Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Your ERP Infrastructure

Published byClara Jennings Modified over 7 years ago

Similar presentations

Presentation on theme: "Securing Your ERP Infrastructure"— Presentation transcript:

1 Securing Your ERP Infrastructure

2 Bio Over his almost 20 year career in IT, Fred Limmer has provided consulting and services to clients, large and small, in every vertical. With over ten years of experience managing his own consulting firm, he has developed a breadth of business management knowledge and brings a forward-thinking methodology to IT. His primary focus is fully understanding the customer’s core business needs so that he can provide the right solution with the best value. Fred Limmer President & CEO

3 Objectives Educate Motivate Take Action!

4 Fun and Games When you see this, I’ll ask a question, if you have an answer, shout it out and closest guess wins a Starbucks gift card! BcY79i56= 2 hours AhorseisAhorse = 2,000,000,000 Years

5 Introduction

6 Throwback Thursday BcY79i56= 2 hours
AhorseisAhorse = 2,000,000,000 Years

7 AhorseisAhorse! BcY79i56 Today’s Game BcY79i56= 2 hours
AhorseisAhorse = 2,000,000,000 Years

8 World War III

9 World War III

10 World War III German Parliament Spear-phishing attack
French television hack Root9B – Targeting Financial Institutions DNC Hack Ukrainian Artillery Hack German, French, and American Elections

11 World War III Steal Money Disrupt Foreign Economies
Manipulate Foreign Governments Burden Foreign Businesses Disrupt Foreign Defense Systems

12 Let’s Look at the Numbers
91 Percentage of Companies that experienced a Ransomware Infection in 2015/16 1.3 Billions of Dollars Paid in Ransom 2015 in U.S. 58 93 Percentage of those Companies that had up-to-date Antivirus Configured and Deployed Properly Percentage of Ransomware detected by current Antivirus Solutions 75 100 1,000 Billions of Dollars that Ransomware is estimated to have cost US Businesses this year alone. Percentage of Businesses that operated a Business Continuity Appliance that were able to Restore Operations. Average Ransom Cost in Dollars for Single Server

13 Let’s Look at the Numbers

14 Main Causes of Infections?
Starbucks Question #1 What is the most common attack vector for malware infection?

15 Infection Spread

16 What was the Damage?

17 Who are the Targets?

18 We Have Anti-virus, so we’re protected, right?
Starbucks Question #2 What percentage of companies experienced a ransomware infection even though they had a fully implemented, up-to-date antivirus?

19 Potential Results from Security Breaches
Disruption to Regular Operations Loss of sensitive or proprietary information Financial Losses Incurred to Restore Affected Systems Downtime/Reduced Productivity Organizations or Individuals Legal Damages to Other Litigation Costs Potential Harm to an Organization’s Reputation Ransom Paid for Unrecoverable Systems Civil and/or Criminal Prosecution

20 Potential Results from Security Breaches
#1 Threat to Business from Malicious Activity (Malware, ransomware, hackers, etc.) DOWNTIME

21 The FBI Can Help, Right? “To be honest, we often advise people just to pay the ransom.” – Joseph Bonavolonta, Special Agent in Charge of FBI Cyber and Counterintelligence Program

22 What Uncle Sam Has to Say about it
Maintain up-to-date anti-virus software. Do not follow unsolicited Web links in s. Keep your operating system and software up-to-date with the latest patches. Restrict users’ ability to install and run unwanted software applications. Employ a data backup and recovery plan for all critical information. Use application whitelisting to help prevent malicious software and unapproved programs from running. Avoid enabling macros from attachments. Homeland Security Alert (TA16-091A)

23 Password and Account Policies
Securing Your Network Eliminate all default usernames and passwords Replace Complexity with Length Password and Account Policies Reset all other service accounts with complex passwords Convert all possible accounts to Managed Service accounts One service account per process BcY79i56= 2 hours AhorseisAhorse = 2,000,000,000 Years Disable Logon Rights for non-user accounts Routinely audit user accounts, use a Change Manager if possible No user is an admin

24 Updates, Updates, Updates!
Securing Your Network Starbucks Question #3 What percentage of malware infections are due to unpatched software? Updates, Updates, Updates! 85% of Malware Infections Occur Due to Unpatched Software

25 Anti-Virus, Anti-Malware, Anti-SPAM, Oh My!
Securing Your Network Layered Security Anti-Virus, Anti-Malware, Anti-SPAM, Oh My! Workstation Security Gateway Security Server Security Hosted Anti-SPAM Device Security Firewall, Switches, and Copiers?

26 Securing Your Network Resources only Available on Secure Connection
Periodic Network Security Audit Take Control of Mobile Manage your traffic in, AND out Firewalls, perimeter networks, DMZs Disable Macros and Autorun through Group Policy Don’t Cater to Your Users

27 Securing Windows Server
Reduce attack surface Use only reputable applications Use a “User” account whenever you can Local Security Policies Don’t just turn off the firewall Create a Server Admins Group, restrict login Deploy AppLocker to servers Audit Login Failures

28 Securing SQL Server Encrypt backups! Test backups frequently Follow the 321 Rule (3 copies, 2 media types, 1 off-site) Limit access to backup and log folders Use Windows Authentication when possible SA password should be very complex

29 Securing SQL Server Audit logins Turn off the browser service Disable any unused features Decrease privileges for service accounts Avoid granting SysAdmin too often Force https for SSRS communication

30 Securing Dynamics NAV Planning is key! Limit Supers Use the tools Utilize Advanced Authentication Systems Utilize multi-factor authentication

31 Monitoring Audit Logging Access Restrictions Use SSL Enable Change Log
Securing Dynamics NAV Monitoring Audit Logging Access Restrictions Use SSL Enable Change Log

32 The Human Firewall

33 The Human Firewall 1. Testing 2. Training 3. Goto 1

34 Take-Away Be safe outside of the office P@ssw0rds!
Backup, Backup, Backup Segment Services Multi-Factor Authentication Do that Maintenance! Training, Training, and More Training

35 10 Things You Can Do Today

36 Top 10 Security Tips 10 9 8 7 6 Create a very Secure Password for critical accounts Use Two-Factor Authentication whenever possible Change default passwords on devices Security Training for Users Install patches for Microsoft and 3rd party apps (Java, Adobe)

37 1 Call CINZA and schedule a Network Security Audit!
Top 10 Security Tips 5 4 3 2 Make sure you’re logging in as a user Use OneDrive for Business for file storage Backup and Verify Backups Configure mail system to block dangerous attachments 1 Call CINZA and schedule a Network Security Audit!

38 The Game

39 *adding a 1 will increase to 1,000,000,000,000 (trillion) years
The Game BcY79i56 AHorseisAHorse! 2 Hours 2,000,000,000 Years *adding a 1 will increase to 1,000,000,000,000 (trillion) years

40 Q&A Open Floor for Questions Fred.limmer@cinzacloud.com
If you would like to ask questions after the event is over, please me at: and I’ll be more happy to answer them for you!

41 ? Related Resources https://howsecureismypassword.net
us/trustcenter/default.aspx Follow Cinza on Twitter, Facebook, and LinkedIn for regular updates on staying secure online. Visit the Cinzacloud.com website for information on new and emerging security threats and other technology news and information. ?

Download ppt "Securing Your ERP Infrastructure"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
What is Spam? d 0-0.49 min.

What is Spam? d min.
Https://www.youtube.com/watch?v=1hpU_Neg1KA. INTRODUCTION & QUESTIONS.

INTRODUCTION & QUESTIONS.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Mr C Johnston ICT Teacher www.computechedu.co.uk BTEC IT Unit 09 - Lesson 11 Network Security.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
Unit 2 Personal Cyber Security and Social Engineering Part 2.

Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

Similar presentations

Ads by Google