Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher,...
-
date post
18-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher,...
![Page 1: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/1.jpg)
Essential Strategies for Protecting Against the New Wave Of
Information Security Threats
Abe Usher, CISSPSharp Ideas LLC
![Page 2: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/2.jpg)
2
About the presenter
> Abe Usher> CISSP> Master’s degree in Information Systems> Ideas published in Wired Magazine,
Network World, New Scientist Magazine, Business Week On-line and others
> Creator of slurp.exe> Principal architect of SecurityBuzz.org
![Page 3: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/3.jpg)
3
Webinar agenda
> Review of security concepts> New threats> Pod slurping> Data theft in the news> Strategies for reducing risk> Questions and wrap up
![Page 4: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/4.jpg)
4
Information security:key terms
> Confidentiality
> Integrity
> Availability
![Page 5: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/5.jpg)
5
Information security:key terms
> Network security
> Application security
> Host security (endpoint security)
![Page 6: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/6.jpg)
6
Information security:key terms
Network
Application
Host (Endpoint)
Typically strong
Moderate
Weak (non-existent?)
![Page 7: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/7.jpg)
7
Information security:new threats
The widespread introduction of computing devices and portable storage in the enterprise bring significant risks:
> iPods> USB and Firewire storage> Bluetooth accessories> PDAs> Unauthorized wireless
![Page 8: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/8.jpg)
8
Endpoint: entry vectors
Optical drives
PDAs
Smart phones
Firewire
USB accessories
RJ-45 net
WiFi
Bluetooth
![Page 9: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/9.jpg)
9
Universal Serial Bus (USB)
> Originally developed in 1995 as an external expansion bus to make adding peripherals easy.
> “Universal” acceptance of USB – virtually all new PCs come with one or more USB ports.
> New USB 2.0 allows data transfer at a rate 40 times faster than USB 1.1 (480 Mb/second)
![Page 10: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/10.jpg)
10
USB devices:the good
> Supported by all vendors on all major operating systems
> Productivity booster in the proper context
> USB has reduced cost and complexity of peripherals
> Convenient data exchange between computers
![Page 11: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/11.jpg)
11
USB devices:the bad
> Modern operating systems do not provide granular control over the use of USB devices (e.g. No auditing)
> Most commercial organizations do not have clear policies on the use of USB devices
> Most organizations do not understand the security implications of USB devices
![Page 12: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/12.jpg)
12
The importance of information
> The currency of the Information Age is the bit.
> Information economies gain competitive advantage through creating, analyzing, and distributing information.
> Organizations that fail to protect their information resources jeopardize their own future.
![Page 13: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/13.jpg)
13
Adapt your security infrastructureor become a statistic
Privacy Rights Clearing House | Washington Post, June 22, 2005
![Page 14: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/14.jpg)
14
Adapt your security infrastructureor become a statistic
Privacy Rights Clearing House | Washington Post, June 22, 2005
![Page 15: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/15.jpg)
15
Adapt your security infrastructureor become a statistic
Privacy Rights Clearing House | Washington Post, June 22, 2005
![Page 16: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/16.jpg)
16
Digital media players and portable storage
> More than 42 million iPods sold> Other digital media players
increasingly popular> USB thumb drives reaching low
price point and ubiquitous adoption
![Page 17: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/17.jpg)
17
Information security:in the news
![Page 18: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/18.jpg)
18
Information security:in the news
![Page 19: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/19.jpg)
19
Information security:in the news
![Page 20: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/20.jpg)
20
Information security:in the news
> Unauthorized use of computers increased
> Unauthorized access to information and theft of proprietary information showed significant increases in average loss per respondent ($303,324 and $355,552 respectively)
![Page 21: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/21.jpg)
21
Information security:in the news
![Page 22: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/22.jpg)
22
Information security:in the news
![Page 23: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/23.jpg)
23
Information security:in the news
Additional resources available at:
http://www.sharp-ideas.net/ideas/
37 additional stories from the news media related to data theft
26 messages from prominent information security mailing lists discussing data leakage / data theft
![Page 24: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/24.jpg)
24
Information security:traditional threats
> External hackers
> Malicious code outbreaks
> SPAM
> Spyware
> Phishing
![Page 25: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/25.jpg)
25
Traditional threats(network security)
Hacker activity
Worms & viruses
SPAM
Spyware
Phishing
![Page 26: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/26.jpg)
26
Traditional threats(network security)
Hacker activity
Worms & viruses
SPAM
Spyware
Phishing
Firewall
Intrusion Detection
SPAM filtering
Anti-Spyware
Phishing filtering
![Page 27: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/27.jpg)
27
Emerging threats:endpoint security
> Widespread adoption of portable storage and digital media players USB
Firewire
![Page 28: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/28.jpg)
28
Emerging threats:endpoint security
> Widespread adoption of portable storage and digital media players USB
Firewire
> Wireless trend in peripherals & secondary components Bluetooth
802.11
![Page 29: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/29.jpg)
29
Emerging threats:endpoint security
> Widespread adoption of portable storage and digital media players USB
Firewire
> Wireless trend in peripherals & secondary components Bluetooth
802.11
> Bottom line: Network security strategies do nothing to protect against devices connected inside of your enterprise network.
![Page 30: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/30.jpg)
30
Evolution of security threats
![Page 31: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/31.jpg)
31
Computing capacity vs.human skill
0
20
40
60
80
100
120
140
160
1995 1998 2001 2004
User skill
Computingpower
The rate that computing power increases is vastly greater thanthe rate that computer users achieve new understanding.
