Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by:...
-
Upload
anthony-greene -
Category
Documents
-
view
218 -
download
3
Transcript of Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by:...
![Page 1: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/1.jpg)
Incident ResponseAnd a debrief of UNM’s response to the Heartbleed vulnerability
1
Presented by:Michael Burlison, Information Security Analyst – CISSP, GCIH, GSECLucas Walker, Information Security Analyst - GSEC
![Page 2: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/2.jpg)
What happened and why you should care…
2
![Page 3: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/3.jpg)
• Researched scope of problem
• Identified vulnerable systems
• Updated and patched core IT-managed systems
• Revoked and re-issued SSL certificates
• Involved the community:• Notified departmental IT areas
• Posted alerts
• Involved help desk
• Provided instructions to users
• Issued password resets for impacted services
What IT did
3
![Page 4: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/4.jpg)
What IT is doing:• Scanning and monitoring for vulnerable systems on the network
• Monitoring Intrusion Prevention Systems (IPS) for Heartbleed activity
• De-briefing stakeholders and decision makers, “Lessons Learned”
• Researching for patches that are still being deployed
4
![Page 5: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/5.jpg)
Incident Response Plan• Is an action plan for dealing with intrusions, cyber-theft, denial
of service, malicious code, natural disasters, and other security-related events
• Incidents can be intentional or unintentional
• Incident Response Plans help to know what to do when an incident occurs.
• Not a matter of “IF,” but of “WHEN”
• Planning is (almost) everything! 5
![Page 6: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/6.jpg)
Incident Response Plan
•DoE’s 6 Step Process:1. Prepare2. Identify3. Contain4. Eradicate5. Recover6. Lessons Learned
6
![Page 7: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/7.jpg)
Key Mistakes• Failure to report or ask for help
• Incomplete / non-existent notes
• Mishandling / destroying evidence
• Failure to:• Create working backups• Contain or eradicate • Prevent re-infection• Apply lessons learned
7
![Page 8: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/8.jpg)
Legal Aspects• Plans, policies, and procedures developed for incident handling must:• Comply with applicable laws• Be reviewed by legal counsel & key stakeholders
• Unless you are a lawyer in OUC, you are not the expert. Work closely with legal counsel
• Regulations:• FERPA• PCI• GLBA• HIPAA• ITAR
• Reporting security breaches, cyber-insurance, international standards (ISO 17799)
8
![Page 9: Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e685503460f94b64225/html5/thumbnails/9.jpg)
UNM Incident Response Plan• Draft will be distributed to this audience
• PCI version is on cio.unm.edu/standards
• ERP version is posted on Banner ERP sites• Is being updated• Will be posted to CIO Standards page
9