Category: Uncategorized

With the world economy in a state of turmoil, markets correcting themselves and employers reducing staff, the pull of illicit insider activity is stronger than ever. It may begin with the “dead wood,” but inevitably some companies are going to have to lay off talented IT and information security professionals. Illegal activities that once seemed unpalatable to out-of-work technologists may seem better than starving: Just as liquor store break-ins and gas n’ go crimes will increase, so will more sophisticated crimes, such as data theft and social engineering. While it may seem hard to imagine, criminal actions are often committed by former employees who rationalize the activity because they’re upset about losing their jobs.

The challenge for identity and access management professionals will be securing data from former employees who know the system from the inside out.

Defense strategies: Proactive IAM processes Locks keep honest people honest, or, in the case of identity and access management, account terminations keep honest people honest. Identity management and information security professionals will need to scrutinize their account-termination processes like never before, because leaving an unauthorized or former employee’s account active and enabling access to sensitive or valuable data could be catastrophic.

IAM and budget cuts: Using frameworks and documentation Another challenge in 2009 will be funding. Budget promises made in 2008 are sure to be forgotten as many companies adjust to the new economic reality. This will initiate an ongoing process that can be refined in the future, perhaps with more sophisticated technology, when finances are better. Personnel reductions may still be mandated, but data can help you make those hard decisions in an unbiased way and set management expectations from the start about the consequences of staff reduction.

Important statistics to keep may include how many accounts are under management, turnaround time for account creation and removal, reporting demands from various departments, and objects under management such as mainframe profiles and Active Directory groups.

Conclusion: In such a troubled economy, external threats will increase as well. It’s still essential to be on guard by making sure the controls for external risk mitigation are assessed as well. It’s clear that 2009 will be drastically different from 2008.

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1344839_mem1,00.html?mo=1&Offer=SEsswn09IAM119

Following the survey, Clavister has called into question current IT security products and policies and asks what companies can do to address flaws that are integral to us all as human beings.

“The purpose of a security policy is rather simple – to keep malicious users out of a network while monitoring potential risky users within an organization.” Rather than write this off as an issue too broad to address, Clavister has developed a set of six recommendations for companies to consider.

1. Design the policy so that it’s easy to read and understand
2. Educate the users about the policy
3. Enforce consequences
4. Make it easy to do the right thing
5. Dictate a hierarchy of access permissions
6. Monitor & improve

http://www.continuitycentral.com/news04297.html

Speed is vital, so the time may be right to assemble a forensic SWAT team trained to locate high-risk threats, armed with the latest investigative software, and empowered to work directly with legal counsel to report breaches in accordance with policy.

Acquiring evidence in a forensically sound manner isn’t difficult with the proper tools and training, but policies and procedures must be put in place that ensure the repeatability, accuracy, completeness, and verifiability of evidence as proscribed by the Federal Rules of Evidence. In addition to clearly written policies, there must be a forensic methodology that’s followed for acquiring, handling, and analyzing evidence.

AccessData, Guidance Software, and Mandiant are at the forefront of producing enterprise versions of robust, collaborative incident-response and forensic tools. Both AccessData’s and Guidance Software’s suites allow for remote access to computers so investigators can retrieve details from running systems. Mandiant’s Intelligent Response has comparable capabilities but is more focused on incident response. Agile’s F-Response product allows investigators to mount Windows hard drives and physical memory remotely and in a read-only manner so they can perform forensically sound “live” analysis of running Windows systems. The remote systems’ hard drives and physical memory appear as normal attached drives to the investigator’s system, allowing IT to use any forensic product for analysis.

Every enterprise forensic tool has added memory imaging capabilities in the past 12 to 18 months, with varying capabilities for in-depth analysis of acquired images.

The Volatility Framework is an open source tool leading the way with its ability to list running processes, open network ports, and files opened and DLLs loaded by each process; it can also extract executables from memory for further analysis.

http://www.informationweek.com/news/security/management/showArticle.jhtml;jsessionid=BRQVSY1YF4EB4QSNDLPCKH0CJUNN2JVN?articleID=211600249

The Verizon report is a collective analysis of some 530 forensic investigations of data breaches that the company has done in large enterprises. It breaks down the causes of the breaches by industry and draws conclusions about the most common types of attacks committed in each.

In financial services, for example, Verizon investigated many sophisticated attacks involving cooperation of insiders and organized outsiders, as well as social engineering. In the food and beverage industry, on the other hand, the attacks were much less sophisticated, and the likelihood of internal attacks was only about 4 percent, while the likelihood of external and partner attacks was 70 percent to 80 percent. “In food and beverage, though, we saw a lot more repeatable, data-compromise-in-a-box sort of attacks — sort of the way…” Verizon found similar differences in the sophistication and approaches used to attack data in other industries, including retail and high technology.

Retail, for example, reported the highest number of breach incidents, but a relatively low level of attack sophistication.

What these results might mean, Sartin says, is that employing a generic risk calculation, such as the likelihood of insider threats, may be a mistake unless industry-specific factors are accounted for.

http://www.darkreading.com/document.asp?doc_id=165107&WT.svl=news2_3

With the Computer Security Institute reporting that 46 percent of computer security professionals have had security incidents in the past year, 26 percent of which have had more than 10, you begin to see the magnitude of the problem.

Sixty-five percent of this cost is the direct result of lost business, including customer termination—a rate that is increasing by 30 percent a year.

