Information Security Future Trend and Latest Update Know-how - PowerPoint PPT Presentation

1 / 88

About This Presentation

Title:

Information Security Future Trend and Latest Update Know-how

Description:

Information Security Future Trend and Latest Update Know-how ... – PowerPoint PPT presentation

Number of Views:309

Avg rating:3.0/5.0

Slides: 89

Provided by: NoppornTho1

Category:

more less

Transcript and Presenter's Notes

Title: Information Security Future Trend and Latest Update Know-how

1
Information Security Future Trend and Latest
Update Know-how

?????????????????????????????????????????????????
???????

2
New Economy TrendIndustrial Revolution gt
Digital Revolution

?????????
??????????
???????? (IT)
???????????? (ICT)
Computer Security gt Information Security
(InfoSec)
(Knowledge-based Economy/Society KBE/KBS)

3
NITC ICT Master Plan (www.nitc.go.th)
4
???????????????????????????????
????????????????????
5
Goal for protecting your security infrastructure

CIA Triad
C Confidentiality
??????????????? (Secret) ?????????
I Integrity
??????????????????????????????????????????????????
???????????????????????????????????????????
????????????????????????????????
A Availability
????????????????????????????????????????
???????????????????????????????????????

6
Fundamental Security Principles
Control error Ensure accuracy No unauthorized
Alteration
Integrity
Confidentiality
Control access Ensure secrecy No unauthorized
Disclosure
Downtime includes destruction and Denial of
Service
Availability
DAD is reverse of CIA
Control outages Ensure performance No
unauthorized Downtime
7
?????????????????????????????????????????????????
8
Information Security Risks

Cleartext transmissions
HTTP, SMTP, FTP ,Telnet , POP3/IMAP4, LDAP
Password data attacks
Internet Worm, Virus, Trojan Horses, MalWare
Social Engineering
Denial of service or DDoS
IP Spoofing, ARP Spoofing, Mail Spoofing
Exploitation of Vulnerabilities Scanner findings
Hole in BIND/DNS, Router, Switching, Internet
Appliance, Firewall and IDS/IPS
Microsoft IIS or Apache Web Server Vulnerability
Web Application Vulnerability

9
Attack Sophistication vs.Intruder Technical
Knowledge
10
What is Vulnerable?
Applications
E-Commerce IIS/Apache Web Server
SAP/R3
Firewall
E-Mail Server DNS Server
IE Web Browsers
11
What is Vulnerable?
Databases
Microsoft SQL Server
DB2
Oracle
Firewall
Router
12
What is Vulnerable?
Operating Systems
SUN Solaris
Windows 2000
HP-UX
Firewall
Router
Network
IBM AIX
Windows 95 98/Me/NT/XP
13
What is Vulnerable?
Networks Devices
Firewall
Router
14
Hacking SSL over Internet Banking
Session Using CAIN demonstration
15
Man-in-the-Middle Attacks
A
C
Public Key A
Public Key C
Expected
Key Ring
Key Ring
Compromised
A
C
Public Key A
Public Key C
Key Ring
Key Ring
Fake Key C
Fake Key A
B
Key Ring
16
?????? sniffer ???????? login username and
password ???? SSL Session ???????? ARP
spoof/poisoning
17
(No Transcript)
18
??????????????????????????????? ARP
spoof/poisoning
19
?????????? ARP spoof/poisoning
20
Sniffer ????????? Man-in-the-Middle
21
????????? MAC address ???????
22
Hacker ??? CAIN ??? Certificate Key ????
23
?????????????????? Certificate ???????????????????
?????????? ???? key ?????????????????????????????
???? key ??????
24
Certificate ???????
25
Hacker ???????? ?????? username password ?????
login Hotmail website (using SSL) ???
26
???????????????? ARP Spoof

????????? Certificate ????????????????? IE
Browser using SSL (Internet Commerce or Online
Banking case)
?? Port Security ?? Switch (LAN case)
????? Inventory ??? MAC address
??????????????????
Network ?????????????????????? MAC Address (LAN
case)
??? ARPWatch from http//www-nrg.ee.lbl.gov
??? IDS for example Snort from www.snort.org

27
Web Application Hacking

????????????????????????????????

