Document Sample
Encryption Powered By Docstoc
					   Guarding the

      Protecting your
organization’s data assets
   from viruses, worms,
    hackers, and spies
What Is The Treasure?

In a word, DATA
• Customer/Patient/Partner Information
• Financial Data
• Proprietary Company Information
• Legal Documents
Where Is The Treasure?

• In Transit
• In Storage
• Outside the Organization
• Inside the Organization
Why Protect The Treasure?

• Value of the Data
• Reputation of the Company
• Gov’t Regulations
What Are We Protecting the
Treasure From?
Given That…,

• We require connectivity to do business.
• Attacks can come from anywhere
• Attacks can take many forms
• There is no “magic bullet” technology that
  will completely secure your data

How Can We Protect the Treasure?
Strategic Defense in Depth (proposed)
Layer 1: The Security Policy
The Security Policy Identifies the
     –   Scope – What you need to protect and
         level of Security needed (which drives
         the technology decisions)
     –   Threats, and prioritizes them
     –   Key Personnel and their responsibilities
         and actions (What needs to be done
         and by Whom)
     –   User’s Rights and Responsibilities
And the Security Policy must constantly evolve
to meet the ever-changing threat environment
Layer 2: Personnel
• Awareness
  – “Harden” personnel against social engineering attacks
  – Identify and eliminate poor practices

• Training
  – Reduce accidental disruptions
  – Reinforce sound security practices
Layer 3: Technologies
• Firewalls
• Intrusion Detection/Prevention
• Anti-Virus
• Cryptography
• Password Authentication
• Vulnerability Assessment
• Physical Security
 Tactical Defense in Depth

The required layers to secure your
organizations data assets are …

         … dictated by your organization’s needs,
         architecture and resources.
Zone Defense
• Perimeter
  – Firewalls, Gateway AV
• Network/Server
  – Cryptography, Intrusion Detection, File and Mail Server
    AV, Hardening
• Desktop
  – Desktop AV, Desktop Firewall and IDS, User Training
• Remote Users
  – Desktop AV, Personal Firewall and IDS, VPN
• E-Commerce
  – Cryptography, AV Scanning
Cryptography and E-Commerce
Benefits of Cryptography
Data Security / Privacy
  – Data is unreadable except by intended recipient

  – Establishes the proof of identity of an entity or sender of data

Data Integrity / Non-Repudiation
  – Data has not changed from its original form and you can
    prove it!
Symmetric Cryptography
(AKA Conventional or Shared Secret Cryptography)

                                       A           Encrypt with key A
     One key is required:
                                                   Decrypt with key A
Asymmetric Cryptography
(Also known as Public Key Cryptography)

 Two different, yet mathematically related, keys are required:
  PUB    Encrypt and verify signatures with public-key
          PRIV   Decrypt and sign with private-key

  Together the keys create a key pair (public key + private key)
Hybrid Encryption
Hybrid Decryption
Digital Signatures
Encryption Technologies
Anti-Virus and E-Commerce
How Viruses Spread in the Past

                               File    Desktop


                     Email             Desktop

         Desktop                       Desktop
How Viruses Spread Today

                                       File    Desktop


                             Email             Desktop

           Mobile Computer
How Viruses will Spread Tomorrow




            Mobile Computer
Threats are more complex and security
lines are becoming blurred

                     Desktop Firewall

     Anti Virus             IDS
                  Vulnerability Assessment
Attacks on the Global Business Network
Are Getting Worse
• Faster moving

• More damaging

• More pervasive

• Technology is evolving quickly
Fact #1: Viruses are Moving Faster

 Fact: The time required for malicious
 code to spread to a point where it can
   do serious infrastructure damage
       halves every 18 months.
  Viruses Spread More Quickly Than Ever
          Machines infected per hour at peak of
                         Code Red   Nimda   Goner

