SIA310 Andy Malone CEO amp Founder The Cybercrime Security Forum Follow me AndyMalone Andrewmalonequalitytrainingcouk SIA310 Agenda Introduction Perimeter Security Why it No Longer Works ID: 732469
Download Presentation The PPT/PDF document "Lock, Stock & Two Smoking Smart Devi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Lock, Stock & Two Smoking Smart Devices!
SIA310Andy MaloneCEO & FounderThe Cybercrime Security ForumFollow me @AndyMalone
Andrew.malone@quality-training.co.uk
SIA310Slide2
Agenda
IntroductionPerimeter Security: Why it No Longer Works!The Proliferation of Smart DevicesBYOPC: Assessing the RiskPlanning & Designing BYOD Solutions BYOD: Virtualization Solutions
BYOD In the Cloud!Mobile Device Security SolutionsBYOD: Getting LegalSession ReviewSlide3
"We are undoubtedly experiencing the most diverse computing landscape in perhaps 15 or 20 years,"
Keir Thomas wrote for PCWorldSlide4
The Traditional Industrial Security Model
Assets: Equipment, Machines etc.
are Traditionally held within a PerimeterEmployees (Users) Must Enter the Perimeter in Order to Access the AssetsThe Perimeter is Guarded by a Gatehouse & GuardsSlide5
Trusted
Internal Network
R
isks
Internet
Traditional Perimeter Based Security
Remote Access
Firewall
Content filtering VPN
Theft
Application vulnerabilities
Compliance
IPS
Active Directory / DNSSlide6
Perimeter Security: Why it No Longer Works!
Threats to the Perimeter:People are the Weakest Link!
Mobile Devices outside of the office, (Phone, Laptop USB keys etc…)Visitors to your SitePoor Social Networking PracticesRemote AccessCloud computing Slide7
The One Size Fits all Network Concept No longer Works!
Mobile Devices are Responsible for the ShiftDell Predicted that the Mobile Work Force
will one day be full of mobile devicesBYOD must be covered under Corporate Mobility Management Solutions and Policies that manage company Wireless DevicesBYOD Has caused a Major shift in traditional business environments and vendors including Microsoft
Proliferation of Smart DevicesSlide8
BYOD: The BenefitsSlide9
BYOD: The Business ChallengesSlide10
Represents a significant challenge for the security professional
Employees bring in their new devices into the office with the expectation that they can use them at workRegardless of corporate policy, organisations are challenged on a daily basis to provide support for a huge range of devices
The BYOD Secuirty NightmareSlide11
Planning & Deploying
a BYOD SolutionBYODSlide12
First! Decide on Who’s in Control?
I Want you to Support my
Windows Phone
No I Want you Support
My IPhone & My New Laptop
Aghhhh
$%*&(*))”!@Slide13
Compliance Framework
Information Security Policy
Security
Privacy &Regulatory
Service Continuity
BYOPC: Security & Compliance ConsiderationsSlide14
BYOD: Assessing the Risk!Slide15
Preparing for BYOD!Slide16
Clarify
the Corporate Policy Supplement this with Education and Updated Technology Controls to act as Enforcement and
Monitoring Encourage Secure Behaviour Discourage Bad PracticesControls Used Within Enterprises should be Able to Support the Consumerisation Trends, e.g. Ability to Partially Wipe Personal D
evicesCombine with Data loss Prevention, Network Access Control etc.Time to Rethink the Corporate IT PolicySlide17
CorpNet
Internet
Designing for BYOD!
Remote Employees
Firewall / ADFS Proxy
VPN Server
DHCP Cluster
NAP Health
Policy Server
Active Directory/ DNS Servers
Perimeter Network
IEEE 802.1X
Lync Cluster
NAP Enforced Client with limited access
Hyper-V Cluster
RDS / VDI Infrastructure
Remediation Servers
ADFS Cluster
Internal Workstation
Mail Cluster
Direct Access Server
End Point ProtectionSlide18
The BYOD Tool belt!Slide19
BYOD: Network Security
BYODSlide20
Internet
Intranet
Remote Employees
Remote Access Gateway
Web Server
Customers
Perimeter
X
Infrastructure Servers
Extranet Server
Business Partners
BYOD: In A Highly-Connected World
Increasingly Complex Range of Interconnected networks
Distributed data
Expanded Mobile Workforce
Business Extranets
Complex Remote Access
Secure Web Services
Secure Wireless Access
Mobile Smart Device Support
Need to Protect Endpoints & ClientsSlide21
BYOD: Securing Your Corporate Realm!
