+ All Categories
Home > Documents > E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security...

E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security...

Date post: 30-Jun-2020
Category:
Upload: others
View: 11 times
Download: 0 times
Share this document with a friend
32
For BSNL internal circulation only E3-E4 – CFA IT Security
Transcript
Page 1: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

E3-E4 – CFA

IT Security

Page 2: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Information SensitivityInformation Sensitivity

Information is the most important asset of corporate

wealth

Quality information is hard to acquire and easy to

lose.

Information Nature : Easy to move and easy to alter

and this aspect has added insecurity dimension to

information.

Page 3: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Information SecurityInformation Security

Vital if Information is on Network

Means to achieve security may be technical, the

goals are economical

The loss of information can adversely affect the

business continuity and even the image of the

company

Page 4: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

What is Information SecurityWhat is Information Security

ISO 17799:2000 defines this as the preservation of:

Confidentiality

Ensuring that information is accessible only to those

authorized to have access

Integrity

Safeguarding the accuracy and completeness of

information and processing methods

Availability

Ensuring that authorized users have access to information

and associated assets when required

Page 5: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

How to Secure Information?How to Secure Information?

It involves

The security at all levels viz.

– Network

– OS

– Application

– Data

Page 6: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Security AttacksSecurity Attacks

Who is Attacker/Hacker?

Internal

External

Page 7: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Hacking is not difficultHacking is not difficult

Attack tools are available

Ready made exploits

Attack Tools (e.g.)

– Port Scanners (Fport, Hping2 ..)

– Vulnerability Scanners (Retina…)

– Password Crackers (John the Ripper..)

Page 8: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Indications of InfectionIndications of Infection

Attack tools are available

Poor System Performance

Abnormal System Behavior

Unknown Services are running

Crashing of Applications

Change in file extension or contents

Hard Disk is Busy

Page 9: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Security Incidents Security Incidents -- ReasonsReasons

Malware (Malicious Codes)

Known Vulnerabilities

Configuration Errors

Page 10: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Various Malicious CodesVarious Malicious Codes

Virus

Worms

Trojan Horses

Bots

Key Loggers

Adware and Spyware

Page 11: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Some known Vulnerability Some known Vulnerability

MSBlaster.A

Aug. 11, 2003

Patch: MS03-026

Jul. 16, 2003

Patch: MS02-039

Jul. 24, 2002

Slammer

Jan. 25, 2003

Nimda

Patch: MS00-078

Oct.17, 2000 Sept. 18, 2001

Window

26 days

185 days

336 days

Window of time from patch availability to outbreak is shrinking

Page 12: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Vulnerable ConfigurationsVulnerable Configurations

Default Accounts

Default Passwords

Un-necessary Services

Remote Access

Logging and Audit Disabled

Access Controls on Files

Page 13: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Information Security ManagementInformation Security Management

Start With a Focused Methodology

Evaluate the Organization's IT Infrastructure

Explore Departmental and IT Controls

Identify Gaps and Establish Controls

Page 14: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

Vulnerability Management Vulnerability Management Lifecycle Lifecycle

For BSNL internal circulation only

Page 15: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Create Usage Policy StatementsCreate Usage Policy Statements

Start With a Focused Methodology

Outline Users’ Roles and Responsibilities

Identify specific actions that can result in punitive

actions;

Outline Partner Use Statement

Outline Administrator Use Statement

Page 16: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Conduct A Risk AnalysisConduct A Risk Analysis

Identify Risk to Network, Network Resources and Data.

Identify Portions of the Network, Assign a threat rating to

each portion and apply appropriate level of security.

Assign each network resource – Low, Medium or High

Risk Level

Identify the types of Users for each resource

Page 17: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Monitoring Security of NetworkMonitoring Security of Network

Monitor for any changes in Configuration of ‘High risk’

Devices

Monitor Failed Login Attempts

Unusual Traffic

Changes to the Firewall Configuration

Connection setups through Firewalls

Monitor Server Logs

Page 18: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

Approach to Info Security:Approach to Info Security:Defense in DepthDefense in Depth

For BSNL internal circulation only

Page 19: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

Application

NOS

RDBMS

Server

N/W

Clients/Users

How to Secure Information?How to Secure Information?

For BSNL internal circulation only

Page 20: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Defensive Measure Defensive Measure -- OSOS

Firewalls are used for Perimeter Defence

Using Firewall Access Control Policy is Implemented.

It controls all internal and external traffic.

Page 21: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Perimeter Perimeter DefenceDefence

Firewalls are used for Perimeter Defence

Keep up-to-date Security Patches and update releases

for OS

Install up-to-date Antivirus Software

Harden OS by turning off unnecessary clients, Services

and features

Page 22: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Defensive Measure Defensive Measure ––User ApplicationUser Application

Keep up-to-date Security Patches and update releases

for Application Package

Don’t Install Programs of unknown origin

Precautions with Emails

Protection from Phishing attacks

Securing Web Browsers

Page 23: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Database Security AspectsDatabase Security Aspects

User Management

Password Management

Managing Allocation of Resources to Users

Backup and Recovery

Auditing

Page 24: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

User

Password expiration and aging

Password verification

Password history

Account locking

Setting up profiles

Password ManagementPassword Management

For BSNL internal circulation only

Page 25: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Setting Resource LimitsSetting Resource Limits

Number of Concurrent Sessions

Elapsed Connect Time

Period of Inactive Time

Total CPU time

Number of Datablocks

Page 26: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Backup and Recovery IssuesBackup and Recovery Issues

Protect the database from numerous types of

failures

Increase Mean-Time-Between_Failures (MTBF)

Decrease Mean-Time-To-Recover

Minimize Data Loss

Page 27: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

AuditingAuditing

Auditing is the monitoring of selected user data

base actions and is used to :-

Investigate suspicious database activity

Manage your audit trail

Monitor the growth of the audit trail

Protect the audit trail from unauthorized access

Page 28: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

Summary of Action PlanSummary of Action Plan

Secure Physical Access

Remove Unnecessary Services

Secure Perimeter

Proper Network Administration

Apply Patches in Time

Antivirus Software

Data Backup

Encrypt Sensitive Data

Install IDS

Proper Monitoring

Page 29: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

BSNL Information Security PolicyBSNL Information Security Policy

BSNL has formulated its Information Security Policy

and circulated for its implementation during

December 2008. The BISP consists of two sections:

Section AThis provides the directives and policies that would

be followed in ICT facilities within BSNL to provide

secure computing environment for BSNL

employees and business to run. The policies are

formulated around 11 domains of security. These

are:

Page 30: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

BSNL Information Security PolicyBSNL Information Security Policy

Section AInformation Classification and Control

Physical and Environmental Security

Personnel Security

Logical Access Control

Computing Environment Management

Network Security

Internet Security

System Development and Maintenance

Business Continuity Planning

Compliance

Third Party and Outsourcing Services

Page 31: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only

BSNL Information Security PolicyBSNL Information Security Policy

Section BThis provides the technical solution support to the

policies mentioned within the policy document. It is

intended to allow policy makers and architects

within BSNL to prepare solutions around the

various security requirements as proposed in

Section A.

All BSNL employees are to implement BISP and

Violation of these Policy Standards may result in

immediate disciplinary action.

Page 32: E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security . For BSNL internal circulation only Information Sensitivity Information is the

For BSNL internal circulation only


Recommended