NETWORK - ISACA Kenya...
Transcript of NETWORK - ISACA Kenya...
NETWORK
“THEY WILL BEAT YOU”, “THEY ARE COMING VERY FAST”
EARTH… 2016
APT ATTACKS
2005
2010
20152020
Titan Rain
(2003)
Sykipot
Attacks
(2006)
GhostNet
(2009)
PinchDuke
(2009)
Stuxnet
(2010)
Duqu1
(2011)
MiniDuke,
CosmicDuke,
OnionDuke,
CozyDuke
(2014)
Duqu2
(2015)
Remexi
(2015)
Deep Panda
(2015)
Poseidon
(2015)
IoT
AaaS
2020 AND THE FUTURE OF APT
Internet of Things Ransomware for IoT
Profiling (car, health, insurance, govt. etc.)
DoS
Attack-as-a-Service Consulting services such as botnet setup, $350-$400 per man-day.
Infection/spreading services, under $100 per a thousand installs.
Botnets and rental, Distributed Denial of Service (DDoS), $535 for five hours a day for one week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts.
Blackhat Search Engine Optimization (SEO), $80 for 20,000 spammed backlinks.
Inter-Carrier money exchange and mule services, 25% commission.
CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans.
Crimeware upgrade modules: Using Zeus modules as an example, they range anywhere from $500 to $10,000.
NEED MORE (SCARY) STATS?http://www.isaca.org/Knowledge-Center/Research/Documents/2015-advanced-persistent-threat-awareness_whp_eng_1015.pdf
https://www.fas.org/sgp/crs/misc/R43310.pdf
Constantly updated
Table 1. Data and Statistics: Cyber Incidents, Data Breaches, Cybercrime (60+)
Table 2. Glossaries, Lexicons, and Guidance Pertaining to Cybersecurity
ZONING MODEL - CONCEPTUAL
ZONING MODEL – SAMPLE ARCHITECTURE
MAPPING SECURITY MEASURES
MATURITYCurrent Evolve Target
Tactical Projects for significant Improvements
Consolidation, Integration, Logging, Monitoring, Visibility
Holistic Security with integrated Vulnerability, SIEM
and Incident Management
Limited Asset Inventory Effective Discovery & Inventory (CMDB)
No Asset or Risk Classification
Classification based on Risk Factors
No consistent App Sec Standards
Defined App Sec StandardsApplication Classification,
Hardening, Scanning
Open Network, No Access Controls
Evolve Zones, Security Controls
Established Zone Lifecycle based on Placement / Risk
No Vulnerability Management
Evolve proactive ProgramIntegrated Vulnerability Management with SIEM
Trust Network is open globally and insecure
Focus on Service Zones in Data Centers and User
Resource Zones
Services organized in Zones based on Placement, Criteria
and Controls
Various confusing methods for remote and local access
Single Integrated Security Model with Zero Trust
Security Architecture
Asset Inventory (Roles)
Asset Classification
Network Segmentation
Vulnerability Management
Security Model
Secured Service Data Centers
Application Classification
Asset Classification, Configuration, Service Dependency Mapping for Zones, Placement,
Controls
STANDARDSCIS Critical Security Controls (formerly SANS Top 20)
https://www.cisecurity.org/critical-controls.cfmNIST
PCIDSS Version 3.2 April 2016
https://www.pcisecuritystandards.org/
NIST
SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
SP 800-41 Guidelines on Firewalls and Firewall Policy
ISO27000Series
ISO/IEC 27033-1:2015: network security overview and concepts
ISO/IEC 27033-2:2012 Guidelines for the design and implementation of network security
ISO/IEC 27033-3:2010 Reference networking scenarios -- threats, design techniques and control issues
ISO/IEC 27033-4:2014: Securing communications between networks using security gateways
ISO/IEC 27033-5:2013: Securing communications across networks using Virtual Private Networks (VPNs)
ISO/IEC 27033-6: Securing wireless IP network access (DRAFT)
SANS TOP 20
QUESTIONS