CCNA Routing and Switching Lesson 03 - TCP & IP - Eric Vanderburg
Computer Fraud - Eric Vanderburg - China Resource Network Conference
-
Upload
eric-vanderburg -
Category
Technology
-
view
283 -
download
0
Transcript of Computer Fraud - Eric Vanderburg - China Resource Network Conference
![Page 1: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/1.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
China Resource Network
Computer Fraud
JurInnov, Ltd.October 5, 2012
![Page 2: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/2.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
Who Are We?
JurInnov works with organizations that want to more effectively manage matters involving “Electronically Stored Information” (ESI). – Information Security– Electronic Discovery– Computer Forensics– Document and Case Management
2
![Page 3: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/3.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
Confidence FrameworkCF-
Strategy
CF-Assess
CF-Policy
CF-Aware
CF-Audit
![Page 4: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/4.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
4
Overview
• Case Study• Detection• Incident response• Post-incident activities• Prevention
![Page 5: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/5.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
5
?
1. US sends email
2. Email read & deleted
3. Fake response through open relay
4. Fake email with alternate address
Case Study
![Page 6: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/6.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
6
Detection
• Separation of duties– Approve requests for information– Validate changes in procedure– Divide sensitive tasks between multiple
persons and roles• Awareness– Suspicious activity– Social engineering
• Audit
![Page 7: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/7.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
7
Indicators
• Use of dormant accounts• Log alteration• Presence of malicious
code• Notification by partner or
peer• Notification by hacker• Loss of availability• Corrupt files• Data breach• Violation of policy• Violation of law
• Activity at unexpected times
• Unusual email traffic• Presence of hacker tools• Unknown accounts• Unusual consumption of
computing resources• Unusual network activity
![Page 8: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/8.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
8
Incident Response
• Validate incident authenticity• Determine scope and severity– Users, data and equipment impacted
• Notify team
![Page 9: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/9.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
9
Preservation of evidence
• Volatile data– Contents of RAM– Current network connections– Logon sessions– Open files
• Non-volatile data– Hard drives– Network device startup configurations
• Chain of custody
![Page 10: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/10.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
10
Recovery
• Remediate vulnerabilities• Restore services• Restore data• Restore confidence
![Page 11: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/11.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
11
Post-incident activities
• Refine plans and processes• Create new IRPs• Debrief (After-action review)
![Page 12: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/12.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
12
Debrief
• Rankless discussion• What was the goal?• Were goals achievable?• Successes• Pitfalls• Lessons learned• Action items and responsibilities• Positive summary (high note)
![Page 13: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/13.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
13
Prevention
• Perform background checks on key personnel, suppliers and partners
• Conduct periodic awareness training• Document and follow procedures
![Page 14: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/14.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
14
Prevention
• Technical controls– Antivirus/antimalware– Email filtering– Web filtering– Network Access Control (NAC)– Intrusion Prevention System (IPS)– Patch management– Password management
![Page 15: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/15.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
15
Incident Response Plans
• Document procedures for likely incidents• Document steps for a non-specific incident• Prepare resources
– Human– Technical
• Is geographic diversity needed?• Determine notification procedure• Roles and responsibilities• Simulation• Review and maintenance
![Page 16: Computer Fraud - Eric Vanderburg - China Resource Network Conference](https://reader036.fdocuments.in/reader036/viewer/2022070604/542d9dda8d7f72e2408b7229/html5/thumbnails/16.jpg)
© 2012 JurInnov Ltd. All Rights Reserved.PROPRIETARY AND CONFIDENTIAL
16
Action Items
• Obtain an overview of information security posture (Security Snapshot)
• Consider incident response and create IRPs
• Conduct security awareness training• Conduct risk assessment to identify
appropriate security controls• Baseline systems to understand normal
activity