Dalibor Ratković[email protected]
03.11.2010. god.
Sigurnost IT resursa nove generacije
Slide 2
Agenda
• Današnja situacija na polju IT sigurnosti• Mehanizmi zaštite
• Praktična riješenja
• Pitanja i odgovori
• Demonstracija i pilot projekti kod korisnika
Slide 3
Rizici kojima ste izloženi
• Prekid poslovnih aktivnosti• Gubitak produktivnosti• Krađa informacija• Odgovornost za nastalu situaciju• Narušena reputacija i gubitak povjerenja kod
korisnika
Slide 4
Upravljanje procesom sigurnosti
• 99% organizacija je prijavilo incident iako su imali antivirusnu zaštitu i firewall sisteme
• Potrebno je izvršiti zaštitu od svih mogućih prijetnji
Slide 5
Kreatori čuvenih virusa
• Profil:– Muškarci– Između 14 i 34 godine– Bez djevojke– BEZ KOMERCIJALNOG INTERESA !!!!
Slide 6
Današnja realnost
• According to investigators, in 2003, a student of Balakov Institute of Engineering, Technology and Management, Ivan Maksakov, 22, developed a few knowbots and set up a network of hackers. The bots initiated DoS-attacks on the web-sites of bookmakers, which were accepting stakes in the Internet.
Slide 7
Organizovane kriminalne grupe
Slide 8
Phishing
• Andrew Schwarmkoff• Connection to the russian Mafia• Phishing of Creditcard-Numbers• „The Phisher-King“
Slide 9
Koliko je velika malware industrija?
The FBI claims financial loss from spyware and other computer-related crimes have cost U.S. businesses $62 Billion in 2005
26,150 unique phishing variations counted in August 2006 by the Anti-Phishing Working Group
Costs of goods and services in cybercrime forums:$1000 – $5000: Trojan program, which could steal online account information$ 500: Credit Card Number with PIN$80-$300: Change of billing data, including account number, billing
adress, Social Security number, home adress and birth date$150: Driver‘s licence$150: Birth certificate$100: Social Security Card$7 - $25: Credit card number with security code and expiration date.$7: Paypal account log-on and password
Slide 10
Threat Evolution to Crimeware
2001
Com
plex
ity
2003 2004 2005 2007
Crimeware
Spyware
SpamMass Mailers
IntelligentBotnets
Web BasedMalware Attacks
• Multi-Vector• Multi-
Component • Web
Polymorphic• Rapid Variants• Single
Instance• Single Target• Regional
Attacks• Silent, Hidden • Hard to Clean• Botnet
Enabled
VulnerabilitiesWorm/
Outbreaks
Slide 11
More Dangerous & Easier To Use
Packet Forging/ Spoofing
19901980
Password Guessing
Self Replicating Code
Password Cracking
Exploiting Known Vulnerabilities
Disabling Audits
Back Doors
Sweepers
Sniffers
Stealth DiagnosticsHigh
Low 2000
DDOS
Internet Worms
Technical Knowledge Required
Slide 12
Sadašnja Situacija
• 22,000 new malware samples per day, a network worm breakout and the sandbox-enabled antivirus
• Nearly 30,000 Malicious Web Sites Appear Each Day
Slide 13
Međunarodni standardi
• Financial Services RegulationsBasel II – GlobalGramm-Leach-Bliley Act (GLBA) – USPayment Card Industry (PCI) Security Standard –Global
• Industrijski standardiBS ISO/IEC 27002 Compliance - GlobalCobiT - GlobalData Protection Act (DPA) - UK
Slide 14
Metodologija zaštite u IP mrežama
Slide 15
Zaštita na klijentu/hostu na više nivoa
1025
??
