SlideShare une entreprise Scribd logo

Securing your presence at the perimeter

Ben Rothke
Ben Rothke

Presentation: Securing your presence at the perimeter. Given by: Ben Rothke

Technologie
1  sur  21
Télécharger pour lire hors ligne
Securing your presence at the perimeter Ben Rothke, CISSP CISA BT Global Services Senior Security Consultant
About me…. • Ben Rothke (too many certifications) • Senior Security Consultant – British Telecom • Frequent writer and speaker • Author - Computer Security: 20 Things Every Employee Should Know BT Americas Inc. 2
The perimeter is not necessarily dead • Firewalls and border routers are still the cornerstone for perimeter security • Always will be a place for VPNs • Attacks occur at the application layer – So ensure app security BT Professional Services 3
But the perimeter it is getting blurred… • VPNs • complicated network connections with multiple partners – contractors, consultants – 3rd party collaboration – vendors • wireless networks • laptops • malicious insiders – worms (compromised computers can be seen as malicious insiders) BT Professional Services 4
Ok, the perimeter is dead, the cloud proves it BT Professional Services 5
Perimeter challenges • Determining proper firewall design • access to resources for remote users • effective monitoring and reporting • need for enhanced packet inspection • security standards compliance • long-term maintenance • ensuring attackers don’t find that single vulnerability • data leakage BT Professional Services 6
Was your perimeter designed in 30 minutes? BT Professional Services 7
Key points • Perimeter security is popular – cheap, convenient, somewhat effective – firewalls and IDS most common tools for network security • Firewalls and IDS fighting an uphill battle – both attackers and legitimate users struggle to avoid/evade them • Security management is a key challenge BT Professional Services 8
Securing network perimeters • Goal is to provide adequate access without jeopardizing confidential or mission-critical areas • Elements: – firewalls, IDS, bastion host, Network Address Translation (NAT), proxy servers – combined with authentication mechanisms • Bastion host – provides Web, FTP, e-mail, or other services running on a specially secured server BT Professional Services 9
But the firewall is not a panacea • Malicious traffic that is passed on open ports and not inspected by the firewall • any traffic that passes through an encrypted tunnel or session • attacks after a network has been penetrated • traffic that appears legitimate • users and administrators who intentionally or accidentally install viruses • administrators who use weak passwords BT Professional Services 10
Policy is required to secure a perimeter • Firewall policies typically lists of allow or deny rules • what should the default rule be? • Default allow: – convenient since doesn’t interfere with legitimate activity • Default deny: – more secure, since every allowed use undergoes security review – if policy too restrictive, people complain and it gets fixed – if policy too permissive, only learn about it too late after an attack BT Professional Services 11
Other policy issues • Scale – Large organizations have thousands of rules – How do you process them efficiently? – How do you know they are correct? • Ingress vs. egress filtering – Ingress: filter packets from the Internet – Egress: filter traffic to the Internet (why?) BT Professional Services 12
Operational weaknessess • Technology – firewall rules not adequately maintained – system configurations and access not being monitored – passwords • Standards – unpatched software/firmware – no criteria for hiring outside auditors and IT pros – no consistent security assessments – production data being used for dev/QA apps BT Professional Services 13
Start thinking about DLP • Small data leaks lead to major damage – a minor water leak… – becomes major structural damage BT Professional Services 14
There is a lot DLP can do • Detect sensitive content in any combination of network traffic, data at rest or endpoint operations • Detect sensitive content using – sophisticated content-aware detection techniques, including partial/exact document matching, structured data fingerprinting, statistical analysis, extended regular expression matching, conceptual and lexicon analysis, and more • Support detection of sensitive data content in structured and unstructured data, using registered or described data definitions • Block email communication policy violations BT Professional Services 15
Do you have authority over your data? • DLP enables you to finally control your data: – Identify: know where your data resides – Monitor: what is happening, who did it, when – Warning: user alerted when moving sensitive data – Prevention: unauthorized actions are thwarted – Control: only approved devices can be used – Reporting: compliance reports (SoX, PCI, HIPAA / HITECH, GLBA, Euro-SoX, and more) BT Professional Services 16
Testing • Publicly-accessible systems – IP-hosts – all web apps – web services • Web interfaces: – routers – firewalls – email • Wireless BT Professional Services 17
Ask lots of questions and fill up whiteboards 1. What are we doing beyond vulnerability scans to find security flaws? 2. Are we looking at all of our critical perimeter systems? 3. When are we going to get to everything else? 4. What are the results of our latest external security assessment? 5. What’s being done to resolve these issues? 6. Even if nothing is turned up, when’s our next round of testing scheduled for? 7. Have we started thinking about the data? 8. Should we consider DLP? BT Professional Services 18
Use tools • There are myriad tools, use them judiciously – QualysGuard – WebInspect – Acunetix WVS – CommView for WiFi – Web browsers – Google – other exploit tools – Make sure your staff reads Security Strategy: From Requirements to Reality – http://amzn.to/fT2yG6 BT Professional Services 19
Creating and maintaining a strong perimeter • Good design • updated design • built and designed by engineers – with management oversight • risk-based • business needs understood • maintained – competent staff – maintained at an adequate level BT Professional Services 20
Contact info… • Ben Rothke, CISSP CISA • Senior Security Consultant • BT Professional Services • www.linkedin.com/in/benrothke • www.twitter.com/benrothke • www.slideshare.net/benrothke BT Professional Services 21

