2013 sofe cyber_intemplate_20131127_28_v3
TRANSCRIPT
SWIFT Operational Forum Emea
27-29 November 2013
Amsterdam
Cyber Attack…
Are you prepared?
Philippe Dhainaut – Lead Security Expert
Michel Pronce – Key Client Service Manager - EMEA
Session objectives
In this session, we will:
Review the basics
Discover new threats
Run a simulation enabling to
discuss among peers:
the types of cyber-attacks
the associated risks
the types of responses
3
A few definitions…
4
Threat Confidentiality Integrity Availability
Attack Threat
Source
Target
(Impact)
Scenario
Weakness
Risk Impact & Likelihood
Technical Targets & Threats
5
Network &
Infrastructure
A.1 A.2 A.3 A.4
Typical Attacks:
•Social Engineering
•Shoulder surfing
•Key logger
•Phishing
Typical Attacks:
•Exploit server weakness
•DoS
Guess or Get •Identity
•Password
•Session
•Token
OS
Appl.
OS
Appl.
Web Server
Network
Sniffing
In the Middle
Typical Attacks:
•Sniffing
•Man in the Middle
Secure Environment
Basics
6
Network &
Infrastructure
Hardening
(Patch Management,
Anti Virus , no admin right, etc )
Trusted Network
Firewall
Hardening
Educate
High Level View
E.g. Alliance Web Platform
7
Typical
Attacks
Alliance Web
Platform
Alliance Access
Gateway
Customer
Infrastructure
User
User
Shoulder
surfing
Key Logger
Account Management
Strong Password Policy
OTP – using LDAP/RADIUS
Account management
Session Mechanism
Hardening of the
system used by
Alliance product
Client Phishing SSL Server
authentication
Hardening of the
system used by
Alliance product
Secure Browsing
practices
Infrastructure
Sniffing SSL Tunnel SSL Tunnel Secure Browsing
practices
Man-in-the-
Middle
SSL Server
authentication
Activating and using dual
authorization and
segregation of duty
procedures
Network Segregation
(VPN )
Patch Management
Logical and Physical
control
Secure Browsing
practices
Servers
Exploit a
server
weakness
Revers Proxy
DMZ
Web Application
Firewall
Network Segregation
Patch Management
DoS Reverse Proxy
Network Segregation
Server Segregation
VPN
Patch Management
What are the new threats ?
APT , HaaS.. !!!
APT Advance Persistent Threat General increase in cyber attacks (effort, expertise and budget)
Attacker budget less a mitigating factor
Likelihood of complex attacks increase
Trend confirmed in many external reports
HaaS – Hacking as a Service Easy to rent a Botnet DDoS
What should be changed ? Cyber Watch
Increase monitoring
BCP to include …. Cyber Recovery Plan 8
Conclusions and Next Steps
9
Security is NOT the job of the Security Team only It is the role of everyone
Education is essential
Security is NOT an one off exercise
It is more like a competition, stay ahead !!
SWIFT recommendations = starting point
Are (only) a starting point,
Ensure they get implemented !
Prevention is not enough
Detection and Recovery are as important.
Think about scenarios
References - SWIFT Documentation :
Security guides (SAA, SAE, Crest, etc)
e.g. SAA: – https://www2.swift.com/uhbonline/books/protected/en_uk/saa_7_0_70_security_g
uide_wp/index.htm?subpage=title.htm
Security White Papers (AWP, Lite2, Remote Gateway) – https://www2.swift.com/uhbonline/books/protected/en_uk/awp_sec_white_paper/i
ndex.htm?subpage=awp_sec_white_paper.pdf
– https://www2.swift.com/uhbonline/books/protected/en_uk/al2_sec_w_paper/index
.htm?subpage=title.htm
– https://www2.swift.com/uhbonline/books/protected/en_uk/arg_sec_w_paper/index
.htm?subpage=title.htm
SAA/SAG docs e.g. one time password, LDAP, etc
Knowledge base 500+ tips (SO, PKI, SAA, etc)
10
Other References
Interesting articles / videos:
Stuxnet – internet article : – http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-
stuxnet/all/1
Febelfin educative videos: – http://www.youtube.com/watch?v=LfMniBFgazY
– http://www.youtube.com/watch?v=jaihY2d7yB4
TED Talks: – James Lyne: Everyday cybercrime -- and what you can do about it
– And others, just search for cyber crime…
11
Other References
Interesting articles / videos:
Stuxnet – internet article : – http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-
stuxnet/all/1
Febelfin educative videos: – http://www.youtube.com/watch?v=LfMniBFgazY
– http://www.youtube.com/watch?v=jaihY2d7yB4
TED Talks: – James Lyne: Everyday cybercrime -- and what you can do about it
– And others, just search for cyber crime…
And many more, once you start, you cannot stop…
12