Cyber Security Best Practices

Slides:



Advertisements
Similar presentations
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Advertisements

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
System and Network Security Practices COEN 351 E-Commerce Security.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
What is Next-Generation Disaster Recovery and Service Availability? Why do We Need it? Dan Smith Senior Manager, Solution Consulting and Engineering, GTSI.
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Summer,
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Chapter 2 Securing Network Server and User Workstations.
International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Cryptography and Network Security
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Kevin Watson and Ammar Ammar IT Asset Visibility.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Proactive Incident Response
Firmware threat Dhaval Chauhan MIS 534.
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Managing Secure Network Systems
Backdoor Attacks.
Securing the Network Perimeter with ISA 2004
Security in the Workplace: Information Assurance
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Network Management Checking Performance + Traffic & Configuration
Joe, Larry, Josh, Susan, Mary, & Ken
NERC CIP Implementation – Lessons Learned and Path Forward
Information Technology Unit State Treasury Agency Ministry of Finance Azerbaijan Republic Elnur Aliev Baku April 11, 2018.
Cloud Testing Shilpi Chugh.
CYB 110 Competitive Success/snaptutorial.com
CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.
CYB 110 Education Begins / tutorialrank.com. CYB 110 All Assignments For more course tutorials visit CYB 110 Week 1 Individual Protecting.
CYB 110 Teaching Effectively-- snaptutorial.com
Information Security Session October 24, 2005
Sizing …today. T: Here’s how. .
Cyber Defense Matrix Cyber Defense Matrix
IS4680 Security Auditing for Compliance
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Frameworks, Standards, Guidelines, and Best Practices
Cyber System-Centric Approach To Cyber Security and CIP
Cyber Security Workplace 1.0.1
Cyber Security Best Practices
Firewalls.
Drew Hunt Network Security Analyst Valley Medical Center
Security week 1 Introductions Class website Syllabus review
Cybersecurity Threat Assessment
Cybersecurity Framework For Energy Sector
Cyber Security in a Risk Management Framework
LO1 - Know about aspects of cyber security
IT Management Services Infrastructure Services
Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd
Presentation transcript:

Cyber Security Best Practices Eric Weston Senior Auditor Cyber Security WECC Reliability and Security Workshop San Diego CA – October 23-24, 2018 Western Electricity Coordinating Council

Western Electricity Coordinating Council Cyber Risks “One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats.” Stephane Nappo: GCISO Société Générale Western Electricity Coordinating Council

Western Electricity Coordinating Council Agenda Prevent What You Can Detect What You Can’t Prevent Be Prepared to Recover Western Electricity Coordinating Council

Putting Things in Perspective What are your risks and challenges What is important with different systems Confidentiality Integrity Availability Western Electricity Coordinating Council

Jess Smith, Nathan Kipp, Dennis Gammel, Tim Watkins: EEA Conference June 2016

Preventative Measures Tightening down perimeter protections Perform regular reviews of firewall configurations Remove/Disable outdated and unneeded rules and objects Be cautions with “maintenance” rules Review rules which generate few if any hits Ensure all rules have detailed descriptions Rules should be as specific as possible Commit to continual improvements Review access rules holistically Western Electricity Coordinating Council

Preventative Measures Reviewing Access Rules Holistically access-list esp_in extended permit tcp ems dmzwks2 eq ssh access-list esp_in extended permit ip host1 host2 range 0 512 access-list esp_in extended permit tcp ems subwks1 eq 2000 access-list esp_in extended permit ip host1 host2 range 513 25000 access-list esp_in extended permit udp 10.0.1.1 172.36.5.1 eq 2355 access-list esp_in extended permit ip host1 host2 range 25001 65535 access-list esp_in extended permit ip 10.0.1.1 172.36.5.1 eq dns access-list esp_in extended permit ip host1 host2 eq any Western Electricity Coordinating Council

Preventative Measures Utilize the tools you have Host based firewalls/iptables System hardening Windows Security Templates Vendor Specific Recommendations Don’t reinvent the wheel Other methods, tools, etc. Western Electricity Coordinating Council

Prevention/Detection Active Defense Passive Defense Firewalls Traditional Anti-Virus Systems Other measures Active Defense2 Threat and Environment Manipulation Threat Intelligence Consumption Network Security Monitoring Incident Response 2https://digital-forensics.sans.org/media/Poster_DFIR_Threat-Intel_2017.pdf Western Electricity Coordinating Council

Detecting Abnormalities Leveraging your environment The glass is half full Operational technology (OT) environments change infrequently Users and systems should only be performing specific tasks on OT networks Traffic should be relatively predictable Western Electricity Coordinating Council

Detecting Abnormalities Establishing normal Identifying Assets and Communications Paths Physical Inspection Router/Firewall configurations Network Traffic Analysis Identifying and Validating Network Traffic Firewall/Router Logs Western Electricity Coordinating Council

Detecting Abnormalities Becoming more situationally aware Are monitoring systems tailored to your environment? Western Electricity Coordinating Council

Be Prepared for the When Western Electricity Coordinating Council

Western Electricity Coordinating Council Recovery 2018 Atlanta SamSam Ransomware Attack One third of the cities 424 software programs affected Potential Cost of $9.5 Million Some data will never be recovered https://www.reuters.com/article/us-usa-cyber-atlanta-budget/atlanta-officials-reveal-worsening-effects-of-cyber-attack-idUSKCN1J231M?feedType=RSS&feedName=technologyNews Western Electricity Coordinating Council

Western Electricity Coordinating Council Recovery Regularly back up data and verify the integrity of those backups Secure backups Ensure backups are not connected to the computers and networks they are backing up https://www.ic3.gov/media/2016/160915.aspx Western Electricity Coordinating Council

Western Electricity Coordinating Council Recovery Practice, Practice, Practice During an event is not the first time a recovery processes should be performed Be creative during recovery exercises Ensure everyone knows their part and has the needed tools and knowledge Continually learn and improve processes Western Electricity Coordinating Council

Western Electricity Coordinating Council Cybersecurity is a shared responsibility, and it boils down to this: In Cybersecurity, the more systems we secure, the more secure we all are. Jeh Johnson: Secretary of Homeland Security Western Electricity Coordinating Council

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.