Information Security at USF: threats (attacks), vulnerabilities...
Transcript of Information Security at USF: threats (attacks), vulnerabilities...
![Page 1: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/1.jpg)
Information Security at USF: threats (attacks), vulnerabilities, countermeasures, risk
Nick Recchia, Ed.DITS – Security ServicesOctober 22, 2013
![Page 2: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/2.jpg)
Overview
Presenters:
Nick RecchiaITS Security Administrator
Walter PetruskaInformation Security Officer & Director, Security Services
![Page 3: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/3.jpg)
Overview
Agenda:1. Introduction2. Holistic approach to Information Security3. Org structure and Information Security4. Vulnerabilities & threats (attacks)5. USF network: exploring countermeasures and preventing
common threats (attacks) 6. Question/discussion
![Page 4: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/4.jpg)
Introduction
Policies, produces, standards, guidelines
(expectations)
Annual SETA, sign AUP agreement, job function training
(Administrative controls)
Employee Onboarding
Service/project initiation
Promotes a preventative approach to IT/Infosec/business
process (enables business)
Technical controls +
Contributes to a efficient, successful,
and attractive service providerand employer
![Page 5: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/5.jpg)
Introduction
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 22
![Page 6: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/6.jpg)
Holistic approach to Information Security
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 29
![Page 7: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/7.jpg)
Holistic approach to Information Security
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 29[1] http://www.usfca.edu/its/about/policies/infosec/
Sophos AV
WSUS
Fac/Staff vs. Stu
Password reset
VLAN isolation / offsite backup
USFconnect
PAN NGFW
Infosec Policy; Secure file
destruction SOP [1]
Onecard
![Page 8: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/8.jpg)
Holistic approach to Information Security
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 28
1. Vulnerability: weakness or lack of countermeasure
2. Threat agent: entity that can exploit a vulnerability
3. Threat: is the danger of a threat agent exploiting a vulnerability
1. Risk: the probability of a threat agent exploiting a vulnerability, and the associated impact
2. Exposure: presence of a vulnerability, which exposes the organization to a threat
3. Safeguard: control that is put into place to reduce a risk; also called a countermeasure
![Page 9: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/9.jpg)
Holistic approach to Information Security
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 29
Attacker
Unsecured wireless* and HTTP** use
AIC
FireSheep
probability & what will result?
Use VPN
*WPA2
Facebook**
![Page 10: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/10.jpg)
Holistic approach to Information SecurityReference: CISSP All-in-One Exam Guide, 6th Edition, page 67
![Page 11: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/11.jpg)
Org structure and risk
Top-down Approach- security program should be implemented in a top down
approach- initiation, support, and direction come from top
management: middle management staff members- make sure the people actually responsible for protecting
the company’s assets (senior management) are driving the program.
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 63
![Page 12: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/12.jpg)
Org structure and risk
Bottom-up Approach- bottom-up approach refers to staff members (usually IT)
try to develop a security program without getting proper management support and direction.
- bottom-up approach is commonly less effective, not broad enough to address all security risks, and doomed to fail.
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 63
![Page 13: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/13.jpg)
USF ITS (Information Technology Services)
Reference: http://www.usfca.edu/its/about/staff/
![Page 14: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/14.jpg)
SCU IS (Information Services)
Reference: http://www.scu.edu/is/about/
![Page 15: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/15.jpg)
SCU IS (Information Services)
Reference: http://nakedsecurity.sophos.com/2011/11/16/fbi-investigates-santa-clara-university-hack-draft/http://www.mercurynews.com/breaking-news/ci_19334460
Santa Clara University: Hacker changed grades of 60 students
By Sean Webby and Lisa Fernandez Mercury NewsPosted: 11/14/2011
Santa Clara University's academic records database was recently hacked to improve the grades of more than 60 former and current undergraduate students, the university announced Monday.The university called in the FBI, which is assisting in the ongoing investigation, according to university officials. No arrests have been reported.
"We are taking it quite seriously," said Dennis Jacobs, Santa Clara's provost and vice president for academic affairs. "We are reviewing and enhancing all security measures to reduce the likelihood of any intrusion in the future.“
The FBI, in a written statement issued Monday, confirmed it is involved in the investigation. SCU officials said they were unaware of any other hacking incidents at the university. This one was particularly sophisticated, they said, and was only discovered when a former student came forward in August because she noticed a grade on her transcript was better than the one on a previously printed transcript.
![Page 16: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/16.jpg)
SANS Institute (System Administration, Networking, and Security Institute)
Reference: http://www.sans.org/reading-room/whitepapers/standards/organizational-information-security-scratch-guarantee-541?show=organizational-information-security-scratch-guarantee-541&cat=standards
Organizational Information Security from Scratch - A Guarantee for Doing It Right
The foundation for establishing the necessary protections and demonstrating the required diligence towards protecting your organization's proprietary information can be found in a security infrastructure that has been around in one form or another since the early 1990's. It provides a means to combine the technical protections(network firewalls, intrusion detection systems, traffic analyzers, etc.) with business processes (risk & vulnerability testing, information security policies and procedures, etc.) into an overall...
Copyright SANS Institute
![Page 17: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/17.jpg)
Executive Management
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 117
![Page 18: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/18.jpg)
CCSF Breach 2012; Accreditation loss 2014?
Reference: http://www.sfgate.com/education/article/Viruses-stole-City-College-of-S-F-data-for-years-2502338.php
http://www.sfexaminer.com/sanfrancisco/city-college-of-san-francisco-loses-accreditation-faces-closure/Content?oid=2496026
![Page 19: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/19.jpg)
The 8 Most Common Causes of Data Breaches (May 2013)
1) Weak and Stolen Credentials, a.k.a. Passwords
2) Back Doors, Application Vulnerabilities
3) Malware
4) Social Engineering
5) Too Many Permissions
6) Insider Threats
7) Physical Attacks
8) Improper Configuration, User Error
Reference: www.darkreading.com/attacks-breacheshttp://www.verizonenterprise.com/DBIR/2013/
![Page 20: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/20.jpg)
The 2013 Data Breach Investigations Report
Reference: http://www.verizonenterprise.com/DBIR/2013/ ;p.13 & 48
“…some organizations will be a target regardless of what they do, but most become a target because of what they do (or don’t do).” DBIR p.48
![Page 21: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/21.jpg)
The 2013 Data Breach Investigations Report
Reference: http://www.verizonenterprise.com/DBIR/2013/ ;p.48 & 49
![Page 22: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/22.jpg)
Threat Agents
Reference: CISSP All-in-One Exam Guide, 6th Edition, page 78
![Page 23: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/23.jpg)
Threat Agent - employee
Reference: http://www.sfexaminer.com/sanfrancisco/computer-containing-patient-data-stolen-from-ucsf-employees-car/Content?oid=2599830
Date of occurrence: 09/2013
![Page 24: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/24.jpg)
USF ITS Related Vulnerabilities > Threats
1. BYOD (ResHalls) > malware can spread
2. File Sharing > malware can spread
3. Admin Account Access > computer compromise
4. Immature Patch Management practices > Unpatched
machine > Vulnerable to attacks
5. Lack of required SETA > user error / social
engineering
![Page 25: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/25.jpg)
USF ITS Related Countermeasures
1. Palo Alto Networks NGFW2. Network Access Control3. Sophos Antivirus Security and Control4. QualysGuard Vulnerability Management5. Center for Information Security (Sec. benchmarks)6. Security Education Training Awareness (SETA)
![Page 26: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/26.jpg)
1) Palo Alto Networks NGFW
Firewall Overview:
The Palo Alto Networks firewall allows you to specify security policies based on accurate identification of each application seeking access to your network.
