35
PRACTICAL ATTACKS & MITIGATIONS
| Date post: | 07-Apr-2017 |
| Category: |
Technology |
| Upload: | energysec |
| View: | 321 times |
| Download: | 2 times |
PRACTICAL ATTACKS &
MITIGATIONS
ENERGYSEC 2016
About me
2
ENERGYSEC 2016
About me
3
400 Executives and IT pros surveyed:
Do cyber security briefings to the board adequately represent threats?
Are the tools used to present risk accurate?
Are you “literate” in cyber security?
http://www.computerweekly.com/news/4500245499/C-level-execs-need-to-increase-cyber-security-literacy-study-shows
4
ENERGYSEC 2016
Execs IT
68% 80%
C-Level Non C-Level IT
65% 87% 78%
C-Level Non C-Level
100% 84%
ENERGYSEC 2016
ENERGYSEC 2016
• 10.6.1 Review the following at least daily:
• All security events
• Logs of all system components that store, process, or
transmit CHD and/or SAD
• Logs of all critical system components
• Logs of all servers and system components that perform
security functions (for example, firewalls, intrusion-
detection systems/intrusion-prevention systems (IDS/IPS),
authentication servers, e-commerce redirection servers,
etc.).
7
Compliance Scanning
Database Monitoring
Firewall Management
Intrusion Prevention
IT Compliance Program
IT Policy Management
Malware Protection
Minimum Security Baselines
Patch Management
Security Awareness
Red Team
Security Operations Center
Third Party Connections
Third Party Service Provider Process
Third Party Vulnerability Assessment Proxy Servers
ENERGYSEC 2016
8
ENERGYSEC 2015Advanced Detection
Application Security
Compliance Scanning
Data Leakage Protection
Database Monitoring
Defense In Depth
Firewall
Intrusion Detection Prevention System
Malware
Patch Management
PCI/PII/PHI/???
Proxy
Red Team
Security Awareness
SOC & Monitoring
Social Media
Third Party Vulnerability Management
Security Compliance
Data Leakage Protection
Proxy
Phishing
Incident Response
Defense in Depth
PCI/PII/PHI/???
Security Awareness
Compliance Scanning
IT Compliance Program
IT Policy Management
IT Risk Management
Asset Management
Firewall
Intrusion Detection Prevention System
Proxy
Malware
Defense in Depth
Patch Management
Third Party Vulnerability Management
Application Security
Network Security
Firewall
Proxy
SOC & Monitoring
Defense in Depth
PCI/PII/PHI/???
Database Monitoring
IT Compliance Program
Security Policy & Standards
Data Leakage Protection
Firewall
Intrusion Detection Prevention System
SOC & Monitoring
Third Party Connections
Minimum Security Baselines
Database Monitoring
IT Policy Management
Data Security
Data Leakage Protection
Defense in Depth
PCI/PII/PHI/???
Third Party Management
Third Party Vendor (Services, Cloud)
Third Party Connections
Architecture Documentation
Data Leakage Protection
Firewall
Intrusion Detection Prevention System
PCI/PII/PHI/???
ENERGYSEC 2016
Too hard?!?!
ENERGYSEC 2016
11
ENERGYSEC 2016
THIRD PARTY CONNECTIONS
Technology
HIGH
For third party connections requiring site-to-site VPN, the <$client> VPN team uses the IPSEC protocol. The VPN team allows IKE (Internet Key Exchange) Version 1 protocol to setup security association for the IPSEC tunnel within the Third Party VPN Gateway.
Multiple critical vulnerabilities have been found within the IKEv1 protocol. These vulnerabilities may allow for the execution of arbitrary code and/or denial-of-service attacks.
<$CLIENT>should consider enforcing use of IKEv2 protocol for setting up IPSEC based site-to-site VPN tunnel. This may mitigate potential vulnerabilities associated with the IKEv1 protocol.