Many Features can be Secured through Group PolicyRemote Access SecurityDirect AccessNetwork Access Protection (NAP)
IPSec ConsiderationsFirewall PoliciesBranch CacheAppLockerWireless Access PoliciesAnti Virus / Anti MalwareNetwork Availability ScheduleEnsure
Auditing Controls in PlaceSlide22
Walkthrough
Direct Access…Slide23
Direct Access Slide24
Direct Access Slide25
Direct Access Slide26
Direct Access Slide27
Direct Access Slide28
Direct Access Slide29
Direct Access Slide30
Direct Access Slide31
Direct Access Slide32
Direct Access Slide33
Demo
Useful GPO Settings for BYOD ImplementationSlide34
Walkthrough
Microsoft Exchange 2010Active SyncSlide35
Active Sync Policies (Exchange Server)Slide36
Active Sync Policies (Exchange Server)Slide37
Active Sync Policies (Exchange Server)Slide38
Active Sync Policies (Exchange Server)Slide39
Active Sync Policies (Exchange Server)Slide40
Exchange Server 2010: Remote WipeSlide41
BYOD: Virtualization Solutions
BYODSlide42
Virtualization Delivered at Presentation Level
Applications Run on Servers & ClientsConnect Through Remote DesktopSupports Application Publishing through RemoteApp and RD Web Access
Supports RDP Access to Internal Network through HTTPS tunnel Supports Hardware and Media Redirection, E.g. USB Drives, Printers etc Allows for Centralized Application Deployment and Management
BYOPC Access Solutions: Remote DesktopSlide43
APP-V is Part of Microsoft’s Desktop Optimisation Pack (MDOP)
Requires a Somewhat Complex Server Infrastructure and an App-V Client Installation
Delivers Application Virtualization without Users Having to Install & Run Virtual Machines or Applications on HostIdeal Platform for BYOD Application Deployment and ManagementIncludes Ability to Run I
ncompatible Applications on Same Machine Applications Can Also be Cached of Off-Line UseCan be Combined with Remote Desktop ServicesBYOPC Access Solutions: Application VirtualizationSlide44
Enables users to use virtual machines as their main computer
Ensures Corporate Desktop is Separate from Personal DesktopNo additional client software is required to provide VDIRequires Hyper-V and leverages RDSIT Can Assign Virtual Machines to users, or Organize them in Shared Pools
Can be Combined with User State Virtualization For Increased SecurityBYOPC Access Solutions: Virtual Desktop InfrastructureSlide45
BYOPC
Access Solutions: Virtual Desktop InfrastructureSlide46
BYOPC
Access Solutions: Virtual Desktop InfrastructureSlide47
User State Virtualization
Not “True” Virtualization as other technologiesProvides Roaming of User’s Documents and SettingsUser Profiles are a Feature of Windows Server and Windows client
Leverages the Folder Redirection, Roaming Profilesand Offline Files TechnologiesCan be combined with RDS, MED-V, and App-VProvides centralized user data and settingsProvides
roaming capabilitiesSlide48
BYOD Data in the Cloud?
BYODSlide49
BYOD & The Cloud: Common Questions!
Compatibility & The Cloud!How are Cloud Providers Protecting my Privacy?Free Vs Paid Service!Why don’t Cloud Providers Encrypt my Data?
Will my Mobile Device be Supported?Where will my Data be Stored?Who has Access to my Data?Is my Data Backed Up?What can I do if my device is Stolen?Slide50
Firstly Know what Your Signing up For!
Make Sure you understand this!Slide51
Decide on Public
Vs. Private
Storage SolutionsSlide52
What About Cloud Identity Management!
Need to Implement a Strong Trust ModelDecide on Password policy controls e.g. Microsoft Online IDs (MS or SSO)
Single sign-on (SSO) Considerations with corporate credentials Required ADFS & DirsyncConsider (RBAC) Role-based administrationWhat about “Admin on behalf of” for support partnersSecure ConnectivitySlide53
Small Corp
Authenticating BYOD For Small Business in the Cloud!
