We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Modified over 4 years ago
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor firstname.lastname@example.org
2 – © 2001 Symantec Corporation. Business Trends Increasing importance of e- business Disappearing enterprise perimeter Focus on business continuity Increasing concern over information attack Frequency Complexity/Virulence Cost Polymorphic Viruses (Tequila) Blended Threats (Code Red, Nimda) Denial-of-Service (Yahoo!, eBay) Mass Mailer Viruses (Love Letter/Melissa) Zombies Viruses Network Intrusions 70,000 60,000 50,000 40,000 30,000 20,000 10,000 Number of Known Threats
3 – © 2001 Symantec Corporation. 54 56 58 60 62 64 66 199920002001 Insider vs. Outsider Attacks (based on % experienced) CSI/FBI Study, 2001 Outsider Insider
4 – © 2001 Symantec Corporation. Policy is Key to Security Mandate to implement security Standard to measure security Basis for all security technology and procedures Policy Standards Procedures, Guidelines & Practices
5 – © 2001 Symantec Corporation. Operational Security Standards ISO 17799 best practice areas SysTrust requirements established by the AICPA FISCAM requirements from GAO for U.S. fed. govt. COBIT requirements established by Information Systems Audit and Control Association (ISACA) IETF Site and User Security Handbooks Top 20 Internet Security Threats from SANS VISA's ten requirements for on-line merchants Minimum standards of due care from The Center for Internet Security (www.cisecurity.org) http://enterprisesecurity.symantec.com/PDF/security_hyperlinks.pdf
6 – © 2001 Symantec Corporation. ISO 17799 best practice areas Security Policy Communications & Operations Compliance Environmental & Physical Security Business Continuity Planning Security Organization Personnel Security Classification & Control of Assets System Development & Maintenance System Access Controls
7 – © 2001 Symantec Corporation. Visa’s “Ten Commandments” www.visabrc.com 1.Install and maintain a working network firewall to protect data accessible via the Internet 2.Keep security patches up-to-date 3.Encrypt stored data accessible from the Internet 4.Encrypt data sent across networks 5.Use and regularly update anti-virus software 6.Restrict access to data by business "need to know" 7.Assign unique IDs to each person with computer access to data 8.Track access to data by unique ID 9.Don't use vendor-supplied defaults for system passwords and other security parameters 10.Regularly test security systems and processes
8 – © 2001 Symantec Corporation. Best Practices that Block Most Attacks Employ an application layer full inspection firewall Use automatically updated anti-virus at gateway, server, and client Ensure security patches are up to date Ensure passwords are strong Turn off unnecessary network services
9 – © 2001 Symantec Corporation. Managed Defense In Depth PredictPreventDetectRespondRecover
10 – © 2001 Symantec Corporation. Blended Threats: A Deadly Combination Blended threats combine hacking, DoS, and worm-like propagation Can rapidly compromise millions of machines Often spread without human interaction Klez sadmind BugBear CodeRed Nimda
11 – © 2001 Symantec Corporation. Nimda: 2.2M Systems Infected in 3 Days! 1. Infection of web server via “Code Red”-type attack
12 – © 2001 Symantec Corporation. NIMD A Nimda: 2.2M Systems Infected in 3 Days! 2. Infection via email
13 – © 2001 Symantec Corporation. Nimda: 2.2M Systems Infected in 3 Days! 3. Infection via web browsing
14 – © 2001 Symantec Corporation. Nimda: 2.2M Systems Infected in 3 Days! 4. Infection via shared drives
15 – © 2001 Symantec Corporation. NIMDA Nimda: 2.2M Systems Infected in 3 Days! 5. And infection to other files on each infected computer through traditional viral methods
16 – © 2001 Symantec Corporation. Blended Threats Change the Game Multiple propagation techniques required solutions that are: Multi-function Multi-tier Multi-platform Blended threats demand superior response capabilities
17 – © 2001 Symantec Corporation. Protecting Against Blended Threats
18 – © 2001 Symantec Corporation. In House Managed Services Best Case Enterprise Security Integrated Solutions Client Security Gateway Security Appliance Point Technologies IDS (host & network) FW/VPN (SW & appliance) AV/CF Vulnerabilities Penetration Testing Decoy Honeypots Early Warning Global Alerts Environment Policy Tools Information Incident Manager Event Managers (AV, FW, IDS) Internal Ghosting Tools External Security Response (LiveUpdate ) 7x24 Customer Support Consulting Services A lert M anage R espond P rotect Proactive Control
19 – © 2001 Symantec Corporation. Conclusion Security in the e-Business Age is challenging Perimeter is disappearing, threats are 360 degrees Exploits and hacking tools are readily available Skills required to exploit threats are low and dropping Blended threats will become more sophisticated Need defense in depth across gateway, server, client Vulnerability management Firewalls and VPNs Anti-virus Content filtering Intrusion detection Follow best practices to achieve due care Implement process to manage policy and incidents Top management support and awareness training are key
20 – © 2001 Symantec Corporation. Marshall Taylor (781)530-2310 email@example.com
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Firewall Configuration Strategies
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard
Presented by Manager, MIS. GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
© 2019 SlidePlayer.com Inc. All rights reserved.