The New RiskMetrics Group Brand - University of...

Risk Management

Workstation Security

As Implemented for the Risk Management Business Unit

3/28/13

PresenterSam Cook, Danny Fielder, Zach Grimmett

www.riskmetrics.com 2Risk Management

Welcome to RiskMetrics

You have been chosen to join the RiskMetrics Group family.

You have been given an extraordinary opportunity to

change the world and better mankind.

But before you get to work, some things you should know...


Us vs. World

The world is cruelWe are under constant attack


The Threats

Enemy elements target our information

They will employ spies...

and hackers...

with all kinds of tools.


Your Role

You are inexperienced in information warfare...

but by the end of your training, you will be our first line of defense.


The Workstation

A workstation is any device that allows a user (you) to interact with data

Obvious ones likeYour computer or laptop

Your smartphone

Less obviousPrinterCopier

Fax Machine


Securing the Workstation

Check your workstation surroundingsMake sure your cables are in safe places, don't trip over them

Plug all devices into a surge protector... to protect them from power surges

Surge protector - good

Cable spaghetti - bad

Don't put your computer on top of, or under, a heating vent

Ensure that your computer has adequate space for ventilationFire is bad


Some Statistics

According to the 2011 Verizon Breach Report98% of recorded data breaches were caused by an external agent

81% used some form of hacking

69% used some form of malware

10% of breaches were physical attacks

7% of breaches utilized social engineering

97% of all breaches could have been prevented by simple measures


Physical Security

Physical attacks make up 10% of breaches

A few simple guidelines can reduce that risk substantiallyMake sure your monitor isn't easily visible from the door

Anyone who walks past can easily see anything you're working on

This is important not only to help prevent physical attacks, but also to be compliant with Federal security guidelines

Use strong passwords8 characters minimum 1234 – bad... bad bad bad

At least one number character abcdefgh - badMix upper and lower case abcdefg1 – bad

At least one special character Abcdefg1 - badNo dictionary words or proper nouns Dog?123 - bad

No personally identifiable information Wife6/3/98 - badNo common patterns zH#7&Jn9 - good

No repeat passwords


Physical Security (cont)

Printers, faxes, copiers, and trash cans are rich sources of information

If you print something, go get it immediatelydo not leave a document unattended, it can easily be taken

Do not leave documents in the copier

Retrieve your faxes immediately

Lock your computer when you leave

Shred any documents you no longer need

These simple steps can eliminate most physical attacks


Malware

Malware is the most common attack vector (69%)

There are many forms of malware, but the most common are: Viruses

Worms Trojans

Malicious Mobile Code


Virus

A computer virus is similar to a biological virus

A virus self replicates by inserting copies of itself into host files

Viruses are often triggered by opening infected host files

SubcategoriesCompiled Virus: works in the system OS to infect programs or boot sectors

Interpreted Virus: works in applications to infect files or scripts used by the OS


Worms

A worm is similar to a virus

Both are self replicating

Worms are self contained, they do not need host files

SubcategoriesNetwork Worms: uses a network vulnerability to infect all connected systems

Mailing Worm: travels via e-mail, infects any computer that downloads it


Trojans

Trojans are self contained non-replicating programs

Trojans often mimic other harmless programs

Trojans contain a covert malicious payload

Trojans can create a new program or replace an existing program

Trojans are often used to deliver several attacker tools to a system


Malicious Mobile Code

MMC is malicious software that is transmitted from a remote host and

executed without the users permission.

Java is a popular language for MMC, but there are othersJava advertises, “Over 3 billion devices run Java.”

MMC can exist in advertisements on websites

MMC is a delivery vector for other attacker tools


Delivery Vectors

Malware is usually an attack of opportunity

The most common delivery methods are

Untrusted websitesMay contain MMC

Untrusted e-mailMay contain viruses or worms

Untrusted downloadsMay contain viruses, worms, or be a trojan


Malware Prevention

Understanding malware is key to preventing malware infection

You may have noticed a common theme in the last slideUntrusted sources may contain malware

To combat this, here are some simple guidelinesIf something feels suspicious, trust that feeling and leave it alone

That random e-mail from somebody you've never heard ofIf it wasn't expected and isn't work related, delete it

If it is work related or you just can't resist, open it in a safe environment

That website with some new hot song free to downloadThis is a trap. Do. Not. Go. There.

This e-mail from a friend with the zip file full of cute cuddly kittens!Call your friend, did they send this intentionally?Open it in a safe environment, just to be sure.


Anti-virus is Your Friend

Anti-virus software scans every file, e-mail, and website you use

It checks those against a list of known malicious code segments

If it finds a match, it will tell you

All work computers and laptops must have up-to-date anti-virusDo not ignore that flashing icon in the corner, update often

The anti-virus must be runningDo not turn it off, no matter how annoying it gets

Listen to the anti-virusWhen it says an e-mail or website is infected, do not open them

The anti-virus is trying to protect you, and the company, from malware


Anti-virus Limitations

Anti-virus software does not prevent virusesOpening a file against the anti-virus warning may give you malware

Anti-virus software does not remove malwareIf you do become infected, the anti-virus cannot fix it

Anti-virus is only a warning system, malware prevention relies on you


Virtualization: a Safe Environment

Virtualization is a wonderful tool for security

A section of memory can be partitioned off from the rest

A virtual copy of the OS can be created in this partitionMalware infection within this virtual OS can be easily purged

Malware on the partition cannot access any external data


Virtualization as Workspace

Virtualization can be used to run multiple OS on a single computer

A company can keep a master OS on a secure serverEmployees can work in a virtual clone of this master OS


Storage Encryption

No system is ever 100% secure

Encryption ensures the security of data even if it is stolenEncryption is a methodical way to scramble information

Scrambled information is unreadable and useless

Certain encryption methods are virtually impossible to break


Encryption (cont)

Encryption can be performed on any size volume: 1 file – entire disk

Encryption can be unlocked with a password, make it strong

Any time a system is shared or data is transferred, encryption is goodEven if all precautions are taken, breaches still occur

Encryption is your safety net, the last line of defense if all else fails


BIOS

The BIOS is the first piece of operational software when a system boots

It sets up everything that is to follow

Don't change the BIOS

If the BIOS is compromised, the entire system is compromised

Physical attackers can replace an existing BIOS with a malicious BIOSThe physical security guidelines outlined before will help prevent this

Some malware targets the BIOSThe malware security guidelines outlined before will help prevent this


Summary

Make sure your workstation is physically secure

Use strong passwords but don't repeat them

Be alert for malware and use the anti-virus

Use virtualization and encryption for added security

Protect your BIOS

A strong defense is our only weapon against attackers

The New RiskMetrics Group Brand - University of...

Documents

Transcript of The New RiskMetrics Group Brand - University of...