Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information."— Presentation transcript:

1 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information Security Risks, Part II Module 1: Password Security Module 2: Wireless Security Module 3: Unintentional Threats  Module 4: Insider Threats Module 5: Miscellaneous Threats Module 6: Summary

2 Module 4 Insider Threats

3 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Student will be able to: –Recognize insider threats of an organization –Identify different sources of insider threats –Classify perpetrators of insider threats –Determine relevant controls for protection against insider threats Insider Threats Learning Objectives

4 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 An authorized user of a system who –Unwittingly aids or directly performs bad actions –Performs bad actions with the best possible intentions –Intentionally performs bad actions (motivation is irrelevant) Insider Threats Definition Insider threat more insidious than external threats and may be harder to detect

5 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 5 Proprietors Moles Inappropriate users Cowboys in the organization who who consider themselves beyond any policy Remote or traveling users Disgruntled insiders Malicious Employees Insider Threats Perpetrators

6 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 6 Weak security policies and procedures –Errors in configuration, assignment of roles and rights, or acceptable use –Inadequate training and controls that leads to inappropriate use of systems Poor physical security Insider Threats Holes Traveling laptops (employee travel) Inadequate screening of employees during hiring process Lack of resources to support security

7 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 7 Social engineering –Low tech but can be powerful –Mostly performed over the phone or e-mail Impersonation –Encrypt your authentication in transit –User credentials should not be emailed Hacker Penetration through Network Modems on the network –Direct connect to analog lines –Analog/digital converters Web capable phones Wireless LANs Portable Media (thumb drives) Insider Threats Inside Hacker Penetration

8 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 8 Perform periodic security assessment –Internal process or external consultants Upgrade authentication and authorization processes Stay current with security technology –Install patches when available Train the IT staff and users to avoid configuration mistakes (Not the best place to save money) –Develop and internal training program (train-the-trainer) Insider Threats Protection Follow the principle of least privilege (Do not give unnecessary permissions) Ensure the repercussions to flaunting security policies are strong and well advertised

9 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 9 Incorporate audit tools in your information access and identity management systems –e.g. Active Directory, LDAP, Databases, File Servers Eliminate legacy interoperability from new system requirement when performing upgrades to remove old vulnerabilities Insider Threats Protection Cont’d.

10 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 10 Defense in Depth Introduce security in network design –Segment the internal network –Use switches instead of hubs Enforce Policies diligently –Apply principle of least privilege –Audit logs and identify intrusions –Profile network behavior –Severely restrict privileged access to only security & network administrators Insider Threats Protection: Network Architecture

11 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 11 Use routers to segment the network Disallow source routing, broadcast, and multicast Use filters for: –Traffic permitted into and out of your network –Source & destination IP addresses entering and leaving each subnet Insider Threats Protection: Segment Architecture

12 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 12 Don’t allow all system admins root access to everything Identify user requirements and disable un-needed services Use Role Based Access Control (RBAC) Remove operating system access from user workstations Insider Threats Protection: Least Privilege

13 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 13 Central console for all security system reports Most networking equipment will support SYSLOG – use it Establish Flow Monitoring – several good tools, including MRTG, nTOP, CISCO, etc… DHCP – Establish long lease times to enable better auditing Insider Threats Protection: Auditing & Profiling Set time and protocol rules of engagement Limit systems that don’t require access to the Internet

14 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 14 Syslog your bastion routers Virus scan and potentially content filter your e-mail Proxy all outbound Internet protocols Filter for appropriate content Select firewalls that demand protocol compliance on outbound proxy Insider Threats Protection: Bastion Awareness

15 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 15 Tactics –Identification –Containment –Eradication –Recovery –Post-Mortem –Each new procurement supports strategic security goals Insider Threats Protection: Tactics & Strategy Strategy –Prepare for intrusion –Plan procurements carefully –Map user/role access to data profiles –Ensure data tagging stays up to date –Build strong auditing – centralize it and analyze it –Build defense-in-depth –Understand your asset/risk profile and keep it up to date Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. -- Sun Tzu

16 Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 16 Internal threats can be more insidious than external threats Security policy enactment and enforcement is critical for internal protection Network can be designed to make it more secure Training and education are key to the success of insider protection Insider Threats Summary

Download ppt "Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information."

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 General Policy and Law Issues.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 General Policy and Law Issues.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.

Similar presentations

Ads by Google