28
Web Sites are vulnerable to attackers from
www.netcraft.com
29
(No Transcript)
30
New Hacking Trend

No more normal exploit (everyone using Firewall
open only port 80 HTTP service and port 443 HTTPS
service)
Modern Hacker using Trojan (as attachment file)
social engineer un-awareness user or executive
take control over victim Notebook or PC LAN
client.
Most popular Trojan program type
Perfect KeyLogger
Malicious ActiveX Control
Hacker Slave Trojan Client
for example Optix or Assassin 2

31
Traditional Hacking

Targeted against vulnerabilities in OS components
and Network services.
Attacks specific to operating system
architecture, authentication, services, etc.
Myriad of exploits for different services, OS
platforms, CPU architectures, etc.

32
Traditional Hacking
... winsock_found xor eax, eax push
eax inc eax push eax inc eax push
eax call socket cmp eax, -1 jnz
socket_ok push sockerrl push offset
sockerr call write_console jmp
quit2 socket_ok mov sock, eax mov
sin.sin_family, 2 mov esi, offset _port ...

Requires rocket science such as coding
shell-code for buffer-overflows, etc.
In short, it is a complex activity.

33
Traditional HackingLimitations

Modern network architectures are getting more
robust and secure.
Firewalls being used in almost all network
roll-outs.
OS vendors learning from past mistakes (?) and
coming out with patches rapidly.
Increased maturity in coding practices.

34
Traditional HackingLimitations

Hacks on OS network services prevented by
firewalls.

Web Server
DB
Web app
Web app
DB
Web app
Web app
wu-ftpd
X
Sun RPC
X
NT ipc
X
35
Traditional HackingLimitations

Internal back-end application servers are on a
non-routable IP network. (private addresses)

Web Server
DB
Web app
Web app
DB
Web app
Web app
X
36
The Next Generation of Hacking

E-commerce / Web hacking is unfettered.
Web traffic is the most commonly allowed of
protocols through Internet firewalls.
Why fight the wall when youve got an open door?
HTTP is perceived as friendly traffic.
Content/Application based attacks are still
perceived as rare.

37
The Web Hackers Toolbox

Essentially, all a web hacker needs is
a web browser,
an Internet connection,
and a clear mind.

38
Types of Web Hacks
Web Server
DB
Web Client
Web app
Web app
DB
Web app
Web app

URL Interpretation Attacks.

web server mis-configuration
39
Types of Web Hacks
Web Server
DB
Web Client
Web app
Web app
DB
Web app
Web app

Input Validation attacks.

poor checking of user inputs
URL Interpretation attacks
40
Types of Web Hacks
Web Server
DB
Web Client
Web app
Web app
DB
Web app
Web app

SQL Query Poisoning

Input Validation attacks
Extend SQL statements
URL Interpretation attacks
41
Types of Web Hacks
Reverse-engineering HTTP cookies.
Web Server
DB
Web Client
Web app
Web app
DB
Web app
Web app

HTTP session hijacking.
Impersonation.

Input Validation attacks
SQL query poisoning
URL Interpretation attacks
42
The Web Hackers Toolbox

Some desired accessories would be
a port scanner,
Netcat (nc) from www.atstake.com
vulnerability scanner (e.g. Nessus 2.0),
OpenSSL, etc.
And A Hacker Mind !!

43
How can we protect ourselves ?

InfoSec Awareness Training (Educate Users)
Using ANTI-Trojan Software
Using ANTI-Virus Software
Beware .exe, .com, .pif, .jpg.exe, .hta,
.vbs, .scr, .mp3.com, .zip password, .jpg
Beware New Vulnerability on JPEG GDI
(gdiplus.dll)
Using GDISCAN.exe from http//isc.sans.org

44
ANTI-SpyWare, ANTI-Trojan softwarewww.download.co
m

Ad-Aware 6.0
SpyBot Search Destroy
SpySweeper
PestPatrol
HijackThis

45
Ad-aware (Detect and Clean Trojans)

Ad-aware is a, multi-trackware detection and
removal utility (designed for Windows 98 / 98SE /
ME / NT40 / 2000 / XP Home / XP Pro)
Can comprehensively scan your memory, registry,
hard, removable and optical drives for known
Datamining, aggressive advertising, Parasites,
Scumware, Keyloggers, selected traditional
Trojans, Dialers, Malware, Browser hijackers, and
tracking components.