Remote Employees
Firewall / VPN / ADFS Proxy
Small Business Servers 2011
Perimeter Network
IEEE 802.1X
Internal Workstation
End Point Protection
ADFS Farm
Firewall / VPNSlide54
Information Author
The Recipient
AD-RMS
Server
SQL Server
Active Directory
2
3
4
5
Author defines a set of usage rights and rules for their file; Application creates a “publishing license” and encrypts the file
Author distributes file
Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license”
Application renders file and enforces rights
Author receives a client licensor certificate the first time they
rights-protect information
1
Protecting BYOD Data in The Cloud: Enterprise – AD-RMSSlide55
AD-RMS: Recent Improvements
AD
RMS Now Supports enhanced cryptography Added with Service Pack 1 for Windows 2008 R2 and in Windows Server 2012Provides increased cryptographic strength in Advanced Mode known as "Cryptographic Mode 2' Mode 2 Operation supports, RSA 2048 bit encryption
Hashing is enhanced from using SHA-1 (128 bits) to SHA-256 (256 bits)Provides improved Regulatory Compliance for NIST 800-57All computers that host either AD RMS server or client software must be patched and updatedSlide56
Protecting BYOD Data in The Cloud: PublicSlide57
Protecting BYOD Data in The Cloud: Enterprise
CipherCloud: Virtual Appliance technology that Local Admins can use to encrypt or to mask sensitive data before it hits the cloud platform
Enterprises retain keys and have complete control over the encryption and decryption processAES based algorithm works in a way that encrypts data without fundamentally altering the data format or function Uses a tokenization feature that replaces sensitive data entered into a cloud application with anonymous dummy values
Tokenization: Masks sensitive data while ensuring that they still retain the ability to sort, search, validate and generate reports with it CipherCloud’s technology is designed to work with any cloud provider Slide58
Demo
Cloud Security SolutionsSlide59
Hardware Security
BYODSlide60
Device / Laptop Theft
Growing ProblemMassive Data Leak ProblemLaptops can be Replaced, Data cannot!Lock windows and doors before you go out
Make sure valuables or cash can't be seen from outsideKeep keys out of reach of windows and doorsClose curtains and set light timers if you go out at nightDon’t let strangers into the buildingRegister your valuables for free at http://www.immobilise.com/
Consider using a Tracking ServiceImplement a Remote Wipe of device / LaptopSlide61
Laptop Theft: “Prey”
Device Locator Services / SoftwareSlide62
Http://
mylookout.com Free!Includes anti-virus, anti-malware, anti-spyware protection and basic contact backup in the free versionRemote lock & wipe for $2.99 a Month / $29.99 a YearComplete
backup and restore of your dataWindows, Blackberry & Android Theft
Device Locator Services / SoftwareRemember!Activate the passcode that would block a stranger from just picking up the device, turning it on and accessing all your info!Slide63
http://
goo.gl/RUgmhFor iPhone 4, iPad and iPod Touch users (running IOS 4.2 or higher)Apple recently made the ‘Find My iPhone/iPad’ app freeOnce installed, you can locate, remotely lock or remotely wipe any of the devices from the MobileMe.com
websiteApple Device Theft
Device Locator Services / SoftwareTip: A workaround for iPhone 3Gs users is to activate the account on one of the qualifying devices first, then download the app to the 3Gs iPhone and use the same account to track it!Slide64
Demo
Hardware Theft Solutions!Slide65
BYOD / Phone ForensicsSlide66
BYOD: Industrial Espionage
The theft of trade secrets by the removal, copying or recording of confidential or valuable information in a company for use by a competitor. Industrial espionage is conducted for commercial purposes rather than national security purposes (espionage), and should be differentiated from competitive intelligence, which is the legal gathering of information by examining corporate publications, websites, patent filings and the like, to determine a corporation's activities. Read more:
http://www.investopedia.com/terms/i/industrial-espionage.asp#ixzz1dxUQc0E4Slide67
BYOD Forensics
Have a solid Security Policy!The Forensics DilemmaData = Local or Remote?Logs – Logs – Logs!The Virtual “Shrink Wrapped” Crime Scene!Cloud Vendors – Subpoenas
Key Escrow Systems – EFS, Bitlocker!Revoke User CertificatesAccount Lockout ProceduresSlide68
To reduce legal and liability
riskCarefully analyse existing Security PoliciesDetermine how they relate to and impact their employees' use of their personal devices for business purposes
BYOPC: Legal ReviewSlide69
Policies that may be relevant, include (without limitation):
Mobile Device Security Policies Password Policies Encryption Policies Data Classification Policies
Acceptable Usage Policies Antivirus Software Policies Wireless Access PoliciesIncident Response PoliciesRemote Working Policies Privacy Policies, and Others
BYOD: Business ReviewSlide70
Network Access Protection (NAP)
Desktop / Application VirtualizationVirtual Desktop Infrastructure (VDI)Multi Factor Authentication (Smart Cards etc)Bitlocker / EFS (Data at Rest Solution)IPSec, EPA/TLS, SSL, Certificates (Data in Transit Solutions)
Direct AccessRemote Wipe Smart device Technology (Exchange 2010)Device Locator Service (GPS)On Line / Cloud Backup ServiceAudit / Forensics Framework in Place
BYOD: Technical Review Slide71
Session Review
IntroductionPerimeter Security: Why it No Longer Works!The Proliferation of Smart DevicesBYOPC: Assessing the RiskPlanning & Designing BYOD Solutions BYOD: Virtualization Solutions
BYOD In the Cloud!Mobile Device Security SolutionsBYOD: Getting LegalSlide72
Track Resources
www.microsoft.com/twc
www.microsoft.com/security
www.microsoft.com/privacy
www.microsoft.com/reliabilitySlide73
Resources
Connect. Share. Discuss.
http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn Slide74
Complete an evaluation on CommNet and enter to win!Slide75
Thanks For Attending :-)
SIA310Andy MaloneCEO & FounderThe Cybercrime Security ForumFollow me @AndyMalone
Andrew.malone@quality-training.co.ukSlide76
Please Complete an Evaluation
Your feedback is important!
Multiple
ways to Evaluate SessionsBe eligible
to win great daily prizes and the grand prize of a $5,000 Travel Voucher!
Scan the Tag
to evaluate this
session now
on
myTechEd
MobileSlide77
©
2012 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide78