SlideShare une entreprise Scribd logo

Securing your presence at the perimeter

Ben Rothke
Ben Rothke

Firewalls and border routers are still the cornerstone for perimeter security Always will be a place for VPNs Attacks occur at the application layer So ensure app security

Technologie
1  sur  21
Télécharger pour lire hors ligne
Securing your presence at the perimeter Ben Rothke, CISSP CISA BT Global Services Senior Security Consultant
About me…. • • • • Ben Rothke (too many certifications) Senior Security Consultant – British Telecom Frequent writer and speaker Author - Computer Security: 20 Things Every Employee Should Know BT Americas Inc. 2
The perimeter is not necessarily dead • Firewalls and border routers are still the cornerstone for perimeter security • Always will be a place for VPNs • Attacks occur at the application layer – So ensure app security BT Professional Services 3
But the perimeter it is getting blurred… • VPNs • complicated network connections with multiple partners – contractors, consultants – 3rd party collaboration – vendors • wireless networks • laptops • malicious insiders – worms (compromised computers can be seen as malicious insiders) BT Professional Services 4
Ok, the perimeter is dead, the cloud proves it BT Professional Services 5
Perimeter challenges • • • • • • • • Determining proper firewall design access to resources for remote users effective monitoring and reporting need for enhanced packet inspection security standards compliance long-term maintenance ensuring attackers don’t find that single vulnerability data leakage BT Professional Services 6
Was your perimeter designed in 30 minutes? BT Professional Services 7
Key points • Perimeter security is popular – cheap, convenient, somewhat effective – firewalls and IDS most common tools for network security • Firewalls and IDS fighting an uphill battle – both attackers and legitimate users struggle to avoid/evade them • Security management is a key challenge BT Professional Services 8
Securing network perimeters • Goal is to provide adequate access without jeopardizing confidential or mission-critical areas • Elements: – firewalls, IDS, bastion host, Network Address Translation (NAT), proxy servers – combined with authentication mechanisms • Bastion host – provides Web, FTP, e-mail, or other services running on a specially secured server BT Professional Services 9
But the firewall is not a panacea • Malicious traffic that is passed on open ports and not inspected by the firewall • any traffic that passes through an encrypted tunnel or session • attacks after a network has been penetrated • traffic that appears legitimate • users and administrators who intentionally or accidentally install viruses • administrators who use weak passwords BT Professional Services 10
Policy is required to secure a perimeter • Firewall policies typically lists of allow or deny rules • what should the default rule be? • Default allow: – convenient since doesn’t interfere with legitimate activity • Default deny: – more secure, since every allowed use undergoes security review – if policy too restrictive, people complain and it gets fixed – if policy too permissive, only learn about it too late after an attack BT Professional Services 11
Other policy issues • Scale – Large organizations have thousands of rules – How do you process them efficiently? – How do you know they are correct? • Ingress vs. egress filtering – Ingress: filter packets from the Internet – Egress: filter traffic to the Internet (why?) BT Professional Services 12
Operational weaknessess • Technology – firewall rules not adequately maintained – system configurations and access not being monitored – passwords • Standards – – – – unpatched software/firmware no criteria for hiring outside auditors and IT pros no consistent security assessments production data being used for dev/QA apps BT Professional Services 13
Start thinking about DLP • Small data leaks lead to major damage – a minor water leak… – becomes major structural damage BT Professional Services 14
There is a lot DLP can do • Detect sensitive content in any combination of network traffic, data at rest or endpoint operations • Detect sensitive content using – sophisticated content-aware detection techniques, including partial/exact document matching, structured data fingerprinting, statistical analysis, extended regular expression matching, conceptual and lexicon analysis, and more • Support detection of sensitive data content in structured and unstructured data, using registered or described data definitions • Block email communication policy violations BT Professional Services 15
Do you have authority over your data? • DLP enables you to finally control your data: – – – – – – Identify: know where your data resides Monitor: what is happening, who did it, when Warning: user alerted when moving sensitive data Prevention: unauthorized actions are thwarted Control: only approved devices can be used Reporting: compliance reports (SoX, PCI, HIPAA / HITECH, GLBA, Euro-SoX, and more) BT Professional Services 16
Testing • Publicly-accessible systems – IP-hosts – all web apps – web services • Web interfaces: – routers – firewalls – email • Wireless BT Professional Services 17
Ask lots of questions and fill up whiteboards 1. What are we doing beyond vulnerability scans to find security flaws? 2. Are we looking at all of our critical perimeter systems? 3. When are we going to get to everything else? 4. What are the results of our latest external security assessment? 5. What’s being done to resolve these issues? 6. Even if nothing is turned up, when’s our next round of testing scheduled for? 7. Have we started thinking about the data? 8. Should we consider DLP? BT Professional Services 18
Use tools • There are myriad tools, use them judiciously – – – – – – – QualysGuard WebInspect Acunetix WVS CommView for WiFi Web browsers Google other exploit tools – Make sure your staff reads Security Strategy: From Requirements to Reality – http://amzn.to/fT2yG6 BT Professional Services 19
Creating and maintaining a strong perimeter • Good design • updated design • built and designed by engineers – with management oversight • risk-based • business needs understood • maintained – competent staff – maintained at an adequate level BT Professional Services 20
Contact info… • www.linkedin.com/in/benrothke • www.twitter.com/benrothke • www.slideshare.net/benrothke BT Professional Services 21