46
(No Transcript)
47
??????? 10 ?????? ????????????? Malware ?????
???????? (Virus, Worm, Trojan, Backdoor, Spyware,
Adware) ????????????????????
48
??????? 10 ??????????????????? Malware ?????
????????

??????????????????????? Information Security
??????? Personal Firewall ????????????? Windows
Client
?????????????? Anti-Virus ???????????????
Enterprise
??????????????????????????????? ??????????????
???????????????? (Outgoing Traffic)
????????????????????????????????????????
??????????????????????????????????????
??????????? IDS (Intrusion Detection System)
????????????????????? Packet Sniffer ???? RMON
Probe Traffic Analyzer
???????????????? (Security Policy)
?????????????????????????????

49
1. ??????????????????????? Information Security

?????
?????????????? Information Security
?????????????????
Update Patch ???????????????????????????????????
????? Harden ?????????????????????????
(Services) ????? ???? TCP / UDP Port
?????????????
????
???????????????????????? Patch ???????????????????
Harden ?????????????????? LAN
??????????????????????????
????????? Update Patch ????????? Client ???????
Windows Platform ?????????????????????????????
(For example using Microsoft SUS or Shavlik
HFNetChk)

50
(No Transcript)
51
2. ??????? Personal Firewall ?????????????
Windows Client

?????????? Security Awareness ????????????????????
? Personal Firewall ????????????????????
??????????????? ??????
Internet Connection Firewall (ICF) ????????
Windows XP ????????
??????? ZoneAlarm ??? www.zonelabs.com

52
(No Transcript)
53
3. ?????????????? Anti-Virus ???????????????
Enterprise

????????????????????? Windows Client ???????
Desktop ???? Notebook ????????
????????? File Server ????????? ???????? Mail
Server ?????????????????????????????????????????
??????? Update Virus Signature ???????????????????
???????????????? ????????
?????????????????????????????? Anti-Virus ??????
Update Virus Signature ?????????????

54
4. ??????????????????????????????? ??????????????

???????????????????????? Checksum
??????????????????????????????????????????????????
???????????????????????? ????????????????????
Integrity Checking
??????????????????????????????? Integrity
???????? ???? Tripwire ?????????? Freeware ???
Commercial ???? ??? AIDE ?????? Freeware
??????????????????????
????????????????????????????????
?????????????????? Rootkit ??????????????
????????????? Worm ???????????????????????????????
?? ?????????? Integrity Checker
??????????????????????????????????????????????????
??????? ?????????????????????????????????????
????????????

55
5. ???????????????? (Outgoing Traffic)

?????? ACL ???? Access Control List ??? Router
???? Switching Layer 3
???????? Rule ??? Firewall ?????? Traffic
????????????????????????????????

56
6. ????????????????????????????????????????
(Incident Response)

??????????????????????????????????????????????????
??????????? Virus ????? ???????? ?? Incident
Response Plan
?????????????????????????????????????? (IR Team)
?????????? Outsourcing ????????????????????? MSSP
(Managed Security Service Provider)
????????????????????? (Authority)
????????????????????????????????????

57
7. ??????????????????????????????????????

Layer Security ???? Defense-In-Depth
???? ?????????? Firewall ?????? ???????????
Firewall ??????????????????????????????????
??? Firewall ?????? ????????? LAN ????
?????????????????????? Server ????????????????????
?? Server Farm ???????????????????????????

58
8. ??????????? IDS (Intrusion Detection System)

??????????????????????????????????????????????????
?????? ????????????????????
????????????????????????? (Network Diagram)
???????????????????? Switching ???????????????
???????????????????????????????? Mirror ???? Span
Port ??? Switching

59
9. ????????????????????? Packet Sniffer ???? RMON
Probe Traffic Analyzer

?????????????????? Traffic ???????????
???????????? Traffic
??????????????????????????????? ?????????????????
Denial of Service (DoS Attack) ???????????????????
???? ??????? Traffic ??????????????????????????