Source: McAfee AVERT 2001-2002
Fact #2: The Cost of Damage is Escalating

   • $13 billion in virus damage in

        – Four times greater than 2000

   • Nimda alone cost over
     $635 million … so far

   • $1.3 trillion in damages by end of

Source: Computer Economics, PriceWaterhouseCoopers
   Virus Damage and Sophistication
   Increases Over Time

Damage                                                                   ?? Gen
                                                       5th Gen          Wireless &
                                                   Blended threats      Common
                                                       •Exploit        Applications
                                         4th Gen    vulnerabilities     •Blended
                                          Mass         • Create           threats
                2nd Gen     3rd Gen      Mailers      backdoors       •More damage
                spreads     Macro        Melissa    •Spread many         • Faster
     1stGen    The world     virus      Love Bug         ways             spread
      Boot      notices     Infects                   Code Red
     Sector     Michael-   data files              Nimda,Funlove
    floppies    angelo     Concept
     Stoned     Early                                   2001
    1986        ’90s         1995        1999

                Sophistication & Speed of Infection
Fact #3: Platform Coverage Expanding

         Fact: When a platform
            or an application
      gains widespread popularity,
           it will be attacked.
Fact #4: Technical Complexity is Advancing

   • “Seek the Weak” very aggressively
   • Propagate using new or combined vehicles
   • Binary attacks
   • Exploit vulnerabilities
   • Create vulnerabilities
   • “Robot” Hacker
   The Threat Is Increasing
 # of Security Vulnerabilities Reported

          The Rise Of Malware
             YEAR                NEW KNOWN                               KNOWN
                              VULNERABILITIES ALL                        VIRUSES
                              OPERATING SYSTEMS
                1998                 262                                   40,000
                1999                 417                                   48,000
                2000                1,090                                  55,000
Source: NIPC 2001
                2001                2,437                                  59,000
Lessons Learned

• Organizations need more comprehensive
  coverage on all points of entry
• Must apply security patches in a timely manner
• Need perimeter scanning
Multi-tiered Defense
 Perimeter Defence Requirements
• Anti-Spam
   – Blocks mails from MAPS RBL
       Mail Abuse Prevention System Real time Black hole list
       Org-g????
• Attachment filtering
   – Allows you to control loading on e500 and network
• Content filtering
   – Block virus related attachment types (.VB?, .JS, .EXE,…)
   – Block non-corporate mails by title, message text, attachment name or text
   – Instant 1st Line of defence for known virus threat (In & out)
Example: CodeRed
• Virus only exists in memory
   – Must detect in the HTTP stream (at the perimeter Infects W2K & XP
     servers through TCP/IP Port 80)
• Using ISS exploit MS01-033 Uncheck Buffer in Index Server
   – Gives ability to “run code of attackers choice”
  A variant
   – Defaces web pages
   – Contained a DDOS payload
  C variant
   – Drops backdoor trojan to utilise (MS00-052) to run Explorer.exe
   – Modifies registry to disable local file system security
       Gives Web access to drives C & D
Perimeter Defense
• Nearly 80% of all viruses are spread via email
• Viruses cause network problems and
  bandwidth congestion
• Your solution should
  – Scan before they pass the perimeter
  – Include comprehensive detection and cleaning
  – Provide automated updates
  – Offer hardware and software solution alternatives
Multi-tiered Defense
Mail and File Server
• Email protection is extremely important to
  overall AV compliance and effectiveness
• Viruses bring down your email servers
• Your solution should
  – Detect and clean infections at the server level
  – Include outbreak management
  – Include remote manageability
  – Provide logging, reporting, alerting
Multi-tiered Defense
 The Insider threat

In 2001, 1-in-3 security violations were instigated
  internally by legitimate but untrustworthy users.
Changing Environment:
Gateway Jumping


