Transcript Management Network Security

IT Security Assurance
Management of Network and
User Behavior
Budi Rahardjo
INDOCISC - ID-CERT
[email protected] - [email protected]
http://budi.insan.co.id
Holistic approach
PEOPLE
PROCESS
TECHNOLOGY
• awareness, skill
• ...
• security as part of
business process
• ...
• implementation
• ...
2
Topology of Security Holes
ISP
Sniffed
flood
spoof
Security Holes
1.
2.
3.
Internet
Sniffed
flood
spoof
user
Network
OS
Apps. / database
Sniffed
flood
spoof
Web Site
Virus,
Trojan horse
Userid, Password,
PIN, credit card #
www.bank.co.id
- Applications
(database,
Web server)
attacked
-OS attacked
3
Why Network Security?
• More companies are connected to the
Internet
• More attacks are peformed over
network. No physical boundary
• Question:
– how to manage network security?
– Can it detect anomalous behaviors?
4
Rule of thumb: layered protection
an example
IDS
detect
intrusions
Customer
(with authentication device)
core
banking
applications
Internet
Firewal
protect access
to web server
Web server(s)
Internet
banking
Firewall
protect access gateway
to SQL
5
Management Tools
• There are plethora of security
management tools, but are
– not integrated
– still difficult to use
– still at their infancy stage
• But it’s better than nothing, so use the
tools!
6
People
• Threats are coming from
– Outside
– Inside
1999 CSI/FBI Computer Crime Survey
Disgruntled workers
Independent hackers
US Competitors
Foreign corp
Forign gov.
86%
74%
53%
30%
21%
7
People
• There must be a “security culture” from
top to bottom
– CEO, C*
–…
– even janitor!
• Awareness is
important
8
Everybody must know the DOs
and the DON’Ts
• DO
– Change password regularly
–…
• DON’T
– Share password
–…
• This is part of policy and procedures
9
Incident Response Team
• There should be an IRT in the company
– Handles incidents
– Users know that they are responsible for
their behaviors
– Provides security trends in the company to
executives
– Q: Where should IRT report to?
10
Still missing in this slides ...
• Process
– Company’s business process?
– Policy & procedures?
11
Concluding Remarks
• Security is a
continuous
process
• Manage
your network
and users
SECURITY
LIFECYCLE
12