Mainline How Secure Are You K12 Security Preseo Rev 1
Download
Report
Transcript Mainline How Secure Are You K12 Security Preseo Rev 1
How Secure Are You?
• Security Concerns
• Questions to ask Yourself
• Approaches to Consider
Presented By – Wayne T Work Sr. CISSP
Senior Security Engineering Consultant
and Security Services Practice Manager
Mainline Information Systems
Security Solutions Group
October 15, 2009
Agenda
1. Mainline Information Systems
2. K – 12 Security Concerns
3. Questions to ask yourself
4. Approaches to Consider
5. Overview of Mainline’s Security
Practice
6. Open Discussion
Mainline Information Systems
• Founded in 1989
•
•
•
•
•
•
•
•
•
IBM Premiere BP
IBM ISS Partner of the Year 2008
IBM Beacon Award for Security 2009
First National VMware Partner
Cisco’s 2008 Customer Satisfaction
Excellence BP Growth Award
Wyse 2008 Visionary Partner of the Year
Client Centric Team – Solution Specialist + Customer Care + Brand
Specialist + Techline
We sell hardware, software and services
98% Customer Satisfaction
Mainline Solution Focus
I/T Optimization
(Virtualization,
Consolidation)
Business
Continuity/
Disaster Recovery
I/T Modernization
Security
Systems & Data
Management
Network
Optimization &
Management
ISV & Industry
Solutions
I/T Asset
Management
Utilization
Assessments
Risk
Assessment
Studies
IBM Servers
Threat Mgmt
Tivoli Storage
Management
Network
Assessment &
Design
SAP
OnDemand Utility
Computing
Desktop
Consolidation
(Virtual Client)
Continuous
Data Protection
(InMage, Vision,
FalconStor)
IBM Storage
Compliance
Tivoli Monitoring
Network
Infrastructure
(Cisco)
BI/ SAS
Financing
VMware (xSeries)
Mainline
Disaster
Recovery
Capacity Planning
& Analysis
Identity Mgmt
IBM Information
Management
Network
Connectivity
(AT&T Circuits)
Brokerage
LPAR (Power &
zSeries)
High Availability
(HACMP, P/S,
Mimix, iTera,
Double-Take)
Migration Services
Data Security)
Data Warehousing
& Business
Intelligence
Data Center
Network
Portfolio
Management
Voice over IP
Maintenance
Contract Mgmt
Storage
Virtualization (SAN
SVC)
Virtual Tape Server
(VTS)
Green (energy
efficient data ctr)
Desktop
Recovery
(Persystent)
IBM BCRS
Digital Video
Security
Content
Management
Computer
Recycling
Disk & Tape
Encryption
Multivendor
Maintenance
ID and Access
Management*
Solution Architecture, Design & Implementation Services | Managed Operations | Hosting | Ongoing Technical Support
Wayne Work, CISSP
• Senior Information Security Solution Engineer - Mainline Information
Systems
Certified Information Security Professional (CISSP)
Most recently held the position of the Director, Information Security,
Architecture and Standards for New England’s largest bank with assets in
excess of 23 billion and over 300 locations prior to joining Mainline
Information Systems Inc
30+ years of in-depth computer based electronic systems maintenance and
complex major systems development within the DOD, DOE, DOT and
private industry
1. K – 12 Security Concerns
CIA Triad
Confidentiality
Integrity
Availability
K - 12 Security Concerns
•
•
•
•
•
•
•
•
Student Safety
Data Protection
Resource Misuse Prevention
Network and Applications Availability
Solution Affordability
Solution Longevity
Transparency
Operational ease / automation
The Issues
• Rapid Advancements in Technological
–
–
–
–
Progress
New Frontier
Uncontrollable change
Opportunistic times
• Availability of Hacking Tools
– Open Source
– Free Demo Software
– The Internet
• Current World Events Effecting Everybody
– Economy meltdown challenges
– WAR times
Laws Effecting Children in Schools
• Children's Online Privacy Protection Act of 1998 (COPPA)
– applies to the online collection of personal information by persons or entities
under U.S. jurisdiction from children under 13 years of age
• Children's Internet Protection Act (CIPA) 2000 – CIPA
requires schools and libraries using E-Rate discounts to operate "a technology
protection measure with respect to any of its computers with Internet access that
protects against access through such computers to visual depictions that are
obscene, child pornography, or harmful to minors..." Such a technology protection
measure must be employed "during any use of such computers by minors." The law
also provides that the library "may disable the technology protection measure
concerned, during use by an adult, to enable access for bona fide research or other
lawful purpose." Libraries that do not receive E-Rate discounts do not have any
obligation to filter under CIPA.
