STAFF SYMPOSIUM - IT TRACK
STAFF SYMPOSIUM SERIESINFORMATION TECHNOLOGY TRACK FACILITATORS
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 1
Carl Brooks System Manager - Detroit, MIChapter 13 Standing Trustee – Tammy L. Terry
William Drake System Manager – Ruskin, FLChapter 13 Standing Trustee – Kelly Remick
Scot Turner System Manager – Las Vegas, NVChapter 13 Standing Trustee – Rick Yarnall
Tom O’Hern Program Manager, ICF International, Baltimore, MDSTACS - Standing Trustee Alliance for Computer Security
STAFF SYMPOSIUM - IT TRACK
Information Systems Managers
Endpoint Management
Carl W. BrooksManager of Information Systems
Regional Staff Symposium - IT TrackApril 14and 15, 2016
Atlanta, GA
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 – ENDPOINT MANAGEMENT 3
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 4
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 5
ENIAC was designed and built for the United States Army to calculate artillery firing tables. However, it was ENIAC’s power and general-purpose programmability that excited the public’s imagination. When it was announced in 1946, ENIAC was referred to in the media as a “giant brain.”
ENIAC weighed 30 tons and covered an area of about 1,800 square feet. In contrast, a current smartphone weighs a few ounces and is small enough to slip into a pocket.
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 6
Internet-capable, TCP/IP network-capable Hardware
Endpoint Devices
Tablets Thin clientsVirtual Machines
ServerDesktop Laptops Smart phones
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 7
STAFF SYMPOSIUM - IT TRACK
Endpoint Security
In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 8
webopedia.com
STAFF SYMPOSIUM - IT TRACK
Endpoint Management
Asset Control
Security
Software Updates
Document
Communicate
Redundancy
4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 9
STAFF SYMPOSIUM - IT TRACK
Asset Control
Eliminate “ghost” assets
Conduct physical asset inventories
Tag assets appropriately
Use the right labels for the job
Select the right asset inventory software
4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 10
STAFF SYMPOSIUM - IT TRACK
Inventory Software
Snipe-IT◦ www.snipeitapp.com
PDQ Inventory◦ www.adminarsenal.com
Open AudIT◦ www.open-audit.org
Spiceworks◦ www.spiceworks.com
4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 11
STAFF SYMPOSIUM - IT TRACK
Asset Disposal
Repurpose or Dispose
Wipe Data
Removing Tags
Removing from Inventory
Removing from Premises◦ Charity Organization
◦ Recycle
◦ Destroy \ Shred
◦ Buy Back
4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 12
STAFF SYMPOSIUM IT TRACK
• Physical Security
• Patch management
• Anti-virus, SPAM,
Malware
• Browser Plugins
• Window/Desktop
firewall
• Risk/vulnerability
assessment
• Security policy
management
• Endpoint Loss and
Recovery
Endpoint Security
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 13
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 14
STAFF SYMPOSIUM - IT TRACK
Support Strategies
Trustee and staff ◦ In Office
◦At Court
◦At Home
◦On the Road
3rd Party Support\vendors
Debtors\Trainees
Visitors and Auditors
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 15
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 16
Strategies for supporting auditors and visitors ◦ Access to network for Internet, printing,
Case data
◦ File transfer electronic files
◦ Credentialed access to network computer, case management software, ECF/PACER, Wi-Fi/Internet
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 17
Using Computers (Dos and the Don’ts)
Personal device uses
Access to email
USB charging, connections to Trustee Equipment
Access to Wi-Fi, LAN, VPN, Internet
Two-Factor authentication
Security Considerations
STAFF SYMPOSIUM - IT TRACK
The Weakest Link: People
A leakage can be avoided if the person involved can have better knowledge in data protection.
Users are recommended to develop information security mindset, build and reinforce good practice through regular updates of information security awareness.
