Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.

Published byWilliam Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003."— Presentation transcript:

1 Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003

2 About the Speaker Steve Manzuik – Director, Security- Sensei.Com Founder / Moderator of Vulnwatch.Org Founder of Win2KSecAdvice mailing list Member of nmrc.Org Co-Author of Hack Proofing Your Network Participant – Open Web Application Security Project (OWASP.org) Participant – Open Source Vulnerability Database (OSVDB.org) www.nmrc.org

3 Outline Security today Failures in Security Succeed in Security

4 Security Today Vulnerabilities will always exist Typical organizations have made large investments in network and security infrastructure Incidents still occur at high rates Past investments do not support the business need Security warnings to upper management are seen as the new Y2K hype. It is time for organizations to stop buying the latest security toy and actually secure their networks.

5 You Have Been Lied To! All the Firewalls and Intrusion Detection devices in the world will not protect you. Most organizations do not have a firm grasp of their entire infrastructure. Aggressive Firewall configurations prohibit business and prohibit productivity. Network Intrusion Detection has limited value in most organizations. Security is not a magic black box or application. Security is NOT a black art.

6 Failures in Security Firewalls Intrusion Detection Wall of Shame

7 Expensive Logging Devices: Firewalls “But we have a firewall, we are completely protected…….” “We have invested in world class firewall technologies… …we are secure.” “Why would we want to block people from getting out?” “A hacker would have to break into our firewall in order to gain access….” “You mean you have to patch a firewall?”

8 Expensive & Confusing Logging Devices IDS “Well our IDS didn’t see anything wrong…” “There were just too many alerts so I turned it off….” “I didn’t understand what SHELLCODE x86 NOOP was so I ignored it….” “ISS told us that it wasn’t possible….” “What do you mean I can’t monitor this switch…” “No one watches the console on weekends and holidays…..”

9 Other Examples Wall of Shame “Passwords just made implementing the technology to difficult for our users…” “What exactly do you mean by audit process?” “We spent 2 million dollars on firewalls and other security solutions and 2 thousand dollars on testing those systems….” “We don’t exactly have a security department but Joe in the server group is a hacker so I am sure he is taking care of us….” “But our vendor hasn’t told us anything about….” “But that is a localhost issue…..”

10 What does this all mean? A proper security posture combines people, process and technology. Most organizations rely on technology leaving their security posture weak and vulnerable.

11 Success in Security “The greatest security infrastructures are the ones that satisfy the most business needs while allowing for uninhibited network communications between employees, business partners, vendors, and customers.”

12 Success in Security Do not let vendors use your fear, uncertainty and doubt against you. It is a lot of work but when approached in a logical and calm fashion Information Security can be improved. Never think you are completely secure.

13 Succeed in Security: Awareness All the security in the world can be trumped by the double click of an email attachment. If your users are not aware – they are your greatest threat. If your Administrators are not educated – they are unarmed and unable to be proactive.

14 Succeed in Security: Know Your Assets If you don’t know what you have or what it does – how do you plan on protecting it? If you don’t know your business how will you enable it? Data and system classification is essential. Large organizations must approach security based on risk.

15 Succeed in Security: Host Security Secure baseline configurations – the technical starting point of a truly secure infrastructure. Thwarting the attacker by leveraging technology you already have. Helps improve desktop & server support processes and actually reduces long term support costs.

16 Succeed in Security: Monitoring Logical combinations of network and host based monitoring can be valuable. Log management is valuable. Technical education is far more valuable than the technology itself. Do the right people know when a device is added to the network? What about removed?

17 Succeed in Security: Validation Penetration Testing over Vulnerability Assessment. Intrusion Detection Validation and tuning is essential. Firewall rule and configuration validation is essential. Don’t forget about phones, and wireless devices.

18 Succeed in Security: Other Tips Explicit trust is a dangerous game. Users are not malicious for the most part but must be protected against themselves. Don’t overlook email threats. Don’t overlook social engineering threats.

19 Succeed in Security: Other Tips Build a trusted relationship with a security consulting organization that is vendor neutral. Observe what other organizations in similar industries and of similar size are doing.

20 Closing Questions? Steve Manzuik smanzuik@sidc.net steve@security-sensei.com

Download ppt "Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.

 Controls that provide security against internal and external threats  2 Types of access controls: › Physical controls › Logical controls.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Department Of Computer Engineering

Department Of Computer Engineering
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Network Security in a Business Setting By: Brian Haumschild.

Network Security in a Business Setting By: Brian Haumschild.
Program Objective Security Basics

Program Objective Security Basics
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google