Official Informal Briefing Minutes Tuesday, April 19, 2016 ...€¦ · computer without user...
Transcript of Official Informal Briefing Minutes Tuesday, April 19, 2016 ...€¦ · computer without user...
Official Informal Briefing Minutes
Tuesday, April 19, 2016 - 10:30 AM Present: Charlotte J. Nash, Jace Brooks, Lynette Howard, Tommy Hunter, John Heard
1. Information Technology Security Awareness Program Presentation
IT Director Abe Kani and Networks and Telecommunications Manager Tim Tullis presented information on cyber and network security and the County’s new Safety Awareness Program. No Official Action Taken.
INFORMATION TECHNOLOGY
Information Security Awareness Program
Agenda
What are Media saying?
Important Statistics
What is Cybersecurity?
Common Security Threats
Current Security Infrastructure
E-Mail System
Mobile Security Management
Ongoing Activities
Information Security Awareness Program
What are Media Saying?
80 Million Potentially Impacted By Anthem Security Breach February 5, 2015
What are Tracking Sites Saying?
• 200+ Million records (so far) in 2015
• Targets include all industries and geographies
• Healthcare shows a recent spike in breach activity
• Social engineering has replaced brute force hacking
• Victims include industry leaders with huge budgets
Important Statistics
According to a December 2010 analysis of U.S. spending plans, the federal government has allotted over $13 billion annually to cybersecurity over the next five years.
According to FBI, Ransomware is on the rise! Attackers are moving faster but defenses are not! The
top five zero-days of 2014 were actively used by attackers for 295 days before patches were available.
• A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware
There were more than 317 million new pieces of malware created in 2014, meaning nearly one million new threats were released.
Important Statistics
In 2014, the media reported a protocol vulnerability of SS7 by which hackers can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%.
In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.
Ever Changing Nature of Threats
"The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly..."
• - Adam Vincent, CTO-public sector at Layer 7 Technologies
What is Cybersecurity?
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
A threat is any potential or actual adverse event that can compromise the assets of an enterprise, including both malicious events, such as a denial-of-service (DoS) attack, and unplanned events, such as the failure of a storage device.
Ensuring cybersecurity requires coordinated efforts throughout an information system.
Elements of Cybersecurity
Application Security
The use of software, hardware, and procedural methods to protect applications from external threats.
• Security must be addressed during development as applications become more frequently accessible over networks and are vulnerable to a wide variety of threats.
• Actions taken to ensure application security are sometimes called countermeasures.
• An application firewall limits the execution of files or the handling of data by specific installed programs.
• A router can prevent the IP address of an individual computer from being directly visible on the Internet.
• Other countermeasures include conventional firewalls, encryption/decryption programs, anti-virus programs, spyware detection/removal programs and biometric authentication systems.
Elements of Cybersecurity
Network Security
The process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment. • A network security system typically relies on layers of protection and
consists of multiple components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network.
Elements of Cybersecurity
Disaster Recovery/Business Continuity Planning
A disaster recovery plan, sometimes referred to as a business process contingency plan, describes how an organization is to deal with potential disasters.
• Involves an analysis of business process and continuity needs and may also include a significant focus on disaster prevention.
• Consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions.
Elements of Cybersecurity
End-user Education Educating employees that they will be targeted, encouraging
them to be vigilant at all times, teaching employees what qualifies as sensitive data, how to identify and avoid threats, acceptable use policies and security policies.
• With the rise in cybercrime as well as the increase in the consumerization of IT, it is more
important than ever to fully educate employees about security attacks and protection.
• Due to the detrimental ramifications, it is vital that end users have a full understanding of the most common ways for threat actors to target them.
• It’s also crucial that end users understand their role and responsibilities in maintaining the organization's compliance with relevant regulations, such as PCI DSS for payment card data or HIPAA for health records.
• In short, educating the work force is critical and is a key requirement of information security standards such as ISO27001.
Common Security Threats
Malware - Short for “malicious software.” It is specifically designed to gain access or damage a computer without the knowledge of the owner. It comes in a variety of forms.
Adware - Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet.
Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Information gathered includes the Websites visited, browser and system information, and your computer IP address.
Common Security Threats
Virus (Worm) – A program or piece of code that is loaded onto your
computer without user knowledge. All computer viruses are man-made.
– Viruses can also replicate themselves. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.
– An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Common Security Threats
Trojan horse (Trojan) – A program in which malicious or harmful code is contained
inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as deleting, blocking, modifying, or copying data. They could disrupt the performance of computer or a network.
Common Security Threats
Phishing – The attempt to acquire sensitive information such as
usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
– Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and will capture and steal any information the user enters on the page.
Common Security Threats
Ransomware – Hackers exploit vulnerabilities to try and monetize. They
are not interested in exploiting specific sensitive data, but electronically confiscate it to interrupt access and extort payment.
– Computers can became infected when users open e-mail attachments that contain the malware.
– There has been an increasing number of incidents involving so-called “drive-by” ransomware. Users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window.
Common Security Threats
Ransomware (Continued) – There is a fairly new ransomware variant, called CryptoWall (and
CryptoWall 2.0, its newer version). This virus encrypts files on a computer’s hard drive and any external or shared drives to which the computer has access.
