How Secure Are You?
• Security Concerns
• Questions to ask Yourself
• Approaches to Consider
Presented By – Wayne T Work Sr. CISSP
Senior Security Engineering Consultant
and Security Services Practice Manager
Mainline Information Systems
Security Solutions Group
October 15, 2009
1. Mainline Information Systems
2. K – 12 Security Concerns
3. Questions to ask yourself
4. Approaches to Consider
5. Overview of Mainline’s Security Practice
6. Open Discussion
Agenda
Mainline Information Systems• Founded in 1989
• IBM Premiere BP
• IBM ISS Partner of the Year 2008
• IBM Beacon Award for Security 2009
• First National VMware Partner
• Cisco’s 2008 Customer Satisfaction Excellence BP Growth Award
• Wyse 2008 Visionary Partner of the Year
• Client Centric Team – Solution Specialist + Customer Care + Brand Specialist + Techline
• We sell hardware, software and services
• 98% Customer Satisfaction
Mainline Solution FocusI/T Optimization (Virtualization, Consolidation)
Business Continuity/
Disaster Recovery I/T Modernization Security
Systems & Data Management
Network Optimization &
Management
ISV & Industry Solutions
I/T Asset Management
Utilization Assessments
Risk Assessment
StudiesIBM Servers Threat Mgmt
Tivoli Storage Management
Network Assessment &
DesignSAP
OnDemand Utility Computing
Desktop Consolidation (Virtual Client)
Continuous Data Protection (InMage, Vision,
FalconStor)
IBM Storage Compliance Tivoli MonitoringNetwork
Infrastructure (Cisco)
BI/ SAS Financing
VMware (xSeries)Mainline Disaster
Recovery
Capacity Planning & Analysis
Identity MgmtIBM Information
Management
Network Connectivity
(AT&T Circuits)Brokerage
LPAR (Power & zSeries)
High Availability (HACMP, P/S, Mimix, iTera, Double-Take)
Migration Services Data Security)Data Warehousing
& Business Intelligence
Data Center Network
Portfolio Management
Storage Virtualization (SAN
SVC)
Desktop Recovery
(Persystent)Digital Video
SecurityVoice over IP
Maintenance Contract Mgmt
Virtual Tape Server (VTS)
IBM BCRS Content Management
Computer Recycling
Green (energy efficient data ctr)
Disk & Tape Encryption
Multivendor Maintenance
ID and Access Management*
Solution Architecture, Design & Implementation Services | Managed Operations | Hosting | Ongoing Technical Support
Wayne Work, CISSP• Senior Information Security Solution Engineer - Mainline Information
Systems Certified Information Security Professional (CISSP) Most recently held the position of the Director, Information Security,
Architecture and Standards for New England’s largest bank with assets in excess of 23 billion and over 300 locations prior to joining Mainline Information Systems Inc
30+ years of in-depth computer based electronic systems maintenance and complex major systems development within the DOD, DOE, DOT and private industry
1. K – 12 Security Concerns
CIA Triad
Confidentiality Integrity
Availability
K - 12 Security Concerns
• Student Safety• Data Protection• Resource Misuse Prevention• Network and Applications Availability• Solution Affordability• Solution Longevity• Transparency• Operational ease / automation
The Issues
• Rapid Advancements in Technological– Progress– New Frontier– Uncontrollable change– Opportunistic times
• Availability of Hacking Tools– Open Source– Free Demo Software– The Internet
• Current World Events Effecting Everybody– Economy meltdown challenges– WAR times
Laws Effecting Children in Schools
• Children's Online Privacy Protection Act of 1998 (COPPA) – applies to the online collection of personal information by persons
or entities under U.S. jurisdiction from children under 13 years of age
• Children's Internet Protection Act (CIPA) 2000 – CIPA requires schools and libraries using E-Rate discounts to operate "a technology protection measure with respect to any of its computers with Internet access that protects against access through such computers to visual depictions that are obscene, child pornography, or harmful to minors..." Such a technology protection measure must be employed "during any use of such computers by minors." The law also provides that the library "may disable the technology protection measure concerned, during use by an adult, to enable access for bona fide research or other lawful purpose." Libraries that do not receive E-Rate discounts do not have any obligation to filter under CIPA.