445
135
115
80
Slide 16
Zaštita na Internet gateway na više nivoa
Slide 17
Dva nivoa zaštite two-tier
FIREWALL 1
FIREWALL 2
ISP 1
ISP 2
WEB ServerMail Server Internet Serveri
HA
L3 SWITC
H
L3 SWITC
H
INTRANET DMZ INTERNET
HA
Slide 18
RIješenja 1
• Firewall• IPS/IDS sitemi• Content Monitoring/Filtering• Antivirus na hostovima, mail box i na nivou
GW• Antispam zaštita• Endpoint security• WAF• SSL VPN
Slide 19
RIješenja 2
• Data Leakage Prevention• Encryption/PKI/Digital Certificates• Identity & Access Management (NAC)• Patch Management• Penetration Testing/Risk & Vulnerability
Assessment• Log and Event Management Platform• Database Security• IT Forensics
Slide 20
Partneri Telegroupa
Slide 21
Partneri
Slide 22
Content Monitoring/Filtering
• Kontrola Internet pristupa kao značajnog elementa u poslovanju
• Privatno korištenje Interneta narušava poslovne aplikacije– 30-40% saobraćaja ne koristi se u poslovne svrhe– P2P programi, Instat Messanger, Skype, Kaaza ...
• 30% od ukupnog broja zaposlenih šalju povjerljive informacije slučajno ili namjerno
Slide 23
Web Threats are Increasing
The Malware Landscape is slowly shifting to Web-based attacks (HTTP) and a collaboration of existing technologies is needed to combat the new wave of malware threats
WormsNo fundamental change, slow growth
WebThreatsHigh Volume and Growing
Slide 24
Blue Coat - kompletno rešenje
Public Internet
Internal Network
Port 80 traffic
Reporter Visual Policy Manager
Management Tools
Director
Authenticate
IM
ProxySG Streaming
P2P
ProxyAVWeb AV
Filtering
Slide 25
IPS/IDS riješenja
Slide 26
IPS/IDS riješenja
Slide 27
IPS/IDS riješenja
Slide 28
EndPoint Security
Know your environmentVulnerability assessment and network discovery
Manage Known Risk Through effective patch management
Manage Unknown ThreatsThrough white list based application control
Prevent data leakageWhite list based peripheral device managementSecure data in transit
Secure mobile devicesDisk encryption with boot protectionProtection for mobile devices
Slide 29
Lumension Device Control
Enables only authorized removable (peripheral) devices to connect to network, laptop, thin client, laptop and desktop
Reduces risk of data theft, data leakage and malware introduction via unauthorized removable media
Assures and proves compliance with the landslide of regulations governing privacy and accountability
Slide 30
Blue Coat Visibility
• PacketShaper– Install onto network (inline or out)– AutoDiscover & measure
• Classify– Find all applications on network– See hard to find -
P2P, Skype, YouTube, iTunes, Flash TV– Break down Enterprise applications
SAP, Citrix, Microsoft
• Measure– Utilization– Response times – 120+ stats
Slide 31
Top 10 and Response Times• Top 10 : Where Budget is Spent
– How much bandwidth is recreational – P2P, YouTube, FlashTV, iTunes, etc– What % goes to mission critical
• Response Times– Total Delay: per transaction, per app– Network Delay: time on network– Server Delay: Time spent by server
SAP Response Times Spiking
Cause: Spike in connection hitting server. Most connections ignored
Total Delay SAP Order Entry: 1220 ms
Network Delay: 340 ms
Server Delay: 880 ms
Slide 32
PacketShaper
• Visibility– All Applications– Real Time Voice MOS
• Granular QOS– Per App, User, Call– Intelligent MPLS– Real Time Optimization
• Compression– Diskless– 2x-4x Capacity Gain
32
Slide 33
Reference
• Telekom Srpske• Uprava za Indirektno oprezivanje, MUP RS• Klinički Centar• Univerzitet Apeiron, Slobomir Univerzitet, Statistički
zavod RS, HET• Vlada Brčko distrikta• VolksBanka, Komercijalna Banka• Nova Banka• Balkan Investment Banka• Pavlović Banka• Bobar Banka
Slide 34
Implementirano rješenje
Slide 35
Implementirano rješenje br. 2
Slide 36
Implementirano rješenje br. 2
Pitanja i odgovori!
TeleGroupMarije Bursać 8
78000 Banja Luka, Republika Srpska, BiH+387 51 321 000
http://www.telegroup-bih.com