mis311_infosec2011

advertisement
Creative Commons License: You are free to
share and remix but you must provide
attribution and you must share alike.
Information Security
A Practical Introduction
Michael McDonnell
GIAC Certified Intrusion Analyst
michael@winterstorm.ca
What is (Information) Security About?
InfoSec is… about Hackers
InfoSec is… about Vandalism
InfoSec is… about Backups
InfoSec is… about Theft
InfoSec is… about Uptime
InfoSec is… about Phones
InfoSec is… about Information
Information Security is an Outcome
"Our systems are secure
from hackers“
"We have blocked 17,342
viruses to date“
“Our systems are all online“
“Insiders cannot steal our
information”
“We have backups”
“We are Secure”
Information Security is a Process
“We want to improve
security“
“We want to be
more Secure”
"We need to protect against
more threats"
"We want to reduce risk"
"We want to increase
customer confidence"
"We want to decrease the
number of compromises"
InfoSec is… Risk Management
Identify
What is at Risk?
Confidentiality
Integrity
Availability
Defence in Depth lowers Risk
Process leads to Outcome
Firewalls do not make you secure
Anti-virus does not make you secure
Policies do not make you secure
VPNs do not make you secure
Guards do not make you secure
Passwords do not make you secure
Together they all make you
MORE secure
Threat: Denial of Service
Counter: Firewalls and Switches
Threat: Unintentional DoS
?
An unpatched server was compromised and used to distributed 20 GB of
videos with French language titles. The problem was discovered when the
server was blocked for excessive bandwidth usage.
French Puppet Videos!
The server was distributing 20 GB of French Puppet Videos. The cleanup time
was 7 hours. If they had just asked we would have probably found someone to
host the videos for them!
Counter: Change Management
Counter: Monitoring
Threat: SQL Injection Attack
Counter: Vulnerability Scanning
Counter: Developer Training
Counter: Web Application Firewall
Threat: The Man-in-the-Middle
The Weaponized
Pineapple
1. Pretends to be
YOUR home wifi
network.
2. Records what you
do on the Internet.
Counter: 2 Factor Authentication
YUBIKEY
SecurID
Google 2FA
Threat: Insiders
Counter: DLP and DPI
Deep Packet Inspection (DPI):
Firewalls inspect every packet on the network and
rebuild the entire message.
Data Loss Prevention (DLP):
Uses DPI and pattern matching to look for suspicious
content being sent FROM your network.
Threat: Malvertisements
Threat: It never rains… it pours
1.
2.
3.
4.
5.
6.
The OS Vendor stopped providing patches
The server was hacked
A hard disk failed
A cooling fan died & it crashes every 2hr
The software vendor wanted more money
Hardware support had not been paid for
Final Threat: The A.P.T.
Advanced Persistent Threat
InfoSec is… Everyone’s Responsibility
Confidentiality
Integrity
Availability
More Threats
1. Spear-phishing
1. Credible emails, highly targeted, but malicious
2. USB Viruses: usb virus scanner, autorun, readonly storage
1. Automated
Questions?
Email:
michael@winterstorm.ca
Slides:
http://winterstorm.ca/download/
Download