Actions required of any Educational IT Infrastructure to ensure
that is practicing due care:
• Establishing adequate physical and logical access controls
• Establishing adequate telecommunications security, which
could require encryption
• Performing proper information, application, and hardware
backups
• Maintaining disaster recovery and business continuity plans
and testing them
• Informing staff properly of expected behavior and
ramifications of not following expectations
• Developing a security policy, standards, procedures, and
guidelines
• Performing security-awareness training of students and staff
Actions required of any Educational IT Infrastructure to ensure
that is practicing due care: (Cont’)
• Running updated antivirus software
• Performing penetration tests periodically from outside and
inside the network
• Implementing measures that ensure that software piracy is
not taking place
• Ensuring that proper auditing and review of those audit logs
are taking place
• Conducting background checks on potential staff and
teachers
• Each organization could have different requirements when it
comes to this list of due care responsibilities
Understanding the Problems
1. Volume, Volume, Volume
2. Social Engineering and User Behavior
3. What’s on that Web Page
4. Malware Defeats Anti-Virus Signatures
5. Web Servers Vulnerable
Volume, Volume, Volume
More Spam and More Spammers
Catch Rates Must Increase Just to Stay Even…
Average Simultaneous Compromised
Hosts (thousands)
Average # Compromised Hosts
500
Average Daily Spam Volume
Average Daily Spam Volume (billions)
More Spam
• Daily spam volume doubles yearly
• Reaching 180 billion spam
messages per day
180
160
140
120
100
80
60
40
20
0
Q1'07
450
Q2'07
Q3'07
Q4'07
Q1'08
Q2'08
Q3'08
Q4'08
Calendar Quarter Period
400
350
300
More Spammers
250
200
• More Spammers with Botnet
compromised hosts sending spam
150
100
50
0
Q1'07
Q2'07
Q3'07
Q4'07
Q1'08
Q2'08
Calendar Quarter Period
Q3'08
Q4'08
• Malware sophistication increasing
Hackers can make more money by engaging
(tricking) the user
Social Engineering: Current Events
BOTSITE
If Infected, Fake Scan Recommends “Removal”
“Antivirus XP has found 2794
threats. It is recommended to
proceed with removal”
Malware Distribution Vectors
Web Social Engineering
Anti-Spyware Due Diligence
Web Redirection
• Browse spamvertized domain
–kxbkhs.lztalsole.com
• What website do you see?
–r2.rx-shop.biz
–“Pharma Shop”
• Web site redirection
Other Issues
URL and URL obfuscation
DNS and hosts file
http://kxbkhs.lztalsole.com/
GET / HTTP/1.1
Host: kxbkhs.lztalsole.com
>> HTTP/1.x 302 Moved Temporarily
>> Location: http://r2.rx-shop.biz
-----------------------------------------------http://r2.rx-shop.biz/images/bot_01.gif
GET /images/bot_01.gif HTTP/1.1
Host: r2.rx-shop.biz
>> HTTP/1.x 200 OK
Malware Is on the Rise
# of unique Malware samples in 2006: 972K
# of unique Malware samples in 2007: 5.5M
500% increase in 12 Months
Virus Sophistication Beats AV
• 182 virus tools at VX Heavens website vx.netlux.org
–Example: NGVCK (Next Generation Virus Creation Kit)
• Poly/Metamorphic tools create random variants
• Viruses download fresh copy every 24 hours
• Viruses use buddy program to reinstall virus if
disinfected
Web servers and browsers
are the easiest targets for
hacks.
Most confidential
information is passed through
the browser (client)
Even though the browser
(client) is patched, many
browser “add-ons” are
insecure
DLP Pressures Continue to Grow
Increasing
Reports of
Data Loss
Email Leakage Is
Dominant Issue
New Laws
Driving New
Requirements
Biggest worry is still about internal threats...
• Malicious/disgruntled employees or teachers: terminated
employees may wish to do damage to the network because of a
grievance they have against the company or school system.
• Unintentional breaches: students put the network at risk by
installing unauthorized software, opening virus-infected email
attachments, succumbing to social engineering attacks, etc.
FACT: THERE ARE MORE EXTERNAL SECURITY BREACHES,
BUT INTERNAL BREACHES ARE FAR MORE DAMAGING.
The Balancing Act of Security: Risk Management
ABSOLUTE SECURITY
ABSOLUTE ACCESS
• Machine unplugged
• Machine always
from network
available
• Locked in a safe
• Thrown at bottom of
?