– It directs the user to a personalized victim ransom page that contains the initial ransom amount (anywhere from $200 to $5,000), detailed instructions about how to purchase Bitcoins, and typically a countdown clock to notify victims how much time they have before the ransom doubles.
– Victims are infected with CryptoWall by clicking on links in malicious e-mails that appear to be from legitimate businesses and through compromised advertisements on popular websites.
Security Landscape
Access Control and Video Surveillance
Managing varying devices
Insuring you are who you
say you are
Keeping the bad guys out and the good guys in
Application development
best practices
What if something does happen?
Think Security, Act
Securely
Physical Security
Gwinnett County Network Facilities
County Network Overview
Current Security Infrastructure
Our Capabilities
An integrated system-of-systems that offers a range of capabilities, including intrusion detection, analytics, intrusion prevention.
A technological foundation that enables ITS to secure and defend the County information technology infrastructure against advanced cyber threats.
Our Capabilities
Network Segmentation Firewalls Intrusion Prevention System Network Access Control System Antivirus Software Internet Filtering Spam and E-Mail Filtering Distributed Denial of Service (DDoS) Patch Management End-Point and Mobile Device Management Secure Cellular Connectivity
Network Segmentation
Email Security and SPAM
SPAM (or email SPAM) is also known as junk email or unsolicited email users receive from a wide range of sources from advertising to messages that contain disguised links that appear to be familiar websites, but in fact lead to virus downloads.
Spammers collect email addresses from websites, customer lists and other viruses.
Message Statistics: Last 30 days – 1,637,035 email messages received 444,571 classified as SPAM 113,588 Email Viruses Detected and Deleted
Email Security and SPAM
If suspect messages are received that were not requested by the user or if a message look suspicious, it should be deleted and reported to the Help Desk for blocking.
The Infrastructure Team manages appliances and Mail Security applications to protect messages and systems from the latest virus threats.
Email Security and SPAM
Email Security and SPAM
Password Expiration Policy
A password expiration policy is in place to protect end-user logon security.
This policy requires the user to change their logon password every 90 days and to include the below criteria:
• Cannot use the same last 10 passwords • Minimum password length 8 characters • Users will be locked out of their workstations and accounts after 5 invalid
logon attempts and will be required to contact the Help Desk for assistance
Complexity in creating the password includes the requirement to match 3 of the 4 below:
• Uppercase Characters (A-Z) • Lowercase Characters (a-z) • Base 10 Digits (0-9) • Non-Alphabetic Characters (! $ # %)
Users are not to provide to another user their password and to not have posted anywhere visible.
AntiVirus Endpoint Protection
AntiVirus security protects all end-user workstations and server systems from these virus threats
A virus can be introduced into the environment via multiple paths as: • Email • Downloads from malicious websites or valid websites that have been hacked • USB thumb drives and external drives • Downloads through personal email via Gmail and Yahoo
Currently under the protection of the AntiVirus application are the following systems • 5,000+ desktops and laptops • 650 server systems
These systems are updated every 2 hours with the latest virus information and monitored by the Infrastructure Team
INFORMATION TECHNOLOGY
Mobile Device Security
Securing Mobile Devices
Mobile devices are prized for increased productivity, flexibility and convenience.
Mobile devices and networks have become more sophisticated and ubiquitous.
They present significant challenges for IT administrators charged with managing organization’s data and networks and keeping them secure.
IT must take a long, hard look at the ways these devices access and store corporate data to ensure they don't pose a security risk.
Security experts are finding a growing number of viruses, worms, and Trojan horses that target mobile devices.
It's a matter of risk management to key business assets, processes and confidential information.
Centralize management of mobile devices. Maintain an inventory so that we know who's using what kinds of devices.
Mobile Data Management
MDM tools authenticate the user and apply the right Acceptable Use Policy (AUP).
– Which mobile device makes and models can be enrolled for business use? – What minimum requirements must they satisfy? – Which corporate networks, services, applications and data are they
permitted to access?
MDM tools can implement general mobile security best practices, including app whitelist and blacklist enforcement, by querying each device's hardware and software.
Pushing profiles over the air to devices to hide YouTube, FaceTime or other blacklisted apps.
Mobile Application Management
Relying on users to install and configure business or security apps is risky.
Establishing a platform with which to track app downloads, installation results and ongoing usage.
MAM tools help IT implement best practices by supporting over-the-air app installation and maintenance.
Enterprise application packages, profiles and associated data can be uploaded to an MAM tool and bound to user/device groups.
MAM tool takes responsibility for mapping each user/device to mandatory and optional apps, to be pushed during enrollment and whenever updates become available.
Ongoing Activities to Remain Vigilant
External Penetration Testing
Internal Vulnerability Assessments
Solid Data Back up and Restore
Enterprise Network Security Assessment
Internal Server and Desktop Assessment
INFORMATION TECHNOLOGY
Information Security
Awareness Program
Information Security Awareness Program
Each and every one of us has a part to play in securing our own corner of cyberspace, as well as every device, network, and account we use.
Employees are frequently exposed to sophisticated phishing and ransomware attacks.
More than ever, users are the weak link in network security.
Program Objectives – To keep IT users engaged – To shares information among employees to provide greater understanding of
cybersecurity – To maintain constant communication between IT and end users – To comply with regulatory requirements such as PCI
Program consists of:
– Quarterly themes – Newsletters/Posters – Coming soon presentations at various facilities
Information Technology Services