Actions required of any Educational IT Infrastructure to ensure that is practicing due care:
• Establishing adequate physical and logical access controls• Establishing adequate telecommunications security, which
could require encryption• Performing proper information, application, and hardware
backups• Maintaining disaster recovery and business continuity plans
and testing them• Informing staff properly of expected behavior and
ramifications of not following expectations• Developing a security policy, standards, procedures, and
guidelines• Performing security-awareness training of students and staff
Actions required of any Educational IT Infrastructure to ensure that is practicing due care: (Cont’)
• Running updated antivirus software • Performing penetration tests periodically from outside and
inside the network• Implementing measures that ensure that software piracy is
not taking place• Ensuring that proper auditing and review of those audit logs
are taking place• Conducting background checks on potential staff and
teachers• Each organization could have different requirements when it
comes to this list of due care responsibilities
Understanding the Problems
1. Volume, Volume, Volume2. Social Engineering and User Behavior3. What’s on that Web Page4. Malware Defeats Anti-Virus Signatures5. Web Servers Vulnerable
Volume, Volume, VolumeMore Spam and More Spammers
Catch Rates Must Increase Just to Stay Even…
• Daily spam volume doubles yearly
• Reaching 180 billion spam messages per day
More Spam
More Spammers
• More Spammers with Botnet compromised hosts sending spam
• Malware sophistication increasing
Average Daily Spam Volume
Source: Cisco Threat Operations Center
0
50
100
150
200
250
300
350
400
450
500
Q1'07 Q2'07 Q3'07 Q4'07 Q1'08 Q2'08 Q3'08 Q4'08
Av
era
ge
Sim
ult
an
eo
us
Co
mp
rom
ise
d
Ho
sts
(th
ou
sa
nd
s)
Calendar Quarter Period
Average # Compromised Hosts
0
20
40
60
80
100
120
140
160
180
Q1'07 Q2'07 Q3'07 Q4'07 Q1'08 Q2'08 Q3'08 Q4'08
Avera
ge D
ail
y S
pam
Vo
lum
e (
bil
lio
ns)
Calendar Quarter Period
Hackers can make more money by engaging (tricking) the user
Social Engineering: Current Events
BOTSITE
If Infected, Fake Scan Recommends “Removal”
“Antivirus XP has found 2794 threats. It is recommended to proceed with removal”
Malware Distribution VectorsWeb Social Engineering
Anti-Spyware Due Diligence
Web Redirection
• Browse spamvertized domain –kxbkhs.lztalsole.com
• What website do you see?–r2.rx-shop.biz–“Pharma Shop”
• Web site redirection
http://kxbkhs.lztalsole.com/GET / HTTP/1.1Host: kxbkhs.lztalsole.com>> HTTP/1.x 302 Moved Temporarily>> Location: http://r2.rx-shop.biz-------------------------------------------------http://r2.rx-shop.biz/images/bot_01.gifGET /images/bot_01.gif HTTP/1.1Host: r2.rx-shop.biz>> HTTP/1.x 200 OK
Other Issues
URL and URL obfuscation
DNS and hosts file
Malware Is on the Rise
# of unique Malware samples in 2006: 972K# of unique Malware samples in 2007: 5.5M
500% increase in 12 Months
Virus Sophistication Beats AV
• 182 virus tools at VX Heavens website vx.netlux.org–Example: NGVCK (Next Generation Virus Creation Kit)
• Poly/Metamorphic tools create random variants
• Viruses download fresh copy every 24 hours
• Viruses use buddy program to reinstall virus if disinfected
Web servers and browsers are the easiest targets for hacks.
Most confidential information is passed through the browser (client)
Even though the browser (client) is patched, many browser “add-ons” are insecure
DLP Pressures Continue to Grow
Increasing Reports of Data Loss
Email Leakage Is Dominant Issue
New Laws Driving New Requirements
Biggest worry is still about internal threats...
• Malicious/disgruntled employees or teachers: terminated employees may wish to do damage to the network because of a grievance they have against the company or school system.
• Unintentional breaches: students put the network at risk by installing unauthorized software, opening virus-infected email attachments, succumbing to social engineering attacks, etc.
FACT: THERE ARE MORE EXTERNAL SECURITY BREACHES, BUT INTERNAL BREACHES ARE FAR MORE DAMAGING.
