emerging security threats

Information about emerging security threats

Published on September 29, 2007

Author: Lucianna

Source: authorstream.com

Content

Essential Strategies for Protecting Against the New Wave Of Information Security Threats:  Essential Strategies for Protecting Against the New Wave Of Information Security Threats Abe Usher, CISSP Sharp Ideas LLC About the presenter:  About the presenter Abe Usher CISSP Master’s degree in Information Systems Ideas published in Wired Magazine, Network World, New Scientist Magazine, Business Week On-line and others Creator of slurp.exe Principal architect of SecurityBuzz.org Webinar agenda:  Webinar agenda Review of security concepts New threats Pod slurping Data theft in the news Strategies for reducing risk Questions and wrap up Information security: key terms:  Information security: key terms Confidentiality Integrity Availability Information security: key terms:  Information security: key terms Network security Application security Host security (endpoint security) Information security: key terms:  Information security: key terms Network Application Host (Endpoint) Typically strong Moderate Weak (non-existent?) Information security: new threats:  Information security: new threats The widespread introduction of computing devices and portable storage in the enterprise bring significant risks: iPods USB and Firewire storage Bluetooth accessories PDAs Unauthorized wireless Endpoint: entry vectors:  Endpoint: entry vectors Optical drives PDAs Smart phones Firewire USB accessories RJ-45 net WiFi Bluetooth Universal Serial Bus (USB):  Universal Serial Bus (USB) Originally developed in 1995 as an external expansion bus to make adding peripherals easy. “Universal” acceptance of USB – virtually all new PCs come with one or more USB ports. New USB 2.0 allows data transfer at a rate 40 times faster than USB 1.1 (480 Mb/second) USB devices: the good:  USB devices: the good Supported by all vendors on all major operating systems Productivity booster in the proper context USB has reduced cost and complexity of peripherals Convenient data exchange between computers USB devices: the bad:  USB devices: the bad Modern operating systems do not provide granular control over the use of USB devices (e.g. No auditing) Most commercial organizations do not have clear policies on the use of USB devices Most organizations do not understand the security implications of USB devices The importance of information:  The importance of information The currency of the Information Age is the bit. Information economies gain competitive advantage through creating, analyzing, and distributing information. Organizations that fail to protect their information resources jeopardize their own future. Adapt your security infrastructure or become a statistic:  Adapt your security infrastructure or become a statistic Privacy Rights Clearing House | Washington Post, June 22, 2005 Adapt your security infrastructure or become a statistic:  Adapt your security infrastructure or become a statistic Privacy Rights Clearing House | Washington Post, June 22, 2005 Adapt your security infrastructure or become a statistic:  Adapt your security infrastructure or become a statistic Privacy Rights Clearing House | Washington Post, June 22, 2005 Digital media players and portable storage:  Digital media players and portable storage More than 42 million iPods sold Other digital media players increasingly popular USB thumb drives reaching low price point and ubiquitous adoption Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Unauthorized use of computers increased Unauthorized access to information and theft of proprietary information showed significant increases in average loss per respondent ($303,324 and $355,552 respectively) Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Information security: in the news:  Information security: in the news Additional resources available at: http://www.sharp-ideas.net/ideas/ 37 additional stories from the news media related to data theft 26 messages from prominent information security mailing lists discussing data leakage / data theft Information security: traditional threats:  Information security: traditional threats External hackers Malicious code outbreaks SPAM Spyware Phishing Traditional threats (network security):  Traditional threats (network security) Hacker activity Worms & viruses SPAM Spyware Phishing Traditional threats (network security):  Traditional threats (network security) Hacker activity Worms & viruses SPAM Spyware Phishing Firewall Intrusion Detection SPAM filtering Anti-Spyware Phishing filtering Emerging threats: endpoint security:  Emerging threats: endpoint security Widespread adoption of portable storage and digital media players USB Firewire Emerging threats: endpoint security:  Emerging threats: endpoint security Widespread adoption of portable storage and digital media players USB Firewire Wireless trend in peripherals & secondary components Bluetooth 802.11 Emerging threats: endpoint security:  Emerging threats: endpoint security Widespread adoption of portable storage and digital media players USB Firewire Wireless trend in peripherals & secondary components Bluetooth 802.11 Bottom line: Network security strategies do nothing to protect against devices connected inside of your enterprise