• No authorization required
• No passwords required
ocean
…neither is practical
Why is Information Security so
Important to Educational Institutions?
• The most effective and current way we teach/educate our
youth
• Organizations are becoming more and more dependent on
their information systems
• Much of the value of a business is concentrated in the value of
its information. Information is the basis of competitive
advantage
• The public is increasingly concerned about the proper use of
information, particularly personal data
• The threats to and vectors for exploitation of information
systems are more available to criminals and terrorists
What is Information Security?
Security is not a PRODUCT:
Security is a PROCESS:
The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong
cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work
together. “
- Bruce Schneier
Multi-Layered Malware Defense
Protection Against Today’s Threats
Layer 4 Traffic
Monitor
Web Reputation
Filters
Dynamic Vectoring
and Streaming
Engine
Detects
Blocks 70% of Blocks malware
based on deep
malicious botnet
known and
content analysis
traffic across all
unknown
ports
malware traffic
at connection
time
Enterprise Defense-in-Depth
“Layering” security for multiple levels of defense
Steps in Establishing a Secure Enterprise
1. Evaluate security risks
◘
◘
◘
Internal
External
Web
2. Identify existing gaps
◘
◘
Security exposures
Hardware, software,
administrative inefficiencies
3. Assess security requirements
◘
Spell out security goals
◘
Establish rules of Governance
2. Overview of Mainline’s Security Practice
Mainline Security Solutions Group….
a total security solutions provider
Infrastructure
Security
Email/Web
Security
Products
Hardware, Software,
Appliances
Identity &
Access Mgt.
Data Leakage
Protection
Web and
Application
Security
Regulatory
Compliance
etc.
Managed
Services
Professional
Services
Solutions for all security needs
Security Approach
• Vulnerability Management
(Reactive)
– Identify and fix
vulnerabilities
• Risk Management
(Proactive)
– Identify and manage
overall Risk
Solutions from Perimeter to Core
Provide risk management, security
governance and regulatory compliance
Enable widespread
electronic collaboration
while protecting data at
rest, in motion, in use
and at the endpoint
Provide an integrated
video surveillance and
security solution that can
include industry-standard
components
Governance
Data security
Threat mitigation
Physical security
Identity and access
management
Security Solutions
Provide on-demand
protection to stay
ahead of emerging
threats
Provide clients
with planning and
implementation of
identity and access
management needs
Security Across the Enterprise IT Landscape
Pre-emptive Security Products
•
IBM Proventia® Management
Site Protector
•
Proventia Network
–
–
–
–
•
•
•
Intrusion prevention
Vulnerability management
(Enterprise Scanner)
Multi-function security
Mail security
Proventia Server
–
Server protection
RealSecure Server Sensor
–
Windows, Solaris, HP-UX, AIX,
Linux
Proventia Desktop
–
End-point protection
Managed Security Services Offerings
Managed Protection Services
Offers the most comprehensive
protection services for networks,
servers, and desktops, featuring the
industry's only money-back cash
payment.
Managed and Monitored
Firewall Services
Offers 24/7/365 expert daily
management of a variety of firewall
platforms.
Managed IDS / IPS Services
Provides 24/7/365 monitoring,
intrusion detection, and prevention,
as well as incident response services
for networks and servers.
Vulnerability Management
Service
Performs regularly-scheduled, automated
scans of internal and external devices for
hundreds of known security vulnerabilities.
Security Event and Log
Management Services
Provides all the benefits of a security event
management product suite without the
expensive upfront capital investments and
on-going overhead.
Managed E-mail and Web
Security Services
Is designed to provide a variety of solutions
to enhance clients’ existing security posture,
help prevent viruses, and spam, and control
unwanted content in e-mail.
IBM Proventia® Network Multi-Function Security
Business Challenges
• Protect your business from internet threats without
jeopardizing bandwidth or availability
• Secure your end users from spam, incompliant activity
and other productivity drainers
• Conserve your resources by eliminating the need for
special security expertise
The Proventia Solution
• Complete protection against all types of Internet threats,
with firewall, intrusion prevention, and Virus Prevention
System
• Spam effectiveness ~95%, define Web browsing
policies, filter database of +63 Million URLs in 62
categories
• “Set and forget” security, automatically updated to
protect against the next threat and tailored to needs of
your small business or remote offices
IBM Proventia® Server
Business Challenges
• Managing disperse security agents
• Demonstrating risk and compliance
• Protecting critical data, intellectual property and access to
vulnerable servers
• Maintaining server uptime along while providing strong
host intrusion prevention technologies
• Tracking file access and changes among business critical
servers
The Proventia Solution
• Reduces security costs, protects server environments and
reduces downtime
• Enforces corporate security policy for servers
• Provides out-of-the-box protection with advanced
intrusion prevention and blocking
• Utilizes multiple layers of defense to provide preemptive
protection
• Support operating system migration paths
• Protects at-risk systems before vendor-supplied patches
are available
Mainline’s Security Group Line Card
Meeting the customer security needs…..