Unlike traditional firewalls that identify applications only by protocol and port number, this firewall uses packet inspection and a library of application signatures to distinguish between applications that have the same protocol and port, and to identify potentially malicious applications that use non-standard ports.
For example, you can define security policies for specific applications, rather than rely on a single policy for all port 80 connections. For each identified application, you can specify a security policy to block or allow traffic based on the source and destination zones and addresses (IPv4 and IPv6). Each security policy can also specify security profiles to protect against viruses, spyware, and other threats.
![Page 27: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/27.jpg)
PA NGFW top 25 Threats: 9/27/13 to 10/04/13
![Page 28: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/28.jpg)
PA NGFW top 25 Threats (zoom): 9/27/13 to 10/04/13
![Page 29: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/29.jpg)
PA NGFW Top Threats #1: Sipvicious.Gen User-Agent Traffic
![Page 30: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/30.jpg)
PA NGFW Top Threats #2: Microsoft SQL Server Stack Overflow Vulnerability
![Page 31: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/31.jpg)
PA NGFW top 25 Viruses: 9/27/13 to 10/04/13
![Page 32: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/32.jpg)
PA NGFW top 25 Viruses (zoom): 9/27/13 to 10/04/13
![Page 33: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/33.jpg)
PA NGFW top Viruses #1: Virus/Win32.WGeneric.jllt
![Page 34: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/34.jpg)
PA NGFW top Viruses #2: Virus/Win32.WGeneric.jisp
![Page 35: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/35.jpg)
PA NGFW: Wildfire
The file "GTA - The Crowd (Original Mix) [GodsPlaylist].exe" is uploaded from firewall PA-5050a at 2013-10-07 17:25:12.URL: rt2.download-faster.net/smart-download/5300013/bdl1=7062220User: unknownApplication: web-browsingSource IP/Port:95.211.109.141/80Destination IP/Port: **********/48280Device S/N: 0009C101640
This sample is malware
Here is the summary of the sample's behaviors:-Created or modified files-Modified Windows registries-Downloaded executable files-Changed security settings of Internet Explorer-Visited a malware domain-Changed the proxy settings for Internet Explorer-Modified the network connections setting for Internet Explorer-Attempted to sleep for a long period
![Page 36: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/36.jpg)
PA NGFW: Wildfire full report
![Page 37: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/37.jpg)
PA NGFW: Wildfire full report
![Page 38: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/38.jpg)
PA NGFW: Wildfire full report
![Page 39: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/39.jpg)
PA NGFW: Wildfire full report
![Page 40: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/40.jpg)
PA NGFW: Wildfire full report
![Page 41: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/41.jpg)
PA NGFW: Wildfire leverages VirusTotal
https://www.virustotal.com/
![Page 42: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/42.jpg)
2) Network Access Control – posture assessment / compliance
Reference:http://www.usfca.edu/its/help/studentcomputing/rooms/http://www.usfca.edu/its/help/studentcomputing/nac/
![Page 43: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/43.jpg)
Network Access Control – posture assessment / compliance
![Page 44: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/44.jpg)
3) Sophos Antivirus Security and Control
![Page 45: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/45.jpg)
Sophos AV: Admin dashboard10/04/13
![Page 46: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/46.jpg)
Sophos AV: Admin dashboard 10/04/13
![Page 47: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/47.jpg)
Sophos AV: Admin dashboard 10/04/13
![Page 48: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/48.jpg)
Sophos AV: Admin dashboard 10/04/13
Reference: https://secure2.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PDFJS-WD/detailed-analysis.aspx
![Page 49: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/49.jpg)