• Machine unplugged
from network
• Locked in a safe
• Thrown at bottom of
ocean
• Machine always
available
• No authorization required
• No passwords required
ABSOLUTE SECURITY ABSOLUTE ACCESS
?
…neither is practical
The Balancing Act of Security: Risk Management
Why is Information Security so Important to Educational Institutions?
• The most effective and current way we teach/educate our youth
• Organizations are becoming more and more dependent on their information systems
• Much of the value of a business is concentrated in the value of its information. Information is the basis of competitive advantage
• The public is increasingly concerned about the proper use of information, particularly personal data
• The threats to and vectors for exploitation of information systems are more available to criminals and terrorists
What is Information Security?
Security is not a PRODUCT:
Security is a PROCESS:
The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. “ - Bruce Schneier
Multi-Layered Malware DefenseProtection Against Today’s Threats
Detects malicious botnet traffic across all ports
Blocks 70% of known and unknown malware traffic at connection time
Blocks malware based on deep content analysis
Enterprise Defense-in-Depth
“Layering” security for multiple levels of defense
1. Evaluate security risks ◘ Internal ◘ External ◘ Web
2. Identify existing gaps ◘ Security exposures ◘ Hardware, software,
administrative inefficiencies
3. Assess security requirements ◘ Spell out security goals
◘ Establish rules of Governance
Steps in Establishing a Secure Enterprise
2. Overview of Mainline’s Security Practice
ProductsHardware, Software, Appliances
Managed Services
Professional Services
Solutions for all security needs
Web and Application
Security
Web and Application
Security
Email/Web Security
Email/Web Security
Data Leakage
Protection
Data Leakage
Protection
Infrastructure
Security
Infrastructure
Security
Identity & Access Mgt.
Identity & Access Mgt.
Regulatory ComplianceRegulatory Compliance
Mainline Security Solutions Group….
a total security solutions provider
etc.
Security Approach
• Vulnerability Management (Reactive)– Identify and fix
vulnerabilities
• Risk Management (Proactive)– Identify and manage
overall Risk
Security Solutions
Physical security
Governance
Identity and access management
Data security Threat mitigation
Provide on-demand protection to stay ahead of emerging threats
Provide risk management, security governance and regulatory compliance
Enable widespread electronic collaboration while protecting data at
rest, in motion, in use and at the endpoint
Provide an integrated video surveillance and
security solution that can include industry-standard
components
Provide clients with planning and implementation of identity and access management needs
Solutions from Perimeter to Core
Security Across the Enterprise IT Landscape
• IBM Proventia® ManagementSite Protector
• Proventia Network– Intrusion prevention
– Vulnerability management(Enterprise Scanner)
– Multi-function security
– Mail security
• Proventia Server– Server protection
• RealSecure Server Sensor– Windows, Solaris, HP-UX, AIX, Linux
• Proventia Desktop– End-point protection
Pre-emptive Security Products
Vulnerability Management ServicePerforms regularly-scheduled, automated scans of internal and external devices for hundreds of known security vulnerabilities.
Security Event and Log Management ServicesProvides all the benefits of a security event management product suite without the expensive upfront capital investments and on-going overhead.
Managed E-mail and Web Security Services
Is designed to provide a variety of solutions to enhance clients’ existing security posture, help prevent viruses, and spam, and control unwanted content in e-mail.
Managed Protection ServicesOffers the most comprehensive protection services for networks, servers, and desktops, featuring the industry's only money-back cash payment.
Managed and Monitored Firewall ServicesOffers 24/7/365 expert daily management of a variety of firewall platforms.
Managed IDS / IPS ServicesProvides 24/7/365 monitoring, intrusion detection, and prevention, as well as incident response services for networks and servers.
