0 evaluări0% au considerat acest document util (0 voturi)
16 vizualizări75 pagini
Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR (c) 2011 Cisco and / or its affiliates. All rights reserved. Don't forget to complete your online session evaluations after each session and the Overall Conference Evaluation which will be available online from Thursday.
Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR (c) 2011 Cisco and / or its affiliates. All rights reserved. Don't forget to complete your online session evaluations after each session and the Overall Conference Evaluation which will be available online from Thursday.
Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR (c) 2011 Cisco and / or its affiliates. All rights reserved. Don't forget to complete your online session evaluations after each session and the Overall Conference Evaluation which will be available online from Thursday.
Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 2 Housekeeping We value your feedback- don't forget to complete your online session evaluations after each session & the Overall Conference Evaluation which will be available online from Thursday Visit the World of Solutions and Meet the Engineer Visit the Cisco Store to purchase your recommended readings Please switch off your mobile phones After the event dont forget to visit Cisco Live Virtual: www.ciscolivevirtual.com Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 3 Agenda Tomorrows world Setting the scene : Threats - overview & definitions Year in Review : recent & evolving threats Emerging threats : trends for 2012-2014 How do we respond ? Please raise your hand if you attended this session last year ? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 5 Agenda Tomorrows world Setting the scene : Threats - overview & definitions Year in Review : recent & evolving threats Emerging threats : trends for 2011 & 2012 How do we respond ? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 6 A mobile phone: 97% The Internet: 84% A car: 64% My current partner: 43%
Source: BITKOM Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V., 2010
I cannot imagine a life without
The Impact the Internet has on our Life % of the 14-29 year population
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 7 Local and remote collaboration are considered equal Collaboration Everywhere 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 8 We will be able to Do Work, Not Go To Work 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 9 Corporate Networks and offices will be different 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 10 Security policies need to be identity & context-centric 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 11 Privacy in 2020 = Privacy in 2010? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 12 The Extinction Timeline 2012: Fax machines 2014: Getting lost 2017: Wired Ethernet for end users 2018: Laptop (replaced by Thin Client) 2020: Copyright 2021: Dial tone 2027: Phone numbers 2030: Keys 2033: Coins 2045: Employment (personnel cloud mturk.com) 2049: Physical newspapers 2050: Office buildings
Source: rossdawsonblog.com/weblog/archives/2007/10/extinction_time.html and Cisco Innovation workshop, December 2010 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 13 Agenda Tomorrows world Setting the scene : Threats - overview & definitions Year in Review : recent & evolving threats Emerging threats : trends for 2011 & 2012 How do we respond ? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 14 What? Where? Why? What is a Threat? An indication or warning of probable trouble Where are Threats? Everywhere you can, and more importantly, cannot think of Why are there Threats? The almighty dollar (or euro) Political and nationalistic motivations Personal motivations 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 15 Criminal Specialization Driving More Sophisticated Attacks The Evolving Security Threats Web Ecosystem Becomes Number one Threat Vector Criminals Exploit Users Trust, Challenging Traditional Security Solutions Creative Methods (Business Models) Used to Attract Victims 15 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 16 Criminal MBA: Emulating Successful Businesses Market and business intelligence Customer acquisition and services Products and services Partnerships and affiliations Professional services
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 17 Cybercrime Business Cycle Group develops and tests custom malcode Custom malcode is made available for purchase Hosting environments are paid to host malicious code on sites that they control bulletproof servers Malcode downloaded to compromised devices by pay-per-install affiliates Malcode collects information to sell (multiple accounts, associations, IP, sensitive information) Bank Account credentials, identities, website admin credentials also for sale 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 18 Criminals #1 Tool: Botnets
Despite takedown and vacations, top Botnets reinvent and reshape (Waledac/Storm, Mariposa, Rustock, Coreflood)
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 19 Fast Flux and Double-flux C&C system is hidden Very low time to live (TTL) in DNS A Record Botnets are the new DNS servers Now double-flux with multiple disposable DNS servers per malicious domain
Source: www.honeynet.org 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 20 Criminal SaaS Offerings Expand Service dedicated to checking if a malware executable is detectable by AV engines: 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 21