![Page 32: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/32.jpg)
32
Information security:new solutions
> Comprehensive policies that account for portable computing devices, wireless computing, and a mobile workforce
> User awareness of security issues and policies
> Technical solutions that mitigate access of storage and communication devices at the endpoint
![Page 33: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/33.jpg)
33
5 Point strategy to remain secure
1) Assess your technology environment
2) Adapt your security policy
3) Have a user awareness plan
4) Put your policies and procedures into action
5) Assess effectiveness and revise your policy
![Page 34: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/34.jpg)
34
Strategy #1:Assess your technology environment
At a minimum define:> Critical information and information systems> System owners> System users:
employeescontractorsbusiness partners
> Most likely vulnerabilities and threats to endpoint security
![Page 35: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/35.jpg)
35
Strategy #2:Revise your security policy
At a minimum, revise these two areas:> Corporate acceptable use policy> Use of personal computing devices:
USB storageBluetooth peripheralsPersonal media players (e.g. iPod)PDAsOptical drivesMulti-function phones
![Page 36: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/36.jpg)
36
Strategy #3:User awareness
> Inform users of security issues and their responsibilities through
awareness initiativestrainingeducation
> References:NIST 800-50 “Building an Information Technology Security Awareness and Training Program”NIST Awareness, Training, Education http://csrc.nist.gov/ATE/
![Page 37: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/37.jpg)
37
Strategy #4:Implement your policies and procedures
> Assign specific responsibilities> Deploy required technical
solutions
![Page 38: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/38.jpg)
38
Strategy 4:Assign specific responsibilities
> Security manager> Managers> IT staff> Employees> Contractors
> Restrict privileges to critical information to those who require it to be productive
![Page 39: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/39.jpg)
39
Strategy #4:Deploy required technical solutions
> Based on your internal analysis of vulnerabilities and threats, protect essential data:
in active usein active storagein archival storagein transmission
![Page 40: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/40.jpg)
40
Strategy 4:Example technical solutions
Information state Sample solutions
Active use Operating system controlsEndpoint security suiteHardware restrictions
Active storage Endpoint security suiteWindows EFS
Archival storage File Encryption
Transmission Web: SSL (HTTPS)WiFi: WEPEmail: Winzip with AES 256 bit encryption
![Page 41: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/41.jpg)
41
Strategy 4:Example technical solutions
Information state Sample solutions
Active use Operating system controlsEndpoint security suiteHardware restrictions
Active storage Endpoint security suiteWindows EFS
Archival storage File Encryption
Transmission Web: SSL (HTTPS)WiFi: WEPEmail: Winzip with AES 256 bit encryption
(1) Access control, (2) audit activities, (3) detect events in real-time
![Page 42: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/42.jpg)
42
Strategy #5:Assess effectiveness and revise strategy
> All business systems require a feedback loop
> As your operating context changes, so too will your security solutions
> If/when you have endpoint security incidents, be sure to revise your policies appropriately
![Page 43: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/43.jpg)
43
Conclusions
> We've only witnessed the tip of the iceberg related to data theft
> Incident prevention is significantly less costly than incident response
> Addressing the issue at the endpoint provides the best ratio of risk reduction per dollar
> Tailor the recommended strategies to your organization's business requirements
![Page 44: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/44.jpg)
44
USB SticksUSB Sticks
PDAsPDAs
Ext. USB DrivesExt. USB Drives
iPods & Music Players
iPods & Music Players
USB Stick
iPod’s &MP3 players
PDA’s &Blackberry’s
DigitalCameras &
compact flash
CD/DVD& Diskettes
USB Drives
Media Classes
Centrally manage and protect networks from threats associated with removable media devices:
•Data theft•Virus and malware propagation•Computer misuse.
![Page 45: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/45.jpg)
45
Customer Data
Intellectual Property
Corp. Knowledge
DesperateHousewives
Viruses
Malware
How DeviceWall Works
![Page 46: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/46.jpg)
46
Effective Management Reporting
![Page 47: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/47.jpg)
47
DeviceWall 1-minute Overview
> Measured response to known risk• Intuitive and comprehensive auditing• Easy policy creation and deployment• Effective guard against unwanted device connections
> Minimal overhead and ongoing cost of ownership• Low cost of acquisition• Deploy in minutes, update automatically• Temporary access tools keeps users productive• Communication minimizes calls to helpdesk
> Intuitive, fast and effective to manage• No specialist training required• No need for dedicated staff to run Control Center
![Page 48: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/48.jpg)
48
> Supported platforms• Windows NT, 2000, XP, 2003
> Devices managed• PDAs, USB memory, MP3 players, PDAs, CompactFlash,
optical drives, external hard drives, digital cameras, mobile phones, Firewire ports, Bluetooth ports and more
> Server Requirements• Pentium, 128MB RAM, 512MB Hard Disk
> Network Requirements• MS IIS 5.0+, Active Directory & NT domains supported
Technical Specifics
![Page 49: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/49.jpg)
49
We hope that you have enjoyed this presentation on protecting against the future information security
threats. To gain additional information, please examine the following resources:
www.sharp-ideas.net
www.devicewall.com
![Page 50: Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC.](https://reader030.fdocuments.in/reader030/viewer/2022032800/56649d225503460f949f8592/html5/thumbnails/50.jpg)
50
Program Note
This webinar is sponsored by Centennial Software.All referenced research is copyrighted 2006 by Sharp Ideas
LLC, and/or its affiliates. All rights reserved.
Every reasonable attempt has been made to present accurate and reliable information. However, Sharp Ideas LLC disclaims all warranties as to the accuracy, completeness or adequacy of information contained within the webinar. Sharp Ideas LLC shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof.
The opinions expressed herein are subject to change without notice.