Transcript Slide 1

Cross Security Group
Presented by: Thomas Carrozza
Senior Systems Engineer
Agenda
•
•
•
•
Business Drivers
Threat Overview
Cross Service Offerings
Wrap Up / Questions
Security Business Drivers
Voice and Data are now applications
running on 1 network; this is
convergence.
Your Network
“Is it safe? Is it secure?”
Security Business Drivers
Ultimately, what are we protecting?
Information
Predators
Security Business Drivers
• Viruses/worms/hackers have caused more than $55 Billion in
damages in the last 12 months
• Federal and State Laws/Regulations Pose Financial and
Personal Risk
– HIPAA (Health Care)
– SOX (Financial Governance)
– Gramm-Leach-Blilely- GLBA (Information Security)
• Human Error- Data Theft or Lost Data as a Result of Human
Error
– Dept of Veterans Affairs- Recently lost names, social security numbers,
and dates of birth for up to 26.5 million Veterans
• VoIP Deployment has opened up additional holes into the data
network
• Wireless Network Deployments have blurred the definition of
“Perimeter”
Threats—Total Overload
Denial of Service
DoS Attacks Up 50%
Day Zero Attacks
Day Zero Attacks–
Increasing in Speed,
Sophistication and Level
of Stealth
Policy and Human Error
AFP Published Photo
after Katrina- leading
to immediate Credit
Card Theft
Phishing
Phishing Increased 39% in
Last 6 Months
Extortion
Wireless and Mobility
•
•
•
•
Wardriving
– Laptop/GPS and software to
discover open 802.11 networks
Warwalking
– iPAQ/GPS and software
Warchalking
– Symbols indicates wireless
settings to others
Rogue Access Points
Security Threats
•
•
•
•
•
Toll Fraud
Viruses/Worms
Hackers
Espionage
Denial of Service
(DOS)
• Man in the Middle
•
•
•
•
•
•
•
Extortion
PDA Theft
Podslurping
Bluetooth Access
Wireless Bleed Over
Rogue Modem Usage
IP Packet Hi-Jacking
Cross Security Group (CSG)
• To help our customers address these
security concerns, Cross has formed the
Cross Security Group (CSG).
• Cross’ Core Offerings are:
– Security Jumpstart
– Converged Network Security Assessment
– Network Security Consulting
Security Jumpstart
• Security Jumpstart is an assessment of the External
Network that identifies and prioritizes vulnerabilities
• Customers receive:
–
–
–
–
–
–
–
Executive Report of Network Security
Top 10 Threats to the Network Report
Threat Matrix of Vulnerabilities
Web Intelligence Report
Full Technical Report
Current Network Map
Outbriefing of the State of Security on Your Network
• Performed Remotely- Price: $2,000. Onsite
available upon request for added cost.
Converged Network
Security Assessments (CNSA)
• CNSA is a holistic assessment focusing on both the
voice and the data network, in order to expose any
security associated with a converged network.
• The assessment covers:
– External Security Assessment
– Internal Security Assessment
– Wireless Assessment
– Bluetooth Assessment
– Rogue Modem Assessment
– IDS Assessment
– SAN’s Assessment
– VoIP Assessment
– Penetration Testing
Cross Security Team
• Chief Security Officer—Joseph Seanor
–
–
–
–
–
–
–
10 years Central Intelligence Agency, CIC/CNC
Department of Justice Telecom Security Staff
Private Investigator for 14 years
7 years America Online’s Senior Investigator
Learning Tree Instructor on: IDS, Firewalls, Windows Security.
Author of 6 books on computer and crime
7th book out “The Black Book on Corporate Security” -Converged Network Security
– Avaya Security Managing Consultant 3 years
– CBS radio national correspondent
– 2 patents pending
Cross Security Team
• Security Analyst
–
–
–
–
Security Consultant Avaya
DISA Network Consultant
America Online Network Security engineer
Software programmer
• Developed software for DOD, to be reviewed by NSA
• Developed Kerberos software for AOL
– NSA IAM certified
• Certified Security Engineers
–
–
–
–
–
CCIE- Security
CISSPs
CCSPs
Global Information Assurance Certifications (GIAC)
Government Clearance
Always Ask
Your Network
“Is it safe? Is it secure?”
Questions?
www.crosstelecom.com