Managed Security Services Offerings
Business Challenges The Proventia Solution• Protect your business from internet threats without jeopardizing bandwidth or availability
• Secure your end users from spam, incompliant activity and other productivity drainers
• Conserve your resources by eliminating the need for special security expertise
• Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System
• Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories
• “Set and forget” security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices
IBM Proventia® Network Multi-Function Security
Business Challenges The Proventia Solution• Managing disperse security agents
• Demonstrating risk and compliance
• Protecting critical data, intellectual property and access to vulnerable servers
• Maintaining server uptime along while providing strong host intrusion prevention technologies
• Tracking file access and changes among business critical servers
• Reduces security costs, protects server environments and reduces downtime
• Enforces corporate security policy for servers
• Provides out-of-the-box protection with advanced intrusion prevention and blocking
• Utilizes multiple layers of defense to provide preemptive protection
• Support operating system migration paths
• Protects at-risk systems before vendor-supplied patches are available
IBM Proventia® Server
InfrastructureSecurity
Email/ContentSecurity
Identity &Access Mgt.
Data LeakageProtection
Web &Application
SecurityProfessional
Services
ManagedServices
IBM ISS IronPort IBM Tivoli PGP IBM Rational IBM ISS IBM ISS
Check Point PineApp Novell SafeNet Breach Security
IBM Rational MessageLabs
Juniper MessageLabs Juniper Linoma Software Ounce Labs G2, Inc. EIQ
Cisco Websense Hitachi ID Sys. IntellinX ISS SecureState
Trend Micro IBM ISS . Bsafe AIS
F5 Sophos Applicure Clear Skies Security
Sophos Symantec Fidelis Wolcott Group
eIQnetworks Verdasys
Symantec
Mainline’s Security Group Line CardMeeting the customer security needs…..
Mainline Penetration Testing SPECIAL
Solutions
The X-Force team Drives IBM ISS Security Innovation
Protection Technology Research
Threat Landscape Forecasting
Malware Analysis
Public Vulnerability Analysis
Original Vulnerability
Research
Research
X-Force Protection Engines
Extensions to existing engines New protection engine creation
X-Force XPU’s
Security Content Update Development
Security Content Update QA
X-Force Intelligence
X-Force Database Feed Monitoring and Collection Intelligence Sharing
Technology
44
8 August 2006IBM ISS releases Virtual Patch for Microsoft Windows Server Service buffer overflow (MSRPC_Srvsvc_Bo) vulnerability.
http://iss.net/threats/306.html
23 October 2008Microsoft publicly announces vulnerability and MS patch in Bulletin MS08-067.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Microsoft Bulletin MS08-067 IBM ISS 2 years Ahead of the Threat
The IBM ISS Virtual Patch protects customers until they can download and install security updates from their software vendor.
New exploits/worms.
http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
http://milw0rm.com/exploits/6824
Zero-day worm - Gimmiv.a.
Industry Leading ISS Internet Scanner Perimeter Vulnerability Assessment Schedule and Launch Scans via the Web Simulates a Hacker’s External Attack Full Support for Internal Scanning Step by Step Remediation Instructions Archived Scan Results Available Online
Vulnerability Management Services
•IBM ISS Products & Services•Tivoli Security Compliance Manager•IBM Proventia Network Anomaly Detection System (ADS) •IBM Rational AppScan• Breach Security Web Application Firewall
•IBM Tivoli Compliance Insight Manager•IBM Tivoli Security Operations Manager•IBM Proventia Server IPS
•Mainline Digital Video Surveillance
•IBM Tivoli Identity Manager•IBM Tivoli Federated Identity Manager
•IBM Tivoli Access Manager•IBM Tivoli zSecure Admin•IBM Tivoli Compliance Insight Manager
•IBM Proventia Desktop Endpoint Security•IBM Proventia Network Enterprise Scanner• IBM Tivoli Security Compliance Manager
•Tivoli Console Insight Manager
•IBM Server Intrusion Prevention Sys. (IPS)•IBM Proventia Network IPS• Check Point Network Firewall• Breach Security Web Application Firewall
•IBM Tivoli Access Manager•IBM Proventia Network Multi-Function Security (MFS)
•IBM Proventia Server IPS•IBM System z Encryption Solutions•IBM Tivoli Storage Manager•PGP Encryption Solutions• Pointsec Encryption Solutions
•IBM System z network encryption •DataPower XML Security Gateway•Proventia Network Intrusion Prevention System• PGP Universal Gateway Email
Mainline Solutions for Total PCI Compliance
•IBM Tivoli CCMBD•IBM Rational AppScan• Breach Security Web Applic Firewall
Addressing each of the PCI Data Security Standards
SECURE AND PROTECT CARDHOLDER DATA