Sophos AV: Admin dashboard 10/04/13
![Page 50: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/50.jpg)
Sophos AV: Admin dashboard 10/04/13
Reference: https://secure2.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Conficker-A/detailed-analysis.aspx
![Page 51: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/51.jpg)
4) QualysGuard Vulnerability Management:Admin dashboard 10/4/13
![Page 52: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/52.jpg)
QualysGuard Vulnerability Management: now/then
Summary of discovered Vulnerabilities (Trend)
Severity 5 "Urgent" : 8 (-1)Severity 4 "Critical" : 65 (-3)Severity 3 "Serious" : 440 (-1)Severity 2 "Medium" : 1361 (-3)Severity 1 "Minimal" : 150 (=)
Total : 2024
Summary of discovered Vulnerabilities (Trend)
Severity 5 "Urgent" : 100 (0,1,99,0)Severity 4 "Critical" : 195 (0,0,195,0)Severity 3 "Serious" : 1283 (7,13,1263,-6)Severity 2 "Medium" : 1585 (13,14,1558,-9)Severity 1 "Minimal" : 124 (4,0,120,-24)
Total : 3287
Vulnerability Trend Status: (NEW,REOPENED,ACTIVE,-CLOSED) processed for this scan(note that TOTAL = NEW + REOPENED + ACTIVE for this scan, with CLOSED already fixed)
![Page 53: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/53.jpg)
QualysGuard Vulnerability Management: now/then
Date: 09/2010
Summary of discovered Vulnerabilities (Trend)
Severity 5 "Urgent" : 8 (-1)Severity 4 "Critical" : 65 (-3)Severity 3 "Serious" : 440 (-1)Severity 2 "Medium" : 1361 (-3)Severity 1 "Minimal" : 150 (=)
Total : 2024
Date: 09/2013
Summary of discovered Vulnerabilities (Trend)
Severity 5 "Urgent" : 100 (0,1,99,0)Severity 4 "Critical" : 195 (0,0,195,0)Severity 3 "Serious" : 1283 (7,13,1263,-6)Severity 2 "Medium" : 1585 (13,14,1558,-9)Severity 1 "Minimal" : 124 (4,0,120,-24)
Total : 3287
Vulnerability Trend Status: (NEW,REOPENED,ACTIVE,-CLOSED) processed for this scan(note that TOTAL = NEW + REOPENED + ACTIVE for this scan, with CLOSED already fixed)
![Page 54: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/54.jpg)
5) Center for Information Security
http://benchmarks.cisecurity.org/membership/
![Page 55: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/55.jpg)
Center for Information Security – create account
![Page 56: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/56.jpg)
Center for Information Security – CIS-CAT
![Page 57: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/57.jpg)
Center for Information Security – CIS-CAT
![Page 58: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/58.jpg)
Center for Information Security – CIS-CAT
![Page 59: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/59.jpg)
6) Security Education Training Awareness (SETA)
Reference: http://www.usfca.edu/its/security/seta/
![Page 60: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/60.jpg)
6a) SETA - PhishMe
Reference: http://www.usfca.edu/its/security/seta/phishme//
![Page 61: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/61.jpg)
SETA - PhishMe
Reference: http://www.usfca.edu/its/security/seta/phishme//
![Page 62: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/62.jpg)
SETA - PhishMe
![Page 63: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/63.jpg)
SETA - PhishMe
![Page 64: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/64.jpg)
6b) SETA – STH (Securing The Human)
![Page 65: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/65.jpg)
SETA – STH (Securing The Human)
![Page 66: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/66.jpg)
Summary: USF ITS Related Countermeasures
1. Palo Alto Networks NGFW: IPS/malware protection NETWORK
2. Network Access Control: endpoint protection (posture compliance)
3. Sophos Antivirus Security and Control: system & endpoint protection
4. QualysGuard Vulnerability Management: system & endpoint assessment
5. Center for Information Security (Sec. benchmarks):system & endpoint assessment
6. Security Education Training Awareness (SETA): ongoing enduser training
![Page 67: Information Security at USF: threats (attacks), vulnerabilities ...ejung/courses/683/lectures/InfoSecUSF.pdf · Holistic approach to Information Security Reference: CISSP All-in-One](https://reader034.fdocuments.in/reader034/viewer/2022043003/5f844f805b28e91ac71dfc26/html5/thumbnails/67.jpg)
Questions / Discussion