oc rims cyber safety & security incident response
TRANSCRIPT
OC RIMSOC RIMSCyber Safety & SecurityCyber Safety & Security
Incident ResponseIncident Response
Types of Cyber EventsTypes of Cyber Events
- Intrusion (external/internal)- Intrusion (external/internal)
- Hackers Targeting Asset/Account - Hackers Targeting Asset/Account ManagersManagers
- Sexual Harassment- Sexual Harassment
- Termination- Termination
- Workmen's Comp Claims- Workmen's Comp Claims
- Theft of IP- Theft of IP
Civil vs. CriminalCivil vs. Criminal
Theft of Personal DataTheft of Personal DataTheft of IPTheft of IPStalkingStalkingCyber ImpersonationCyber ImpersonationHackingHackingWire TappingWire TappingChild PornographyChild Pornography
Look Familiar?Look Familiar?
PreservationPreservation
PPreserve Digital Evidencereserve Digital Evidence
• The most important thing to The most important thing to remember is to protect and remember is to protect and preserve the evidence no matter preserve the evidence no matter what the final outcome!what the final outcome!
• If you choose not to preserve the If you choose not to preserve the evidence now it may be altered or evidence now it may be altered or destroyed when you need it!destroyed when you need it!
What is Imaging?What is Imaging?
o Write blocked/protectedWrite blocked/protectedo Bit-by-bit copy of the deviceBit-by-bit copy of the deviceo VerifiedVerifiedo Proven and court accepted Proven and court accepted
methodologymethodologyo DifferentDifferent then Ghost or other file then Ghost or other file
copying!!copying!!
ForensicsForensicsWhat can it do for What can it do for
you?you?Clear and concise explanation of:Clear and concise explanation of:
• Forensic copy of original evidenceForensic copy of original evidence• Methodology used for examinationMethodology used for examination• Whether or not the date/time Whether or not the date/time stamps are a reliable indicatorstamps are a reliable indicator
• What is slack and unallocated What is slack and unallocated spacespace
• How is data stored and recoveredHow is data stored and recovered
DeletingDeleting
- Recycle Bin ArtifactsRecycle Bin Artifacts- File systemsFile systems- RecoverableRecoverable
Anti-ForensicsAnti-Forensics
WipingWiping
MonitoringMonitoringo Third party Third party o Offsite, appliance or applicationOffsite, appliance or applicationo Local Local
EncryptionEncryption
o Transmission (SSH)Transmission (SSH)o User and Master KeysUser and Master Keyso Securing Your KeysSecuring Your Keyso Whole Disk, Volume or File LevelWhole Disk, Volume or File Level
PreventionPrevention
#1 hacking tool = social engineering#1 hacking tool = social engineering
o Operating System PermissionsOperating System Permissionso Logging of Data Access & Transfers Logging of Data Access & Transfers (system wide/centralized/long term)(system wide/centralized/long term)o MonitoringMonitoringo Restrict Web Browsing (browser)Restrict Web Browsing (browser)o Removable MediaRemovable Mediao Vulnerability TestingVulnerability Testing
Secure WirelessSecure Wireless
SSID SSID WEP/WAPWEP/WAP MAC AddressMAC Address WiredWired Air CardAir Card
WirelessWireless
The “Cloud”The “Cloud”
Dangers and RiskDangers and Risk Uncontrolled
Access by Users Unsecured Access Internet
Dependant
CloudCloud
Tools and TipsTools and Tips Google/MSN Admin
Controls Secure
Computer/Connection Password Rules Backup Two-Factor
Authentication