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 18
STAFF SYMPOSIUM - IT TRACK
Computer/Data Usage: Risk
Loss of data
Compromise security policies
Misuse of data
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 19
STAFF SYMPOSIUM - IT TRACK
Computer/Data Usage: Dos
Be accountable for IT assets and data
Adhere to Policy on Use of IT Resources
Use good judgment to protect data
Protect your laptop during trip
Ensure sensitive information is not visible to others
Protect your user ID and password
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 20
STAFF SYMPOSIUM - IT TRACK
Computer/Data Usage: Don’ts
Don’t store sensitive information in portable device without strong encryption
Don’t leave your computer / sensitive documents unlocked
Don’t discuss something sensitive in public place. People around you may be listening to your conversation
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 21
STAFF SYMPOSIUM - IT TRACK
Surfing the Web: Risk
Virus
Worms
Trojan
Spyware
Malware
Ramsonware
Remote Control
Fake “Official Looking” Popups
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 22
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 23
Surfing the Web: Dos
Validate the website you are accessing
Install personal Firewall
Be cautious if you are asked for personal information
Use encryption to protect sensitive data transmitted over public networks and the Internet
Install anti-virus, perform scheduled virus scanning and keep virus signature up-to-date
Apply security patching timely
Backup your system and data, and store it securely
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 24
Surfing the Web: Don’ts
Don't download data from doubtful sources
Don't visit untrustworthy sites out of curiosity, or access the URLs provided in those websites
Don't use illegal software and programs
Don't download programs without permission of the copyright owner or licensee (e.g. Torrent software)
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 25
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 26
Email: Dos
Do scan all email attachments for viruses before opening them
Use email filtering software
Only give your email address to people you know
Use PGP or digital certificate to encrypt emails which contain confidential information; staff can use confidential email
Use digital signature to send emails for proving who you are
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 27
Email: Don’ts
Don't open email attachments from unknown sources
Don't send mail bomb, forward or reply to junk email or hoax messages
Don’t click on links embedded in spam mails
Don’t click on links in mails when not expecting a link from known parties
Don’t buy things or login from links
STAFF SYMPOSIUM - IT TRACK
Training your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 28
https://securityiq.infosecinstitute.com
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 29
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 30
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 31
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 32
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 33
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 34
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 35
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 36
STAFF SYMPOSIUM - IT TRACK
Phishing your Users
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 37
STAFF SYMPOSIUM - IT TRACK
What are the Threats?
Plain Old Deception: Phishing
Brute-Force: Password Guessing
Web Browser Vulnerabilities
USB Drive Attack Vector
Outdated Software\Drivers
Outdated Firmware
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 38
STAFF SYMPOSIUM - IT TRACK
How to Secure Endpoints
BIOS or Pins at bootup
Encryption – Disk, Device, Data
Disclaimers, Right to Use, Login consent to use/monitoring/no rights
Patch the system regularly
Install security software (e.g. web filtering, anti-Virus, anti-Spam, anti-Spyware, personal firewall etc.)
Beware of P2P software
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 39
STAFF SYMPOSIUM IT TRACK
Hardest to Destroy Well Known Infections
Firmware-based Malware
Persistent Malware
Ransomware
Rootkit Malware
Storm Worm
Leap-A/Oompa-A
Sasser and Netsky
MyDoom
I LOVE YOU
Nimda
Code Red and Code Red II
The Klez Virus
Melissa
Endpoint Security: Malware Protection
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 40
STAFF SYMPOSIUM - IT TRACK
Malware Solutions
Kaspersky Endpoint Security for Biz
http://usa.kaspersky.com
Malwarebytes for Business
www.malwarebytes.org/business
Symantec Endpoint Protection
www.symantec.com
Fortinet Endpoint Protection
www.fortinet.com
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 41
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 42
Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume.
STAFF SYMPOSIUM - IT TRACK
Disk Encryption
Device deployment
Product management
Compatibility
Authentication service integration
Key recovery
Brute force mitigation
Cryptography
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 43
STAFF SYMPOSIUM - IT TRACK
Disk Encryption
Symantec Endpoint Encryption
Check Point Full Disk Encryption
Dell Data Protection Encryption
McAfee Complete Data Protection
Sophos SafeGuard
DiskCryptor
Apple FileVault 2
Microsoft BitLocker
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 44
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 45
Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.
Kevin Mitnick
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 46
If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch you might be leaving the door open for malware to come in. Malware exploits flaws in a system in order to do its work.
STAFF SYMPOSIUM - IT TRACK
Patch Management
Operating System Patches
Office Software
Browsers (I.E., Chrome, Firefox, etc.)
3rd Party Software◦ Adobe Acrobat (PDF)
◦ Adobe Flash
◦ Oracle Java
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 47
STAFF SYMPOSIUM - IT TRACK
Patch Management
Know your network
Scan and assess
Reply on a single source for patches
Have an “undo button” for patches
Support a good user and administratorexperience
Stay organized
Right-size
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 48
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 49
Patch Management
GFI LanGuardwww.gfi.com
Shavlik Patchwww.shavlik.com
Solarwinds Patchwww.solarwinds.com
ManageEnginewww.manageengine.com
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 50
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems
Risk Assessment
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 51
The Microsoft Baseline Security Analyzer
OpenVas.org (Linux)
Tripwire SecureCheqwww.tripwire.com
Retina CS Communitywww.beyondtrust.com
NexPosewww.rapid7.com
Risk Assessment
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 52
Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management.
STAFF SYMPOSIUM - IT TRACK
Network Monitoring
Network Mapping
Device Health Monitoring
Network Traffic Analysis
Flexible Alerting
Wireless Network Monitoring
Automatic Device Discovery
Reporting
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 53
STAFF SYMPOSIUM - IT TRACK
Network Monitoring
PRTG
SolarWinds® NPM
Nagios Core
Wireshark
Cacti
ntopng
Zabbix
NMAP
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 54
STAFF SYMPOSIUM - IT TRACK
Endpoint Solution Types
Standalone Clients vs Centralized Console
Internal Product vs External Cloud Product
Server Based vs Appliance Based
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 55
STAFF SYMPOSIUM - IT TRACK
Backup Strategies
Data on endpoints
OS/firmware
Settings and configuration
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 56
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 57
Policy and Procedures (Where and How?)