Recommandé

Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Ben Rothke
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
Ben Rothke
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
PECB
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 

Recommandé

Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Ben Rothke
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
Ben Rothke
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
PECB
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
PECB
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
Joel Aleburu
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
Thomas Christopher Ty
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
PECB
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
MDS CS
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
Priyanka Aash
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
Matt Tortora
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
FRSecure
 

Contenu connexe

Tendances

A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
PECB
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 

Tendances (20)

A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 
Soc
SocSoc
Soc
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 

En vedette

1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Par-Tec S.p.A.
 
Oss. Informaton Security & Privacy
Oss. Informaton Security & PrivacyOss. Informaton Security & Privacy
Oss. Informaton Security & Privacy
Alessandro Piva
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
tschraider
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
Cheng Olayvar
 
Iso27001 Approach
Iso27001 ApproachIso27001 Approach
Iso27001 Approach
tschraider
 

En vedette (20)

1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
Oss. Informaton Security & Privacy
Oss. Informaton Security & PrivacyOss. Informaton Security & Privacy
Oss. Informaton Security & Privacy
 
Cyber risk e assicurazioni
Cyber risk e assicurazioniCyber risk e assicurazioni
Cyber risk e assicurazioni
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk Managment
 
Metodology Risk Assessment ISMS
Metodology Risk Assessment ISMSMetodology Risk Assessment ISMS
Metodology Risk Assessment ISMS
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
 
Iso27001 Approach
Iso27001 ApproachIso27001 Approach
Iso27001 Approach
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3
 

Similaire à Securing your presence at the perimeter

Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
Precisely
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
chris odle
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit Trails
Lancope, Inc.
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
TruShield Security Solutions
 
Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?
BalaBit
 

Similaire à Securing your presence at the perimeter (20)

Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee Presentation
 
BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit Trails
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 

Plus de Ben Rothke

Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
Ben Rothke
 

Plus de Ben Rothke (20)

Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss ComplianceBen Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
 
Virtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci DssVirtualization, Cloud Computing And The Pci Dss
Virtualization, Cloud Computing And The Pci Dss
 
Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010Ben Rothke RSA PK 2010
Ben Rothke RSA PK 2010
 
Rothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureRothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security Posture
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Securing your presence at the perimeter

