www'TakewareGatekeeper'co'uk

1
www.TakewareGatekeeper.co.uk
2
Closing the back door
Barry E James MD The TakeWare Company www.takewar
e.co.uk
3
Closing the back door Introduction

• What door? Why we need to act?
• The nature of the threat - How bad is it?
• Whos vulnerable?
• When will it become a practical problem?
• How can it be addressed?
• The five point action plan
• Where can we get help?

4
The Threat! Ubiquitous Mass Storage

• Tiny outside
• Massive capacity inside.
• Very Fast comparable to hard disc
• Easy to conceal, Unobtrusive
• A watch or mobile phone
• Practically impossible to exclude from the
  office environment
• Can you frisk staff and visitors?

Samsung SGH-i310 8 Gigabyte phonefeaturing an 8
gigabyte hard disc.
5
The Threat! USB FireWire .
6
The Threat! 1Gb now below 15.00

Price 69.99 incVAT
7
The nature of the threat Who says
8
The nature of the threat The DTI Security
Breaches Report 2006

• Published 24th April 2006
• Tracks the use and abuse of data
• Identifies current and growing trends threats
• Firewalls and anti-virus
• Large enterprises better protected than smaller
  firms
• Impact of incidents much larger on smaller firms

9
The nature of the threat The DTI Security
Breaches Report 2006

• Removable memory devices - Identified as the top
  emerging threat
• iPods, MP3 Players, Memory sticks, Watches and
  even mobile phones up to 60Gb.
• Fast
• Massive capacity - Gigabytes

10
The Threat!
11
The nature of the threat The DTI Security
Breaches Report 2006
Found that such devices are being used in 84
per cent of companies and, on average, a third of
employees are using them in the office. 90 of
those surveyed said they were aware of the
potential danger that removable media presents,
and a third of organisations admitted that
removable media is being used without
authorisation.
12
The nature of the threat The DTI Security
Breaches Report 2006
"With removable media plummeting in price,
soaring memory capacity and more people using
them at work, companies need to be aware of how
easy it is for staff to use them, lose them or
take competitive information away on them, all in
the palm of their hands," "If lost or stolen,
vast amounts of valuable information could
seriously expose a company to extortion, digital
identity fraud, or damage to their reputation,
integrity and brand."
13
The nature of the threat The DTI Security
Breaches Report 2006

• Mass data theft
• Malware and hacker tools
• Loss of the devices
• Insiders as well as outsiders
• Departing and disgruntled employees
• Coercion some mafia style activity

14
The nature of the threat Quotes
Opportunity makes the thief. If you give them
the opportunity to access systems that they
shouldnt, then things can go wrong There
seems to be a fixation on threats from the
internet and external hackers but for the
criminals, going the insider route is easier and
there can be much more financial benefit for
them In addition, organised crime gangs have
been blackmailing people inside companies to
obtain information
15
The nature of the threat Gartner Research
"Organisations are increasingly
putting themselves at risk by allowing the
unauthorized and uncontrolled use of portable
storage devices". These are ideal for anyone
intending to steal sensitive and valuable data
The impact of this goes beyond the commercial
value of the data.
16
How Bad Is the Threat? A demonstration

17
How Bad Is the Threat? A demonstration

• PodSnaffler demonstrates how easy it is for
  critical data to be identified and removed from
  an unprotected PC automatically in seconds
• Its tiny and works with mobile phones and other
  mass unobtrusive mass storage devices
• Fast

18
PodSnaffler - A demonstration

19
How Bad Is the Threat?

www.PodSnaffler.co.uk for more information
20
Whos Vulnerable

• If you have an unprotected PC you are!
• If its happening why dont I hear about it?
• Who wants to admit that their security was
  breached?

21
Whos Vulnerable
In a recent survey 70 of employees admitted
taking information from work to which they were
not entitled. As Computer Weekly has commented
anyone planning to leave will remove most of the
information they want well in advance.
22
Whats at risk The Crown Jewels

• Customer Lists (and CRM)
• Contracts and Proposals
• Correspondence
• Prospects
• Address books
• Price Lists
• Sales Invoices
• Staff Records.

23
Whats at risk

• Organisations that suffer massive data loss.
• 80 are out of business within 3 Years
• 30 are out of business within the year.

24
Whats at risk Portable Hacking Tools

• Powerful hacking tools are starting to appear on
  the Internet which work from a small flashdrive,
  freely available
• Showtraf - a tool that monitors network traffic
  on a network and displays.
• 'John-the-Ripper' (a password cracker)
• Netpass - a utility used to recover network
  passwords
• Nemesis (Network intrusion tool).

25
When will it become a practical problem?

• Now.
• If your data had left the building would you
  even know?
• Has it already happened?
• After the event is too late.
• The DTI have raised the flag.
• The possibility is out there.
• Employees leaving it happens before you know
  it.

