Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Published byBeverly Simpson Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi."— Presentation transcript:

1 www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi XXVIII Convegno Annuale del CMG-Italia Milano - 28 Maggio 2014 Roma – 29 Maggio 2014

2 www.softwareassist.net Agenda About SAC The Problem How Attackers Operate Popular Hacking Tools FTP Issues What the Products do –and how Conceptual Overview Why are our products important?

3 www.softwareassist.net About SAC Founded in 1990 Developed a number of very successful products Until now purely development company Products were private labeled by other companies, for ex: AF/Operator: Candle Corporation (now IBM) TapeSaver: Mobius Management Systems (now Unicom) These products have been sold or moved to subsidiaries Focus on the FTP/Security Suite Establishing Worldwide Partner Network

4 www.softwareassist.net The Problem Complex problem, lack of understanding in market place Big vendors focus security discussion on their products Most attacks never make it to the press – do not educate the market Customers often: Do not know how hackers operate Spend a lot of money on some solutions Lack tools in other (important) areas Result: Companies don’t even know they were attacked or notice it many months later – and don’t know what was taken

5 www.softwareassist.net How attackers operate Attackers can be Hobbyists, Amateurs or Professionals Use automated tools Attack weaknesses in common Tools and Protocols Prefer those that are not typically monitored Prime Target: FTP The world’s most common data interchange protocol, including corporate IT Customers forget they use it, no one responsible No Management / Monitoring Tools By default attacks are typically not logged Attack tools available on internet, instructions on YouTube

6 www.softwareassist.net Popular FTP Hacking Tools THC-Hydra (http://www.thc.org/thc-hydra)http://www.thc.org/thc-hydra Medusa (http://foofus.net/goons/jmk/medusa/medusa.html )http://foofus.net/goons/jmk/medusa/medusa.html Ncrack (http://nmap.org/ncrack)http://nmap.org/ncrack Brutus (http://www.hoobie.net/brutus)http://www.hoobie.net/brutus

7 www.softwareassist.net Search ”Hack FTP” on YouTube

8 www.softwareassist.net Where is FTP used? With External Partners Often hosting sensitive data On Web Servers Providing access to the corporate web site and other resources As departmental data interchange tool Often deployed without IT’s knowledge & involvement Typically extremely vulnerable due to lack of security In the Data Center Server Server and Server Mainframe data transfer

9 www.softwareassist.net FTP Issues Don’t know where they use FTP – and how much No Tools to monitor and audit FTP usage Lack of compliance Not able to detect attacks Not able to determine what was taken Not sufficiently protected against FTP attacks Firewalls and IDS (Intrusion Detection Systems) cannot do it

10 www.softwareassist.net Intrusion Detection Systems Designed primarily to detect intrusions from outside Malicious employees and contractors are a common threat Looks for anomalies in network traffic Does not understand the network protocols it looks at Recognizes brute force attacks by frequency, not content Can be circumvented easily

11 www.softwareassist.net The FTP/Security Suite FTP/Auditor: FTP Server discovery Where is FTP running, how is it secured? FTP/Sentry: Real-Time monitoring and alerting What is happening ? What problems are occurring? Sentry Desktop: Auditing and historical analysis Who accessed which files - when and from where? Exceptions and Alerts FTP/Armor: Securing FTP Servers Detects attacks, alerts IT staff and blocks intruders Complements Intrusion Detection Systems FTP/Guardian: Integrates Mainframe FTP with Mainframe Security

12 www.softwareassist.net Sentry Desktop FTP Activity DB (SQL Server) Conceptual Overview Real Time Monitor Remote Agents

13 www.softwareassist.net Typical FTP Attack User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n

14 www.softwareassist.net FTP Attack with FTP/Sentry FTP Activity DB (SQL Server) Real Time Monitor User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n

15 www.softwareassist.net Email FTP Attack with FTP/Sentry Real Time Monitor User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n Alert Sentry Desktop Console

16 www.softwareassist.net FTP Attack with FTP/Sentry Real Time Monitor Remote Agents User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n BLOCK IP n.n.n.n

17 www.softwareassist.net FTP Attack with FTP/Sentry Remote Agents User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n Connection refused

18 www.softwareassist.net Why are our products so important? Without them our Customers would not: Know which servers are vulnerable through running FTP Be protected against FTP attacks Be able to notice an attack what ID was compromised and what was taken Be able to audit WHEN WHO accessed WHAT from WHERE Have operational visibility and control of their FTP infrastructure

19 www.softwareassist.net Interesting Studies & Reports Carnegie Mellon Software Engineering Institute: ‘Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector’ ‘Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector’ Key Findings: An average of 32 months elapsed between the beginning of the fraud and its detection by the victim organization ”The insiders’ means were not especially sophisticated” – the fraud was possible due to lack of controls/security, not the skills of the perpetrators

20 www.softwareassist.net Interesting Studies & Reports Forrester: ‘Understand The State Of Data Security And Privacy: 2012 To 2013’ ‘Understand The State Of Data Security And Privacy: 2012 To 2013’ Key Findings: Intentional Data Theft accounts for 45% of all Data Breaches 33% of Intentional Data Theft is committed by Malicious Insiders 66 % of Intentional Data Theft is committed by External Attacks

21 www.softwareassist.net Interesting Studies & Reports Ponemon Institute: ‘2012 Cost of Cyber Crime Study: United States’ ‘2012 Cost of Cyber Crime Study: United States’ Key Findings: Average cost of a data breach in the US is $8,933,510 Certain industries, such as Financial Services, experience higher cost The companies in the study experienced an average of 1.8 successful attacks per week

22 www.softwareassist.net Questions ?

Download ppt "Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi."

Similar presentations

Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network security policy: best practices

Network security policy: best practices
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Similar presentations

Ads by Google