Recommandé

2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
Ben Rothke
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
NCC Group
 
Practical SME Security on a Shoestring
Practical SME Security on a ShoestringPractical SME Security on a Shoestring
Practical SME Security on a Shoestring
NCC Group
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
Select idps
Select idpsSelect idps
Select idps
Info-Tech Research Group
 

Recommandé

2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
Ben Rothke
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
NCC Group
 
Practical SME Security on a Shoestring
Practical SME Security on a ShoestringPractical SME Security on a Shoestring
Practical SME Security on a Shoestring
NCC Group
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
Select idps
Select idpsSelect idps
Select idps
Info-Tech Research Group
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL
Rick Kingsley
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Chapter 5 Presentation
Chapter 5 PresentationChapter 5 Presentation
Chapter 5 Presentation
Amy McMullin
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Computer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFIComputer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFI
EC-Council
 
HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014
Siddharth Phadnis
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department
3VR Inc.
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
Designing a Base Building Network – The Integrator's Role
Designing a Base Building Network – The Integrator's RoleDesigning a Base Building Network – The Integrator's Role
Designing a Base Building Network – The Integrator's Role
NJ_OTI
 
Benefits of IT Outsourcing
Benefits of IT OutsourcingBenefits of IT Outsourcing
Benefits of IT Outsourcing
MultiTech IT
 
An Introduction to South Seas Corporation
An Introduction to South Seas CorporationAn Introduction to South Seas Corporation
An Introduction to South Seas Corporation
Ed Mohr
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
Charles Cline
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
Solarwinds N-able
 
Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...
David Chambers
 
S_IOT_Intro.pptx
S_IOT_Intro.pptxS_IOT_Intro.pptx
S_IOT_Intro.pptx
rutika12345
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Amazon Web Services
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010
Ben Rothke
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
Ben Rothke
 

Contenu connexe

Tendances

2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL
Rick Kingsley
 
HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014
Siddharth Phadnis
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department
3VR Inc.
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
An Introduction to South Seas Corporation
An Introduction to South Seas CorporationAn Introduction to South Seas Corporation
An Introduction to South Seas Corporation
Ed Mohr
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
Solarwinds N-able
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Amazon Web Services
 

Tendances (20)

2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Chapter 5 Presentation
Chapter 5 PresentationChapter 5 Presentation
Chapter 5 Presentation
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Computer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFIComputer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFI
 
HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014HighBeam-Research-Article-DEC-02-2014
HighBeam-Research-Article-DEC-02-2014
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Designing a Base Building Network – The Integrator's Role
Designing a Base Building Network – The Integrator's RoleDesigning a Base Building Network – The Integrator's Role
Designing a Base Building Network – The Integrator's Role
 
Benefits of IT Outsourcing
Benefits of IT OutsourcingBenefits of IT Outsourcing
Benefits of IT Outsourcing
 
An Introduction to South Seas Corporation
An Introduction to South Seas CorporationAn Introduction to South Seas Corporation
An Introduction to South Seas Corporation
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
 
Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...
 
S_IOT_Intro.pptx
S_IOT_Intro.pptxS_IOT_Intro.pptx
S_IOT_Intro.pptx
 
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with TelosNext-Generation Cybersecurity for the Globally Connected Enterprise with Telos
Next-Generation Cybersecurity for the Globally Connected Enterprise with Telos
 

En vedette

En vedette (17)

Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 

Similaire à Securing your presence at the perimeter

IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001
eaiti
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 

Similaire à Securing your presence at the perimeter (20)

BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee Presentation
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Career Domain 2022-23.pptx
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptx
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
 
MMPL corporate overview mail
MMPL corporate overview mailMMPL corporate overview mail
MMPL corporate overview mail
 

Plus de Ben Rothke

Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
 

Plus de Ben Rothke (11)

Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
 
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci DssVirtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci Dss
 
Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010
 
Rothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureRothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security Posture
 
In Sync Network Time Ben Rothke
In Sync Network Time Ben RothkeIn Sync Network Time Ben Rothke
In Sync Network Time Ben Rothke
 
Rothke Securing Your Wireless Access Network
Rothke Securing Your Wireless Access NetworkRothke Securing Your Wireless Access Network
Rothke Securing Your Wireless Access Network
 
Rothke Articles
Rothke ArticlesRothke Articles
Rothke Articles
 

Dernier

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Securing your presence at the perimeter

