Cross Security Group Presented by: Thomas Carrozza Senior Systems Engineer

Agenda Business Drivers Threat Overview Cross Service Offerings Wrap Up / Questions

Security Business Drivers Voice and Data are now applications running on 1 network; this is convergence. Your Network “Is it safe? Is it secure?”

Security Business Drivers Ultimately, what are we protecting? Information

Predators

Security Business Drivers Viruses/worms/hackers have caused more than $55 Billion in damages in the last 12 months Federal and State Laws/Regulations Pose Financial and Personal Risk –HIPAA (Health Care) –SOX (Financial Governance) –Gramm-Leach-Blilely- GLBA (Information Security) Human Error- Data Theft or Lost Data as a Result of Human Error –Dept of Veterans Affairs- Recently lost names, social security numbers, and dates of birth for up to 26.5 million Veterans VoIP Deployment has opened up additional holes into the data network Wireless Network Deployments have blurred the definition of “Perimeter”

Threats—Total Overload

Denial of Service DoS Attacks Up 50%

Day Zero Attacks Day Zero Attacks– Increasing in Speed, Sophistication and Level of Stealth

Policy and Human Error AFP Published Photo after Katrina- leading to immediate Credit Card Theft

Phishing Phishing Increased 39% in Last 6 Months

Extortion

Wireless and Mobility Wardriving –Laptop/GPS and software to discover open networks Warwalking –iPAQ/GPS and software Warchalking –Symbols indicates wireless settings to others Rogue Access Points

Security Threats Security Threats Toll Fraud Viruses/Worms Hackers Espionage Denial of Service (DOS) Man in the Middle Extortion PDA Theft Podslurping Bluetooth Access Wireless Bleed Over Rogue Modem Usage IP Packet Hi-Jacking

To help our customers address these security concerns, Cross has formed the Cross Security Group (CSG). Cross’ Core Offerings are: –Security Jumpstart –Converged Network Security Assessment –Network Security Consulting Cross Security Group (CSG)

Security Jumpstart is an assessment of the External Network that identifies and prioritizes vulnerabilities Customers receive: –Executive Report of Network Security –Top 10 Threats to the Network Report –Threat Matrix of Vulnerabilities –Web Intelligence Report –Full Technical Report –Current Network Map –Outbriefing of the State of Security on Your Network Performed Remotely- Price: $2,000. Onsite available upon request for added cost. Security Jumpstart

Converged Network Security Assessments (CNSA) CNSA is a holistic assessment focusing on both the voice and the data network, in order to expose any security associated with a converged network. The assessment covers: –External Security Assessment –Internal Security Assessment –Wireless Assessment –Bluetooth Assessment –Rogue Modem Assessment –IDS Assessment –SAN’s Assessment –VoIP Assessment –Penetration Testing

Cross Security Team Chief Security Officer—Joseph Seanor –10 years Central Intelligence Agency, CIC/CNC –Department of Justice Telecom Security Staff –Private Investigator for 14 years –7 years America Online’s Senior Investigator –Learning Tree Instructor on: IDS, Firewalls, Windows Security. –Author of 6 books on computer and crime –7 th book out “The Black Book on Corporate Security” -- Converged Network Security –Avaya Security Managing Consultant 3 years –CBS radio national correspondent –2 patents pending

Cross Security Team Security Analyst –Security Consultant Avaya –DISA Network Consultant –America Online Network Security engineer –Software programmer Developed software for DOD, to be reviewed by NSA Developed Kerberos software for AOL –NSA IAM certified Certified Security Engineers –CCIE- Security –CISSPs –CCSPs –Global Information Assurance Certifications (GIAC) –Government Clearance

Always Ask Your Network “Is it safe? Is it secure?”

Questions?