26
Closing the back door Quote
A learning experience is one of those things
that says, 'You know that thing you just did?
Don't do that.' Douglas Adams
Human beings, who are almost unique in having
the ability to learn from the experience of
others, are also remarkable for their apparent
disinclination to do so.Douglas Adams
27
Whos Vulnerable In the press
BBC 29April Digital cameras, MP3 players and
handheld computers could be the tools that
disgruntled UK employees use to sabotage computer
systems or steal vital data, warn security
experts.The removable memory cards inside the
devices could be used to bring in software that
looks for vulnerabilities on a company's internal
network. The innocent-looking devices could also
be used to smuggle out confidential or sensitive
information. The dangers disgruntled employees
posed was highlighted by a survey showing that
almost half of the most serious security
incidents businesses suffered last year were
caused by company workers.
28
In the press
Inside job Computing Magazine 14 April While
companies guard against external hacks, it is
easy to overlook threats closer to home Last
year, more than a dozen employees who had worked
for Citibanks Indian call centre partner Mphasis
were arrested for allegedly stealing 350,000
(199,842) from the banks American customers.
Similar threats can occur inside many
organisations, warns Floris Van Den Dool, head of
consultant Accentures European security
practice. There seems to be a fixation on
threats from the internet and external hackers
but for the criminals, going the insider route is
easier and there can be much more financial
benefit for them, he says The UKs former
National Hi-Tech Crime Unit produced similar
research that suggests 38 of financial fraud
results from internal security breaches and
collusion. Accessing unsecure business
applications from within the organisation is much
easier than hacking through the corporate
firewall and the potential for fraud is far
greater, according to Van Den Dool. But according
to a recent survey by the Department of Trade and
Industry (DTI), 99of UK companies are failing to
implement all the safeguards available to them to
help prevent internal security breaches.
29
Whos Vulnerable In the press
 insiders infiltrating firms, U.K. cops
warn April 25, 2006,  Silicon.com / CNET
News.com Employees are still one of the greatest
threats to corporate security, as "new-age" mafia
gangs infiltrate companies, the U.K.'s
crime-fighting agency has said. Speaking on
Tuesday Tony Neate, e-crime liaison for the
Serious Organised Crime Agency (SOCA), said
insider "plants" are causing significant damage
to companies. "We have fraud and ID theft, but
one of the big threats still comes from the
trusted insiders. That is, people inside the
company who are attacking the systems," he said.
"(Organized crime) has changed. You still have
traditional organized crime, but now they have
learned to compromise employees and contractors.
(They are) new-age, maybe have computer degrees
and are enterprising themselves. They have a wide
circle of associates and new structures," he
added.  
30
Whos Vulnerable In the press
Beware the enemy withinNews, Data Theft Almost
half the security experts who attended the recent
E-Crime Congress inLondon agreed that internal
users were the greatest risk to their
ITsecurity. Only 11 of respondents thought that
external hackers were moredangerous, while 44
rated external and internal threats equally.The
survey also established that only eight percent
of respondents felt theaverage company takes a
proactive approach to security - with over
half(59) reporting that companies were only
reactive.
31
In the press
A Spy Downloads on China He claims to have
downloaded some of these documents from his
police computer into his MP3 player and given a
sample of them to Australian immigration
officials as proof of his claims. The Sydney
Mercury Herald .

32
In the press

• Some other stories related to data theft in the
  news
• Workplace data theft runs rampant - BBC On-Line
• Suspect in SJ Medical Data Theft to be in Court -
  CBS
• Laptop Security - Full Disclosure
• iPods Open Backdoor for Data Theft - VUnet
• Healthcare Security Incidents Summary Incidents
  list on - SecurityFocus
• 50 million identities stolen in US - Washington
  Post
• Ford discloses employee data theft - UPI
• Data breaches worst ever last year - Seattle
  Times
• Portable storage devices the curse of
  convenience - InfoWorld
• Data Theft grew 650 over past three years - US
  Department of the Interior
• Wave of Data Theft Causes Corporations to
  Consider Network Risks - Aon Focus
• Time to Get Physical (Physical Security and Data
  Theft) - Redmond Magazine
• Sacked Staff Turn to Sabotage - InfoSec News

33
How Can it Be Addressed? The easy way and the
hard way

• Public hangings and floggings?
• Close the ports?
• Physical security?
• Frisk the staff?
• Rely on tekkies and tekky tools?
• Sysadmin solutions?
• Prevention is better than cure!

34
How Can it Be Addressed? The easy way and the
hard way

• Consult, train, confer - support your staff
• Inform staff develop your AUP (Acceptable Use
  Policy) collaboratively.
• Supportive technology prevent abuse not
  merely report it.
• Solution

35
How Can it Be Addressed? The easy way and the
hard way

• The solution should
• Police the use of devices actively.
• Police the use of content.
• Audit trail.
• Fit and Forget on a day to day basis
• Allow full use of USB and devices etc

36
Five Point Action Plan
1. Be aware of the threats plan an appropriate
and proportionate response. 2. Consider threats
from insider as well as outside. 3. Ensure you
have an appropriate AUP (acceptable use policy)
in place and that all staff are aware of it and
agree it. 4. Adopt supportive technology to
automatically monitor and control use of devices
and data 5. Conduct a security risk assessment -
Ensure that this, and your AUP, also covers the
use of removable devices - as well as Internet
and Email use etc.
(and dont panic!)
37
Where can we get help? Links and Resources

• www.TakewareGatekeeper.co.uk/issues
• www.TakewareGatekeeper.co.uk/downloads
• www.PodSnaffler.co.uk
• www.merit.org.uk
• www.security-survey.gov.uk

38
How Can it Be Addressed? TakeWare Gatekeeper

• The unique solution
• Polices the use of devices actively allows
  only devices authorised by you.
• Police the use of content allows only
  authorised content.
• Identified the user
• Audit trail.
• Fit and Forget on a day to day basis
• Allows full use of USB and devices etc
• www.takewaregatekeeper.co.uk

39
An Announcement Gatekeeper AntiTheft for Small
businesses

• Free for smaller SMEs up to five seats
• Low cost maintenance - recommended but optional
• Networked
• Enterprise, Education and other editions also
  available
• See www.takewaregatekeeper.co.uk/smeoffer

.
40
Closing the back door Thank you
Please visit www.takewaregatekeeper.co.uk for
more information.