hosted by 10 steps to secure messaging jim reavis, president reavis consulting group
TRANSCRIPT
![Page 1: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/1.jpg)
Hosted by
10 Steps to Secure Messaging
Jim Reavis, President Reavis Consulting Group
![Page 2: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/2.jpg)
Hosted by
Agenda
Risks of insecure messaging
Policy
Architecture
Innovative technologies & trends
10 Steps
Companion site: csoinformer.com/10steps
![Page 3: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/3.jpg)
Hosted by
Top Ten Reasons to Secure Messaging
10. Protect intellectual property sensitive to
your corporate mission
9. Avoid “angry” emoticons from your boss
8. Reduce risk of worms running rampant on
your network
7. Poor dating prospects at the unemployment
line
6. Increase user productivity
![Page 4: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/4.jpg)
Hosted by
Top Ten Reasons to Secure Messaging
5. “Sobig fatigue” not covered by workmen’s comp.
4. Securing communications with partners and customers creates new business opportunities.
3. Saying “ILOVEYOU” to the CEO is usually inappropriate outside of the annual Christmas party.
2. Reduce risk of legal liability.
1. Executive washrooms rock!
![Page 5: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/5.jpg)
Hosted by
About Reavis Consulting Group
Provide research and advisory services regarding
best practices and emerging security trends
Clients include Fortune 500 members, gov’t and
information security companies
Publish monthly CSOinformer newsletter
![Page 6: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/6.jpg)
Hosted by
Threats Viruses
Worms
Spam
Insiders/Covert
Channels
Idiot users who got
their job just
because they have
the same last name
as the CEO
IME-mail
AV Gateway
E-mail Server
Firewall
IM
Internal Hosts
Internet
![Page 7: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/7.jpg)
Hosted by
Risks
Data loss, theft & leakage
Compromised systems
Downtime/loss of productivity
Out of compliance with
regulations
Civil litigation
![Page 8: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/8.jpg)
Hosted by
Risk Management
Topic of the year at CISO/CSO gatherings
Definition: the systematic process of managing
an organization's risk exposures to achieve its
objectives in a manner consistent with public
interest, human safety, environmental factors
and the law.
Reduce risk & create opportunities.
![Page 9: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/9.jpg)
Hosted by
Risk Management
Risk Mgt Strategies
• Avoid
• Accept
• Transfer
• Mitigate
Risk Mgt Process
• Establish Risk Profile
• Establish Protection Profile
• Modify PP as RP changes Threat level “Orange”
New business venture
• ROSI
Risk = Value of the Asset X Severity of the Vulnerability X Likelihood of an Attack
![Page 10: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/10.jpg)
Hosted by
Policies
Legal due diligence (e.g. retention laws).
Communicate clearly.
• Acceptable & appropriate usages
• Clear definitions (e.g. what is proprietary)
• Provide examples (e.g. .EXE files prohibited, anything sent
to payroll processor must be encrypted)
Documented acceptance.
How do you attain ROSI with your policy?
![Page 11: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/11.jpg)
Hosted by
Architectural Principles
Proxy all connections
• Hidden messaging methods may be P2P.
Measurement capabilities
Layered Defense Systems
Best of Breed vs Integrated Suite?
Integrated team approach
• How is IT working against your goals?
![Page 12: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/12.jpg)
Hosted by
Architectural Principles
Granular rules control
• Ad hoc blocking of new threats
• Prevent auto-forwarding risks
Compartmentalize
• Improve incident response
• Provide limited service during crises
Redundancy
Education & Awareness
![Page 13: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/13.jpg)
Hosted by
Incident Response
Formalized CERT• Specialized messaging response team
Incident reporting
Response• Containment (unplug, router ACL filters, etc)
• Disinfect, Remediate, Rebuild
Notify external partners
Forensics, analysis, lessons learned
![Page 14: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/14.jpg)
Hosted by
Baseline & Measurement
Network traffic analysis
E-mail & IM logging
Identify dependencies
Trend analysis
Support policy revisions
Creating TCO metrics for budgeting
Don’t horde this information
![Page 15: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/15.jpg)
Hosted by
60%
27%
7% 7%
1 2 3 4
Hosted by
Who wrote the antivirus software used by Microsoft in DOS 6.22?
