Security Essentials

SECURITY ESSENTIALShttps://au.linkedin.com/in/ashleydeuble

BAD STUFF HAPPENS ..

ORGANISATIONS CAN BE TIGHT ..

• There are many reasons why there is no cash for a security program

• We don’t have anything that anyone would want?

• We’ve never been hacked!

• What do we get in return?

• We have other pressing priorities .. Get back to work!

YOU CAN DO IT!• Start off with the basics and show that it has some business value

• Implement policies – have a security position• Patch you systems and applications regularly• Run anti-virus• Limit the use of privileged access• Backups & recovery processes• Incident response• Security awareness

POLICIES/SECURITY POSITION• Grab some template policies and modify them suit your organisation

• Have a security statement (e.g. “We take security seriously blah blah blah”)• Have an acceptable use policy

• Refer to existing frameworks for guidance• ISO27001/2• IS18• NIST• COBIT• PCI DSS

PATCH YOUR SYSTEMS• According to CNN Money – In 2015, 90% of attacks leveraged old

vulnerabilities that already had patches available

• Use free tools to patch your Windows systems – Windows Server Update Services (WSUS)

• Set Windows desktop machines to automatically install updates if you can’t use a patching tool

• Java and Flash are evil!! Patch regularly or remove if possible

ANTI-VIRUS

• Anti-virus is dead ?!?

• Symantec reported 317 million new malware samples were seen in 2014

• Microsoft Security Essentials/Windows Defender

PRIVILEGED ACCESS• Principle of least access

• Limiting access to the minimal level that will allow normal functioning• Often user error is the cause of incidents & additional work• Do you need to browse Facebook as an administrator to your organisation?

• 2016 Mandiant M-Trends report discussed a case where an attacker obtained admin access and spread ransomware through Group Policy

BACKUP & RECOVERY• Determine what your critical business systems and information are

• Back up regularly and test often

• Periodically review and ensure all critical business data is backed up

• Encrypt your backups if they contain sensitive data

• Think about business continuity and disaster recovery (short & long term outages)

INCIDENT RESPONSE• Have a plan ready for when it all goes bad

• Your plan could be to have someone else do it!

• Keep regular contacts with law enforcement, AusCERT, Cert Australia etc.

• Maybe put a 3rd party on a retainer for IR & investigations

SECURITY AWARENESS• We’re all human .. That’s why we’re targets

• Inform the users what security means to the organisation

• Relate it back to your security policies and guidelines

• Tell them what to do if they make a mistake or suspect a weakness

• Conduct it regularly and for all new users

RESOURCES• Security Policy

• SANS - https://www.sans.org/security-resources/policies• CSO - http://

www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html

• Security Frameworks• ISO 27001 - http://www.iso27001security.com/• ISACA COBIT 5 - http://

www.isaca.org/cobit/pages/cobit-5-framework-product-page.aspx• PCI DSS - https://www.pcisecuritystandards.org/pci_security/• NIST Cybersecurity Framework - http://www.nist.gov/cyberframework/

https://www.sans.org/security-resources/policies

https://www.sans.org/security-resources/policies

http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html



http://www.iso27001security.com/

http://www.iso27001security.com/

http://www.isaca.org/cobit/pages/cobit-5-framework-product-page.aspx

http://www.isaca.org/cobit/pages/cobit-5-framework-product-page.aspx

https://www.pcisecuritystandards.org/pci_security/

https://www.pcisecuritystandards.org/pci_security/

http://www.nist.gov/cyberframework/

http://www.nist.gov/cyberframework/

RESOURCES• Patching Systems

• Microsoft WSUS - https://www.microsoft.com/en-au/download/details.aspx?id=5216

• Red Hat Satellite - https://www.redhat.com/en/technologies/linux-platforms/satellite

• Antivirus• Microsoft Security Essentials/Windows Defender - http://

windows.microsoft.com/en-AU/windows/security-essentials-download

https://www.microsoft.com/en-au/download/details.aspx?id=5216

https://www.microsoft.com/en-au/download/details.aspx?id=5216

https://www.redhat.com/en/technologies/linux-platforms/satellite

https://www.redhat.com/en/technologies/linux-platforms/satellite

http://windows.microsoft.com/en-AU/windows/security-essentials-download

http://windows.microsoft.com/en-AU/windows/security-essentials-download

RESOURCES• Mandiant M-Trends 2016 report

• https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf

• Incident Response• Count Upon Security (with links to supplementary materials) -

http://countuponsecurity.com/2012/12/21/computer-security-incident-handling-6-steps/

• SANS Incident Handlers Handbook Whitepaper - https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf

https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf




https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901



RESOURCES

• Security Awareness• NIST: Building an Information Technology Security Awareness and Training

Program - http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf• SANS Securing the Human (look in the resources area) -

http://securingthehuman.sans.org/• PCI Best practices for implementing a security awareness program - https://

www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awareness_Program.pdf

http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf

http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf

http://securingthehuman.sans.org/

http://securingthehuman.sans.org/

https://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awareness_Program.pdf



Security Essentials

Technology

Transcript of Security Essentials