Presentation on theme: "IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -"— Presentation transcript:
IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -
2 Holistic approach PEOPLE PROCESS TECHNOLOGY awareness, skill... security as part of business process... implementation...
3 Topology of Security Holes Internet Web Siteuser ISP Sniffed flood spoof Virus, Trojan horse - Applications (database, Web server) attacked - OS attacked 1.Network 2.OS 3.Apps. / database Security Holes Userid, Password, PIN, credit card # Sniffed flood spoof
4 Why Network Security? More companies are connected to the Internet More attacks are peformed over network. No physical boundary Question: –how to manage network security? –Can it detect anomalous behaviors?
5 Rule of thumb: layered protection an example Web server(s) Firewal protect access to web server Firewall protect access to SQL Internet banking gateway core banking applications Internet Customer (with authentication device) IDS detect intrusions
6 Management Tools There are plethora of security management tools, but are –not integrated –still difficult to use –still at their infancy stage But its better than nothing, so use the tools!
7 People Threats are coming from –Outside –Inside 1999 CSI/FBI Computer Crime Survey Disgruntled workers86% Independent hackers74% US Competitors53% Foreign corp30% Forign gov.21%
8 People There must be a security culture from top to bottom –CEO, C* –… –even janitor! Awareness is important
9 Everybody must know the DOs and the DONTs DO –Change password regularly –… DONT –Share password –… This is part of policy and procedures
10 Incident Response Team There should be an IRT in the company –Handles incidents –Users know that they are responsible for their behaviors –Provides security trends in the company to executives –Q: Where should IRT report to?
11 Still missing in this slides... Process –Companys business process? –Policy & procedures?
12 Concluding Remarks Security is a continuous process Manage your network and users SECURITY LIFECYCLE