Infrastructure
Security
Email/
Content
Security
Identity &
Access Mgt.
Data Leakage
Protection
Web &
Application
Security
Professional
Services
Managed
Services
IBM ISS
IronPort
IBM Tivoli
PGP
IBM Rational
IBM ISS
IBM ISS
Check Point
PineApp
Novell
SafeNet
Breach Security
IBM Rational
MessageLabs
Juniper
MessageLabs
Juniper
Linoma Software
Ounce Labs
G2, Inc.
EIQ
Cisco
Websense
Hitachi ID Sys.
IntellinX
ISS
SecureState
Trend Micro
IBM ISS
.
Bsafe
AIS
F5
Sophos
Applicure
Clear Skies
Security
Sophos
Symantec
Fidelis
Wolcott Group
eIQnetworks
Verdasys
Symantec
Mainline Penetration Testing SPECIAL
The X-Force team Drives IBM ISS Security Innovation
Research
Technology
X-Force Protection Engines
Original Vulnerability
Research
Public Vulnerability
Analysis
Malware Analysis
Threat Landscape
Forecasting
Protection Technology
Research
Extensions to existing engines
New protection engine creation
X-Force XPU’s
Security Content Update
Development
Security Content Update QA
X-Force Intelligence
X-Force Database
Feed Monitoring and Collection
Intelligence Sharing
Solutions
Microsoft Bulletin MS08-067
IBM ISS 2 years Ahead of the Threat
Zero-day worm Gimmiv.a.
8 August 2006
IBM ISS releases Virtual Patch
for Microsoft Windows Server
Service buffer overflow
(MSRPC_Srvsvc_Bo)
vulnerability.
http://iss.net/threats/306.h
tml
23 October 2008
Microsoft publicly
announces
vulnerability and
MS patch in
Bulletin MS08-067.
http://www.microso
ft.com/technet/sec
urity/Bulletin/MS0
8-067.mspx
New exploits/worms.
http://blog.threatexp
ert.com/2008/10/gimmi
va-exploits-zero-dayvulnerability.html
http://milw0rm.com/ex
ploits/6824
The IBM ISS Virtual Patch protects customers until they can download and install security updates from their software vendor.
44
Vulnerability Management Services
Industry Leading ISS Internet Scanner
Perimeter Vulnerability Assessment
Schedule and Launch Scans via the Web
Simulates a Hacker’s External Attack
Full Support for Internal Scanning
Step by Step Remediation Instructions
Archived Scan Results Available Online
Mainline Solutions for Total PCI Compliance
Addressing each of the PCI Data Security Standards
•IBM ISS Products & Services
•Tivoli Security Compliance Manager
•IBM Proventia Network Anomaly Detection System
(ADS)
•IBM Rational AppScan
• Breach Security Web Application Firewall
•IBM Server Intrusion Prevention Sys. (IPS)
•IBM Proventia Network IPS
• Check Point Network Firewall
• Breach Security Web Application Firewall
•Tivoli Console Insight Manager
•IBM Tivoli Access Manager
•IBM Proventia Network Multi-Function Security
(MFS)
•IBM Tivoli Compliance Insight Manager
•IBM Tivoli Security Operations Manager
•IBM Proventia Server IPS
SECURE AND PROTECT
CARDHOLDER DATA
•Mainline Digital Video Surveillance
•IBM Proventia Server IPS
•IBM System z Encryption Solutions
•IBM Tivoli Storage Manager
•PGP Encryption Solutions
• Pointsec Encryption Solutions
•IBM System z network encryption
•DataPower XML Security Gateway
•Proventia Network Intrusion Prevention System
• PGP Universal Gateway Email
•IBM Tivoli Identity Manager
•IBM Tivoli Federated Identity Manager
•IBM Tivoli Access Manager
•IBM Tivoli zSecure Admin
•IBM Tivoli Compliance Insight Manager
•IBM Tivoli CCMBD
•IBM Rational AppScan
• Breach Security Web Applic Firewall
•IBM Proventia Desktop Endpoint Security
•IBM Proventia Network Enterprise Scanner
• IBM Tivoli Security Compliance Manager
How to contact Mainline?
• Cathy Samanen – Account Executive
[email protected]
248-224-7202