Technology to Protect Crown Jewels. Purpose This pack draws out extreme examples for protecting the Crown Jewels. The purpose of examining these extremes.

Slides:

Advertisements

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

Advertisements

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Triple-Layered Security. INHERITED SECURITY User/Group Management Single Sign On Object Level Security Row Level Security File Management ROAMBI SECURITY.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Mr C Johnston ICT Teacher

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

System and Network Security Practices COEN 351 E-Commerce Security.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

MITP 458 Application Layer Security By Techjocks.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

1 Enabling Secure Internet Access with ISA Server.

Security Guidelines and Management

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

SafeNet Protects Data at Rest

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Chapter 2 Securing Network Server and User Workstations.

Small Business Security Keith Slagle April 24, 2007.

Network Security & Accounting

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Onsite CRM Security

Documents. Process. Data. Payables

ArcGIS for Server Security: Advanced

Review of IT General Controls

Securing Network Servers

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Chapter 6 Application Hardening

Securing the Network Perimeter with ISA 2004

CompTIA Security+ Study Guide (SY0-401)

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Business Risks of Insecure Networks

CompTIA Security+ Study Guide (SY0-501)

ISMS Information Security Management System

Figure 1-7: Eavesdropping on a Dialog

Encryption in Office 365 Shobhit Sahay Technical Product Manager

12 STEPS TO A GDPR AWARE NETWORK

Implementing Client Security on Windows 2000 and Windows XP Level 150

Securing Windows 7 Lesson 10.

IS4680 Security Auditing for Compliance

PLANNING A SECURE BASELINE INSTALLATION

Designing IIS Security (IIS – Internet Information Service)

Global One Communications

Comodo Dome Data Protection

Presentation transcript:

Technology to Protect Crown Jewels

Purpose This pack draws out extreme examples for protecting the Crown Jewels. The purpose of examining these extremes is to spark meaningful discussion to settle on an appropriate risk vs. cost vs. usable solution. Note, the extremes are not necessarily mutually exclusive. Hybrid solutions are possible.

Options Considered OptionDescription / Use Case Extremely Over Engineered Example (EOE 2 ) Secured nTier architecture included controls at each architecture tier and between each tier. Secure Collaboration Environment (SCE)A highly secured and tightly access controlled environment for collaboration of unstructured information. Broad Brush ApproachConfiguration of Network and Client ILP to detect movement of Crown Jewels – not specific to any single system. Identify exactly where it exists in our environment and secure it in place

Extremely Over Engineered Example Client Device Web Server Application Server Database ServerFile Server Firewall / Reverse Proxy Firewall Application Firewall Client NAC (ensure integrity of client) – Symantec Enterprise Protection Client ILP (monitor movement of data) Data sensitivity tags applied to unstructured documents from most sensitive file shares or applications DRM Client (create, render and access secure data) 2 factor for the client (1 factor is biometrics) Encrypt data on the client and on removable media Enable ILP to prevent DVD write and require secure USB for tagged files. 2 factor authentication SSL to both client and application server HID/HIP SIEM monitors logs Hardened configuration with patching Reverse Proxy authentication NAC Require GSK device with ILP to access data/application Control permitted traffic and content of traffic between web server and app server Generate DRM controlled documents/reports HID/HIP SIEM monitors logs Hardened configuration with patching Oracle Data Vault (type technology) Encryption HID/HIP SIEM monitors logs Additional level of enhanced database monitoring 2 factor for administrative access Encrypted File System Privileged accounts cannot decrypt HID/HIP SIEM monitors logs 2 factor for administrative access Controls placed “in” and “between” each layer Segregation of duties for management of “in” and “between” layer controls Rigorous change control procedures for each item Security intrusion test performed on a regular basis for each item Everything but Client Device is in secure data center Internal Network ILP

Secure Collaboration Environment A “lock box” system – Access to the system is tightly controlled (e.g. BU IT Head approves access) – Strong authentication to access the environment – All content placed in the system is encrypted at rest on the server and DRM is applied when the content is imported – Access and all file movement is logged

Broad Brush Approach Configure the Network and Client ILP software with patterns to detect the Crown Jewels