network. Evolution of security threats:  Evolution of security threats Computing capacity vs. human skill:  Computing capacity vs. human skill The rate that computing power increases is vastly greater than the rate that computer users achieve new understanding. Information security: new solutions:  Information security: new solutions Comprehensive policies that account for portable computing devices, wireless computing, and a mobile workforce User awareness of security issues and policies Technical solutions that mitigate access of storage and communication devices at the endpoint 5 Point strategy to remain secure:  5 Point strategy to remain secure Assess your technology environment Adapt your security policy Have a user awareness plan Put your policies and procedures into action Assess effectiveness and revise your policy Strategy #1: Assess your technology environment:  Strategy #1: Assess your technology environment At a minimum define: Critical information and information systems System owners System users: employees contractors business partners Most likely vulnerabilities and threats to endpoint security Strategy #2: Revise your security policy:  Strategy #2: Revise your security policy At a minimum, revise these two areas: Corporate acceptable use policy Use of personal computing devices: USB storage Bluetooth peripherals Personal media players (e.g. iPod) PDAs Optical drives Multi-function phones Strategy #3: User awareness:  Strategy #3: User awareness Inform users of security issues and their responsibilities through awareness initiatives training education References: NIST 800-50 “Building an Information Technology Security Awareness and Training Program” NIST Awareness, Training, Education http://csrc.nist.gov/ATE/ Strategy #4: Implement your policies and procedures:  Strategy #4: Implement your policies and procedures Assign specific responsibilities Deploy required technical solutions Strategy 4: Assign specific responsibilities:  Strategy 4: Assign specific responsibilities Security manager Managers IT staff Employees Contractors Restrict privileges to critical information to those who require it to be productive Strategy #4: Deploy required technical solutions:  Strategy #4: Deploy required technical solutions Based on your internal analysis of vulnerabilities and threats, protect essential data: in active use in active storage in archival storage in transmission Strategy 4: Example technical solutions:  Strategy 4: Example technical solutions Strategy 4: Example technical solutions:  Strategy 4: Example technical solutions (1) Access control, (2) audit activities, (3) detect events in real-time Strategy #5: Assess effectiveness and revise strategy:  Strategy #5: Assess effectiveness and revise strategy All business systems require a feedback loop As your operating context changes, so too will your security solutions If/when you have endpoint security incidents, be sure to revise your policies appropriately Conclusions:  Conclusions We've only witnessed the tip of the iceberg related to data theft Incident prevention is significantly less costly than incident response Addressing the issue at the endpoint provides the best ratio of risk reduction per dollar Tailor the recommended strategies to your organization's business requirements Slide44:  Media Classes Centrally manage and protect networks from threats associated with removable media devices: Data theft Virus and malware propagation Computer misuse. How DeviceWall Works:  Customer Data Intellectual Property Corp. Knowledge Desperate Housewives Viruses Malware How DeviceWall Works Effective Management Reporting:  Effective Management Reporting DeviceWall 1-minute Overview:  DeviceWall 1-minute Overview Measured response to known risk Intuitive and comprehensive auditing Easy policy creation and deployment Effective guard against unwanted device connections Minimal overhead and ongoing cost of ownership Low cost of acquisition Deploy in minutes, update automatically Temporary access tools keeps users productive Communication minimizes calls to helpdesk Intuitive, fast and effective to manage No specialist training required No need for dedicated staff to run Control Center Technical Specifics:  Supported platforms Windows NT, 2000, XP, 2003 Devices managed PDAs, USB memory, MP3 players, PDAs, CompactFlash, optical drives, external hard drives, digital cameras, mobile phones, Firewire ports, Bluetooth ports and more Server Requirements Pentium, 128MB RAM, 512MB Hard Disk Network Requirements MS IIS 5.0+, Active Directory & NT domains supported Technical Specifics Slide49:  We hope that you have enjoyed this presentation on protecting against the future information security threats. To gain additional information, please examine the following resources: www.sharp-ideas.net www.devicewall.com Program Note:  Program Note This webinar is sponsored by Centennial Software. All referenced research is copyrighted 2006 by Sharp Ideas LLC, and/or its affiliates. All rights reserved. Every reasonable attempt has been made to present accurate and reliable information. However, Sharp Ideas LLC disclaims all warranties as to the accuracy, completeness or adequacy of information contained within the webinar. Sharp Ideas LLC shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Related presentations


