Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair 972-740-7347.

Slides:

Advertisements

Similar presentations

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

Advertisements

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Cloud computing security related works in ITU-T SG17

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

David A. Brown Chief Information Security Officer State of Ohio

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

1 Telstra in Confidence Managing Security for our Mobile Technology.

Security Controls – What Works

Increasing customer value through effective security risk management

Network Security Testing Techniques Presented By:- Sachin Vador.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

DDos Distributed Denial of Service Attacks by Mark Schuchter.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

SEC835 Database and Web application security Information Security Architecture.

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

1  Carnegie Mellon University Protecting Information Infrastructures Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh,

Honeypot and Intrusion Detection System

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Computer & Internet Security Sean Lanham, CISSP - ISO University of Texas at Arlington Information Security Office.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Larry Clinton Operations Officer Internet Security Alliance

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

IS Network and Telecommunications Risks Chapter Six.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair

Enterprise Cybersecurity Strategy

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon

Web Security Introduction to Ethical Hacking, Ethics, and Legality.

GSC9_011 Bill McCrum Executive Secretary TSACC Since GSC 8.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

CS457 Introduction to Information Security Systems

Critical Security Controls

INDULGENCE There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Security Standard: “reasonable security”

Firewall Configuration and Administration

Legal and Ethical Issues in Computer Security

Security in Networking

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM

How to Mitigate the Consequences What are the Countermeasures?

Intrusion Detection system

Presentation slide for courses, classes, lectures et al.

6. Application Software Security

Presentation transcript:

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair

Purpose of Today’s Brief Review of Charter and Architecture of FG1B Explanation of deliverables and work efforts Brief discussion of Prevention Best Practices deliverable for December, 2002 Review work plan and deliverables for March Guidance to NRIC on subsequent deliverables in March 2003 on recovery BPs and additional issues and items related to cybersecurity

Charter of FG1B Generate Best Practices for cybersecurity –Telecommunications sector –Internet services Deliverables –December 2002 – prevention –March 2003 – recovery New team, limited baseline material

Security is Very Complex Security is currently where networking was 15 years ago Many parts & pieces Complex parts Lack of expertise in the industry (60% vacancy with no qualified personnel) No common GUIs Lack of standards Attacks are growing Customers require security from providers

As Systems Get Complex, Attackers are Less Sophisticated… PASSWORD GUESSING SELF-REPLICATING CODE PASSWORD CRACKING EXPLOITING KNOWN VULNERABILITIES BURGLARIES HIJACKING SESSIONS NETWORK MANAGEMENT DIAGNOSIS GUI AUTOMATED PROBES/SCANS WWW ATTACKS DISTRIBUTED ATTACK TOOLS STAGED ATTACK SOPHISTICATION INTRUDER KNOWLEDGE LOW HIGH DISABLING AUDITS BACK DOORS SWEEPERS SNIFFERS PACKET SPOOFING DENIAL OF SERVICE “STEALTH”/ADVANCED SCANNING TECHNIQUES CROSS SITE SCRIPTING

Attack Growth – Security Business is Good and Growing (Unfortunately) ,85921,75652,65886,000 Source: CERT/CC

MILLIONS Software Is Too Complex Sources of Complexity: –Applications and operating systems –Data mixed with programs –New Internet services XML, SOAP, VoIP –Complex Web sites –Always-on connections –IP stacks in cell phones, PDAs, gaming consoles, refrigerators, thermostats WINDOWS 3.1 (1992)WINDOWS NT (1992)WINDOWS 95 (1995) WINDOWS NT 4.0 (1996) WINDOWS 98 (1998) WINDOWS 2000 (2000) WINDOWS XP (2001) 45

Security Must Make Business Sense to Be Adopted COST OF SECURITY COUNTERMEASURES COST OF SECURITY BREACHES OPTIMAL LEVEL OF SECURITY AT MINIMUM COST TOTAL COST COST ($) 0%SECURITY LEVEL100%

Composition and Organization Members include security officers, VPs, directors managers and subject matter experts (SMEs) Members also include various U.S. Government agencies such as US DoC, U.S. DoD, U.S. DoJ, FCC, Federal Reserve, etc. Group is divided into 8 working teams, each with a team leader volunteer to generate BPs for a given subject area

FG1B Teams Fundamentals & Architecture OAM&P (operations, administration, maintenance and provisioning) AAA (authentication, accounting, audit) Services Signaling Personnel Users Incidents

Delivery Plan for FG1B Cybersecurity Best Practices December 2002 – Preventative BPs –Excel document for Industry comment and improvement March 2003 – Recovery BPs –Excel document for Industry comment and improvement –New, improved version of prevention BPs Early 2003 – Final Report (date TBD) –Cover document with cybersecurity topics that clarify the offerings, issues that require research and additional work, strategic issues in cybersecurity, implementation guidance and related topics –Prevention and recovery BPs

Guidance on Cybersecurity Best Practices Current list of best practices (BPs) are constrained by what can be implemented Recommended BPs are considered implementable due to expert experience from the team Not all BPs are appropriate for all service providers or architectural implementations The BPs are not intended for mandatory regulatory efforts There will continue to exist security conditions that will require development of technologies and techniques that are not currently practical or available to solve the security issues they create. Focus group is working on recommendations for inclusion in final report. This is a moving target that will require continual refinement, additions and improvement

Driving Principles in Cyber Security Best Practices Capability Minimization –Allow only what is needed re: services, ports, addresses, users, etc. –Disallow everything else Partitioning and Isolation Defense in Depth –Aka “belt & suspenders” –Application, host and network defenses KISS –Complexity makes security harder General IT Hygiene –Backups, change control, privacy, architectures, processes, etc. Avoid Security by Obscurity –A proven BAD IDEA™

Prevention Best Practices Deliverable (December 2002) Composed of 103 best practices for preventing cybersecurity “events” Includes –BP number –Title –Best practice for prevention –If any: reference and dependencies on other BPs –Implementors

Example of Prevention Best Practice for Cybersecurity Number TitleNetwork Architecture Isolation/Partitioning Preventative Best Practice Compartmentalization of technical assets is a basic isolation principle of security where contamination or damage to one part of an overall asset chain does not disrupt or destroy other parts of an asset chain. Network Operators and Service Providers should give deliberate thought to and document an Architecture plan that partitions and isolates network communities and information, through the use of firewalls, DMZ or (virtual) private networks. In particular, where feasible, it is suggested the user traffic networks, network management infrastructure network, customer transaction system networks and enterprise communication/business operations networks be separated and partitioned from one another. Special care must to taken to assess OS, protocol and application vulnerabilities, and subsequently hardened and secure systems and applications, which are located in DMZ's or exposed to the open Internet. ReferenceISF SB52, Dependency ImplementorNO, SP

Next Steps Publish preventative cybersecurity best practices for Industry comment and improvement, following NRIC Council acceptance of December 2002 cybersecurity deliverables. Refinement of recovery BPs for March 2003 deliverable Creation of March 2003 cover document with: –General cybersecurity recommendations –Strategic cybersecurity issues –Technology issues that require resolution for future BPs Additional refinement and addition of BPs for prevention and recovery as reviews are completed by NRIC membership