1 / 16

Unit Outline Information Security Risks, Part II

Unit Outline Information Security Risks, Part II. Module 1: Password Security Module 2: Wireless Security Module 3: Unintentional Threats  Module 4: Insider Threats Module 5: Miscellaneous Threats Module 6: Summary. Module 4 Insider Threats.

fionnula
Download Presentation

Unit Outline Information Security Risks, Part II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unit OutlineInformation Security Risks, Part II Module 1: Password Security Module 2: Wireless Security Module 3: Unintentional Threats  Module 4: Insider Threats Module 5: Miscellaneous Threats Module 6: Summary

  2. Module 4Insider Threats

  3. Insider ThreatsLearning Objectives • Student will be able to: • Recognize insider threats of an organization • Identify different sources of insider threats • Classify perpetrators of insider threats • Determine relevant controls for protection against insider threats

  4. Insider ThreatsDefinition • An authorized user of a system who • Unwittingly aids or directly performs bad actions • Performs bad actions with the best possible intentions • Intentionally performs bad actions (motivation is irrelevant) • Insider threat more insidious than external threats and may be harder to detect

  5. Insider ThreatsPerpetrators • Proprietors • Moles • Inappropriate users • Cowboys in the organization who who consider themselves beyond any policy • Remote or traveling users • Disgruntled insiders • Malicious Employees

  6. Insider ThreatsHoles • Weak security policies and procedures • Errors in configuration, assignment of roles and rights, or acceptable use • Inadequate training and controls that leads to inappropriate use of systems • Poor physical security • Traveling laptops (employee travel) • Inadequate screening of employees during hiring process • Lack of resources to support security

  7. Insider ThreatsInside Hacker Penetration • Social engineering • Low tech but can be powerful • Mostly performed over the phone or e-mail • Impersonation • Encrypt your authentication in transit • User credentials should not be emailed • Hacker Penetration through Network • Modems on the network • Direct connect to analog lines • Analog/digital converters • Web capable phones • Wireless LANs • Portable Media (thumb drives)

  8. Insider ThreatsProtection • Perform periodic security assessment • Internal process or external consultants • Upgrade authentication and authorization processes • Stay current with security technology • Install patches when available • Train the IT staff and users to avoid configuration mistakes (Not the best place to save money) • Develop and internal training program (train-the-trainer) • Follow the principle of least privilege (Do not give unnecessary permissions) • Ensure the repercussions to flaunting security policies are strong and well advertised

  9. Insider ThreatsProtection Cont’d. • Incorporate audit tools in your information access and identity management systems • e.g. Active Directory, LDAP, Databases, File Servers • Eliminate legacy interoperability from new system requirement when performing upgrades to remove old vulnerabilities

  10. Insider ThreatsProtection: Network Architecture • Defense in Depth • Introduce security in network design • Segment the internal network • Use switches instead of hubs • Enforce Policies diligently • Apply principle of least privilege • Audit logs and identify intrusions • Profile network behavior • Severely restrict privileged access to only security & network administrators

  11. Insider ThreatsProtection: Segment Architecture • Use routers to segment the network • Disallow source routing, broadcast, and multicast • Use filters for: • Traffic permitted into and out of your network • Source & destination IP addresses entering and leaving each subnet

  12. Insider ThreatsProtection: Least Privilege • Don’t allow all system admins root access to everything • Identify user requirements and disable un-needed services • Use Role Based Access Control (RBAC) • Remove operating system access from user workstations

  13. Insider ThreatsProtection: Auditing & Profiling • Central console for all security system reports • Most networking equipment will support SYSLOG – use it • Establish Flow Monitoring – several good tools, including MRTG, nTOP, CISCO, etc… • DHCP – Establish long lease times to enable better auditing • Set time and protocol rules of engagement • Limit systems that don’t require access to the Internet

  14. Insider ThreatsProtection: Bastion Awareness • Syslog your bastion routers • Virus scan and potentially content filter your e-mail • Proxy all outbound Internet protocols • Filter for appropriate content • Select firewalls that demand protocol compliance on outbound proxy

  15. Insider ThreatsProtection: Tactics & Strategy Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. -- Sun Tzu Strategy • Prepare for intrusion • Plan procurements carefully • Map user/role access to data profiles • Ensure data tagging stays up to date • Build strong auditing – centralize it and analyze it • Build defense-in-depth • Understand your asset/risk profile and keep it up to date Tactics • Identification • Containment • Eradication • Recovery • Post-Mortem • Each new procurement supports strategic security goals

  16. Insider ThreatsSummary • Internal threats can be more insidious than external threats • Security policy enactment and enforcement is critical for internal protection • Network can be designed to make it more secure • Training and education are key to the success of insider protection

More Related