Post on 22-Feb-2016
description
THANKS FOR RECOVERING…NOW I CAN HACK YOU
Charles Greene, CISSP, GSLC
Speaker Bio• Senior Information Security Architect
• I&AM Team Lead, DR Team Lead
• Bachelor's Degree in Information Systems from Virginia Commonwealth University
• Master's Degree in Disaster Sciences from the University of Richmond
• CISSP, GIAC Security Leadership Certification
• SANS Mentor - MGT-512 Security Leadership Essentials and MGT-432 Information Security for Business Managers
• GIAC Advisory Board
Leading Questions…How many of your organizations perform annual Disaster Recovery Tests?
How many of you are Information Security Professionals?
How many Information Security Professionals play an active part in Disaster Recovery Tests?
Why?
Why Not?
Disaster Recovery Journal, Winter 2013 Vol.26, Num.1
Agenda
Disaster Recovery Test Scenario DR Test Security Vector Identification Other Considerations
Open and Interactive DialogueThoughts About DR TestingUltimate Goal of Enhancing DR Test Plans
Background ScenarioDR ASSIGNMENT
Operations System Architects Management Security
DR Lead – RTO/RPO Sys Admin – RECOVERY Sec Admin - Security
DR RESPONSIBILITIES
In this scenario, the DR tasks were assigned to Systems/Network Management. The DR teams were comprised of Systems and Network Administrators and the Security Administrators had no role in DR planning or exercises.
What Happened?
Planning Focus on Recovery Developed and Reviewed
by Systems Administrators
Test Planning for RTO/RPO
What Happened?
Test Execution
Going as Planned Ah Ha Moment Vendor Response
What Happened?
Mitigation
Security Realization Identify DR Vectors of
Attack Plan Updates
Vector Identification Local Switch
Infrastructure
Vector Identification Local Switch
Infrastructure Who controls the switch
configurations?
Can you verify the configs?
Who has physical access to the switches?
Vector Identification Firewall
Configurations When is the FW
recovered?
What does it protect?
Is it complete?
Vector Identification System
Administrator Devices
Is there corporate data on the laptop?
Will this device connect to the DR network?
Create a Device Use Policy
Vector Identification VPN Access Does it bypass the
Firewall?
Identity and Access Management?
Vector Identification Server
Configurations Timing of the build
process might create opportunities
Use a protected build DMZ to lessen the risk
It’s Your Data…Protect It!
Recovering Live Data Incident Handling at DR location Logging?
Update Your Plans!
Goals for DR Testing Experience Plan Verification
Questions/Discussion
Thank You!
Chip Greene, CISSP, GSLCSenior Information Security ArchitectSANS Mentor (MGT-512, MGT-432)
cgreene2@richmond.educgreene2@mcvh-vcu.edu