60
10. ???????????????? (Security Policy)
?????????????????????????????

???? ??????????????????????? Client ???????? LAN
????????? Modem ???????? ISP ????? Dial-Up
Networking
??????????????????????????? Serial Port ??????
Modem ???????????????????????? PSTN
???????????????????? LAN ???????????????
??????????????????? Client ?????????? Modem ????
???????????????????? LAN ??????? Ethernet LAN
Port ???????

61
20 Things Every Employee Should Know about
Information Security
62
20 Things Every Employee Should Know about
Information Security

Be Responsible and be aware
Choose your passwords wisely
Keep your password secure
Deal with viruses and malware
Use corporate resources only to do your work
Practice safe data transfer
Know the risks associated with e-mail
Deal with e-mail hoaxes
Surf the Web wisely at work
Be aware of the dangers of the Internet

63
Browser Hijacking ?????????? Browser Internet
Explorer (IE) ??????????????????????????????????
64
Browser Hijacking ?????????? Browser Internet
Explorer (IE) ??????????????????????????????????
65
Browser Hijacking ?????????? Browser Internet
Explorer (IE) ??????????????????????????????????
66
20 Things Every Employee Should Know about
Information Security

Secure your laptop for remote usage
Make remote access secure (War Dialing)
Use your hand-held device safely
Backup and secure your data
Manage sensitive information wisely
Dispose of digital media safely
Its people, not technology Social Engineering
Secure your workspace (clean desk)
Know what to do when things go wrong
Keep things in context and move forward

67
??????????????????????????????????????????????
?? ??? ????????????? ACISsInformation
Security Management Framework (ISMF)
68
Information Security Management Framework (ISMF)
7 Steps
69
Information Security Management Framework

1. Risk Management / Vulnerability Assessment /
Penetration Testing
2. Critical Hardening/Patching/Fixing
3. Practical Security Policy
4. Defense In-Depth / Best Practices
Implementation
5. Security Awareness/Technical/Know-how Transfer
Training
6. Internal/External Audit
7. Managed Security Services (MSS) / Real time
Monitoring using IDS/IPS

70
1. Risk Management / Vulnerability Assessment /
Penetration Testing

??????????????????????????????????????? IT
???????????????? (Risk Assessment and Risk
Analysis)
????? Inventory ???????, ????? Revised Network
Diagram ???? Logical ??? Physical Diagram,
????????????????????????????????
??????????????????????????????????????????????????
LAN ??? WAN ??????????????????? Internet
??????????????????? Perimeter Network
??????????????????????????????????????????????????
?????????????????????????? ???? Vulnerability
Assessment
????????????????????????????????????
username/password ????????????????????????????????
???????????????????????????? ???? Penetration
Testing
??????????????? (Risk Assessment Summary Report)
??????????????????????????????????
?????????????????????????????????????????????

71
Vulnerability Assessment

The process of identifying existing
vulnerabilities in assets and their environments
and then determining the severity ratings for
vulnerabilities as they relate to the assets.
The following vulnerability reviews should be
considered
Vulnerability scans
Architecture reviews
Host assessments
Policy and procedure reviews
Web application reviews
Physical security reviews

72
Penetration Testing (Ethical Hacking)

Penetration testing assesses the network/systems
ability to withstand intentional attempts to
circumvent system security features.
The effort involves using several automated tools
to exploit common technical vulnerabilities from
both the insider and outsider perspective. These
tools will be used to electronically identify and
in some cases exploit vulnerabilities.
The objective of penetration testing is of course
to investigate the system from the attackers
perspective.
The primary aim is to identify exposures and risk
before seeking a solution.

73
The Black-Box Approach
74
The White-Box Approach
75
2. Critical Network Hosts Hardening / Patching
/ Fixing

???????????????????????????????????? Critical ???
????????????????????????????????
?????????????????????????????????????? ??????
Hardening ??????????
?????? Port ????? ???????????????????
?????????? Firewall ?????????
???????? Rules ??? Firewall ??????????
?????????? Service Pack, Patch ???? Hotfix
??????????????????????????

