Dalibor Ratkovićdalibor.ratkovic@telegroup.ba

TeleGroup

03.11.2010. god.

Sigurnost IT resursa nove generacije

Slide 2

Agenda

• Današnja situacija na polju IT sigurnosti

• Mehanizmi zaštite

• Praktična riješenja

• Pitanja i odgovori

• Demonstracija i pilot projekti kod korisnika

Slide 3

Rizici kojima ste izloženi

• Prekid poslovnih aktivnosti

• Gubitak produktivnosti

• Krađa informacija

• Odgovornost za nastalu situaciju

• Narušena reputacija i gubitak povjerenja kod korisnika

Slide 4

Upravljanje procesom sigurnosti

• 99% organizacija je prijavilo incident iako su imali antivirusnu zaštitu i firewall sisteme

• Potrebno je izvršiti zaštitu od svih mogućih prijetnji

Slide 5

Kreatori čuvenih virusa

• Profil:– Muškarci

– Između 14 i 34 godine

– Bez djevojke

– BEZ KOMERCIJALNOG INTERESA !!!!

Slide 6

Današnja realnost

• According to investigators, in 2003, a student of Balakov Institute of Engineering, Technology and Management, Ivan Maksakov, 22, developed a few knowbots and set up a network of hackers. The bots initiated DoS-attacks on the web-sites of bookmakers, which were accepting stakes in the Internet.

Slide 7

Organizovane kriminalne grupe

Slide 8

Phishing

• Andrew Schwarmkoff

• Connection to the russian Mafia

• Phishing of Creditcard-Numbers

• „The Phisher-King“

Slide 9

Koliko je velika malware industrija?

The FBI claims financial loss from spyware and other computer-related crimes have cost U.S. businesses $62 Billion in 2005

26,150 unique phishing variations counted in August 2006 by the Anti-Phishing Working Group

Costs of goods and services in cybercrime forums:$1000 – $5000: Trojan program, which could steal online account

information$ 500: Credit Card Number with PIN$80-$300: Change of billing data, including account number, billing

adress, Social Security number, home adress and birth date$150: Driver‘s licence$150: Birth certificate$100: Social Security Card$7 - $25: Credit card number with security code and expiration date.$7: Paypal account log-on and password

Slide 10

Threat Evolution to Crimeware

2001

Co

mp

lexi

ty

2003 2004 2005 2007

Crimeware

Spyware

SpamMass Mailers

IntelligentBotnets

Web BasedMalware Attacks

• Multi-Vector

• Multi-Component

• Web Polymorphic

• Rapid Variants

• Single Instance

• Single Target

• Regional Attacks

• Silent, Hidden

• Hard to Clean

• Botnet Enabled

VulnerabilitiesWorm/

Outbreaks

Slide 11

More Dangerous & Easier To Use

Packet Forging/ Spoofing

19901980

Password Guessing

Self Replicating Code

Password Cracking

Exploiting Known Vulnerabilities

Disabling Audits

Back Doors

Sweepers

Sniffers

Stealth DiagnosticsHigh

Low 2000

DDOS

Internet Worms

Technical Knowledge Required

Slide 12

Sadašnja Situacija

• 22,000 new malware samples per day, a network worm breakout and the sandbox-enabled antivirus

• Nearly 30,000 Malicious Web Sites Appear Each Day

Slide 13

Međunarodni standardi

• Financial Services Regulations

Basel II – Global

Gramm-Leach-Bliley Act (GLBA) – US

Payment Card Industry (PCI) Security Standard – Global

• Industrijski standardi

BS ISO/IEC 27002 Compliance - Global

CobiT - Global

Data Protection Act (DPA) - UK

Slide 14

Metodologija zaštite u IP mrežama

Slide 15

Zaštita na klijentu/hostu na više nivoa

1025

??

