HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Chapter 12 Network Security.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network security policy: best practices

SiteLock Internet Security: Big Threats for Small Business.

Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

Matin Barmare Technical Consultant Scalable Secure Applications Optimize Application Quality.

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Chapter 6 of the Executive Guide manual Technology.

Management Information Systems The Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 17.

Copyright Security-Assessment.com 2004 Vulnerability Management Explained By Peter Benson.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Appendix C: Designing an Operations Framework to Manage Security.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Module 6: Designing Security for Network Hosts

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

Small Business Security Keith Slagle April 24, 2007.

Module 11: Designing Security for Network Perimeters.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Scott Charney Cybercrime and Risk Management PwC.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

IS3220 Information Technology Infrastructure Security

1 Current Trends in Enterprise IT Network Security Key Takeaways Based on 100 Survey Responses © 2016 Lumeta Corporation.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Defining your requirements for a successful security (and compliance

Risk management.

Patch Management Patch Management Best Practices

Network Security Analysis Name : Waleed Al-Rumaih ID :

CompTIA Server+ Certification (Exam SK0-004)

IS4680 Security Auditing for Compliance

Skybox Cyber Security Best Practices

5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action

Agenda Introduction Analyzing a Vulnerability Types of Assessment Programs –Basic Vulnerability Assessment –Advanced Vulnerability Assessment –Application Vulnerability Assessment Understanding the Limitations of Technology Conclusion

Introduction Fear, Uncertainty, and Doubt –90% report security breach, up from 42% in 1996 –74% cite the Internet as a frequent source of attack, up from 59% –Reported Losses totaled over $455 million –Fraud and theft cost the most, 55 respondents reported losses of over $286 million –34% reported breaches to law enforcement, up from 16% in 1996 –21% didn’t know if their web server had been attacked From the 2002 CSI/FBI Survey

Introduction The Risk Management Equation: Risk = (Threat + Vulnerability) * Value

Introduction Understand your Threat Model –Insider Fraud –External Thieves, Spies, etc. –Customers –Ankle-Biters Design an Appropriate Security Policy –Identify Key Assets –Identify Risks and Threats –Build and Maintain Countermeasures –Continually Re-assess

Introduction Vulnerability Assessment Technologies –Network-Based Mostly Non-Credentialed Inferential v. “Live Fire” Generally Does Not Play Well with Others Sometimes Finds Things Host-based cannot –Host-based Depends on Administrative Access Often Requires Code on Box Generally More Accurate than Network-based Sometimes Finds Things Network-based cannot –Issues Scalability, Reliability, Manageability

Analyzing a Vulnerability Notifications –Monitor Open Sources Triage Function –Affected Platforms –Impact of Exploit –Map Vulnerability to Risk –Prioritize Determine Action –Apply Patch? –Shut down service? –Reconfigure? –Emergency or Regular Procedure?

Analyzing a Vulnerability Consider Organizational/Functional Issues –Who found the vulnerability? –Who needs to take the action? –Have business continuity issues been considered while analyzing the priority?

Basic Vulnerability Assessment Goal: Stop the Ankle-Biters Network Assessment of Internet-facing systems –Find and close the Big Holes Actions: –Strip out unnecessary services –Apply the important patches –Minimize user accounts –Tighten ACLs

Basic Vulnerability Assessment How To: –Consider Outsourcing –Run a network scanner daily or weekly –Keep the scanner up to date –Establish baseline configuration –Alert staff when there are exceptions

Advanced Vulnerability Assessment Goal: Stop External Attackers and Insider Fraud Mostly Host-based Assessment Actions: –Minimize user privileges –Maintain security standards on workstations and servers –Automate vulnerability discovery

Advanced Vulnerability Assessment How To: –Define security policies and standards –Scan regularly (at least monthly) for exceptions –Respond swiftly to exceptions on a tiered basis –Maintain a test lab for patches, verify them quickly –Keep the scanner up to date –Consider Outsourcing the scans –Distribute the information load

Application Vulnerability Assessment Goal: Stop Customers and Attackers Usually a consulting engagement Actions: –Design for Security in the Beginning –Code Review –Ethical Hacking, aka Adversary Testing

Application Vulnerability Assessment How To: –Consider Outsourcing –Involve security staff in earliest design phases –Use peer code review within development –Use outside experts for security code review –Engage reputable firm for adversary testing

Understanding the Limitations of Technology Firewalls –Must have holes to function Intrusion Detection –Limited to known signatures –May be subject to attack/evasion Anti-Virus –Limited to known signatures –Must be kept constantly updated Encryption –VPN/SSL only provide transmission security, not endpoint –Data storage encryption good, but key management is the bottleneck Vulnerability Assessment –Limited to known signatures –Balance reliability v. impact on targets

Conclusion Understand the Threat Model Constantly Search for Vulnerabilities Combine Threat and Vulnerability to Manage Risk Use Technology, but Know the Limits

Q&A Questions?