assessment Make a strategy decision Consider outsourcing

knowthyself : Internal IT Security in SA

More Related Content

What's hot (20)

Viewers also liked (19)

Similar to knowthyself : Internal IT Security in SA (20)

More from SensePost (20)

Recently uploaded (20)

knowthyself : Internal IT Security in SA

Editor's Notes