Information Security In the Corporate World

About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005 Currently hold a CISSP, CEH and GPEN certifications Joined Lockheed Martin in October 2005 as an Computer System Security Analyst Supported multiple services/products such as Proxies, Firewalls, IDS/IPS, Full Disk Encryption, Log Monitoring but spent most of my career doing Vulnerability identification and management In addition to support those tools I have also acted as a Security Engineer helping to integrate security into programs and environments

Presentation Overview Understand the goal of an Information Security professional Get a baseline understanding of the phases attackers typically use Identify high level security concepts to try and reduce and eliminate attack vectors in your environment

Goals Overall our goal as an Information Security Professional is to: 1.Ensure the business is still functional 2.Eliminate risk where ever possible 3.When you cannot eliminate, mitigate it to an acceptable level 4.Document and accept known risks that cannot be eliminated

Understanding Attacks Reconnaissance Scanning and Enumerating Gain Access

Understanding Attacks Maintain Access Covering Tracks Loot and Profit

Defense in Depth Model

Unsecure System

System Hardening Patching (OS, App, DB) –Ensure all patches get applied quickly and efficiently –Setup standard outage windows for patches and other maintained –Be proactive, run vulnerability scans Anti-virus –Automate updates –Scheduled scans –Setup on access scanning

System Hardening (cont) Separation of duty –Distribute services to multiple devices –Isolate systems to different environments Simplify your systems –Disable unnecessary services –Remove unused components

System Hardening (cont) Least Privilege –Only grant accounts the privileges required to fulfill their roles. –Limit remote root or admin access Log Monitoring –Centralize and correlate your logs –Review logs daily or at least have alerts setup for specific events

System Hardening (cont) Firewalls –Place in-between trusted and untrusted environments –Configure to only allow required network traffic –Block by default (don’t send resets) IDS/IPS –Place in-between trusted and untrusted environments –Used hosted based solutions as well on high risk targets –Spend the time to configure properly, eliminate the white noise

System Hardening (cont) Proxy –Block non-business related and personal sites –Coach users when dealing with higher risk areas, like social networking sites. Full Disk Encryption –Can be coupled with auto wipe technology –Prevents data exfiltration through theft

User Hardening User awareness and training –Train users to identify social engineering and phishing attacks –Propagate cyber security awareness –Test users understanding Policies and Procedures –Document processes for standard activities –Setup guidelines for security requirements

Secure Setup

Remember You will never be 100% secure. Your job is to make compromising your systems so hard that the attacker will either look for easier prey or be forced to run exploits that are so noisy that they are detected before any harm is done.

More information Read up Intelligence-Driven Computer Network Defense and Cyber Kill Chain®: do/information-technology/cyber-security/cyber- kill-chain.html do/information-technology/cyber-security/cyber- kill-chain.html

Questions? Contact Information: