Security Top 10

Joe Walsh

DeSales University

Background – Work Experience

IT

Cellular Industry

Police Officer

Internet Crimes Against Children Task Force Detective

FBI Task Force Officer

Private Sector

Director of Digital Forensics

Senior Security Consultant

College Professor

Testified in court as an expert in computer crime and digital forensics

Background - Education

B.S. in Information Systems

M.A. in Criminal Justice/Digital Forensics

Finishing a M.S. in Information Systems/Cyber Security (January 2019)

Currently pursuing a doctoral degree in Information Systems

Over 1,500 hours of training

Specialized training in JTAG and chip-off

Photo from binaryintel.com

Photo from binaryintel.com

Photo from up48.com

Background - Certifications

International Information Systems Security Certification Consortium – (ISC)2

Certified Information Systems Security Professional (CISSP)

Certified Cyber Forensics Professional (CCFP)

CompTIA

A+, Linux+, Network+, Security+, Cybersecurity Analyst (CSA+),

CompTIA Advanced Security Practitioner (CASP)

EC-Council

Certified Ethical Hacker (CEH)

Computer Hacking Forensic Investigator (CHFI)

Guidance Software

EnCase Certified Examiner (EnCE)

Certified Forensic Security Responder (CFSR)

International Society of Forensic Computer Examiners (ISFCE)

Certified Computer Examiner (CCE)

Security – Who Cares?

Security incidents continue to occur more frequently

A security incident can be devastating to a company

Financial implications

Reputation

Top 10

We will discuss ten areas that you can focus on to improve your organization’s

security posture

These are not necessarily in order of importance

User Awareness Training

Users need training so they can understand the threats they might face and

how to deal with those threats

Training should be conducted regularly

Users have access to your systems

Social engineering “in the context of information security, refers to

psychological manipulation of people into performing actions or divulging

confidential information” (Wikipedia)

Social engineering is very effective

Phishing

Phishing is a social engineering attack

Attackers try to trick users into clicking on a malicious link or providing

sensitive information

Social engineering involves psychological manipulation to trick people into

performing actions that they should not perform or divulging sensitive

information

Vishing

Vishing is another type of social engineering attack

Instead of using email, the attacker uses the telephone

Photo from newsweek.com

Photo from the-parallax.com

Patch Management & Vulnerability

Assessment

WannaCry (5/12/2017) could have been prevented if a Windows update was

installed (3/14/2017)

It is critical to install security updates

Photo from macrumors.com

Photo from spiceworks.com

Outdated Software

Avoid utilizing software that is no longer supported

Windows XP support ended on April 8, 2014

Windows Vista support ended on April 11, 2017

Office 2007 support ended on April 11, 2017

Account Management

Only individuals who are authorized should have user accounts

There should be a process to check for individuals who should not have

accounts

System administrators should utilize two different accounts – one for

administrative duties and one for everyday tasks

Individuals should only be given access to resources that they need to

accomplish their job

All account activity should be logged

Passwords

Passwords help to prevent unauthorized individuals from accessing resources

Stop re-using passwords

Use strong passphrases

Never use default passwords

Enable two-factor authentication on every account that permits it

Photo from specopssoft.com

Photo from macrumors.com

Application Whitelisting

Application whitelisting allows system administrators to restrict applications

that can run on a system

NIST Special Publication 800-167

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf

Microsoft AppLocker

https://docs.microsoft.com/en-us/windows/device-security/applocker/applocker-

overview

Encryption

Encryption prevents unauthorized users from gaining access to data while it is

being transmitted or while it is stored

Are you storing sensitive data on your desktop or laptop computers?

What types of data are you storing in the cloud? Who has access to the data?

Disaster Recovery

Every organization should have a plan for dealing with disasters

All essential data should be backed up regularly, and backups should be kept

off-site

There are several options for getting the data to an off-site location

An employee can take the backup media home

You can hire a service to pick up the backup media

Cloud-based backup solutions

Backups should be tested regularly

Incident Response

Do you have a plan for dealing with incidents?

It is important to have an Incident Response Plan (IRP) that is updated

regularly and tested

Logging

Logs are necessary in order to properly investigate an incident

Logs can help to provide evidence which may lead to the identity of an

offender, provide insight into their activities, or give you an idea of how long

a malicious actor had access to your system

You should maintain logs as required for regulatory compliance

Logs should be reviewed regularly

Photo from solutionsreview.com

Wireless

Data transmitted on a wireless network can be intercepted much more easily

than data on a wired network

Maintain separate networks for employees and guests

Ensure that only authorized wireless access points (WAPs) are present

inSSIDer

NetStumbler

Public wireless networks should be used only when absolutely necessary

If you are going to utilize a wireless network that you do not control, consider

utilizing virtual private network (VPN) technology

Photo from hakshop.com

Physical Security

Physical security is very important

If you cannot ensure physical security, your technical controls could be easily

bypassed

Properly Destroying Data

What kind of data are you throwing away?

How can a malicious individual utilize that data to harm you or your

organization?

Consider adopting a shred all documents policy

Improving Your Security Posture

Consider conducting a security assessment

Choose a security methodology

NIST Cybersecurity Framework

CIS Critical Security Controls

ISO 27001

Consider conducting penetration testing

Consider purchasing cyber insurance

Master of Arts in Criminal Justice

Master of Science in Information Systems

Offers a concentration in Cyber Security

Both programs offer a Digital Forensics concentration

We also offer Graduate Certificates

Cyber Security

Digital Forensics

Classes are offered online

Flexible class schedules