security meeting 2012 id theft
DESCRIPTION
TRANSCRIPT
![Page 1: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/1.jpg)
ID Theft
Security Meeting
![Page 2: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/2.jpg)
11/05/2012 2
1. ID Theft • Introduction • Types • Techniques • Causes
2. Compliance 3. Approach
• Service • Features • IT Integration
4. Q & A
Agenda
Security Meeting May 2012
![Page 3: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/3.jpg)
11/05/2012 3
Definition (Wikipedia): Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain … other benefits in that person's name. AKA: Impersonating - meaning the person whose identity has been assumed by the identity thief.
ID Theft
Security Meeting May 2012
![Page 4: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/4.jpg)
11/05/2012 4
• Finantial • Governamental • Social Network • Child • Smart Phone
Some Types
Security Meeting May 2012
![Page 5: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/5.jpg)
11/05/2012 5
• Stealling o IT Equipment o Credit Cards o (…)
• Impersonating • Brute force attack weak passwords • Explore security breaches (browser flaws,
malware, spyware) to steal information from computer
Some Techniques
Security Meeting May 2012
![Page 6: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/6.jpg)
11/05/2012 6
• Hacking systems (servers, networks, databases, firewalls)
• Improper privileges to company's employees, resulting in unauthorized access to sensitive data from these privileged users (internal unauthorized access)
• (…)
Some Techniques (I)
Security Meeting May 2012
![Page 7: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/7.jpg)
11/05/2012 7
Organizations: • Don’t have an adequate security policy • Fail to preserve computer security • Fail to ensure network security (Firewall
Management) • Fail do identify risks (Risk Management) • Relaxed access control policy • (…)
Some Causes
Security Meeting May 2012
![Page 8: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/8.jpg)
11/05/2012 8
Risk Management
Security Meeting May 2012
![Page 9: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/9.jpg)
11/05/2012 9
• Help protect business from risk • Increase IT Security • Used as benchmark to protect information • Automating compliance decrease audit time and
stress o Keep configurations up- to-date (monitoring) o Detects undesirable changes
• (…)
Compliance
Security Meeting May 2012
![Page 10: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/10.jpg)
11/05/2012 10
Compliance
Security Meeting May 2012
![Page 11: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/11.jpg)
11/05/2012 11
Traditional • Vendor solution • Go in, implement, customize & go out • Assistance & support
Service • Configuration control • Compliance policy management • Change auditing • Real-time analysis of changes • Remediation, Reconciliation • Reporting
Approach
Security Meeting May 2012
![Page 12: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/12.jpg)
11/05/2012 12 Security Meeting May 2012
Approach
![Page 13: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/13.jpg)
11/05/2012 13
Features • Provides compliance policies do manage user
Ids o e.g. password strength and complexity
checks • Proactive monitor IT security infrastructure
(firewalls).
Security Meeting May 2012
Approach
![Page 14: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/14.jpg)
11/05/2012 14 Security Meeting May 2012
Approach
![Page 15: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/15.jpg)
11/05/2012 15
• Continuous compliance o File integrity monitoring by detecting any
change to a file or system setting. o Automating the repair of configurations
that intentionally or accidentally fall from secure and compliant states
• Generate an audit trail that logs the state of physical and virtual infrastructure, along with any actions taken to remediate out-of-compliance infrastructure.
Security Meeting May 2012
Approach
![Page 16: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/16.jpg)
11/05/2012 16
IT Infrastructure Integration • Supports a variety of IT Technology • OS with agent (HPUX, Solaris, RHEL, Windows) • Direct monitor Databases
o Microsoft SQL Server o Oracle Database Server o Sybase Database Server o DB2 Database Server o (…)
Security Meeting May 2012
Approach
![Page 17: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/17.jpg)
11/05/2012 17
• Direct monitor Directory Servers (Microsoft, Novell, Sun, Generic LDAP…)
• Network devices (Cisco, F5 BigIP, HP Procurve, Juniper, Nortel, …)
• Supports others devices not listed (Agent less mode - with ssh)
Security Meeting May 2012
Approach
![Page 18: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/18.jpg)
11/05/2012 18 Security Meeting May 2012
How we do it
![Page 19: Security meeting 2012 ID Theft](https://reader033.vdocuments.us/reader033/viewer/2022051610/549e6ccbac795924768b46f2/html5/thumbnails/19.jpg)
11/05/2012 19 Security Meeting May 2012
How we do it