76
3. Practical Security Policy

???????? Practical Information Security Policy
???????????? ?????????????????????? INFOSEC
?????????? ???????? ????
ISO17799
CBK (Common Body of Knowledge) ??? ISC2
CobiT ??? ISACA
SANS/FBI Top 20 ????????? SANS ??????? FBI
????? Practical Security Policy ???????
???????????????????????????????????????????????
???? Policy ????????????????? ????????????????????
????????

77
4. Defense In-Depth / Best Practices
Implementation

Defense In-Depth ??????? ???????????????????????
?????????????????????????????????????
?????????????? Border Router ????????????
Internet ??? ISP ????????? Firewall ?????????????
???????????????? IDS ???? IPS (Intrusion
Prevention System) ??? ?????????????? LAN ???????
???
?????????????????? LAN ??????????????????? ????
Core Switching/Core Router ?????? Server ?????
????????? LAN ????????????????????????????????????
?? Virus ????? ???????????????????????????? LAN
????????????
????? Best Practices ???????????????????????????
????????????????????? ?????? Workstation ???
Server ?????????????????????? DMZ ????????? LAN

78
5. Security Awareness / Technical Know-How
Transfer Training

????????????????????????????? ????????? ???
?????????????????? ???????????????????
??????????????????????????? ??????????????????????
????????????? ?????? ?????????????????????????????
??????????????????????????????????????????????????
????????????????
????????????????????? ?????????????????????? ???
??????????????????????????? ???????????
???????????????? ??? ???????????????????????
Information Security ??????, ????? Internal Audit
?????? ????????????????????????????

79
Security Awareness Program???????????????????????
? ?
80
Security Awareness Program ??????? ?? ????????
81
All we need is Information Security Knowledge
82
Security Awareness Program
?????????????????????? (Top Management)
Non-IT Program
??????????????????????? (Middle Management)
Non-IT Program
???????????????? (System/Network
Administrator/DBA)
IT Program
???????????????????????????????????????????? (Secu
rity Administrator)
IT Program
??????????????????????????????? (Users)
Non-IT Program
83
ACIS Professional CenterICT Security Training
84
6. Internal / External Audit

???????????????????????????????????? 1 ?????
?????????? 5 ???? ??????????? Audit
???????????????????? ???????? Assessment
???????????? 1 ??????????????????? Re-Assessment
???????????????? 6 ???????????????????????????
???????? ?????????????????????????????????????????
??????????????
?????????????????????? Internal Audit
??????????????? ???? ????????? External Audit
Service ?????????????????????? Information
Security ???????????????????????????

85
7. Managed Security Services (MSS)Real Time
Monitoring Using IDS / IPS / Stealth Logging

????????????????????????????????????????
??????????? ????????? Outsourcing
??????????????????????????????????????????????????
???? Managed Security Services Provider (MSSP)
??????????????????? ???????????????????? MSSP
?????????????????????????? ?????????? Services
Level Agreement (SLA) ?????????????????????????
5x8 ???? 24x7 ???????
??????????????????????????????????? Real time
Monitoring 24x7 ?????????????? ???
??????????????????????????????????????????????????
24 ???????
????????? MSSP ???????????????????? Hacker ???
Virus ?????? ?????????????????????????????????????
???????? IT Security ???????

86
Information Security Management Framework (ISMF)
7 Steps
87
New Protection Paradigm

Internal Control , Internal Audit, IT governance
Vulnerability Assessment gt Vulnerability
Management gt Patch Management
Vulnerability scanning gt Automated VA or Human
Expert
Proactive Security Management
Managed Security Services from MSSP
Outbreak Prevention (Zero Day)
ASIC-Based IPS, ASIC-Based Firewall
Content Security at Gateway
(ANTI-VIRUS/ANTI-SPAM is a Must)
Total Security Solution for one PC
Anti-VirusAnti-SpyWareAnti-SPAMPersonal
FirewallURL FilteringHost Based IPS/IDS

88
Management Security Controls
Administrative
Policies
Management Structure
Facility Planning
Standards
Personnel Controls
Guidelines
Physical
Training
Procedures
Testing
Audit Trails
Technical
DATA
89
PPT Concept P People P Process T
Technical
90
PPT Concept