1.Dr. Solomon2.Central Point3.X-tree4.Microsoft
![Page 16: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/16.jpg)
Hosted by
Antivirus Strategy
Multiple AV tools• Desktop, Server, Email Gateway.
• Antivirus network appliances, Managed AV service.
• How many levels of AV provides ROSI?
Content Filtering (Day Zero defense)• Subject line.
• File attachment types.
Tactics outside of messaging control• Lockdown e-mail client.
• Keep patching virus targets.
![Page 17: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/17.jpg)
Hosted by
Antivirus scanning points
E-mail Client
AV Gateway
Internet
MSSP
SD
1
2
Bay Networks
10 BASE TTX
Ethernet 1
AUIRX
C1Advanced Remote Node
EthernetERRParPWA
OCIOAdapter 1RpsSmi
PCMCIAAdapter 2FailFail
STP UTPRCVE
NSRT
WTLT
Token Ring 2
COM 4 COM 5COM 3
BayStack
Network Layer AV Appliance
E-mail Server
![Page 18: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/18.jpg)
Hosted by
40%
20%
29%
12%
1 2 3 4
Hosted by
What is the Internet Engineering Task Force RFC for OpenPGP?
1.15422.802.1x3.24404.I was told there would be no tests
![Page 19: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/19.jpg)
Hosted by
E-mail encryption services
Virtually unbreakable, often unusable
Key to protecting information and reducing malicious threats
Issue: total cost of ownership (TCO) traditionally a burden
Hot trend: encryption proxy servers/e-mail firewalls
![Page 20: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/20.jpg)
Hosted by
E-mail encryption by proxy
Encryption Proxy
E-mail Server
Proxy manages keys
Encrypts messages
Gives recipient option of secured
SMTP message or Webmail
Webmail Server
Internet
![Page 21: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/21.jpg)
Hosted by
Instant Messaging
Embrace and extend
Proxy connections
Encrypt communications
Logging & Usage profiling
Block dangerous behaviors (file transfers, etc)
Gateway ROSI benefit: IM compatibility
![Page 22: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/22.jpg)
Hosted by
Instant Messaging
IM Proxy
Central configuration & administration
![Page 23: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/23.jpg)
Hosted by
Spam
Why is this a security issue?
Anti-spam approaches:• Keyword filtering
• Bayesian algorithm
• Blacklists/Whitelists
• Community voting
• Tagging vs. blocking
Multiple approaches often necessary.
ROSI Models.
![Page 24: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/24.jpg)
Hosted by
Awareness
Courseware• Reinforce policy
• Educate about threats
• Recognizing viruses
• Safe practices
• What to do, where to go for help
Regular internal AV newsletter
![Page 25: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/25.jpg)
Hosted by
To protect and to serve
IME-mail
AV Gateway
DepartmentalE-mail Servers
Firewall
IM
Internal Hosts
InternetEncryption Proxy
IM Proxy
MSSP
Content/Spam Filtering
Your boss
Network Layer AV Appliance
SD
1
2
Bay Networks
10 BASE TTX
Ethernet 1
AUIRX
C1Advanced Remote Node
EthernetERRParPWA
OCIOAdapter 1RpsSmi
PCMCIAAdapter 2FailFail
STP UTPRCVE
NSRT
WTLT
Token Ring 2
COM 4 COM 5COM 3
BayStack
![Page 26: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/26.jpg)
Hosted by
Summary – the 10 Steps
1. Enforceable policies
2. Architecture
3. CERT & Incident
Response Plan
4. Awareness program
5. Baseline & continuous
measurement system
6. Encryption
7. Proxy everything
8. Multiple layers of
virus/spam protection
9. “Best of Breed”
10. Take an integrated
approach
![Page 27: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/27.jpg)
Hosted by
46%
28%
20%
6%
1 2 3 4
Hosted by
According to IBM Research, in what year did
the first PC virus appear?
1.19842.19863.19884.The year Bill Gates was born
![Page 28: Hosted by 10 Steps to Secure Messaging Jim Reavis, President Reavis Consulting Group](https://reader035.vdocuments.mx/reader035/viewer/2022062321/56649f165503460f94c2c90e/html5/thumbnails/28.jpg)
Hosted by
Thank You!