thanks for recovering… now i can hack you
DESCRIPTION
Thanks For Recovering… Now I Can Hack You. Charles Greene, CISSP, GSLC. Speaker Bio. Senior Information Security Architect I&AM Team Lead, DR Team Lead Bachelor's Degree in Information Systems from Virginia Commonwealth University - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/1.jpg)
THANKS FOR RECOVERING…NOW I CAN HACK YOU
Charles Greene, CISSP, GSLC
![Page 2: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/2.jpg)
Speaker Bio• Senior Information Security Architect
• I&AM Team Lead, DR Team Lead
• Bachelor's Degree in Information Systems from Virginia Commonwealth University
• Master's Degree in Disaster Sciences from the University of Richmond
• CISSP, GIAC Security Leadership Certification
• SANS Mentor - MGT-512 Security Leadership Essentials and MGT-432 Information Security for Business Managers
• GIAC Advisory Board
![Page 3: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/3.jpg)
Leading Questions…How many of your organizations perform annual Disaster Recovery Tests?
How many of you are Information Security Professionals?
How many Information Security Professionals play an active part in Disaster Recovery Tests?
Why?
Why Not?
![Page 4: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/4.jpg)
Disaster Recovery Journal, Winter 2013 Vol.26, Num.1
![Page 5: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/5.jpg)
Agenda
Disaster Recovery Test Scenario DR Test Security Vector Identification Other Considerations
Open and Interactive DialogueThoughts About DR TestingUltimate Goal of Enhancing DR Test Plans
![Page 6: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/6.jpg)
Background ScenarioDR ASSIGNMENT
Operations System Architects Management Security
DR Lead – RTO/RPO Sys Admin – RECOVERY Sec Admin - Security
DR RESPONSIBILITIES
In this scenario, the DR tasks were assigned to Systems/Network Management. The DR teams were comprised of Systems and Network Administrators and the Security Administrators had no role in DR planning or exercises.
![Page 7: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/7.jpg)
What Happened?
Planning Focus on Recovery Developed and Reviewed
by Systems Administrators
Test Planning for RTO/RPO
![Page 8: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/8.jpg)
What Happened?
Test Execution
Going as Planned Ah Ha Moment Vendor Response
![Page 9: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/9.jpg)
What Happened?
Mitigation
Security Realization Identify DR Vectors of
Attack Plan Updates
![Page 10: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/10.jpg)
Vector Identification Local Switch
Infrastructure
![Page 11: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/11.jpg)
Vector Identification Local Switch
Infrastructure Who controls the switch
configurations?
Can you verify the configs?
Who has physical access to the switches?
![Page 12: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/12.jpg)
Vector Identification Firewall
Configurations When is the FW
recovered?
What does it protect?
Is it complete?
![Page 13: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/13.jpg)
Vector Identification System
Administrator Devices
Is there corporate data on the laptop?
Will this device connect to the DR network?
Create a Device Use Policy
![Page 14: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/14.jpg)
Vector Identification VPN Access Does it bypass the
Firewall?
Identity and Access Management?
![Page 15: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/15.jpg)
Vector Identification Server
Configurations Timing of the build
process might create opportunities
Use a protected build DMZ to lessen the risk
![Page 16: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/16.jpg)
It’s Your Data…Protect It!
Recovering Live Data Incident Handling at DR location Logging?
![Page 17: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/17.jpg)
Update Your Plans!
Goals for DR Testing Experience Plan Verification
![Page 18: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/18.jpg)
Questions/Discussion
![Page 19: Thanks For Recovering… Now I Can Hack You](https://reader035.vdocuments.us/reader035/viewer/2022062501/56816216550346895dd2439b/html5/thumbnails/19.jpg)
Thank You!
Chip Greene, CISSP, GSLCSenior Information Security ArchitectSANS Mentor (MGT-512, MGT-432)
[email protected]@mcvh-vcu.edu