SWIFT Operational Forum Emea

27-29 November 2013

Amsterdam

Cyber Attack…

Are you prepared?

Philippe Dhainaut – Lead Security Expert

Michel Pronce – Key Client Service Manager - EMEA

Session objectives

In this session, we will:

Review the basics

Discover new threats

Run a simulation enabling to

discuss among peers:

the types of cyber-attacks

the associated risks

the types of responses

3

A few definitions…

4

Threat Confidentiality Integrity Availability

Attack Threat

Source

Target

(Impact)

Scenario

Weakness

Risk Impact & Likelihood

Technical Targets & Threats

5

Network &

Infrastructure

A.1 A.2 A.3 A.4

Typical Attacks:

•Social Engineering

•Shoulder surfing

•Key logger

•Phishing

Typical Attacks:

•Exploit server weakness

•DoS

Guess or Get •Identity

•Password

•Session

•Token

OS

Appl.

OS

Appl.

Web Server

Network

Sniffing

In the Middle

Typical Attacks:

•Sniffing

•Man in the Middle

Secure Environment

Basics

6

Network &

Infrastructure

Hardening

(Patch Management,

Anti Virus , no admin right, etc )

Trusted Network

Firewall

Hardening

Educate

High Level View

E.g. Alliance Web Platform

7

Typical

Attacks

Alliance Web

Platform

Alliance Access

Gateway

Customer

Infrastructure

User

User

Shoulder

surfing

Key Logger

Account Management

Strong Password Policy

OTP – using LDAP/RADIUS

Account management

Session Mechanism

Hardening of the

system used by

Alliance product

Client Phishing SSL Server

authentication

Hardening of the

system used by

Alliance product

Secure Browsing

practices

Infrastructure

Sniffing SSL Tunnel SSL Tunnel Secure Browsing

practices

Man-in-the-

Middle

SSL Server

authentication

Activating and using dual

authorization and

segregation of duty

procedures

Network Segregation

(VPN )

Patch Management

Logical and Physical

control

Secure Browsing

practices

Servers

Exploit a

server

weakness

Revers Proxy

DMZ

Web Application

Firewall

Network Segregation

Patch Management

DoS Reverse Proxy

Network Segregation

Server Segregation

VPN

Patch Management

What are the new threats ?

APT , HaaS.. !!!

APT Advance Persistent Threat General increase in cyber attacks (effort, expertise and budget)

Attacker budget less a mitigating factor

Likelihood of complex attacks increase

Trend confirmed in many external reports

HaaS – Hacking as a Service Easy to rent a Botnet DDoS

What should be changed ? Cyber Watch

Increase monitoring

BCP to include …. Cyber Recovery Plan 8

Conclusions and Next Steps

9

Security is NOT the job of the Security Team only It is the role of everyone

Education is essential

Security is NOT an one off exercise

It is more like a competition, stay ahead !!

SWIFT recommendations = starting point

Are (only) a starting point,

Ensure they get implemented !

Prevention is not enough

Detection and Recovery are as important.

Think about scenarios

References - SWIFT Documentation :

Security guides (SAA, SAE, Crest, etc)

e.g. SAA: – https://www2.swift.com/uhbonline/books/protected/en_uk/saa_7_0_70_security_g

uide_wp/index.htm?subpage=title.htm

Security White Papers (AWP, Lite2, Remote Gateway) – https://www2.swift.com/uhbonline/books/protected/en_uk/awp_sec_white_paper/i

ndex.htm?subpage=awp_sec_white_paper.pdf

– https://www2.swift.com/uhbonline/books/protected/en_uk/al2_sec_w_paper/index

.htm?subpage=title.htm

– https://www2.swift.com/uhbonline/books/protected/en_uk/arg_sec_w_paper/index

.htm?subpage=title.htm

SAA/SAG docs e.g. one time password, LDAP, etc

Knowledge base 500+ tips (SO, PKI, SAA, etc)

10

Other References

Interesting articles / videos:

Stuxnet – internet article : – http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-

stuxnet/all/1

Febelfin educative videos: – http://www.youtube.com/watch?v=LfMniBFgazY

– http://www.youtube.com/watch?v=jaihY2d7yB4

TED Talks: – James Lyne: Everyday cybercrime -- and what you can do about it

– And others, just search for cyber crime…

11

Other References

Interesting articles / videos:

Stuxnet – internet article : – http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-

stuxnet/all/1

Febelfin educative videos: – http://www.youtube.com/watch?v=LfMniBFgazY

– http://www.youtube.com/watch?v=jaihY2d7yB4

TED Talks: – James Lyne: Everyday cybercrime -- and what you can do about it

– And others, just search for cyber crime…

And many more, once you start, you cannot stop…

12

Thank you