CERTin Ministry of Railways

1
CERTin Ministry of Railways
Why secure!?!
Capt.(R) Ashok B. Shiroor, Managing
Director, Mikroz InfoSecurity Pvt. Ltd.
2
Understand the Need for Security

• Un-interrupted availability of I T
  infrastructure during working hours

• Disallow unauthorized access to or modification
  of privileged information

3
Challenges How to (try to) do it effectively

• Recognize the Jigsaw puzzle
• Analyse the Assets
• Keep security prioritised

4
Recognize the jig-saw puzzle
5
What to look for - assets
6
A Priority-Based Approach to Risk Management
Focus first on the most critical assets
RISK Correlate the known presence of a
vulnerability .on a business-critical
asset .with a real-time threat exploiting that
vulnerability
Automate the process to effectively streamline
and create efficiencies
7
The Dynamic Risk Environment
8
The Dilemma - Prioritisation

• What should base layers to be protected in a
  typical work place
• How to assess the risk environment
• How to take care of reactive AV
• How to manage patches and compliance
• What to select Best of breed or End to End
  solutions
• What is better Managed Solutions or Self
  Managed
• Multipurpose devices or Purpose built
• How to sustain levels of security

9
Principle

• 80 20

10
Approach to Security

• Pro-active
• Comprehensive
• Manageable

11
Attack Lifecycle
12
Zero-Day Attacks McAfee (NAI), April 2k1
No of updates per day
39 Updates
141Viruses Missed 24 Different Viruses
Viruses Missed
13
Multiple vectors
14
Blended Threats Mass Mailer Virus

E-mail Server
Mail Server
File Server
Web Server
Employee working at home
15
Blended Threats File Share

E-mail Server
Mail Server
File Server
Web Server
Employee working at home
16
Blended Threats Web Server Vulnerability

E-mail Server
File Server
Web Server
Employee working at home
17
Blended Threats OS Vulnerability

18
What more

• Floppies
• CDs
• USB drives
• Encrypted eMail attachments
• GPRS/CDMA/BueTooth
• Network Shares
• 50 intrusions are due to insiders

19
The Pro-active approach how!?!

• Deny all
• Allow selectively Manage where
• Work at user awareness good security habits
• Bulletins on Hoaxes and Urban Legends
• Anti-social engineering

20
Product evolution
Some pieces are well understood demanded by
customers
Some pieces are in the development stage-latent
need felt by customers
Some pieces would emerge as a long wish list
21
Perimeter or Gateway security
22
Desktop security
Antivirus and Firewall Threat case Blaster Port
scan attempts to enter machine to find vulnerable
host Firewall blocks TCP port 135, instructs AV
to block any payload and outbound transmissions
from that port for 30 minutes
Antivirus and Intrusion Prevention Threat case
Sasser Attack attempts to enter system using
critical service, LSASS user authentication Traffi
c must be inspected, so IPS engine inspects
traffic and blocks attempted
23
Threats to future technologies
24
Future Threats Potential Areas of Concern

• Threats to mobile devices
• Voice over Internet (VoIP)
• Malicious Software
• Exploitation of wi-fi networks
• Phishing, Spam and Spyware
• Identity Theft

25
Prevention better than cure

• Test Apply vendor-supplied software patches
  routinely
• Disable features/services that are not explicitly
  required
• Install antivirus software and keep it up-to-date
• Use caution when opening eMail attachments or
  following URLs

26
Questions
Capt.(R) Ashok B. Shiroor, Managing
Director, Mikroz InfoSecurity Pvt. Ltd.