Slide 1Topics for DiscussionThe CISO AgendaRiskAudit SupportComplianceCompliance cont’dISO Leading PracticesCompliance in ActionInternal PolicyInternal Policy cont’dInternal Policy cont’dInternal Policy cont’dPolicy Business CasePolicy Business Case cont’dPolicy Business Case cont’dEthical HackingEthical HackingEthical HackingEthical HackingQ & ASlide 22Topics for DiscussionWhy Layer 2ARPARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningARP PoisoningDuring/After ARP Poisoning/SpoofARP PoisoningARP PoisoningARP Spoof DefenseARP Spoof DefenseExploiting Simple Masking ErrorsExploiting Simple Masking ErrorsMAC/CAMMAC/CAMMAC/CAMCAM Flood DefenseHakipediaSecurity PolicyTopics for Discussion•IT Security in the Business–Risk, Audit Support, Compliance•Policies, Standards, and Procedures–IT Security’s Role in Creation and Enforcement•Typical IT Security Technical Work–Intrusion Detection/Prevention–Ethical Hacking/Penetration TestingThe CISO AgendaCore FunctionsBusinessRegulatory ComplianceTechnologyEnablementAlignment with Business Goals / ObjectivesBrand Protection & EnhancementLinkage to Enterprise Risk MgmtMetrics / BenchmarkingBusiness ContinuityCompliance / Internal AuditDisaster RecoveryStrategyPrivacy / Security BreachVulnerability / Patch ManagementStaffing SupportHigh AvailabilityIdentity ManagementM&A Executive / Board ReportingMobile ComputingEvolving ThreatsManaging 3rd Party Risk (Outsourcers)Culture / AwarenessManage RiskAlign/Optimize SpendTop-Line GrowthCISORiskIT Security performs a critical role in assessing risk in the organization.•Vulnerability Scanning•Penetration Testing•Industry Trends•IT Strategy•Familiarity with Audit and Compliance measuresAudit SupportIn many cases, IT Security is heavily relied upon to perform in depth testing required by an audit organization. Security is enlisted by audit because:•Technical expertise •Familiarity with current issues from internal testing•Familiarity with Policies, Standards, and ProceduresComplianceCompliance may relate to internal compliance or external compliance.Internal compliance:•Policies and Standards•Security and Configuration baselines•Framework use – ISO, COBIT, ITIL, GAISP, NIST•Best PracticesCompliance cont’dExternal compliance:•SOX (Sarbanes Oxley)–COSO Framework•HIPAA•PCI•Safe HarborISO Leading PracticesSource: www.rsa.comCompliance in ActionSource: www.rsa.comInternal PolicyIT Security is regularly tasked with creation and enforcement of IT policies, standards, and procedures. Creation and enforcement of these documents require:•Understanding of audit roles and procedures•Familiarity with all systems, networks, and applications•Compliance considerationsInternal Policy cont’dDefinitions:•A Policy is a set of directional statements and requirements aiming to protect corporate values, assets and intelligence. Policies serve as the foundation for related standards, procedures and guidelines.•A Standard is a set of practices and benchmarks employed to comply with the requirements set forth in policies. A standard should always be a derivation of a policy, as it is the second step in the process of a company’s policy propagation.•A Procedure is a set of step-by-step instructions for implementing policy requirements and executing standard practices.Internal Policy cont’dInternal Policy cont’dPolicy creation and enforcement cyclePolicy Business CaseA top 5 global food retailer has a massive IT/IS infrastructure and good governance….but no real policies!Policies are the foundation for enforcing IT compliance and governance.What policies were written for the client…Policy Business Case cont’dPolicies written for IT Security:•Acceptable Use Policy•Information Classification & Ownership Policy•Risk Assessment & Mitigation Policy•Access Control Policy•Network Configuration and Communication Policy•Remote Access Policy•Business Continuity Policy•Incident Response Policy•Third Party Data Sharing Policy•System Implementation & Maintenance•Secure Application Development•Cryptography & Key Management•Mobile Computing•Physical & Environmental SecurityPolicy Business Case cont’dSample PoliciesCryptography and Key Management PolicyEthical HackingEthical hacking is a very common profession within the IT security industry.•White hat, Grey hat, Black hat•Sometimes synonymous with penetration testing – A method of assessing the security posture of a system or network by simulating an “attack”Ethical HackingWhy perform an ethical hack?•Determine flaws and vulnerabilities•Provide a quantitative metric for evaluating systems and networks•Measure against pre-established baselines•Determine risk to the organization•Design mitigating controlsEthical HackingEthical HackingAdministrative items:•Authorization letter – “Get out of jail free card”•Risk report–Likelihood of risk–Mitigation plans–Trends (performed with recurring clients)Q & A ANY QUESTIONS?Slide material sourced from the Black Hat presentation presented by Sean Convery of Cisco SystemsLayer 2 HackingTopics for Discussion•Layer 2 Protocols and Weaknesses–ARP–MAC/CAM–VLAN/Encapsulation–STP/BPDU–DHCP–MPLS–BGP•Tools•Carrier “Ethernet” AppendixWhy Layer 2ARP•ARP Spoofing is the process of sending a crafted ARP request across the network to enable the sniffing of one or many hosts on a network.•ARP poisoning is also a similar attack but you attack all hosts on a subnet. This is useful to ARP spoof the address of a switch or router so all traffic can be send through you!ARP PoisoningARP Poisoning•Start SniffingARP Poisoning•Scan for hostsARP PoisoningARP PoisoningARP Poisoning•Select the machines to poisonWe chose to ARP poison only the windows machine 192.168.1.2 and the router 192.168.1.1.•Highlight the line containing 192.168.1.1 and click on the "target 1" button.•Highlight the line containing 192.168.1.2 and click on the "target 2" button.•If you do not select any machines as target, all the machine inside the subnet will be ARP poisoned.ARP PoisoningARP PoisoningARP PoisoningARP Poisoning•To recap the information found using Wireshark (or another sniffer)–192.168.1.1 is at 11:22:33:44:11:11 (Router)–192.168.1.2 is at 11:22:33:44:55:66 (Host)–192.168.1.100 is at 11:22:33:44:99:99 (Attacker)ARP
View Full Document
Unlocking...