Social Engineering: 7 Deadly Weaknesses 1. Sex Appeal its still the best seller 2. Greed - too good to be true 3. Vanity - you are special right? 4. Trust - Implied or transient 5. Sloth - dont check, its probably okay 6. Compassion - pleasedonations, lost, need help, any emergency, disaster. 7. Urgency - must act now, time is running out
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 22 The Exploitation of Trust: Cybercriminals Most Powerful Weapon Implied Trust: An individual, business or organizations that users are familiar with and implicitly trust: Email security updates form major vendors, their banks, government agencies, FedEx/UPS/DHL
Transient Trust: The six degrees of separation/Small World Experiment, chain of trust, friend of a friend, of a friendinherently flawed trust model used on social networks 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 23 Examples of Threats Targeted Hacking Vulnerability Exploitation Malware Outbreaks Economic Espionage Intellectual Property Theft or Loss Network Access Abuse Theft of IT Resources Denial of Service 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 24 Agenda Tomorrows world Setting the scene : Threats - overview & definitions Year in Review : recent & evolving threats Emerging threats : trends for 2012-2014 How do we respond ? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 25 Cisco 2009 Cybercrime ROI Matrix 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 26 Cisco 2010 Cybercrime ROI Matrix 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 27 Cisco 2011 Cybercrime ROI Matrix 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 28 A Day in the Life of a Money Mule I need a job! Recruited and passed to handler Handler provides mule instructions to open accounts Handler coordinates transfers from operators to mule Mule withdraws funds and send via transfer
Handler collects or other mules transfer again Mule is abandoned or arrested
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 29 Some 2011 Cyber Security Top Ten Industrial / SCADA network attacks : StuxNet / Duqu Targeted attacks : Sony, Lockheed Martin, AT&T Anonymous LulzSec Ivy League Academic Content turbo downloader DNSchanger Apple iPad Snoop Celebrity Hackerazzi Gucci
Increase in targeted attacks and Advanced Persistent Threats
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 30 Advanced Persistent Threats (APT) Advanced, persistent, and a threat This is not your script kiddies attack It is not you typical blended/combined attack What is your risk? Are you really vulnerable? Is it a real threat? What is the real impact? Black Swan? APTs will become more common, continue to evolve, increase in sophistication, automation and availability
Complex and sophisticated 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 31 Stuxnet Discovered in September 2010 The complexity of the software is very unusual for malware, and consists of attacks against three different systems: - The Windows operating system, - An industrial software application that runs on Windows - A Siemens programmable logic controller (PLC) & SCADA networks Similar Advanced Persistent Threats similar to Stuxnet have now been discovered : - DUQU Uses : Nuclear plants Utilities Manufacturing sites
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 32 Stuxnet: Advanced Persistent Threats Stuxnet is deliberately designed to spread to non-networked computers in order to eventually infect Step 7 project files. These files are used to program the PLC, which controls critical industrial processes. This diagram is an example of Stuxnet propagation in an industrial control facility. 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 33 Stuxnet C&C The malware communicates to the C&C server through http. A list of URLs is included in the Stuxnet configuration data of Stuxnet: - www.windowsupdate.com; - www.msn.com; - www.mypremierfutbol.com; - www.todaysfutbol.com The first two URLs are used to check that the system has connection to the Internet, while the third and the fourth are URLs of C&C servers. 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 34 Stuxnet geographical distribution 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 35 Stuxnet : some initial conclusions Highly sophisticated blended attack - Intelligence - Complex propagation mechanism - Identification mechanisms - Multiple platforms Highly specific - Industrial networks used for industrial espionage - Precisely identifies the systems it infects through a finger-printing process Highly targeted - Geographically - Politically ? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 36 Hactivists/Activists A community and social problem Rely on intimidation, not snitching, anonymity Motivated by political, social and religious agendas socially motivated, the Slashdot effect Technical aspects well understood: - LOIC: Low Orbit Ion Cannon - TCP, UDP, HTML packet flooding - Doesnt include anonymization The most common DoS is the self-inflicted/human error
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 37 Anonymous & affiliates 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 38 Sony breach May 2011 77 Million PlayStation users affected 24.5 Million Sony Online entertainment customers affected Hack consisted of a single SQL injection, hacking a database with passwords stored in text format ! Motivation : discredit Sony Attacker : LulzSec 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 39 Lockheed-Martin RSA attacked in March 2011 Phishing e-mails to RSA employees. Excel attachment exploited a backdoor in Adobe Flash, used to gain control of servers in RSA network. Attackers gained access to database of Token ID mappings to token seeds. Attackers used Remote VPN access to then break into Lockheed- Martin Network. Lockheed-Martin detected the attack and shut down the remote access servers to block attack.