All this amounts to an unpleasant picture, one where current practices in breach response are falling short in keeping your customers, and therefore revenue, within your company.

Legal obligation vs. Customer satisfaction Recent research by the Ponemon Institute, the Consumers’ Report Card on Data Breach Notification, has provided some of the most useful information to date to help organizations determine the most effective techniques to minimize the impact of a breach and to retain customers. Large delays in notification signal to your customers that you are hiding something and/or they are not important to you, despite some realities that it takes time to assess the impact of a breach. Although it may not be possible to notify customers within a week, or even several weeks following a breach, your goal should be to notify them as soon as possible, with what reasonable information you can divulge at that time.

Do they have to close their credit card accounts? Many respondents in the Ponemon study found communications to be unbelievable or misleading, failing to reduce their fears about potential harms they faced because of a breach. Although you are the barer of bad news, you also have the opportunity to be the barer of solutions. Lay out for your customers the “next steps” they can or need to take after they are notified. Include information, phone numbers and Web sites on freezing credit files, getting free credit reports and other tips customers might want to know and follow.

At little or no cost to your organization, acting as an educator will not only help your customers recover from the incident, but maintain your organization as a trusted source.

Offering identity protection services has proven to have a positive effect on customer retention, and in many cases, offering such services is more affordable than new customer acquisition strategies. Individuals who receive free or subsidized services, such as credit monitoring, identity theft insurance or identity recovery services, feel less concerned and worried about the breach after it happens.

http://www.csoonline.com/article/451785/How_to_Minimize_the_Impact_of_a_Data_Breach?source=nlt_csoupdate

All storage, structured or unstructured, requires security of some kind, even if it’s simply flipping an on/off switch or pulling the USB plug on a direct-attached external disk. Database storage security, the subject of this article, can be slightly more complicated than that.

I talked recently with Ted Julian, vice president of consultancy Application Security, about the often-thorny security issues surrounding structured content in databases. Julian drew up a detailed look, in several steps, at what he sees as important in database security, starting with data discovery and moving all the way through how to implement intrusion detection.

First of all, you need to know exactly what you are securing. “This is perhaps one of the easiest, yet most critical, steps in getting started in protecting your data—knowing where it is,” Julian said. “The point being that, if you are looking to shore up protection against attacks on your data, if you aren’t sure where that data resides, chances are that it’s not currently protected. Once you can establish where your databases are residing within your environment, you can get started on assessing your overall environment and taking an inventory of your data assets.”

Julian said database administrators need to inventory all databases, identify the vulnerabilities that are present and create a baseline of current security assets for ongoing comparison. The ability to track and monitor progress is an important component of most compliance initiatives. This process will help organizations identify common flaws, including unpatched systems, weak or default passwords, excessive privileges and a lack of system monitoring. The task can be streamlined by utilizing technological solutions to assist with discovery, to establish a security posture baseline and to generate fix scripts to speed along remediation. A complete database security solution will also include policies to monitor for threats and vulnerabilities in real time, Julian said.

DBAs need to prioritize their most pressing issues up front. “Comprehensive database security efforts are based on vulnerability and threat data, including vulnerability severity and the criticality of the database information,” Julian said. “Once priorities are documented, an organization should to enact a formal security plan, report on progress and demonstrate ongoing improvement.”

In order to mitigate risk and improve the database security posture, the next step in shoring up security at the database level is to fix or remediate known vulnerabilities. Software patches and known workarounds should be applied. “Not all vulnerabilities can be eliminated or patched immediately.

Customized policies and real-time alerting on suspicious activities allows an organization to proactively respond to threats,” Julian said. According to Julian, Application Security’s Database Security Lifecycle methodology allows enterprises to extend layered defenses to the repositories of their most critical and confidential information and as a result significantly minimize security risk.

These steps are an important component of any compliance effort; they enable organizations to respond promptly and provide informed remediation and notification when necessary, he said.

Here are some basic database security steps enterprises can take that will improve their database security postures in just one day. Every database Oracle has ever shipped has come with a set of default accounts and passwords. These user names and passwords are well known and documented. “Default passwords are problematic, because they leave the front door to your database wide open,” Julian said. There are currently over 600 known default user name and password combinations and probably a dozen free tools to scan for them, Julian said. By the way, Oracle11g includes a built-in DBA view to list default passwords (DBA_USERS_WITH_DEFPWD). One of the most common attack vectors to this day is access via passwords that can be easily guessed. Passwords should be eight or more characters in length; 14 characters or longer is ideal. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an eight-character password that uses characters from the entire keyboard.

A crucial element of securing the database is to ensure that patches are implemented in a timely manner and known vulnerabilities are monitored in real time. Automate security tasks as a regular part of database maintenance. So much of security relies on regular assessments and validation; the day-to-day work can quickly decline into tedium and get overlooked. Utilizing software that provides regular security updates for patches, new threats and known vulnerabilities is essential to protecting the database and containing risk.

Protecting data at its source, the database, is essential to preventing breaches and data loss. Even with traditional perimeter security measures in place, the best way to defend against data harvesting (where attackers remove or damage large amounts of data) is to rely on a layered defense model that necessarily includes the database.

http://www.eweek.com/c/a/Data-Storage/Keys-to-Locking-Down-Storage-Security-on-a-Database/?kc=rss