  • 1. Securing your presence at the perimeter Ben Rothke, CISSP CISA BT Global Services Senior Security Consultant
  • 2. About me…. • Ben Rothke (too many certifications) • Senior Security Consultant – British Telecom • Frequent writer and speaker • Author - Computer Security: 20 Things Every Employee Should Know BT Americas Inc. 2
  • 3. The perimeter is not necessarily dead • Firewalls and border routers are still the cornerstone for perimeter security • Always will be a place for VPNs • Attacks occur at the application layer – So ensure app security BT Professional Services 3
  • 4. But the perimeter it is getting blurred… • VPNs • complicated network connections with multiple partners – contractors, consultants – 3rd party collaboration – vendors • wireless networks • laptops • malicious insiders – worms (compromised computers can be seen as malicious insiders) BT Professional Services 4
  • 5. Ok, the perimeter is dead, the cloud proves it BT Professional Services 5
  • 6. Perimeter challenges • Determining proper firewall design • access to resources for remote users • effective monitoring and reporting • need for enhanced packet inspection • security standards compliance • long-term maintenance • ensuring attackers don’t find that single vulnerability • data leakage BT Professional Services 6
  • 7. Was your perimeter designed in 30 minutes? BT Professional Services 7
  • 8. Key points • Perimeter security is popular – cheap, convenient, somewhat effective – firewalls and IDS most common tools for network security • Firewalls and IDS fighting an uphill battle – both attackers and legitimate users struggle to avoid/evade them • Security management is a key challenge BT Professional Services 8
  • 9. Securing network perimeters • Goal is to provide adequate access without jeopardizing confidential or mission-critical areas • Elements: – firewalls, IDS, bastion host, Network Address Translation (NAT), proxy servers – combined with authentication mechanisms • Bastion host – provides Web, FTP, e-mail, or other services running on a specially secured server BT Professional Services 9
  • 10. But the firewall is not a panacea • Malicious traffic that is passed on open ports and not inspected by the firewall • any traffic that passes through an encrypted tunnel or session • attacks after a network has been penetrated • traffic that appears legitimate • users and administrators who intentionally or accidentally install viruses • administrators who use weak passwords BT Professional Services 10
  • 11. Policy is required to secure a perimeter • Firewall policies typically lists of allow or deny rules • what should the default rule be? • Default allow: – convenient since doesn’t interfere with legitimate activity • Default deny: – more secure, since every allowed use undergoes security review – if policy too restrictive, people complain and it gets fixed – if policy too permissive, only learn about it too late after an attack BT Professional Services 11
  • 12. Other policy issues • Scale – Large organizations have thousands of rules – How do you process them efficiently? – How do you know they are correct? • Ingress vs. egress filtering – Ingress: filter packets from the Internet – Egress: filter traffic to the Internet (why?) BT Professional Services 12
  • 13. Operational weaknessess • Technology – firewall rules not adequately maintained – system configurations and access not being monitored – passwords • Standards – unpatched software/firmware – no criteria for hiring outside auditors and IT pros – no consistent security assessments – production data being used for dev/QA apps BT Professional Services 13
  • 14. Start thinking about DLP • Small data leaks lead to major damage – a minor water leak… – becomes major structural damage BT Professional Services 14
  • 15. There is a lot DLP can do • Detect sensitive content in any combination of network traffic, data at rest or endpoint operations • Detect sensitive content using – sophisticated content-aware detection techniques, including partial/exact document matching, structured data fingerprinting, statistical analysis, extended regular expression matching, conceptual and lexicon analysis, and more • Support detection of sensitive data content in structured and unstructured data, using registered or described data definitions • Block email communication policy violations BT Professional Services 15
  • 16. Do you have authority over your data? • DLP enables you to finally control your data: – Identify: know where your data resides – Monitor: what is happening, who did it, when – Warning: user alerted when moving sensitive data – Prevention: unauthorized actions are thwarted – Control: only approved devices can be used – Reporting: compliance reports (SoX, PCI, HIPAA / HITECH, GLBA, Euro-SoX, and more) BT Professional Services 16
  • 17. Testing • Publicly-accessible systems – IP-hosts – all web apps – web services • Web interfaces: – routers – firewalls – email • Wireless BT Professional Services 17
  • 18. Ask lots of questions and fill up whiteboards 1. What are we doing beyond vulnerability scans to find security flaws? 2. Are we looking at all of our critical perimeter systems? 3. When are we going to get to everything else? 4. What are the results of our latest external security assessment? 5. What’s being done to resolve these issues? 6. Even if nothing is turned up, when’s our next round of testing scheduled for? 7. Have we started thinking about the data? 8. Should we consider DLP? BT Professional Services 18
  • 19. Use tools • There are myriad tools, use them judiciously – QualysGuard – WebInspect – Acunetix WVS – CommView for WiFi – Web browsers – Google – other exploit tools – Make sure your staff reads Security Strategy: From Requirements to Reality – http://amzn.to/fT2yG6 BT Professional Services 19
  • 20. Creating and maintaining a strong perimeter • Good design • updated design • built and designed by engineers – with management oversight • risk-based • business needs understood • maintained – competent staff – maintained at an adequate level BT Professional Services 20
  • 21. Contact info… • Ben Rothke, CISSP CISA • Senior Security Consultant • BT Professional Services • www.linkedin.com/in/benrothke • www.twitter.com/benrothke • www.slideshare.net/benrothke BT Professional Services 21