1 / 25

Cybersecurity Strategy

Cybersecurity Strategy. Andrew H Holden. Sixteen years in IT Network/Systems Administration & Engineering Information Systems Security Virtualization & Cloud Implementation On-site, cloud, and hybrid infrastructure Associates degree - Information Systems Security

couey
Télécharger la présentation

Cybersecurity Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity Strategy

  2. Andrew H Holden • Sixteen years in IT • Network/Systems Administration & Engineering • Information Systems Security • Virtualization & Cloud Implementation • On-site, cloud, and hybrid infrastructure • Associates degree - Information Systems Security https://www.linkedin.com/in/andrewhholden

  3. Agenda • Objectives of security • Typical risk-based security strategy • Threats • Awareness • Endpoints • Servers • Network • Various Tools

  4. Objectives of Security

  5. Typical Risk-Based Security Strategy Single Loss Expectancy * Annualized Rate of Occurrence = Annual Loss Expectancy • What assets exist and what is their value? • What threats exist? • What vulnerabilities exist? • What is the cost of a threat exploiting a vulnerability? (SLE – Single Loss Expectancy) • What is the frequency that a threat will exploit a vulnerability? (ARO – Annual Rate of Occurrence)

  6. Threats Social Engineering Malicious Insiders Mistakes Physical Threats Botnets DDoS Spam & Malware Email Attachments Viruses Ransomware Script Kiddies

  7. Threats Hacktivists APTs

  8. Educate Users • https://www.wombatsecurity.com/ • https://www.knowbe4.com/ • http://www.securitymentor.com/

  9. Endpoints • Endpoint antivirus, spyware, malware protection • Trend, Symantec, etc. • Malwarebytes • Cylance (next-generation AV uses AI) • OpenDNS Umbrella (now Cisco Umbrella) • MS Enhanced Mitigation Experience Toolkit (EMET) • No local admin rights for users • Enforce updates for Windows and third party • Disable flash in non flash-integrated browsers • Disable autorun for DVDs and flash drives

  10. Servers • Rename and disable domain and local administrator accounts • Disable unused user accounts • Don’t store LAN Manager hashes • Use shadow password files • Disable weak encryption protocols and hashes • Enable host-based firewalls • Install patches • Perform vulnerability assessments

  11. https://www.hass.de/category/software/download

  12. https://securityheaders.io

  13. Vulnerability AssessmentInternal and internet-facing servers • https://www.ssllabs.com (check for weak encryption protocols) • https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project (OWASP ZAP Vulnerability scanner) • https://app.upguard.com/webscan (complete web server analysis)

  14. More Vulnerability Assessment Tools

  15. Network • Firewalls aren’t just firewalls anymore • Gateway antivirus • Anti-malware and anti-spyware • Intrusion detection and prevention • Block all outbound ports except needed • Filter out countries where you don’t do business • Centralized logging all firewall traffic between zones Security Appliances

  16. Network • Two-factor authentication • VPNs • Web applications • Office 365 & Azure • Strong passwords and encrypted authentication • Unique for each device • Firewalls, switches, routers • Controllers, APs, management portals • Enforce password and lockout policies

  17. Network Network segmentation • DMZs and VLANs

  18. Wireless • Use a guest wireless LAN • Isolate clients • Internet access only • Don’t use weak authentication and encryption • WPA2 (PSK) and AES if you must • Better to use WPA2 Enterprise, RADIUS & EAP • Avoid vulnerable technology like WEP and TKIP • Centralized logging

  19. Email Filtering • http://www.appriver.com • Block SMTP from computers that aren’t supposed to be sending mail

  20. Privileged User Accounts • Don’t use privileged accounts for everyday use • Change service account passwords regularly • http://www.cyberark.com/solutions/by-project/privileged-password-management-control/ • https://thycotic.com/ • https://www.beyondtrust.com/products/powerbroker-password-safe/

  21. Backups • Don’t get caught without it when you need it • Physical servers • Virtual machines • SANs • Network attached storage • Server file shares • Desktop and laptop computers • Single purpose computers • Cell phones & tablets

  22. Incident Response

  23. Links • http://www.social-engineer.org/ • https://blog.knowbe4.com/ • https://www.nomoreransom.org/ • https://www.virtru.com/get-secure-email/ • http://mxtoolbox.com/NetworkTools.aspx • https://www.kali.org/ • http://passwordsgenerator.net/ • https://zeltser.com/suck-at-security-cheat-sheet/ • http://www.darkreading.com/ • https://zeltser.com/suck-at-security-cheat-sheet/

  24. audience.ask(questions)

More Related