Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Slides:



Advertisements
Similar presentations
Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Advertisements

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network security policy: best practices
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureSurf Protect your users when surfing the Internet.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Honeypot and Intrusion Detection System
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
12/23/2015Software Assist Corporation1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
PARTNER CAMPAIGN PACK  2015 ObserveIT Campaign Roadmap  Introducing ObserveIT Partner Campaign Packs  Overview of Application User Campaign Pack.
Computer Security By Duncan Hall.
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
Safe’n’Sec IT security solutions for enterprises of any size.
Role Of Network IDS in Network Perimeter Defense.
Information Security: Current Threats Marc Scarborough Information Security Officer
Unit 2 Personal Cyber Security and Social Engineering Part 2.
©2014 Cleo. All rights reserved. Company confidential. Managing Chaos: Andy Moir Director, Product Marketing 2 Data Movement in 2015.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.
Securing Information Systems
Six Steps to Secure Access for Privileged Insiders and Vendors
Real-time protection for web sites and web apps against ATTACKS
Six Steps to Secure Access for Privileged Insiders and Vendors
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
Managing Chaos: Data Movement in 2014 Steve Jordan
Chapter # 3 COMPUTER AND INTERNET CRIME
Microsoft Data Insights Summit
6. Application Software Security
Protect data in core business applications
STEALTHbits Technologies, Inc.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi XXVIII Convegno Annuale del CMG-Italia Milano - 28 Maggio 2014 Roma – 29 Maggio 2014

Agenda About SAC The Problem How Attackers Operate Popular Hacking Tools FTP Issues What the Products do –and how Conceptual Overview Why are our products important?

About SAC Founded in 1990 Developed a number of very successful products Until now purely development company Products were private labeled by other companies, for ex: AF/Operator: Candle Corporation (now IBM) TapeSaver: Mobius Management Systems (now Unicom) These products have been sold or moved to subsidiaries Focus on the FTP/Security Suite Establishing Worldwide Partner Network

The Problem Complex problem, lack of understanding in market place Big vendors focus security discussion on their products Most attacks never make it to the press – do not educate the market Customers often: Do not know how hackers operate Spend a lot of money on some solutions Lack tools in other (important) areas Result: Companies don’t even know they were attacked or notice it many months later – and don’t know what was taken

How attackers operate Attackers can be Hobbyists, Amateurs or Professionals Use automated tools Attack weaknesses in common Tools and Protocols Prefer those that are not typically monitored Prime Target: FTP The world’s most common data interchange protocol, including corporate IT Customers forget they use it, no one responsible No Management / Monitoring Tools By default attacks are typically not logged Attack tools available on internet, instructions on YouTube

Popular FTP Hacking Tools THC-Hydra ( Medusa ( ) Ncrack ( Brutus (

Search ”Hack FTP” on YouTube

Where is FTP used? With External Partners Often hosting sensitive data On Web Servers Providing access to the corporate web site and other resources As departmental data interchange tool Often deployed without IT’s knowledge & involvement Typically extremely vulnerable due to lack of security In the Data Center Server Server and Server Mainframe data transfer

FTP Issues Don’t know where they use FTP – and how much No Tools to monitor and audit FTP usage Lack of compliance Not able to detect attacks Not able to determine what was taken Not sufficiently protected against FTP attacks Firewalls and IDS (Intrusion Detection Systems) cannot do it

Intrusion Detection Systems Designed primarily to detect intrusions from outside Malicious employees and contractors are a common threat Looks for anomalies in network traffic Does not understand the network protocols it looks at Recognizes brute force attacks by frequency, not content Can be circumvented easily

The FTP/Security Suite FTP/Auditor: FTP Server discovery Where is FTP running, how is it secured? FTP/Sentry: Real-Time monitoring and alerting What is happening ? What problems are occurring? Sentry Desktop: Auditing and historical analysis Who accessed which files - when and from where? Exceptions and Alerts FTP/Armor: Securing FTP Servers Detects attacks, alerts IT staff and blocks intruders Complements Intrusion Detection Systems FTP/Guardian: Integrates Mainframe FTP with Mainframe Security

Sentry Desktop FTP Activity DB (SQL Server) Conceptual Overview Real Time Monitor Remote Agents

Typical FTP Attack User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n

FTP Attack with FTP/Sentry FTP Activity DB (SQL Server) Real Time Monitor User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n

FTP Attack with FTP/Sentry Real Time Monitor User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n Alert Sentry Desktop Console

FTP Attack with FTP/Sentry Real Time Monitor Remote Agents User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n BLOCK IP n.n.n.n

FTP Attack with FTP/Sentry Remote Agents User: Administrator Password: AAAAA Password: AAAAB Password: AAABA Password: AAABB …… IP n.n.n.n Connection refused

Why are our products so important? Without them our Customers would not: Know which servers are vulnerable through running FTP Be protected against FTP attacks Be able to notice an attack what ID was compromised and what was taken Be able to audit WHEN WHO accessed WHAT from WHERE Have operational visibility and control of their FTP infrastructure

Interesting Studies & Reports Carnegie Mellon Software Engineering Institute: ‘Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector’ ‘Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector’ Key Findings: An average of 32 months elapsed between the beginning of the fraud and its detection by the victim organization ”The insiders’ means were not especially sophisticated” – the fraud was possible due to lack of controls/security, not the skills of the perpetrators

Interesting Studies & Reports Forrester: ‘Understand The State Of Data Security And Privacy: 2012 To 2013’ ‘Understand The State Of Data Security And Privacy: 2012 To 2013’ Key Findings: Intentional Data Theft accounts for 45% of all Data Breaches 33% of Intentional Data Theft is committed by Malicious Insiders 66 % of Intentional Data Theft is committed by External Attacks

Interesting Studies & Reports Ponemon Institute: ‘2012 Cost of Cyber Crime Study: United States’ ‘2012 Cost of Cyber Crime Study: United States’ Key Findings: Average cost of a data breach in the US is $8,933,510 Certain industries, such as Financial Services, experience higher cost The companies in the study experienced an average of 1.8 successful attacks per week

Questions ?