Air Force Association (AFA) AGENDA 1. Definition 2. Security Terms Definitions 3. What can we do? 4. Defense in Depth 5. What do Controls do for us? 6. SANS Security Tips 1-8 7. SANS Security Test Information Security The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, viewing, inspection, recording or destruction. Two major aspects of information security are: IT or Computer Security: Information Technology also refers to devices ranging from non-networked standalone devices as simple as calculators, to networked smartphones and tablet computers. IT security specialists are found in all major businesses and government organizations due to the nature and value of their data. They have the IT Security responsibility to keep all of the technology in their organization secure from malicious cyber attacks that attempt to gain access to critical information or take control of the systems. Information Assurance: Ensure that data is not lost when attacks, malfunctions or natural disasters occur. Protected data will: 1. Be Available 2. Have Integrity 3. Be Confidential Security Terms Definitions Vulnerability Lack of countermeasure or software, hardware, procedure or human weakness. They expose organizations to possible damage. The vulnerability could be unpatched applications or operating systems, a service running on a server, an unrestricted wireless access point, an open port on a firewall, lax physical security or unenforced password management on servers and workstations. Threat Any potential danger associated with exploiting a vulnerability. The THREAT AGENT takes advantage of a vulnerability. It could be an intruder accessing the network through a port on the firewall, a process that violates security policy, a fire, or a tornado, or a mistake by an employee that exposes personal or confidential information. Risk The probability that a threat agent will exploit a vulnerability like too many open ports on the firewall or the lack of an intrusion detection system and negatively impact the business. What can we do? Controls /Safeguards/Countermeasures Controls and countermeasures reduce the risk of the threat. These could be software configurations, hardware devices or procedures that prevent the threat agent from exploiting a vulnerability. Or the countermeasure may completely eliminate the threat. Three types of controls: Administrative or “soft” controls Technical controls Physical controls Defense in Depth Combination of Administrative Controls Technical/Logical Controls and Physical Controls and coordinated use of them to provide Defense In Depth for your systems at home or at work. ADMINISTRATIVE: Security Documentation, Risk Management, Personnel Security, Training TACTICAL/LOGICAL: Firewalls, Intrusion Detection Systems, Encryption, Identification, Antimalware, Access Control and Authentication Mechanisms PHYSICAL: Security Guards, Locked internal Doors, Locked Server Room, Cable Locks on Computers, Fences, Security Lighting and Security Cameras Maccabee Security Systems, NY What do Controls do for us? 1. DETER: Intended to discourage a potential attacker 2. PREVENT: Intended to stop an incident from occurring 3. CORRECT: Fixes components or systems after an incident has occurred 4. RECOVER: Intended to return the systems to normal after an incident has occurred 5. DETECT: Help identify threat activities and intruders/intrusions 6. COMPENSATE: Controls that provide other means of control (like fences instead of guards) SANS Security Tips 1 Treat your laptop like you want to keep it Thinking of taking your laptop on the road? It's a great way to work and stay in touch when you're out and about, but you need to take some steps to keep your laptop safe-and in your possession. Here are some things you can do to keep track of your laptop and protect all the personal information on it: Treat it like cash. Get it out of the car...don't ever leave it behind. Keep it locked...use a security cable. Keep it off the floor...or at least between your feet. Keep passwords separate...not near the laptop or case. Don't leave it "for just a sec"...no matter where you are. Pay attention in airports...especially at security. Use bells and whistles...if you've got an alarm, turn it on. SANS Security Tips 2 Don't get hooked by a Phishing expedition Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser -- phishers can make links look like they go one place, but actually send you to a different site. Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly. Don't send personal or financial information by email. Be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them. Visit http://onguardonline.gov/phishing.html for more information. June 17, 2014 SANS Security Tips 3 Don't let spyware control your computer use Lower your risk by taking the following steps: Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads. Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly. Download free software only from sites you know and trust. Enticing free software downloads frequently contain other software, including spyware. Don't click on links in pop-ups. Don't click on links in spam or pop-ups that claim to offer anti-spyware software SANS Security Tips 4 If you suspect malware is on your computer - Stop, Confirm, Scan Malware, short for "malicious software," includes viruses and spyware designed to steal personal information, send spam, and commit fraud. If you suspect malware is on your computer — Stop shopping, banking, or any online activities that involve user names, passwords, or other sensitive information. Confirm that your security software is working and up-to-date. At a minimum, your computer should have anti-virus and anti-spyware software, and a two-way firewall. Once your security software is up-to-date, scan your computer for viruses and spyware, deleting or quarantining anything the program identifies as a problem. If you suspect your computer is still infected, you may want to run a second anti-virus or anti-spyware program - or call in professional help. Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future. Visit http://onguardonline.gov/malware.html for more information. June 14, 2014 SANS Security Tips 5 Don't enter your username and password on any computer you don't control. Using public computers will always carry the risk of exposing your personal data. "Public" computers — as in college library computers. A Kentucky college student has been charged with identity theft and unlawful access to a computer for allegedly breaking into other students' email accounts at the University of the Cumberlands, and using the access and information to blackmail them. He did this by allegedly placing spyware on computers at the college library to harvest the information he needed to access the email accounts. Then he threatened to divulge the contents of certain messages unless the students complied with his demands. For more information: http://blogs.techrepublic.com.com/10things/?p=322 June 3, 2014 SANS Security Tips 6 Change the combination on opened laptop locks When people have cables with combination locks for securing their laptops at their workstation, they always remember to turn the tumblers when they secure the laptop. But what happens when they unsecure the laptop? Many people won't turn the tumblers on the opened lock because it is much easier to lock the laptop later if the combination is already set. About half a dozen laptops in our office disappeared one day. The laptops were stolen by someone who came by when the laptops were not there and noted the combination. They came back later when the laptops were there and used the combination they had noted earlier. SANS Security Tips 7 Prevent USB Drives from Spreading Viruses When you stick a thumb drive infected with a worm like Conficker/Downadup into a clean system, the normally handy AutoPlay feature launches the worm and spreads the infection. You can prevent this by flipping the master switch. Here's how: Click on the "Start" button and pick "Run." Enter the text GPEDIT.MSC and press Enter. After a moment, the Group Policy editor window will open. In the left panel, double-click on "Computer Configuration." Double-click on "Administrative Templates." Double-click on "System." In the right panel near the bottom of the list, double-click on "Turn off autoplay."/ The default setting is the "Not configured." Put a bullet in "Enabled." Make sure "Turn off Autoplay on:" is set to "All drives." Click on "Apply," and then "OK". Close the Group Policy editor window. SANS Security Tips 8 Change your password on a schedule. Passwords are like bubble gum; they are better when fresh. The longer and more complex your password is, the harder it is to crack, and the less often you'll need to change it. If you use an 8-character password, you should change it about every six months. Remember: Never use a password with less than 8 characters. If you use a 9character password and follow the rules about uppercase and lowercase letters, numbers, and symbols, it will stay fresh for a whole year. If you can't remember the last time you changed your password, it's time to change it. Change from a password to a passphrase It's better to use longer and more complicated passwords, but they are hard to remember. Try using a passphrase like "I love getting to work at 8:00!" It's long, easy to remember, and has a mix of upper case and lower case letters and symbols. Don't use familiar or famous quotations. Don't use any real names, especially your own, your family member's, or your pet's. Nonsensical passphrases are the hardest to crack. Because password cracking time increases exponentially, a criminal with substantial computing resources can crack short passwords quickly; while a 31-character (the length of our example) passphrase would take 231,935,475,118,605,000,000,000 years to crack! Best of all, it's easy to remember. SANS Security Tips Test See just how "Security Aware" you really are Do you believe you're a little more Security Aware? Can you identify the threats that exist in your environment and the steps you should take to avoid them? Take the following quizzes and find out. Phishing http://www.onguardonline.gov/games/phishing-scams.aspx Spyware http://www.onguardonline.gov/games/beware-spyware.aspx Identity Theft http://www.onguardonline.gov/games/id-theft-faceoff.aspx Social Networking http://www.onguardonline.gov/games/friendfinder.aspx