mca erg oct 09
TRANSCRIPT
![Page 1: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/1.jpg)
C.E.R.T.A corporate perspective
ERG meeting #20Network and Information Security
MALTA9th October 2009
Donald Tabone B.Sc (Hons)
![Page 2: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/2.jpg)
2
![Page 4: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/4.jpg)
The idea behind CERT
• Provide for post incident analysis
• Compliance with laws and regulations governing breaches
• Preservation of company goodwill
• Compliance – top down strategy
• Minimise company loss of revenue and customers
• Company reputation
The main corporate drivers for IS & CERT
![Page 5: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/5.jpg)
The reality corporate IS faces
• 60% of corporate date resides unprotected on PC desktops and laptops
• Statistically 1-out-of-10 laptops are stolen with 12 months of purchase
• 66% of USB thumb drive owners report losing them – over 60% with private corporate data on them
• Data problem: Users want to access their data anytime, from anywhere
![Page 6: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/6.jpg)
CCBill’s approach to IS ..1..
• Logical level
– Securing all endpoints – AV alone is no longer effective
– Employing dual-factor authentication for sensitive servers
– Instilling a security mindset throughout our SDLC
– Disallow USB and WiFi devices company-wide
– Automated user account de/provisioning
– HIDS implementations on secured servers
– Effective patch management
– Full-disk encryption for laptops
– End to end encryption (IPSEC, SSH, SSL etc..)
– Inherently redundant network architectures
![Page 7: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/7.jpg)
Inherently redundant network architectures
PHOENIXAMSTERDAM
AUSTRALIAASHBURN
OVERALL OBJECTIVES• MAXIMISE NETWORK UPTIME • MINIMISE IMPACT TO OUR SYSTEMS
![Page 8: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/8.jpg)
CCBill’s approach to IS ..2..
• Organisational level
– Business Continuity Planning (BCP)
– Periodic business impact analysis (BIA)
– Service level agreements -> transfer of risk
– Inherent fail-over strategies
– Separation of duties
– Periodic security awareness training
– Acceptable usage policy (AUP)
![Page 9: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/9.jpg)
Security Monitoring
• Augments prevention, doesn’t replace it• Monitoring Incident response cycle
– Feedback from forensics into monitoring
• Policy review team• Effective change management procedures• Typical network monitoring tools
– Snort (IDS)– Ntop– Rancid CISCO logs– Splunk SIEM
• Periodic gap analysis by third parties• Syslog aggregation from all devices and endpoints
![Page 10: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/10.jpg)
Syslog network topology
![Page 11: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/11.jpg)
IS implementation challenges
• Balancing security with usability
• Minimising human error
• Instilling a security mindset
• Keeping abreast with technology shifts
• Mitigating and reducing risks to an acceptable level
• Preventing breaches
• Responding to incidents in a timely manner
• Enforcing confidentiality, integrity and availability
![Page 12: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/12.jpg)
CERT challenges
• Post incident analysis is expensive and time consuming– Companies are sometimes ready to suffer the
brunt
• Time is money– Release today, get the business and patch
tomorrow
• Often, business strategies win hands down over security best practices
![Page 13: Mca Erg Oct 09](https://reader034.vdocuments.us/reader034/viewer/2022042608/55b785cabb61eb44268b45f3/html5/thumbnails/13.jpg)
Q&A
THANK YOU!