• Trustee Smartphone, Tablet, Laptop
• Court tablets and laptops
Backup Strategies
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 58
• Local sync vs Cloud Sync • To use or not to use:
• iCloud, • iTunes, • One Drive• Google Drive• Dropbox
Backup Strategies
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 59
Backup Strategies and Products• Deep Freeze – Tool to
reset back to default state after reboot
• Macrium Reflect (freeware) – system imaging
• Acronis (freeware) –system imaging
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 60
Faronics Deep Freeze
STAFF SYMPOSIUM - IT TRACK
Macrium Reflect Free
Disk cloning and imaging solution for free.
Backup to local, network and USB drives as well as burning to all DVD formats.
This version is for non-commercial home use.
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 61
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 62
STAFF SYMPOSIUM - IT TRACK
• Find my iPhone (Apple)
• Android Device manager -Google Play (Android)
• MaaS360 by IBM
• Lo-jack for laptops (Windows)
Lost Recovery Resources
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 63
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 64
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 65
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 66
STAFF SYMPOSIUM IT TRACK
MaaS360 by IBM
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 67
http://www.spiceworks.com/free-mobile-device-management-mdm-software
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 68
• Intrusive vs non-intrusive remote access• Cloud/Agent based remote access (maybe
bad)• Backdoor into network • Excessive access through agent features
and capabilities• Access control of remote vendor (enable,
disable, terminate)• Who has access? (Local IT person, Cloud
vendor, Case Management Vendor)• Using two factor authentication
Remote Management Issues
STAFF SYMPOSIUM - IT TRACK
Remote Management
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 69
STAFF SYMPOSIUM - IT TRACK
Remote Management
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 70
STAFF SYMPOSIUM - IT TRACK
Remote Management
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 71
STAFF SYMPOSIUM IT TRACK
Hardware Vitals◦ Brand
◦ Model
◦ Serial #
◦ Warranty
◦ Asset Tags
◦ Maintenance Terms
◦ Location
◦ Assigned User
Important IT Contact Information
Software◦ Keys
◦ Maintenance Terms
◦ Device Installed On
Passwords for sites, hardware, etc.
Device Settings
Disaster Plan
Policies
Procedures
Training Material
Document IT Essentials
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 72
STAFF SYMPOSIUM IT TRACK
Provide Policies and Procedures
Announce Policies and Procedures Changes
Announce Training Objectives\Results
Provide Encrypted IT Essentials and Password to Trustee
Quick Report of Problems\Resolutions
Update Cycles\Reboot
Inventory Changes
Communicate Important Item
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 73
STAFF SYMPOSIUM IT TRACK
Multiple Backup Methods
Multiple Security Points (Firewall, network, devices)
Multiple IT Reporting\monitoring
Documents: Hardcopy & Digital
Live Training, Webinar, Email Tips
Guard against inbound & outbound threats
Two Factor / Multiple Password for access
IT Redundancy
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 74
STAFF SYMPOSIUM - IT TRACK
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 75
STAFF SYMPOSIUM IT TRACK
Remote Control
File Transfer
Help Desk Chat
Computer Settings Environment Variables
Virtual Memory
User Account Control
Time
Automatic Logon
Shared Resources
Automatic Priorities
Computer Management File Manager
User Manager
Event Viewer
Services
Processes
Drivers
Registry Editor
Command Prompt
Reboot
Monitor Host Screen
Update GPO
Dell Expert Assist (Desktop Authority)
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 76
STAFF SYMPOSIUM IT TRACK
Server Functions FTP Configuration
FTP Status
FTP Statistics
Port Forwarding Config
Port Forwarding Status
Active Directory
Scheduling & Alerts System Monitoring
Email Alerts
Task Scheduler
Scripts
Performance Monitoring CPU Load
Memory Load
Disk Space
Drive & Partition Info
Open TCP/IP Ports
Network
PCI Information
Open Files
Registry Keys In Use
DLLs In Use
EA Connections
Telnet Connections
Installed Applications
Dell ExpertAssist
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 77
STAFF SYMPOSIUM IT TRACK
Security◦ Access Control
◦ IP Address Lockout
◦ IP Filtering
◦ EA Logs
◦ User Management Log
◦ SSL Setup
◦ Windows Password
Preferences◦ Appearance
◦ Network
◦ Colors
◦ Log Settings
◦ ODBC messages
◦ Remote Control
◦ Telnet Server
Dell ExpertAssist
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 78
STAFF SYMPOSIUM IT TRACK
Spiceworks
Desktop Authority
Malwarebytes for Business
Symantec Endpoint Protect
Barracuda Web Filter 310
Barracuda - Spam & Virus Firewall 300
Some of the Security Tools I use
4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 79