The Information Security Jigsaw The Technical Elements
Download
Report
Transcript The Information Security Jigsaw The Technical Elements
The Information Security Jigsaw
The Technical perspective
John Carr
Senior Manager Information Security
Cap Gemini Ernst & Young
What kind of jigsaw?
Procedural Security
Technical Security
Security Operations
Risk Management
Physical &
Personnel Security
Content
•
•
•
•
•
•
•
Introduction
Why its so important
The risks
Is it for real?
What happens if it goes wrong
The Solutions on offer
Conclusions
Introduction
• Security is now in the forefront of corporate
planning and management
• No sectors can exclude themselves now
• Need to communicate means proliferation
of external connectivity on a global scale
• Greater need to establish the risks
• Need for a mix of solutions - this is the
technical component!
Why Security is so important
• Security is a key business enabler, particularly in e-space
• All enterprises are at risk to and this is increasing
• Business change can be a dangerous venture without
considering security risks
• Public facing organisations require evidence of due
diligence
• If there are problems people will find out
• Management accountability is high, so is peace of mind
• Preventing problems is cheaper than fixing them or
recovering from them
The Risks (1)
• Risks to the network
– Threats - Hacking, Leakage, DOS, Malicious
Code, Misuse of Resources, Abuse
– Vulnerabilities (weaknesses in O/S protocols,
degree of resistance to attack)
– Impacts (frauds, modification)
– Privacy issues (browsing, cookies, logs)
• Use of Wireless LANs
The Risks (2)
• Risks of connecting with other peoples
networks
– You have no Control; Back doors to hostile
environments; Different architectures; Difficulties in
securing the links.
• Other Risks
–
–
–
–
Human errors
Other theft
Sabotage
Environmental failure
Is it for Real?
In the News
•
•
•
•
•
The White House
Marks & Spencer
Barclays On-line
Amazon (Privacy)
Consumers Association
(Which)
• Yahoo
• Norwich Union
Case Studies
• City Financial Institution
– The virus attack from hell !
• Global Media Corporation
– All comms traffic through a
single multiplexor without
access control !
• Global Automotive Co.
– What do you mean this
technical architecture won’t
work - its costing us ££ !
Is it for Real?
An infection occurred despite tight anti-virus controls,
multiple products & platforms, strong management and a
strict culture
Yet a virus still got in and infected 30 odd PCs internally
before clean up
Thankfully, one of their exiting gateways picked it up and
stripped it out of approximately 100 mails bound for
clients, business associates etc etc. Phew!!!!!!
But it put a note to that effect in the message! ARRGGH!!
• The cause of the problem?
Real Events do Happen!
• Use of Web based mail hosts
• Use of Web based mail hosts which don’t
scan for viruses either coming in or going
out
• Use of Web based mail hosts that use SSL
to encrypt the session!
• So the incoming checker couldn’t identify
the virus!
What Happens if it goes wrong?
• If your information is corrupted, you can’t do billing or
other financial work
• If bill presentment was compromised then key customers
could be lost
• If your information is out of date or inaccurate you may
injure individuals or mislead clients
• If your information is disclosed without authority you
could face legal or regulatory penalties
• If you contract a network virus, you may have to close
your entire network and be almost unable to operate
• If your systems fail then you can’t do business transactions
• IF YOU DON’T PROTECT YOURSELF YOU MAY
NOT HAVE ANYTHING LEFT TO PROTECT
Solutions!
•
•
•
•
•
•
•
•
Anti Virus Regimes
Intrusion Detection Systems
Artificial intelligence
Use of trusted products & services
Audit collection, analysis and interpretation
Firewalls & routers
PKI???
Wireless LANs…………...
Anti-Virus regimes
•
•
•
•
•
•
Scanners are not enough on their own
Function specific and different
Culture need
Update capabilities
Holistic software
AI??
Intrusion Detection Systems
•
•
•
•
•
•
Perimeter monitoring
System tools
Interception
Intrusion alert
Configuration critical
Overheads
Artificial intelligence!
• Is here now!
• Systems to detect irregular patterns in
system activity
• Machine created profile/footprint
• Alert capability
• Not able yet to detect right and wrong
Trusted Products
• Old Orange book from US
• UK ITSEC for government
• Common Criteria now for EU, US Canada,
Australia etc.
• Kite Mark equivalent for anti-virus s/w
• Commercial schemes?
Audit
•
•
•
•
Collection capabilities long standing
Real time monitoring and alert possible
Analysis tools available
Tight regimes are labour or machine
intensive
• Need for interpretation (AI??)
Firewalls & Routers
•
•
•
•
•
•
Network protection
Filtering capabilities
Intelligent routers
Positioning
Configuration
Degree of trust
PKI
• The great saviour?
• Digital Certificates - authentication OK but
alternatives exist
• Digital Signatures - trust, assurance OK
• Encryption - confidentiality - not really!
• Too costly to implement and manage
• Uncertain future
Wireless LAN’s
• The great issue at the moment.
• How to secure something that does not lend
itself to security?
• Short range repeaters
• Screening - Ugh!!!
• Back door bolted
• MAC Address filtering
Conclusions
• There are many technical risks and they are
increasing and evolving.
• There are solutions but not panaceas
• You can only defend against that which you
know
• Technical security is not enough on its own
• The future is uncertain - we can only do our
best but it must be the best!