                            Corporate Net

  Laptop @Home
Desktop and Remote Users
Remote user profile is changing
• The new challenge
  – More and more data is by-passing the corporate firewall
  – 21 million US in 2001, 35 million in 2005
  – Always-on = always vulnerable
  – Most vocal and high profile users
  – Hacker can ride in on the VPN connection
  – How to stop attacks contracted outside the network (Web visit, etc.)
  – Interoperability w/ Cisco, Checkpoint, Nortel VPN clients
    (about 85% of market)
  – Threats require defensive measures
Desktop Firewall: Adding Defensive Depth

                                                        2) Desktop Firewall’s
                                                        distributed Firewall
 1) Desktop                                             Provides the second
 Firewall’s                                             line of defense
 distributed IDS                                        • robust packet filtering
 Provides the first line of                             • application level policy
 defense to                                             • learning mode
 • block common hacker
 • stop Trojans, nukes,
 DOS attacks

                              Hacker blocked,
                              & optionally traced

                              Hacker attempts to port
                              scan and hack into a
                              computer protected by
                              Desktop Firewall
 Desktop Firewall
How does it stop malicious code and attacks?
       Only allow your specified traffic on the network
       Firewall prevents undefined applications from connecting
       IDS trends detect internal and external attacks
        (50-70% attacks are internal)
       Bi-directional IDS stops malicious code spreading to other PCs
       Stops
         Distributed denial of service zombies
         Code that infects and sends files, keystokes,
Multi-tiered Defense
 Viruses in the Palm
 of Your Hand

• Personal Digital Assistants [PDA’s]

• Portable threat to corporate networks

• Early PDA malware
  – Liberty [trojan]
  – Vapor [trojan]
  – Phage [virus]
Multi-tiered Defense
Manageability is Key to AV Protection

• Be able to quickly and effectively deal with threats
• Business cost of managing AV, often higher than
  software cost
• Most frequently updated/modified software on PCs
• To have an effective AV strategy, must be able to:
   – Control & modify Anti-Virus configuration, lock them down
   – Automated updates
   – Report on the virus outbreaks and levels of protection
Cost Effective Management
 • Will eliminate company downtime from virus
    – Update anti-virus policy to combat threats

 • Will match policy to company threat
    – Set strict policies for vulnerable data

 • Will eliminate end-user tampering
    – Enforce policies on all machines

 • Will protect entire enterprise without
   modifying infrastructure
    – Policy management over anything
How often do you check compliance of
your security policy?

                                                          Annually or
                  Weekly                                    Longer
                   13%                                       25%

  Don't Know                                                         9%

    Information Security Magazine (September 2000)
Central Management - Summary
• Monitor AV activity with Total Visibility
   – Track an outbreak to its source
   – Find vulnerabilities and adjust
• Maintain Updated AV Protection
   – Distribute weekly/emergency signatures, new engines, service
   – Low impact on bandwidth
• Control & Enforce Policies Centrally
   – Keep end users compliant with security policy
   – Customize policy to combat new threats
   – Manage over anything (NetWare, NT, Internet)
Where do you go from here...
Creating an Anti-Virus Strategy

• You can’t manage what you can’t measure
• Assess the potential risk to the business
   – How can a virus enter the organization?
   – Where can a virus be stored?
   – How can a virus be transferred?
   – What level of risk do you want to assume?

    Rule of Thumb: You can’t lock down
Identify the Risks and Threats
                                                 Stand Alone
                Proxy Servers

                 & Gateways

                                E-Mail Servers
                                                     File & Print

     Firewall                                     H

  L    M
                   Unix Boxes
Create an Anti-Virus Policy

• What, where and how AV is deployed
• Configuration settings
• Update requirements
• Scanning requirements
• Identify responsible parties
Anti-Virus Policy
• Identify how to deal with a virus outbreak
  – AV response team

• Document clean-up procedures
• Requirements for user training
• Dealing with non-compliance
• Address Policy Management
• Reporting Requirements
Constantly Evaluate Policies
   Business Needs

     Risks Change                             AV Policy

 Virus Technology
• Change forces Policy revision
• Re-evaluate your policies & procedures on a regular
  basis (Test them!)
Thank you!

Shared By: