ea sy presentation4
TRANSCRIPT
(2011) Security Breach Compromises 75,000 Staff/Student Social Security
Numbers
Image from this Site
Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson, Benjamin Nikolay
UWM discovered Malware Infection, May 25, 2011
Affected Server was Immediately Shutdown Authorities were called in to investigate
What Occurred
Image from this Site
("Information on Computer," 2011)
UWM found Malware had access to SSNs, June 30, 2011
No evidence of Identity Theft was found No suspects were found
What was Found
View TMJ News Video - http://www.todaystmj4.com/news/local/127459218.html("Information on Computer," 2011)
UWM notified effected individuals, August 10, 2011
They were asked to monitor their credit reports UWM updated security on Servers
Notification and Plan
Image from this Site ("Information on Computer," 2011)
EASy Project - CobiTEvaluate Analyze Synthesize
5.1 Manage Security Measures
Analyze Synthesize
UWM Objective Failure Security was updated
in reaction to Breach
Risk Management Training
Re-evaluation of IS roles and responsibilities
Risk Assessment Regular Business/IT
Management Meetings
Cost = $8118Image from this Site
5.2 Identify, Auth., and Access
Analyze Synthesize
UWM Objective Failed Inferred malware
access obtained via weak Admin password
Dictionary Attack
Use Radom Password Generator
Setup automated Password Expiration
Password History ACL Access Limitation Hardware and Port
Lockdown Cost = $minimal
Image from this Site
5.3 Security of Online Access to Data
Analyze Synthesize
UWM Objective Passed UWM has a solid
“Admin Access” policy
No Recommendations Needed
Image from this Site
5.4 User Account Management
Analyze Synthesize
UWM Objective Passed UWM requires use of
“Strong” Passwords Multiple characters
types required
No Recommendations Needed
Image from this Site
5.5 Management Rev. of User Accounts
Analyze Synthesize
UWM Objective Passed UWM requires use of
“Strong” Passwords Auditing of Passwords
is performed randomly
No Recommendations Needed
Image from this Site
5.6 User Control of User Accounts
Analyze Synthesize
UWM Objective Failed Inferred - Server
Admin. Account Compromised
Delay in recognition of illicit activity
Provide users history of prev. activity at login.
Implement Active Directory Audit Tool (AD Audit Plus)
Cost = $7680 annually
Image from this Site
5.7 Security Surveillance
Analyze Synthesize
UWM Objective Failed Insufficient audit trail
to catch the intruders Far too much elapsed
time before those affected were notified
Verify existing configuration / make changes (Windows Group Policy / Auditing tools)
Research and assess possible 3rd party tools
Cost – Variable or minimal, depending on option selected
5.8 Data Classification
Analyze Synthesize
UWM Objective Passed Sensitive data
classifications do exist Data was separated
and housed on different systems
No Recommendations needed
5.9 Central Identity And Access Rights Management
Analyze Synthesize
UWM Objective Passed Scalability as an
enterprise level network
Thousands of user accounts and various types
No Recommendations needed
5.10 Violation and Security Activity Reports
Analyze Synthesize
UWM Objective Failed Security activity was
insufficiently logged Inability to track/catch
the attacker Checked and
escaladed on a regular basis?
Refer to 5.7 recommendations
“Common Sense Security Auditing”
Cost – Variable, depending on route taken
5.11 Incident Handling
Analyze Synthesize
UWM Objective Failed Attackers were never
caught 2 months had elapsed
before notifying those affected
Continuously evaluate system/audit security on a regular basis
Evaluate/revise procedures and auditing as necessary
Cost – variable to minimal
5.12 Reaccreditation
Analyze Synthesize
UWM Objective Passed UWM will setup times
to perform audits on their network
No Recommendations Needed
5.13 Counterpart Trust
Analyze Synthesize
UWM Objective Failed Hacker gained access
through open firewall ports
Purchase and install a new firewall
SonicWall NSA E7500 Features Next-
Generation Firewall, & Intrusion Prevention.
Cost = $35,339
Image from this Site
5.14 Transaction Authorization
Analyze Synthesize
UWM Objective Failed UWM’s spyware failed
to deny the outside attacker from gaining access.
Purchase security add-ons to the NSA E7500 firewall.
Included is anti-virus and spyware, and application intelligence on the firewall.
Cost = $14,514 for 3 years.
5.15 Nonrepudiation
Analyze Synthesize
UWM Objective Irrelevant
There were no transactions or digital signatures needed in this type of security breach.
No Recommendations Needed
5.16 Trusted Path
Analyze Synthesize
UWM Objective Passed UWM has a excellent
records and retention policy to explain how to transfer data.
No Recommendations Needed
5.17 Protection of Security Functions
Analyze Synthesize
UWM Objective Passed Malware bypassed
tamperproof security measures
Security design of infrastructure kept confidential
No Recommendations Needed
5.18 Cryptographic Key Management
Analyze Synthesize
UWM Objective Failed Cryptography
Encryption Keys were not used
Unlikely attackers accessed data
Implement asymmetric database encryption
Use DSS encryption technology with private and public keys
Cost - $12,500
5.19 Malicious Software Prev., Detect. And Corr.
Analyze Synthesize
UWM Objective Failed Failed to prevent the
malware to install Physical firewall and
configuration remained private
Symantec Endpoint Protection 12.1
SEPM Training for IT department
Policy and Procedure creation and implementation
Cost - $40.89 per device per year $3761.57 for training
5.20 Firewall Arch. And Connect. With Public Networks.
Analyze Synthesize
UWM Objective Passed No data was
transmitted to the WAN
Firewall did not play a role in this incident
No Recommendations Needed
5.21 Protection of Electronic Value
Analyze Synthesize
UWM Objective Irrelevant
Integrity of physical mechanisms maintained
Unrelated to physical access or authentication of foreign devices.
No Recommendations Needed
End of PresentationEASy as Pie!
End of PresentationEASy as Pie!
End of PresentationEASy as Pie!