445

135

115

80

Slide 16

Zaštita na Internet gateway na više nivoa

Slide 17

Dva nivoa zaštite two-tier

FIREWALL 1

FIREWALL 2

ISP 1

ISP 2

WEB ServerMail Server Internet Serveri

HA

L3 SWITC

H

L3 SWITC

H

INTRANET DMZ INTERNET

HA

Slide 18

RIješenja 1

• Firewall

• IPS/IDS sitemi

• Content Monitoring/Filtering

• Antivirus na hostovima, mail box i na nivou GW

• Antispam zaštita

• Endpoint security

• WAF

• SSL VPN

Slide 19

RIješenja 2

• Data Leakage Prevention

• Encryption/PKI/Digital Certificates

• Identity & Access Management (NAC)

• Patch Management

• Penetration Testing/Risk & Vulnerability Assessment

• Log and Event Management Platform

• Database Security

• IT Forensics

Slide 20

Partneri Telegroupa

Slide 21

Partneri

Slide 22

Content Monitoring/Filtering

• Kontrola Internet pristupa kao značajnog elementa u poslovanju

• Privatno korištenje Interneta narušava poslovne aplikacije– 30-40% saobraćaja ne koristi se u poslovne svrhe

– P2P programi, Instat Messanger, Skype, Kaaza ...

• 30% od ukupnog broja zaposlenih šalju povjerljive informacije slučajno ili namjerno

Slide 23

Web Threats are Increasing

The Malware Landscape is slowly shifting to Web-based attacks (HTTP) and a collaboration of existing technologies is needed to combat the new wave of malware threats

WormsNo fundamental change, slow growth

WebThreatsHigh Volume and Growing

Slide 24

Blue Coat - kompletno rešenje

Public Internet

Internal Network

Port 80 traffic

Reporter Visual Policy Manager

Management Tools

Director

Authenticate

IM

ProxySGStreaming

P2P

ProxyAVWeb AV

Filtering

Slide 25

IPS/IDS riješenja

Slide 26

IPS/IDS riješenja

Slide 27

IPS/IDS riješenja

Slide 28

EndPoint Security

Know your environment Vulnerability assessment and network discovery

Manage Known Risk Through effective patch management

Manage Unknown Threats Through white list based application control

Prevent data leakage White list based peripheral device management Secure data in transit

Secure mobile devices Disk encryption with boot protection Protection for mobile devices

Slide 29

Lumension Device Control

Enables only authorized removable (peripheral) devices to connect to network, laptop, thin client, laptop and desktop

Reduces risk of data theft, data leakage and malware introduction via unauthorized removable media

Assures and proves compliance with the landslide of regulations governing privacy and accountability

Slide 30

Blue Coat Visibility

• PacketShaper– Install onto network (inline or out)

– AutoDiscover & measure

• Classify– Find all applications on network

– See hard to find - P2P, Skype, YouTube, iTunes, Flash TV

– Break down Enterprise applications SAP, Citrix, Microsoft

• Measure– Utilization

– Response times

– 120+ stats

Slide 31

Top 10 and Response Times

• Top 10 : Where Budget is Spent– How much bandwidth is recreational

– P2P, YouTube, FlashTV, iTunes, etc

– What % goes to mission critical

• Response Times– Total Delay: per transaction, per app

– Network Delay: time on network

– Server Delay: Time spent by serverSAP Response Times

SpikingSAP Response Times

Spiking

Cause: Spike in connection hitting server.

Most connections ignored

Cause: Spike in connection hitting server.

Most connections ignored

Slide 32

PacketShaper

• Visibility

– All Applications

– Real Time Voice MOS

• Granular QOS

– Per App, User, Call

– Intelligent MPLS

– Real Time Optimization

• Compression

– Diskless

– 2x-4x Capacity Gain

32

Slide 33

Reference

• Telekom Srpske

• Uprava za Indirektno oprezivanje, MUP RS

• Klinički Centar

• Univerzitet Apeiron, Slobomir Univerzitet, Statistički zavod RS, HET

• Vlada Brčko distrikta

• VolksBanka, Komercijalna Banka

• Nova Banka

• Balkan Investment Banka

• Pavlović Banka

• Bobar Banka

Slide 34

Implementirano rješenje

Slide 35

Implementirano rješenje br. 2

Slide 36

Implementirano rješenje br. 2

Pitanja i odgovori!

TeleGroupMarije Bursać 8

78000 Banja Luka, Republika Srpska, BiH+387 51 321 000

http://www.telegroup-bih.com