e3-e4 – cfa it security - home - welcome to bsnl ...bsnltnj1.webs.com/e3e4/cfa/11-e3-e4 cfa-it...
TRANSCRIPT
For BSNL internal circulation only
Information SensitivityInformation Sensitivity
Information is the most important asset of corporate
wealth
Quality information is hard to acquire and easy to
lose.
Information Nature : Easy to move and easy to alter
and this aspect has added insecurity dimension to
information.
For BSNL internal circulation only
Information SecurityInformation Security
Vital if Information is on Network
Means to achieve security may be technical, the
goals are economical
The loss of information can adversely affect the
business continuity and even the image of the
company
For BSNL internal circulation only
What is Information SecurityWhat is Information Security
ISO 17799:2000 defines this as the preservation of:
Confidentiality
Ensuring that information is accessible only to those
authorized to have access
Integrity
Safeguarding the accuracy and completeness of
information and processing methods
Availability
Ensuring that authorized users have access to information
and associated assets when required
For BSNL internal circulation only
How to Secure Information?How to Secure Information?
It involves
The security at all levels viz.
– Network
– OS
– Application
– Data
For BSNL internal circulation only
Security AttacksSecurity Attacks
Who is Attacker/Hacker?
Internal
External
For BSNL internal circulation only
Hacking is not difficultHacking is not difficult
Attack tools are available
Ready made exploits
Attack Tools (e.g.)
– Port Scanners (Fport, Hping2 ..)
– Vulnerability Scanners (Retina…)
– Password Crackers (John the Ripper..)
For BSNL internal circulation only
Indications of InfectionIndications of Infection
Attack tools are available
Poor System Performance
Abnormal System Behavior
Unknown Services are running
Crashing of Applications
Change in file extension or contents
Hard Disk is Busy
For BSNL internal circulation only
Security Incidents Security Incidents -- ReasonsReasons
Malware (Malicious Codes)
Known Vulnerabilities
Configuration Errors
For BSNL internal circulation only
Various Malicious CodesVarious Malicious Codes
Virus
Worms
Trojan Horses
Bots
Key Loggers
Adware and Spyware
For BSNL internal circulation only
Some known Vulnerability Some known Vulnerability
MSBlaster.A
Aug. 11, 2003
Patch: MS03-026
Jul. 16, 2003
Patch: MS02-039
Jul. 24, 2002
Slammer
Jan. 25, 2003
Nimda
Patch: MS00-078
Oct.17, 2000 Sept. 18, 2001
Window
26 days
185 days
336 days
Window of time from patch availability to outbreak is shrinking
For BSNL internal circulation only
Vulnerable ConfigurationsVulnerable Configurations
Default Accounts
Default Passwords
Un-necessary Services
Remote Access
Logging and Audit Disabled
Access Controls on Files
For BSNL internal circulation only
Information Security ManagementInformation Security Management
Start With a Focused Methodology
Evaluate the Organization's IT Infrastructure
Explore Departmental and IT Controls
Identify Gaps and Establish Controls
Vulnerability Management Vulnerability Management Lifecycle Lifecycle
For BSNL internal circulation only
For BSNL internal circulation only
Create Usage Policy StatementsCreate Usage Policy Statements
Start With a Focused Methodology
Outline Users’ Roles and Responsibilities
Identify specific actions that can result in punitive
actions;
Outline Partner Use Statement
Outline Administrator Use Statement
For BSNL internal circulation only
Conduct A Risk AnalysisConduct A Risk Analysis
Identify Risk to Network, Network Resources and Data.
Identify Portions of the Network, Assign a threat rating to
each portion and apply appropriate level of security.
Assign each network resource – Low, Medium or High
Risk Level
Identify the types of Users for each resource
For BSNL internal circulation only
Monitoring Security of NetworkMonitoring Security of Network
Monitor for any changes in Configuration of ‘High risk’
Devices
Monitor Failed Login Attempts
Unusual Traffic
Changes to the Firewall Configuration
Connection setups through Firewalls
Monitor Server Logs
Approach to Info Security:Approach to Info Security:Defense in DepthDefense in Depth
For BSNL internal circulation only
Application
NOS
RDBMS
Server
N/W
Clients/Users
How to Secure Information?How to Secure Information?
For BSNL internal circulation only
For BSNL internal circulation only
Defensive Measure Defensive Measure -- OSOS
Firewalls are used for Perimeter Defence
Using Firewall Access Control Policy is Implemented.
It controls all internal and external traffic.
For BSNL internal circulation only
Perimeter Perimeter DefenceDefence
Firewalls are used for Perimeter Defence
Keep up-to-date Security Patches and update releases
for OS
Install up-to-date Antivirus Software
Harden OS by turning off unnecessary clients, Services
and features
For BSNL internal circulation only
Defensive Measure Defensive Measure ––User ApplicationUser Application
Keep up-to-date Security Patches and update releases
for Application Package
Don’t Install Programs of unknown origin
Precautions with Emails
Protection from Phishing attacks
Securing Web Browsers
For BSNL internal circulation only
Database Security AspectsDatabase Security Aspects
User Management
Password Management
Managing Allocation of Resources to Users
Backup and Recovery
Auditing
User
Password expiration and aging
Password verification
Password history
Account locking
Setting up profiles
Password ManagementPassword Management
For BSNL internal circulation only
For BSNL internal circulation only
Setting Resource LimitsSetting Resource Limits
Number of Concurrent Sessions
Elapsed Connect Time
Period of Inactive Time
Total CPU time
Number of Datablocks
For BSNL internal circulation only
Backup and Recovery IssuesBackup and Recovery Issues
Protect the database from numerous types of
failures
Increase Mean-Time-Between_Failures (MTBF)
Decrease Mean-Time-To-Recover
Minimize Data Loss
For BSNL internal circulation only
AuditingAuditing
Auditing is the monitoring of selected user data
base actions and is used to :-
Investigate suspicious database activity
Manage your audit trail
Monitor the growth of the audit trail
Protect the audit trail from unauthorized access
For BSNL internal circulation only
Summary of Action PlanSummary of Action Plan
Secure Physical Access
Remove Unnecessary Services
Secure Perimeter
Proper Network Administration
Apply Patches in Time
Antivirus Software
Data Backup
Encrypt Sensitive Data
Install IDS
Proper Monitoring
For BSNL internal circulation only
BSNL Information Security PolicyBSNL Information Security Policy
BSNL has formulated its Information Security Policy
and circulated for its implementation during
December 2008. The BISP consists of two sections:
Section AThis provides the directives and policies that would
be followed in ICT facilities within BSNL to provide
secure computing environment for BSNL
employees and business to run. The policies are
formulated around 11 domains of security. These
are:
For BSNL internal circulation only
BSNL Information Security PolicyBSNL Information Security Policy
Section AInformation Classification and Control
Physical and Environmental Security
Personnel Security
Logical Access Control
Computing Environment Management
Network Security
Internet Security
System Development and Maintenance
Business Continuity Planning
Compliance
Third Party and Outsourcing Services
For BSNL internal circulation only
BSNL Information Security PolicyBSNL Information Security Policy
Section BThis provides the technical solution support to the
policies mentioned within the policy document. It is
intended to allow policy makers and architects
within BSNL to prepare solutions around the
various security requirements as proposed in
Section A.
All BSNL employees are to implement BISP and
Violation of these Policy Standards may result in
immediate disciplinary action.