Presentation on theme: "The Information Security Jigsaw The Technical perspective John Carr Senior Manager Information Security Cap Gemini Ernst & Young."— Presentation transcript:
The Information Security Jigsaw The Technical perspective John Carr Senior Manager Information Security Cap Gemini Ernst & Young
What kind of jigsaw? Procedural Security Risk Management Physical & Personnel Security Technical Security Security Operations
Content Introduction Why its so important The risks Is it for real? What happens if it goes wrong The Solutions on offer Conclusions
Introduction Security is now in the forefront of corporate planning and management No sectors can exclude themselves now Need to communicate means proliferation of external connectivity on a global scale Greater need to establish the risks Need for a mix of solutions - this is the technical component!
Why Security is so important Security is a key business enabler, particularly in e-space All enterprises are at risk to and this is increasing Business change can be a dangerous venture without considering security risks Public facing organisations require evidence of due diligence If there are problems people will find out Management accountability is high, so is peace of mind Preventing problems is cheaper than fixing them or recovering from them
The Risks (1) Risks to the network –Threats - Hacking, Leakage, DOS, Malicious Code, Misuse of Resources, Abuse –Vulnerabilities (weaknesses in O/S protocols, degree of resistance to attack) –Impacts (frauds, modification) –Privacy issues (browsing, cookies, logs) Use of Wireless LANs
The Risks (2) Risks of connecting with other peoples networks –You have no Control; Back doors to hostile environments; Different architectures; Difficulties in securing the links. Other Risks –Human errors –Other theft –Sabotage –Environmental failure
Is it for Real? In the News The White House Marks & Spencer Barclays On-line Amazon (Privacy) Consumers Association (Which) Yahoo Norwich Union Case Studies City Financial Institution –The virus attack from hell ! Global Media Corporation –All comms traffic through a single multiplexor without access control ! Global Automotive Co. –What do you mean this technical architecture won’t work - its costing us ££ !
Is it for Real? An infection occurred despite tight anti-virus controls, multiple products & platforms, strong management and a strict culture Yet a virus still got in and infected 30 odd PCs internally before clean up Thankfully, one of their exiting gateways picked it up and stripped it out of approximately 100 mails bound for clients, business associates etc etc. Phew!!!!!! But it put a note to that effect in the message! ARRGGH!! The cause of the problem?
Real Events do Happen! Use of Web based mail hosts Use of Web based mail hosts which don’t scan for viruses either coming in or going out Use of Web based mail hosts that use SSL to encrypt the session! So the incoming checker couldn’t identify the virus!
What Happens if it goes wrong? If your information is corrupted, you can’t do billing or other financial work If bill presentment was compromised then key customers could be lost If your information is out of date or inaccurate you may injure individuals or mislead clients If your information is disclosed without authority you could face legal or regulatory penalties If you contract a network virus, you may have to close your entire network and be almost unable to operate If your systems fail then you can’t do business transactions IF YOU DON’T PROTECT YOURSELF YOU MAY NOT HAVE ANYTHING LEFT TO PROTECT
Solutions! Anti Virus Regimes Intrusion Detection Systems Artificial intelligence Use of trusted products & services Audit collection, analysis and interpretation Firewalls & routers PKI??? Wireless LANs…………...
Anti-Virus regimes Scanners are not enough on their own Function specific and different Culture need Update capabilities Holistic software AI??
Intrusion Detection Systems Perimeter monitoring System tools Interception Intrusion alert Configuration critical Overheads
Artificial intelligence! Is here now! Systems to detect irregular patterns in system activity Machine created profile/footprint Alert capability Not able yet to detect right and wrong
Trusted Products Old Orange book from US UK ITSEC for government Common Criteria now for EU, US Canada, Australia etc. Kite Mark equivalent for anti-virus s/w Commercial schemes?
Audit Collection capabilities long standing Real time monitoring and alert possible Analysis tools available Tight regimes are labour or machine intensive Need for interpretation (AI??)
PKI The great saviour? Digital Certificates - authentication OK but alternatives exist Digital Signatures - trust, assurance OK Encryption - confidentiality - not really! Too costly to implement and manage Uncertain future
Wireless LAN’s The great issue at the moment. How to secure something that does not lend itself to security? Short range repeaters Screening - Ugh!!! Back door bolted MAC Address filtering
Conclusions There are many technical risks and they are increasing and evolving. There are solutions but not panaceas You can only defend against that which you know Technical security is not enough on its own The future is uncertain - we can only do our best but it must be the best!