Other presentations created by Lucianna

Nutritional Care of Burns
04. 01. 2008
0 views

Nutritional Care of Burns

spine2 no background
08. 05. 2008
0 views

spine2 no background

banking
14. 04. 2008
0 views

banking

Thunderstorms
03. 10. 2007
0 views

Thunderstorms

i2 traffic shaping
03. 10. 2007
0 views

i2 traffic shaping

bind
07. 10. 2007
0 views

bind

prefix delegation requirement1
09. 10. 2007
0 views

prefix delegation requirement1

dipo
12. 10. 2007
0 views

dipo

Living Things
12. 10. 2007
0 views

Living Things

wnv062904
21. 10. 2007
0 views

wnv062904

latinoamerica
22. 10. 2007
0 views

latinoamerica

Rachinsky
11. 10. 2007
0 views

Rachinsky

Slide presentazione
24. 10. 2007
0 views

Slide presentazione

feynman
16. 10. 2007
0 views

feynman

gt bot
13. 10. 2007
0 views

gt bot

fr summit marginson 230306
30. 10. 2007
0 views

fr summit marginson 230306

Accelerators CZ
15. 11. 2007
0 views

Accelerators CZ

Les Animaux du Zoo
11. 10. 2007
0 views

Les Animaux du Zoo

Rapport Nationale MAROC
23. 10. 2007
0 views

Rapport Nationale MAROC

Grammar essentials
16. 11. 2007
0 views

Grammar essentials

sponge
20. 11. 2007
0 views

sponge

Crans Montana 03 nieuw
15. 10. 2007
0 views

Crans Montana 03 nieuw

Workshop
02. 11. 2007
0 views

Workshop

NSF 12 6 2001
31. 12. 2007
0 views

NSF 12 6 2001

Class8
07. 01. 2008
0 views

Class8

toc wkshp nov03
18. 10. 2007
0 views

toc wkshp nov03

VCT Morocco
24. 10. 2007
0 views

VCT Morocco

NACADA Combined Workshop 11 04
29. 09. 2007
0 views

NACADA Combined Workshop 11 04

sky
13. 11. 2007
0 views

sky

file Kigali Strengthening Local
07. 01. 2008
0 views

file Kigali Strengthening Local

10638221831Maroc MinInt French
23. 10. 2007
0 views

10638221831Maroc MinInt French

ub geographicimagery051 001
27. 09. 2007
0 views

ub geographicimagery051 001

Presentación RR EXPORTA def
23. 10. 2007
0 views

Presentación RR EXPORTA def

prosper
28. 12. 2007
0 views

prosper

HPCN summary 7 5 2007
17. 10. 2007
0 views

HPCN summary 7 5 2007

ammosov
12. 10. 2007
0 views

ammosov

A NEW ENGLISH COURSE Book 3
20. 02. 2008
0 views

A NEW ENGLISH COURSE Book 3

Food Bank of New Jersey
29. 02. 2008
0 views

Food Bank of New Jersey

lewis
19. 10. 2007
0 views

lewis

XC Safety and mentor
03. 04. 2008
0 views

XC Safety and mentor

NA3
07. 04. 2008
0 views

NA3

Civitas Plus2006
18. 03. 2008
0 views

Civitas Plus2006

Ch14 7e
10. 04. 2008
0 views

Ch14 7e

Team2
11. 04. 2008
0 views

Team2

fmla
04. 10. 2007
0 views

fmla

retailcompetition
17. 04. 2008
0 views

retailcompetition

Using ILS
22. 04. 2008
0 views

Using ILS

shaw
16. 03. 2008
0 views

shaw

CSI Presentation 2007
19. 02. 2008
0 views

CSI Presentation 2007

NIST TDT2004
07. 05. 2008
0 views

NIST TDT2004

chapter3v2
15. 10. 2007
0 views

chapter3v2

MEDOPSBOOKFEB01
02. 05. 2008
0 views

MEDOPSBOOKFEB01

BostwPres
02. 05. 2008
0 views

BostwPres

555 Spanish
02. 05. 2008
0 views

555 Spanish

hexapod Shirke
02. 05. 2008
0 views

hexapod Shirke

Lung Expansion 1
02. 05. 2008
0 views

Lung Expansion 1

Aaron
02. 05. 2008
0 views

Aaron

CMI slides Feb05
01. 11. 2007
0 views

CMI slides Feb05

SAP1012
10. 03. 2008
0 views

SAP1012

lesson 4
15. 10. 2007
0 views

lesson 4

2006 APHA
05. 10. 2007
0 views

2006 APHA

probir
30. 03. 2008
0 views

probir

Rauf Presentation NEW
18. 10. 2007
0 views

Rauf Presentation NEW

IAJAPAN
09. 10. 2007
0 views

IAJAPAN

Mr Daisuke Matsunaga
09. 10. 2007
0 views

Mr Daisuke Matsunaga

3 KukaGLBThealthissues
29. 10. 2007
0 views

3 KukaGLBThealthissues

Bernard ANSELMETTI
24. 10. 2007
0 views

Bernard ANSELMETTI

NBII Newark 10 02
21. 10. 2007
0 views

NBII Newark 10 02

MarketingWorkshop 4 22 05rev1
24. 10. 2007
0 views

MarketingWorkshop 4 22 05rev1

FEESTDAGEN
06. 11. 2007
0 views

FEESTDAGEN

trainplanesandautomo biles
13. 03. 2008
0 views

trainplanesandautomo biles

NWA June00
05. 10. 2007
0 views

NWA June00

Panama 2004 Reporte
25. 10. 2007
0 views

Panama 2004 Reporte

SAKURA Yamamoto
25. 03. 2008
0 views

SAKURA Yamamoto

tiner presentation
04. 01. 2008
0 views

tiner presentation

aseancjp
09. 10. 2007
0 views

aseancjp

schools talk
29. 10. 2007
0 views

schools talk

BethkeA
02. 10. 2007
0 views

BethkeA

DeVidtsPresentation
11. 10. 2007
0 views

DeVidtsPresentation

Zhu Zhiyong
16. 10. 2007
0 views

Zhu Zhiyong

pres1 1
22. 10. 2007
0 views

pres1 1

AESC 2005 VERMONT Result
02. 11. 2007
0 views

AESC 2005 VERMONT Result