ETPG6 – Five Low-Cost Security Takeaways
8/21 (Thursday) @ 3:30pm – Governor’s Ballroom CD Presented by Jerry Askew, Eric Richards & Kevin Svec
August 21, 2014 - 3:30pm – 4:30pm Governer’s Ballroom CD
Thank you for being here today
Presenters:
Jerry Askew, Eric Richards &
Kevin Svec Five Low-Cost Security Takeaways
Five Low-Cost Security Takeaways
With security being such a
fundamental aspect of businesses
survival, it’s often forgotten that
there are solutions available for
minimal cost, that can offer a
great deal of benefit to your
organization.
KeePass Password Management Database
Why use a Password Management Database
• Keep track of site registrations / when registered
• Generate truly secure passwords
• Use different passwords for each site
• Store “Answers” to secret questions
• Store key material, certificates, etc.
KeePass Password Management Database
Why use KeePass
• Open Source – offers auditing opportunity
• Multiplatform – Windows, Linux, Android
• High Quality Application
KeePass Password Management Database
KeePass Features
• Local Storage with Synchronization capability
• Multiple Export Options
• Auto-type with window recognition and macros
• Full text search
• File Attachments – for key material, certs, etc.
KeePass Password Management Database
Usage Tips
• Choose a strong master password or passphrase
• Not used anywhere else
• Back up frequently
• Key file can be used to supplement password
• Today’s advanced attacks require more behavior-based analysis • Detection abnormal user account activity • Notification on escalation of privilege • Detection of configuration changes on devices • Unexplained process or file changes
• Forensics
• Quickly determining the extent of a compromise • Lateral movement of attackers on the network • Activity associated with compromised accounts
• Adhering to Security Frameworks or meeting compliance objectives
• HIPAA • SOX • GLBA • Etc.
The Case for Log Correlation and Analysis
• Server runs on Windows, and most Linux distros • Software installation is very simple • Small deployments run easily on a single virtual machine • Clients can send logs, text, or performance information
using a variety of protocols and input methods • Splunk offers a software “Universal Forwarder agent that
runs on Windows and Linux machines • Splunk Apps and Add-ons extend the functionality of the
base product • The free version can index (collect) up to 500mb per day
Log Management - Splunk
Splunk allows you to aggregate, search, and visualize machine data
Splunk – Security and Compliance Apps Over 180 security and compliance-related apps available for security Cisco, Microsoft, F5, Bluecoat, OSSEC, Juniper, Palo Alto, and many others.
Free App for IP Reputation Leverages Project Honey Pot Threat Intelligence Database
Splunk – Apps
• Splunk App for Enterprise Security • Facilitate investigations • Asset Investigator • Threat Indicators • Alerting
TrueCrypt Open Source Full Disk Encryption
TrueCrypt On The Fly Full Disk Encryption (OTF FDE)
• Widely used and regarded as secure
• Original developers have stepped away as of May 28th
Despite the dramatic announcement:
• Independent audit is continuing
• Broad interest in continuing development
• Truecrypt.ch
• Watch Gibson Research
• www.grc.com/misc/truecrypt/truecrypt.htm
Asset Management – Lansweeper
• Most IT security-related efforts require a continuous inventory of what you are attempting to protect
• Ensure systems remain compliant with standard configurations
• Need a system of record with good intake and retirement process to reconcile other systems
• Detect theft and configuration changes
Why Invest Resources In Asset Management?
Asset Management – Lansweeper
• Runs on Windows XP SP3 to Windows Server 2012 • Requires .NET Framework 4 • SQL database is required • 10 minute installation / configuration • Price - $995 for one server and unlimited hosts • Agentless scanning
What is Lansweeper Network Inventory?
Lansweeper – Data Input via Discovery • Automated Discovery of all types of network devices using
• Windows Credentials • Active Directory Domains • SSH Credentials • SNMP • Others
Asset Management – Lansweeper
Sampling of Built-In Reports: • New devices discovered • All workstations/servers without anti-virus • Automatic startup services currently stopped • Shared folders (visible and hidden) • Configuration changes • Unauthorized administrators Custom Reports: • Missing a software packages • Computer uptime reports • Uncategorized systems
• Application Policies
• Access Policies (Vendor Access)
• Social Engineering (Training the End-Users)
• Risk Assesments
Policies and Procedures Something Every Company Should Do
Security isn’t just about software:
Resources
• KeePass Password Database: http://www.keepass.info/
• Lansweeper Network Inventory Installer File: http://lansweeper.com/getfile50.aspx • Lansweeper Documentation: http://www.lansweeper.com/documentation.pdf
• Splunk Download: http://www.splunk.com/download • Splunk Documentation: http://docs.splunk.com/Documentation/Splunk • Splunk Search Commands Cheat Sheet:
http://docs.splunk.com/images/a/a3/Splunk_4.x_cheatsheet.pdf • Splunk Apps for Security and Compliance:
http://apps.splunk.com/apps/#/category/security_compliance
• TrueCrypt on Wikipedia: http://www.keepass.info/
• Partnering for Cyber Resilience - http://www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf
• SANS Critical Security Controls - http://www.sans.org/critical-security-controls