2-stage attack, involving RSA Security breach 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 40 Gendarmerie Nationale Franaise December 2011 Malware from video streaming websites downloaded from advert link Exploited Java vulnerability Installed a Trojan Informed the user of illegal use of his computer / Internet access Blocked the computer until a fine had been paid Social engineering attack 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 41 Agenda Tomorrows world Setting the scene : Threats - overview & definitions Year in Review : recent & evolving threats Emerging threats : trends for 2012-2014 How do we respond ? Bill Gates We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 43 Trend 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 44 Trends 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 45 Market trends Trend # 1 : BYOD 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 47 Consumerization of unmanaged Devices More types of new devices being added to networks Diversity of OSs and Apps New network entrance and exit points More data in more places to be protected software glitches that need to be fixedare part of the 'new reality' of making complex cell phones in large volumes. Jim Balsillie, RIM CEO 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 48 BYOD : smartphones & tablets 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 49 Difficult to control and secure (1/3 of all workers are out of the office) Malware (Web: #1 attack vector) Vulnerability to the organization Data loss from lost or stolen devices Access control breach Policy compliance challenges THREATS BYOD Security Risks Employee-owned Mobile Devices Are Riskiest BYOD * is Riskiest Source: 2011 ISACA IT Risk/Reward Barometer, US Edition (www.isaca.org/risk-reward-barometer) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 50 Network Eng: How do I troubleshoot access problems? How do I separate device issues from network and policy issues? How do I ensure user experience? Applications Team: How do I ensure consistent App experiences on all devices? How do we troubleshoot App vs. Network vs. Device problems? How do we ensure Application interoperability?
Security Ops: How do I protect my network and data assets from unauthorized access, malware, attacks, DLP, device loss/theft, etc.? How do I implement multiple security policies per user, device, etc.? Compliance Ops: How do I ensure corporate compliance (SOX, HIPAA, etc.)? Network Ops: What devices are on my networks? Which users are using what devices? What apps are being accessed? What are the real-time app performance metrics? But, Is IT Ready for the BYOD Flood?
Endpoint Team: How and what do I support? How do I handle asset management?
Trend #2 : Cloud 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 52 The Cloud Definition: A style of computing where scalable and elastic IT capabilities are provided as a service to multiple customers using Internet technologies Cloud Service Models: Infrastructure as a Service (laaS) Physical hardware Platform as a Service (PaaS) IaaS, OS, and Applications Software as a Service (SaaS) Software Applications Deployment Models: Public Cloud Shared cloud infrastructure Private Cloud Exclusive cloud infrastruture Community Cloud Private cloud shared Hybrid Cloud Combination of cloud models 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 53 The Cloud Regulatory requirements HIPAA, PCI, SOX, etc Location and governing jurisdiction Outsourcing issues apply Confidentiality/Integrity/Availability Understand risks and have a BC/DR plan
Data Issues Abound 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 54 Source: http://blogs.zdnet.com/Hinchcliffe Pros & Cons Public Private Hybrid Community Deployment Models Service Delivery Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastucture as a Service (IaaS) Essential Characteristics On- Demand Self Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service Visual Model of NISTs Working Definition of Cloud Computing http://www.csrc.nist.gov/groups/SNS/cloud-computing/index.html C ommon implies multi-tenancy
L ocation-independent O nline U tility implies pay-for-use pricing D emand implies ~infinite, ~immediate, ~invisible scalability 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 55 Cloud Security Services Internet Email Web Secure Mobility 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 56 Securing Cloud Access Public Cloud Cloud Security Services Chris Hoff 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 57 Security Cloud Infrastructure Private Cloud Virtualized App Servers Securing Cloud Access Cloud Security Services Chris Hoff 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 58
Governing in the Cloud Governance & Enterprise Risk Management Legal & eDiscovery Compliance and Audit Data Life Cycle Management Portability & Interoperability
Operating in the Cloud Traditional Security Data Center Operations Incident Response Virtualization Identity & Access Management Application Security Encryption & Key Management CSA: Security Guidance for Critical Areas of Focus in Cloud Computing Cloud Computing Architectural Framework 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 59 Cloud Risk Domains IaaS SaaS PaaS ! Information Security ! Control & Compliance ! Availability & Performance ! IT & Business Readiness 1. Data Security Ownership 2. Identity Access Control 3. Insider Abuse & Privilege 4. Internet Threats 7. Availability 8. Monitoring 5. Compliance 6. Service Location 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 60 Cloud Requires Trust!