Advanced Detection
12
PRACTICAL ATTACKS
Advanced Detection
13
PRACTICAL ATTACKS
Advanced Detection
14
PRACTICAL ATTACKS
Data Security
15
PRACTICAL ATTACKS
Architecture Documentation
16
PRACTICAL ATTACKS
Security Policy & Standards
17
PRACTICAL ATTACKS
Third Party Management
18
PRACTICAL ATTACKS
Asset Management
19
PRACTICAL ATTACKS
Asset Management
20
PRACTICAL ATTACKS
Security Compliance
21
PRACTICAL ATTACKS
Security Compliance
22
PRACTICAL ATTACKS
Network Security
23
PRACTICAL ATTACKS
ENERGYSEC 2016
ENERGYSEC 2016
ENERGYSEC 2016
ENERGYSEC 2016
28
Initiative Title
Network Security
Asset Management
Advanced Detection
Security Compliance
Data Security
Third Party Management
Security Policy and Standards
Architecture Documentation
Network Security
Design Perimeter Security Minimum Security Baselines (MSBs)
Design/Implement Enhanced Site-to-Site Access
Establish Enterprise Access Requirements
Establish Enterprise Monitoring & Logging Requirements
Network Access Control (Design/Implement)
Network Segmentation Design/Implement for Sensitive Data/Resources
Red Team Sandbox (Design/Implement)
Refresh Minimum Security Baseline (MSB) Standards
Remote Filtering Capability (Design/Implement)
MITIGATIONS
Security Policy and Standards
Refresh Minimum Security Baseline Standards Initiative
Design Perimeter Security MSBs
Establish Enterprise Monitoring & Logging Requirements
Asset Management
Design/Implement Advanced Configuration Management Capability
Design/Implement Non Standard Patch Management Capability
Patch Management & EOL Program Definition
Vulnerability Management Program
29
MITIGATIONS
Advanced Detection
Automated Vulnerability Scanning
(Design/Implement)
Enhanced Code Analysis Capability
(Design/Implement)
Network Access Control (Design/Implement)
Expand HIPS Capability Deployment
Behavioral Analysis (Design/Implement)
Advanced FW Capability (Design/Implement)
Advanced IPS/IDS Capability (Design/Implement)
Advanced Proxy Capability (Design/Implement)
File Integrity Monitoring (Design/Implement)
Advanced Malware Detection Capability
(Design/Implement)
Advanced SIEM Capability (Design/Implement)
Red Team Sandbox (Design/Implement)
Advance Database Monitoring Capability
(Develop/Implement)
Vulnerability Management Program
(Redesign/Expand)
Secure Development Program (Develop/Implement)
Integrate Threat Analysis Feeds
Establish Enterprise Monitoring & Logging
Requirements
Remote Filtering Capability (Design/Implement)
Security Compliance
CIRT Process & Procedure Refresh
CIRT Table Top Exercise (Simulated)
Design/Implement Compliance Management Capability <$VENDOR>
Enhance IT Risk Management Program
Capability Realignment
Expand Phishing Program (i.e. document, validate)
Architecture Documentation
Sensitive Data Flow Mapping for critical business Processes
30
MITIGATIONS
Data Security
Develop Core DLP processes and implement / automate DLP processes leveraging <$VENDOR>
Deploy endpoint DLP capabilities to the corp environment
Deploy email notification, quarantine and blocking
Rule analysis and enhancement (reduce false positives)
Enhance Data Classification Standard / Develop handling procedures
Network Security
Network Segmentation Design/Implement for Sensitive Data/Resources
Network Segmentation Design/Implement for 3rd Party Contractors
Establish Enterprise Access Requirements
Security Operations Center Roadmap
Third Party Management
Design/Implement Enhanced Site-to-Site Access
Design/Implement Third Party Management Program Capability <$VENDOR>
Establish Enterprise Access Requirements
AD Environment Redesign
31
ENERGYSEC 2016
ENERGYSEC 2016
RISK
Posture
Regulatory Compliance
Audit Results
VA/PT/Redteam
Results
Industry Standards
Risk Assessment
33
34
35
![(Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://static.documents.pub/doc/80x56/6021cec46996713aba46c366/why-are-microarchitectural-attacks-really-different-than-attacks-and-their.jpg)
![( v ]vPÇ}µ } Pv] }v Attacks... · Phishing Attacks: Defending Your Organisation Page 3 Contents ... The mitigations suggested are also useful against other types of cyber attack,](https://static.documents.pub/doc/80x56/5f243bce5d79ba253e2cef51/-v-vp-pv-v-attacks-phishing-attacks-defending-your-organisation.jpg)
