Dalibor Ratković TeleGroup god. Sigurnost IT resursa nove generacije

Slide 2 Agenda Današnja situacija na polju IT sigurnosti Mehanizmi zaštite Praktična riješenja Pitanja i odgovori Demonstracija i pilot projekti kod korisnika

Slide 3 Rizici kojima ste izloženi Prekid poslovnih aktivnosti Gubitak produktivnosti Krađa informacija Odgovornost za nastalu situaciju Narušena reputacija i gubitak povjerenja kod korisnika

Slide 4 Upravljanje procesom sigurnosti 99% organizacija je prijavilo incident iako su imali antivirusnu zaštitu i firewall sisteme Potrebno je izvršiti zaštitu od svih mogućih prijetnji

Slide 5 Kreatori čuvenih virusa Profil: –Muškarci –Između 14 i 34 godine –Bez djevojke –BEZ KOMERCIJALNOG INTERESA !!!!

Slide 6 Današnja realnost According to investigators, in 2003, a student of Balakov Institute of Engineering, Technology and Management, Ivan Maksakov, 22, developed a few knowbots and set up a network of hackers. The bots initiated DoS- attacks on the web-sites of bookmakers, which were accepting stakes in the Internet.

Slide 7 Organizovane kriminalne grupe

Slide 8 Phishing Andrew Schwarmkoff Connection to the russian Mafia Phishing of Creditcard-Numbers „The Phisher-King“

Slide 9 Koliko je velika malware industrija? The FBI claims financial loss from spyware and other computer-related crimes have cost U.S. businesses $62 Billion in ,150 unique phishing variations counted in August 2006 by the Anti- Phishing Working Group Costs of goods and services in cybercrime forums: $1000 – $5000: Trojan program, which could steal online account information $ 500: Credit Card Number with PIN $80-$300: Change of billing data, including account number, billing adress, Social Security number, home adress and birth date $150: Driver‘s licence $150: Birth certificate $100: Social Security Card $7 - $25: Credit card number with security code and expiration date. $7: Paypal account log-on and password

Slide 10 Threat Evolution to Crimeware 2001 Complexity Crimeware Spyware Spam Mass Mailers Intelligent Botnets Web Based Malware Attacks Multi-Vector Multi- Component Web Polymorphic Rapid Variants Single Instance Single Target Regional Attacks Silent, Hidden Hard to Clean Botnet Enabled Vulnerabilities Worm/ Outbreaks

Slide 11 More Dangerous & Easier To Use Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Disabling Audits Back Doors Sweepers Sniffers Stealth Diagnostics High Low 2000 DDOS Internet Worms Technical Knowledge Required

Slide 12 Sadašnja Situacija 22,000 new malware samples per day, a network worm breakout and the sandbox- enabled antivirus Nearly 30,000 Malicious Web Sites Appear Each Day

Slide 13 Međunarodni standardi Financial Services Regulations  Basel II – Global  Gramm-Leach-Bliley Act (GLBA) – US  Payment Card Industry (PCI) Security Standard – Global Industrijski standardi  BS ISO/IEC Compliance - Global  CobiT - Global  Data Protection Act (DPA) - UK

Slide 14 Metodologija zaštite u IP mrežama

Slide 15 Zaštita na klijentu/hostu na više nivoa 1025 ??

Slide 16 Zaštita na Internet gateway na više nivoa

Slide 17 Dva nivoa zaštite two-tier

Slide 18 RIješenja 1 Firewall IPS/IDS sitemi Content Monitoring/Filtering Antivirus na hostovima, mail box i na nivou GW Antispam zaštita Endpoint security WAF SSL VPN

Slide 19 RIješenja 2 Data Leakage Prevention Encryption/PKI/Digital Certificates Identity & Access Management (NAC) Patch Management Penetration Testing/Risk & Vulnerability Assessment Log and Event Management Platform Database Security IT Forensics

Slide 20 Partneri Telegroupa

Slide 21 Partneri

Slide 22 Content Monitoring/Filtering Kontrola Internet pristupa kao značajnog elementa u poslovanju Privatno korištenje Interneta narušava poslovne aplikacije –30-40% saobraćaja ne koristi se u poslovne svrhe –P2P programi, Instat Messanger, Skype, Kaaza... 30% od ukupnog broja zaposlenih šalju povjerljive informacije slučajno ili namjerno

Slide 23 Web Threats are Increasing The Malware Landscape is slowly shifting to Web- based attacks (HTTP) and a collaboration of existing technologies is needed to combat the new wave of malware threats Worms No fundamental change, slow growth WebThreats High Volume and Growing

Slide 24 Blue Coat - kompletno rešenje Public Internet Internal Network Port 80 traffic Reporter Visual Policy Manager Management Tools Director Authenticate IM ProxySG Streaming P2P ProxyAV Web AV Filtering

Slide 25 IPS/IDS riješenja

Slide 26 IPS/IDS riješenja

Slide 27 IPS/IDS riješenja

Slide 28 EndPoint Security Know your environment  Vulnerability assessment and network discovery Manage Known Risk  Through effective patch management Manage Unknown Threats  Through white list based application control Prevent data leakage  White list based peripheral device management  Secure data in transit Secure mobile devices  Disk encryption with boot protection  Protection for mobile devices

Slide 29 Lumension Device Control  Enables only authorized removable (peripheral) devices to connect to network, laptop, thin client, laptop and desktop  Reduces risk of data theft, data leakage and malware introduction via unauthorized removable media  Assures and proves compliance with the landslide of regulations governing privacy and accountability

Slide 30 Blue Coat Visibility PacketShaper –Install onto network (inline or out) –AutoDiscover & measure Classify –Find all applications on network –See hard to find - P2P, Skype, YouTube, iTunes, Flash TV –Break down Enterprise applications SAP, Citrix, Microsoft Measure –Utilization –Response times –120+ stats

Slide 31 Top 10 and Response Times Top 10 : Where Budget is Spent –How much bandwidth is recreational –P2P, YouTube, FlashTV, iTunes, etc –What % goes to mission critical Response Times –Total Delay: per transaction, per app –Network Delay: time on network –Server Delay: Time spent by server SAP Response Times Spiking Cause: Spike in connection hitting server. Most connections ignored Total Delay SAP Order Entry: 1220 ms Network Delay: 340 ms Server Delay: 880 ms

Slide 32 PacketShaper Visibility –All Applications –Real Time Voice MOS Granular QOS –Per App, User, Call –Intelligent MPLS –Real Time Optimization Compression –Diskless –2x-4x Capacity Gain 32

Slide 33 Reference Telekom Srpske Uprava za Indirektno oprezivanje, MUP RS Klinički Centar Univerzitet Apeiron, Slobomir Univerzitet, Statistički zavod RS, HET Vlada Brčko distrikta VolksBanka, Komercijalna Banka Nova Banka Balkan Investment Banka Pavlović Banka Bobar Banka

Slide 34 Implementirano rješenje

Slide 35 Implementirano rješenje br. 2

Slide 36 Implementirano rješenje br. 2

Pitanja i odgovori! TeleGroup Marije Bursać Banja Luka, Republika Srpska, BiH