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 61 Cloud Security Alliance Trend #3 : Desktop Virtualization 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 63 Computing Architecture Choices Where is computation happening? A p p l i c a t i o n
O S
D e s k t o p
Virtual Desktop Streaming Hosted Virtual Desktop Application Streaming Hosted Virtual Application Client-Based Computing Server-Based Computing Synchronized Desktop Apps WinXP Display Protocol WinXP Display Protocol 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 64 Need for Security in VDI Enterprises expect security policy compliance. Compliance is typically achieved by using technologies such as 802 1.x based machine and user authentication, IPSec/SSL VPNs, certificate based authentication Moving to desktop virtualization creates an access layer in the data center that needs to be secured similar to the Campus access To enable BYOD in highly flexible hybrid deployments, versatile remote access solutions are required Antivirus solutions for VDI environment are required without impacting TCO Deep Packet Inspection in Data Center 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 65 Agenda Tomorrows world Setting the scene : Threats - overview & definitions Year in Review : recent & evolving threats Emerging threats : trends for 2012-2014 How do we respond ? 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 66 Security is a system Policy - Business-level Processes - Normal behavior Monitoring & Reporting Signature & Software updates - Abnormal behavior Attack handling Post-attack analysis Products - Integration / systematic People - Awareness & Education 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 67 Things You Can Do - Corp
Stick to the Basics: Defense in Depth, Risk Management, Incident Response, Logging/Monitoring Establish policy, procedures and processes and enforce them Use the existing technology to its full capabilities Protect in both direction: inbound and outbound Educate your users and staff Stay focused
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 68 Cyber Security Strategy Strategy, Policy and Procedures Security Architecture Risk Management Holistic Approach (Your) Best Practices Incident Response Awareness and Training Business Continuity\ Disaster Recovery
Top Down or Bottom Up? Goes both ways 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 69 Things You Can Do - Users Secure the browsers: www.us-cert.gov/reading_room/ securing_browser/ Manage Passwords with Available Tools Secure Your Mobile Devices and Users Establish Social Network Privacy Settings Avoid Free and Public Wi-Fi Connections
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 70 2012 actions for Enterprise Security 1. Assess the totality of your network 2. Re-evaluate your acceptable use policy and business code of conduct 3. Determine what data / assets must be protected 4. Know where your data is and understand how (if?) it is secured 5. Assess user education practices 6. Use egress monitoring 7. Prepare for BYOD, Cloud & Virtualization 8. Create an incident response plan 9. Implement security measures to compensate for lack of control over social networks 10. Monitor the dynamic risk landscape 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 71 Related sessions BRKSEC-2009 Securing Cloud Computing BRKSEC-2102 Securing Virtual Desktop Infrastructures BRKSEC-2103 Understanding federated identity BRKSEC-2345 Critical infrastructure protection BRKSEC-2253 Mapping Cisco Security solutions to ISO 27001
BRKSEC- 2001 Recommended Reading 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 73 Please complete your Session Survey Don't forget to complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
Surveys can be found on the Attendee Website at www.ciscolivelondon.com/onsite which can also be accessed through the screens at the Communication Stations
Or use the Cisco Live Mobile App to complete the surveys from your phone, download the app at www.ciscolivelondon.com/connect/mobile/app.html
We value your feedback http://m.cisco.com/mat/cleu12/ 1. Scan the QR code (Go to http://tinyurl.com/qrmelist for QR code reader software, alternatively type in the access URL above) 2. Download the app or access the mobile site 3. Log in to complete and submit the evaluations
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 74 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSEC-2001 75 Thank you.