Overview: Monitoring traffic is crucial and is often mandatory (e.g.: NERCii). Filtering and blocking malicious traffics is often optional, but I usually suggest IPS to detect and block threats in incoming/outgoing traffics from boundaries of critical perimeters (e.g.: Internet to Intranet, Intranet to critical perimeter gateways), but never in electronic security perimeters (ESP) where blocking valid traffics could lead to various operational disaster scenarios. Real-time monitoring of firewalls and other security sensors is required to rapidly detect and initiate response to cyber incidents.
Security and Compliance involve by default: exception, justification and compensatory measures. In all organizations, there are situations where it is considered more secured with reason to not apply any changes to a specific system (ex.: a HSM bank system remain usually unchanged, mainframes and Unix systems are other examples, especially in industrial organizations (ex.: in the energy sector, Technical Feasibility Exceptions (TFE) can justify the exemption of running a protective control such as an anti-malware or applying any update like system or firmware update, etc.).
Security Paradigm
Despite it is usually considered unsecured to keep a system unchanged, as previously explained, it is sometimes the only way to keep it to an acceptable security posture considering the potential impacts of loss, especially when systems are isolated and very critical. In those situations, a justification (e.g.: ticket, derogation, statement of applicability, etc.) must be provided in order to document the reasons and duration of the exception in time.
An organization can be compliant and secure while system are unchanged during a long period of time (e.g.: years) and it is important to understand this reality in large corporations conducting critical activities. Not all systems can remain secured while unchanged, usually systems isolated in restricted networks or not interconnected to a computer network are valid examples.
Why should you attend: All organizations are facing various types of threats. Threats can come from inside, outside your organization or from both. This article focus on monitoring informational resources against all types of threats threatening your critical functions supported by electronic assets such as servers, desktops, switches, routers, firewalls, etc. Organizations are getting more and more interconnected and thinking that the obscurity can be considered as a security control is similar to me to ignoring the new reality of Interconnected Networks and the risk surrounding the Internet.
Areas Covered in the Session:
Who Will Benefit:
Security and Compliance involve by default: exception, justification and compensatory measures. In all organizations, there are situations where it is considered more secured with reason to not apply any changes to a specific system (ex.: a HSM bank system remain usually unchanged, mainframes and Unix systems are other examples, especially in industrial organizations (ex.: in the energy sector, Technical Feasibility Exceptions (TFE) can justify the exemption of running a protective control such as an anti-malware or applying any update like system or firmware update, etc.).
Security Paradigm
Despite it is usually considered unsecured to keep a system unchanged, as previously explained, it is sometimes the only way to keep it to an acceptable security posture considering the potential impacts of loss, especially when systems are isolated and very critical. In those situations, a justification (e.g.: ticket, derogation, statement of applicability, etc.) must be provided in order to document the reasons and duration of the exception in time.
An organization can be compliant and secure while system are unchanged during a long period of time (e.g.: years) and it is important to understand this reality in large corporations conducting critical activities. Not all systems can remain secured while unchanged, usually systems isolated in restricted networks or not interconnected to a computer network are valid examples.
Why should you attend: All organizations are facing various types of threats. Threats can come from inside, outside your organization or from both. This article focus on monitoring informational resources against all types of threats threatening your critical functions supported by electronic assets such as servers, desktops, switches, routers, firewalls, etc. Organizations are getting more and more interconnected and thinking that the obscurity can be considered as a security control is similar to me to ignoring the new reality of Interconnected Networks and the risk surrounding the Internet.
Areas Covered in the Session:
- Layer 2 and Layer 3 monitoring
- Technical difference between internal and external threats
- Real life example of a man in-the-middle attack on Internal network demonstrated
- Capture internal traffic with packet sniffer
- Steal username and password on the network
- Traffic redirection and routing hijacking on internal network
- Example of solution to detect and correct ARP table while poisoned on a critical system
Who Will Benefit:
- Architect
- System Administrator
- Threats & Vulnerabilities Director
- Risk Management Specialists
- Risk Advisors
- Auditor
- Security Specialists
No comments:
Post a Comment