AT&T Heartbleed Response (OpenSSL Brief) Adam Jones - CISM, CGEIT, CISSP, 6 σ GB ITO Global Infrastructure Operations July 24, 2014 © 2014 AT&T Intellectual.

Slides:

Advertisements

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

Advertisements

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

Incident Response Managing Security at Microsoft Published: April 2004.

The CA MDB Revised May © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced.

Program Management Portal: Overview for the Client

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.

Deploying GMP Applications Scott Fry, Director of Professional Services.

VIRTUALIZATION PRODUCT FOCUS 8/18/14 – 8/29/14 INTRODUCTION Our Product Focus for the next two weeks is Virtualization. More than 90% of mid- and large.

MTS Delivery Development © 2009 IBM Corporation EMEA GLOBAL Total Microcode Support (GTMS)

PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

High-Level Assessment Month Year

Spiceworks Overview Enterprise Business Group Jul-2015.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Managed Host Security – Patch Management   BigFix Deployment April-September 2004 Jay Stamps, ITSS Turing Auditorium, May 21, 2004.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Website Hardening HUIT IT Security | Sep

© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, :00pm EST, 11:00am PST George Spafford, President Spafford.

Windows Vista: Volume Activation 2.0

SOE and Application Delivery Gwenael Moreau, Abbotsleigh.

Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Mobile Application Ecosystem.

Training on ManageEngine Desktop Central

Futurestate IT Confidential APPLICATION COMPATIBILITY AND CURRENCY MANAGEMENT™ John Doe Partner Company.

Microsoft Dynamics AX 2009 Integration and Development with the.NET Framework Closing.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.

IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.

Conditions and Terms of Use

ACME ACME Solutions Inc. You Focus on Your Business & We Focus on Your IT.

NovaTech You Focus on Your Business & We Focus on Your IT Managed Services.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Service Transition & Planning Service Validation & Testing

Integrating NAV 2013R2 and Office 365 Office 365 Single Sign-on NAV as an app NAV online document store.

The Microsoft Technical Roadshow 2007 Rich Client Development in XAML Mark Johnston Developer & Platform Group Microsoft Ltd

ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Paul Butterworth Management Technology Architect

The 2007 Microsoft Office System Andrew Lowson Solution Specialist – Portals & Collaboration Microsoft Australia

Microsoft Management Seminar Series SMS 2003 Change Management.

6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.

Microsoft Dynamics AX Name Title Microsoft Corporation Financial Management.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

DST 2007 ██ Areas that observe daylight saving time ██ Areas that once observed daylight saving time ██ Areas that have never observed daylight saving.

Jennifer Terry-Tharp – Director, AT&T Talent Attraction Leveraging Technology to showcase Diversity © 2015 AT&T Intellectual Property. All rights reserved.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

© 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Georgia Infrastructure Transformation.

Service Pack 2 System Center Configuration Manager 2007.

INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

Welcome.  Henrietta TurnerManager, License Administration Colorado Parks & Wildlife (CPW) IPAWS Project Sponsor  Ken ThomSenior IT Project Manager Governor’s.

Office 365 is cloud-based productivity, hosted by Microsoft.

HP BSA Essentials Community Overview

INDULGENCE There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Lessons Learned: Implementing a Vulnerability Management Program

Overview – SOE PatchTT November 2015.

Overview – SOE PatchTT December 2013.

Configuration Management with Azure Automation DSC

Overview of Social Computing in Microsoft SharePoint 2010

Microsoft Dynamics Customer Driven Update (CDU)

+Vonus: An Intuitive, Cloud-Based Point-of-Sale Solution That’s Powered by Microsoft Office 365 with Tools to Increase Sales Using Social Media OFFICE.

SAM GDPR Assessment <Insert partner logo here>

Shifting from “Incident” to “Continuous” Response

Technical Capabilities

5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.

Microsoft Data Insights Summit

Desktop App Assure Service Microsoft Representative Name June 7, 2019

Presentation transcript:

AT&T Heartbleed Response (OpenSSL Brief) Adam Jones - CISM, CGEIT, CISSP, 6 σ GB ITO Global Infrastructure Operations July 24, 2014 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change.

© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 2 OpenSSL Zero Day Vulnerability 4/7 - Cert Issued for OpenSSL 4/7 - Cloudfare.com challenges internet to hack their keys. Two participants reported success. 4/7 - Evidence of active attempts to exploit the vulnerability surfaced shortly after this event. 4/8 - CNET: "We were able to scrape a Yahoo username & password via the Heartbleed bug," tweeted Ronald Prins of security firm Fox-IT, showing a censored example. Added developer Scott Galloway, "Ok, ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail...TRIVIAL!" tweeted Ronald PrinsFox-ITcensored exampleScott Galloway 4/21 - CNBC: “Obamacare enrollees urged to change passwords over Heartbleed bug” Video Placeholder

© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 3 Story Line StartupEmergingSustainingResponse Close Desktops - very low exposure Network Elements - low exposure UNIX/Linux hardware and application processes had the majority of exposure while modest given the overall enterprise. This is the high level recap of AT&T’s OpenSSL Heartbleed critical response. Risk Review - Zero day alert issued. Evaluating exposure Release management processes begin testing and staging of available patches. SWAT mode Processes confirm some exposure. Scanning processes increased. Reporting enhancements. Communication plans commence. Scans identify hardware issue. Status change to standard operations. Communication plans continue. Social media in heavy usage internally. Update for hardware issue deployed. Final issues resolved. Patching wraps up. Steps to update certificates and passwords continue. Ongoing processes continue for any new hosts coming online.

4 Lessons Learned & Best Practices © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

5 Operational Recommendations - Lessons Learned Inventory Assets, Valid Owners, Hosted Application (Installed Applications), Application Contacts and Management (Business Unit association) Hostname, FQDN, IP Address, OS, OS Version, Patch Levels, Patch Date. Communication Plans Delivery - Application Contacts, Operations contacts (SA, DBA, Supervising Managers) Executives - SA, DBA Executives, Application Executives. Social Media - Strongly encourages for larger enterprise environments. Reporting Recommended - focus on open database relationships, common primary and secondary keys, databases of applications and each application having current accurate relations to core inventory. Online reports should be intuitive and actionable. Export functionality with pivot table structures is recommended for increased productivity. Release Management Critical - This is imperative for availability and rapid remediation. Mature processes for testing and certifying release packages prior to distribution is pivotal to success. Best practice a core functional set of teams, favorable is strong processes with cross functional teams. Layered Security Cyber defense as it is well documented is based on layered security controls. Rapid remediation and or containment is dependent on multiple controls working in harmony (IDS, IPS, Scans, Patch Management, Reporting, etc.). Slide 4

© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 6 Reporting Logical View Server Tracking (Unique Servers) Response Tracking Summary Views Detailed Scheduling Application Level Tracking Response Submissions Detailed views for compliance, scheduling Evidence (Patched vs Non Patched) App Risk - Direct and SharedCompliance and Risk Views ServersAppsResults Operations Systems Level Data OS views per platform, what is compliant vs planned vs documented. Client response interfaces for organizing what clients have sent in and which apps have not sent responses. Real time audit trail. Clients App Towers (Hosted Applications) Automated Communications - App Teams. Data driven reports for GM Communications. App Instance Tracking. Interfaces for reconciling response for questions, scheduling requests and jeopardy submissions.

© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 7 Communications Best Practice 1. Audience - Inventory dynamically feeds automation that sends this message to the correct audience once triggered. Target users are application contacts using impacted servers. 2. Media Types - Use multiple media forms in one communication (i.e. , slide deck, video overviews). 3. Reference Material - Have mature reference areas available (wiki, social media site, any online reporting sites, video references). 4. Required Action - Must include clear, actionable steps. No communication will be 100% successful but the steps have to be very meaningful. * Recommendations are based on standard processes for internal operations.

8 Feedback, Questions © 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

9 Questions and Feedback Audience - Our team would like your input and questions. Scanning How is your company scanning full ip address ranges for all ports internal and external? Inventory IP Address reconciliation - How is your company managing unknown IP Addresses that do not map to a known owner? Reporting How is your company discovering non Microsoft platforms? How standard is your environment? Application Availability How does your company maintain availability of your enterprise applications while expediting emergency changes into the environment? Change control? Standard change windows? Testing? Certificates - How did you handle these changes? Social Media Is your company using social media to collaborate on security remediation efforts? References: ISACA Incident Management and Response Center/Research/ResearchDeliverables/Pages/Incident- Management-and-Response.aspx Center/Research/ResearchDeliverables/Pages/Incident- Management-and-Response.aspx ISACA Security Incident Management Audit/Assurance Program Center/Research/ResearchDeliverables/Pages/Security- Incident-Management-Audit-Assurance-Program.aspx Center/Research/ResearchDeliverables/Pages/Security- Incident-Management-Audit-Assurance-Program.aspx AT&T ThreatTraq Spotlight video.cfm/2014/4/9/AT&T-ThreatTraq-Spotlight- Heartbleed video.cfm/2014/4/9/AT&T-ThreatTraq-Spotlight- Heartbleed

© 2014 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. 10 Thank You Adam Jones - CISM, CGEIT, CISSP, 6 σ GB Sr. Technical Team Lead AT&T Global Infrastructure Operations Office: LinkedIn: Rebecca Finnin - CIPP, CISSP, CISA, CPA Director AT&T Chief Security Office