  • 1. Securing your presence at the perimeter Ben Rothke, CISSP CISA BT Global Services Senior Security Consultant
  • 2. About me…. • • • • Ben Rothke (too many certifications) Senior Security Consultant – British Telecom Frequent writer and speaker Author - Computer Security: 20 Things Every Employee Should Know BT Americas Inc. 2
  • 3. The perimeter is not necessarily dead • Firewalls and border routers are still the cornerstone for perimeter security • Always will be a place for VPNs • Attacks occur at the application layer – So ensure app security BT Professional Services 3
  • 4. But the perimeter it is getting blurred… • VPNs • complicated network connections with multiple partners – contractors, consultants – 3rd party collaboration – vendors • wireless networks • laptops • malicious insiders – worms (compromised computers can be seen as malicious insiders) BT Professional Services 4
  • 5. Ok, the perimeter is dead, the cloud proves it BT Professional Services 5
  • 6. Perimeter challenges • • • • • • • • Determining proper firewall design access to resources for remote users effective monitoring and reporting need for enhanced packet inspection security standards compliance long-term maintenance ensuring attackers don’t find that single vulnerability data leakage BT Professional Services 6
  • 7. Was your perimeter designed in 30 minutes? BT Professional Services 7
  • 8. Key points • Perimeter security is popular – cheap, convenient, somewhat effective – firewalls and IDS most common tools for network security • Firewalls and IDS fighting an uphill battle – both attackers and legitimate users struggle to avoid/evade them • Security management is a key challenge BT Professional Services 8
  • 9. Securing network perimeters • Goal is to provide adequate access without jeopardizing confidential or mission-critical areas • Elements: – firewalls, IDS, bastion host, Network Address Translation (NAT), proxy servers – combined with authentication mechanisms • Bastion host – provides Web, FTP, e-mail, or other services running on a specially secured server BT Professional Services 9
  • 10. But the firewall is not a panacea • Malicious traffic that is passed on open ports and not inspected by the firewall • any traffic that passes through an encrypted tunnel or session • attacks after a network has been penetrated • traffic that appears legitimate • users and administrators who intentionally or accidentally install viruses • administrators who use weak passwords BT Professional Services 10
  • 11. Policy is required to secure a perimeter • Firewall policies typically lists of allow or deny rules • what should the default rule be? • Default allow: – convenient since doesn’t interfere with legitimate activity • Default deny: – more secure, since every allowed use undergoes security review – if policy too restrictive, people complain and it gets fixed – if policy too permissive, only learn about it too late after an attack BT Professional Services 11
  • 12. Other policy issues • Scale – Large organizations have thousands of rules – How do you process them efficiently? – How do you know they are correct? • Ingress vs. egress filtering – Ingress: filter packets from the Internet – Egress: filter traffic to the Internet (why?) BT Professional Services 12
  • 13. Operational weaknessess • Technology – firewall rules not adequately maintained – system configurations and access not being monitored – passwords • Standards – – – – unpatched software/firmware no criteria for hiring outside auditors and IT pros no consistent security assessments production data being used for dev/QA apps BT Professional Services 13
  • 14. Start thinking about DLP • Small data leaks lead to major damage – a minor water leak… – becomes major structural damage BT Professional Services 14
  • 15. There is a lot DLP can do • Detect sensitive content in any combination of network traffic, data at rest or endpoint operations • Detect sensitive content using – sophisticated content-aware detection techniques, including partial/exact document matching, structured data fingerprinting, statistical analysis, extended regular expression matching, conceptual and lexicon analysis, and more • Support detection of sensitive data content in structured and unstructured data, using registered or described data definitions • Block email communication policy violations BT Professional Services 15
  • 16. Do you have authority over your data? • DLP enables you to finally control your data: – – – – – – Identify: know where your data resides Monitor: what is happening, who did it, when Warning: user alerted when moving sensitive data Prevention: unauthorized actions are thwarted Control: only approved devices can be used Reporting: compliance reports (SoX, PCI, HIPAA / HITECH, GLBA, Euro-SoX, and more) BT Professional Services 16
  • 17. Testing • Publicly-accessible systems – IP-hosts – all web apps – web services • Web interfaces: – routers – firewalls – email • Wireless BT Professional Services 17
  • 18. Ask lots of questions and fill up whiteboards 1. What are we doing beyond vulnerability scans to find security flaws? 2. Are we looking at all of our critical perimeter systems? 3. When are we going to get to everything else? 4. What are the results of our latest external security assessment? 5. What’s being done to resolve these issues? 6. Even if nothing is turned up, when’s our next round of testing scheduled for? 7. Have we started thinking about the data? 8. Should we consider DLP? BT Professional Services 18
  • 19. Use tools • There are myriad tools, use them judiciously – – – – – – – QualysGuard WebInspect Acunetix WVS CommView for WiFi Web browsers Google other exploit tools – Make sure your staff reads Security Strategy: From Requirements to Reality – http://amzn.to/fT2yG6 BT Professional Services 19
  • 20. Creating and maintaining a strong perimeter • Good design • updated design • built and designed by engineers – with management oversight • risk-based • business needs understood • maintained – competent staff – maintained at an adequate level BT Professional Services 20
  • 21. Contact info… • www.linkedin.com/in/benrothke • www.twitter.com/benrothke • www.slideshare.net/benrothke BT Professional Services 21