a holistic view on security
TRANSCRIPT
What is information security?
ISO 27001 Compliance Data Loss Hacking Attacks
Virus Malware Encryption Signature ITIL
Emergency Plan Disaster Recovery Availability
Cloud Computing Password Sniffer Authorization Spam
Trust SOX Mobility Common Criteria EAL4 Firewall Smartcard DMZ Risk management Manipulation
Access Key Certification Basel 2/3 BSI Standards Authentication
1
yOrange Book
What is information security?Some Facts:
Information Security is not a product and can be solvedby a product!is ho to handle ith data!is how to handle with data!protects your company and your job!
is driven through• More mobility access• Cloud computing• Stronger public sensibility
The topic “information security scandal” results 6.780.000 hits on Google
2
g
Impact of information securityInsert in new laws or added in existing laws in countries since 1998 for e.g.
US: Patriot act SOXUS: Patriot act, SOXEU : Euro SOX, Stock corporation, Basel II / IIIRegional e.g. Germany : KonTraG, BDSGg g y
Impact for companiesImpact of business revenue and margin• Business know how and advantage• Quality proof point • ISO certification required• ISO certification required• Trusted partnerDanger of company existence and business lost*Lost of image and customer intimacyEmployees and managers absolutely liable!
* German Damage of $ 28 to 71 Billions and lost of 30 000 to 70 000 jobs
3
* Germany: Damage of $ 28 to 71 Billions and lost of 30.000 to 70.000 jobs per year. (Source: Bundesamt für Verfassungsschutz (BfV))
Situations – Do you have an answer ?When PCs from your company are attacking other companies or sending spam mails?
A bot net virus infected PCs the company is demanding compensationA bot-net virus infected PCs , the company is demanding compensation for business damageAll mail addresses with your company name can be on a black list
When your employees are surfing on illegal and criminal pages b?on web?
The judiciary will indict youAll data (including your company data) can be confiscated for a long timeAll data (including your company data) can be confiscated for a long time
The fiscal authority assumes that you have not paid enough e sca au o y assu es a you a e o pa d e ougtax in recent years and wants to check – but your backup cannot be read due to a failure!
4
Can you verify what you have to pay?
The definition of information security:There are 3 existing golden rules
ConfidenceConfidential information m st be protected against na thori ed access• Confidential information must be protected against unauthorized access
Availability• Services and information are available for the user when requiredqIntegrity• Content and data are complete and not modified in any unauthorized manner
5
Experience of each sector
Rule one Rule two Rule three
ConfidenceConfidential information
AvailabilityServices and information
IntegrityContent and data are
fmust be protected against unauthorized access
are available for the user when required
complete and not modified in any unauthorized manner
6
Experience of each sector
Rule one Rule two Rule three
ConfidenceConfidential information
AvailabilityServices and information
IntegrityContent and data are
fmust be protected against unauthorized access
are available for the user when required
complete and not modified in any unauthorized manner
Security Landscapetoday
Michael Hoos
Senior Director TechnicalSenior Director Technical Sales
7
Situation
J 2007 250 000 iJanuary 2007: 250,000 virusesDecember 2010: 286 millionDecember 2010: 286 million
8
Malware authors have switched tactics
75% of malware infect less than 50 machines
From:A mass distribution – one
To:A micro distribution model
than 50 machines
A mass distribution one worm hits millions of PCs
Storm made its way onto illi f hi
A micro distribution model. Hacked web site builds a trojan for each visitor
millions of machines across the globe
Signature-based file scanning becomes less and less effective
9
Who is being attacked?
Enterprises Small Businesses End‐Users Governments
•Targeted attacks•Data breaches
•Bank accounts•Business disruption
• ID theft• Scammed for dollars
•Cyber sabotage•Cyber espionage•Data breaches
•End‐user disruption•DDOS attacks
•Business disruption • Scammed for dollars
•Removal costs
•
•Cyber espionage•Hactivism•
11
Why are we being attacked?
Mostly because of:
Steal Resources Steal Information Extortion Money Destroy
‐ Send spam
P t f DDOS
‐ Steal sensitive infoe g banking
‐Old fashion ‘con’
Sit b k d it f
‐ Hacktivism
C b b t‐ Part of a DDOS attack
e.g. banking credentials
‐ Sit back and wait for the $s to roll in
‐ Cyber sabotage
Examples:
Rustock Zeus Rogue AV Stuxnet
12
Global Intelligence NetworkIdentifies more threats + takes action faster + prevents impactIdentifies more threats + takes action faster + prevents impact
Dublin, IrelandCalgary, AlbertaReading, England
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, JapanChengdu, China
Chennai, IndiaPune, India
Alexandria, VA
In the time it takes to give this presentation, we will block more than 365,000 attacks!
Sydney, AU
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
y y,
Threat Activity• 240,000+ sensors• 200+ countries
Malcode Intelligence• 133M clients, servers,
gateways• Global coverage
Vulnerabilities• 35,000+ vulnerabilities• 11,000 vendors• 80,000+ technologies
Spam/Phishing• 5M decoy accounts• 8B+ email messages/daily• 1B+ web requests/daily
13
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Symantec SecurityIdentifies more threats, takes action faster & prevents impact
Relevant
Identifies more threats, takes action faster & prevents impact
Global ExpertiseMore researchersComprehensive data sources
Relevant
More virus samples analyzedExtensive customer support
AccurateResponseIn-depth Analysis
Signatures: AV,AS,IPS,GEB, SPAM, White listsDeepSight DatabaseIT P li i d C t l
ResponseCenters
IT Policies and Controls Rigorous False Positive Testing
Protected
Automated UpdatesFast & AccurateVariety of Distribution MethodsRelevant Information
Users
14 14
Relevant Information
14Symantec Corporate Overview
Experience of each sector
Rule one Rule two Rule three
ConfidenceConfidential information
AvailabilityServices and information
IntegrityContent and data are
fmust be protected against unauthorized access
are available for the user when required
complete and not modified in any unauthorized manner
16
Experience of each sector
Rule one Rule two Rule three
ConfidenceConfidential information
AvailabilityServices and information
IntegrityContent and data are
fmust be protected against unauthorized access
are available for the user when required
complete and not modified in any unauthorized manner
Earth break Japan How to protect
Harry S. KinoshitaGeneral ManagerGlobal Portfolio Planning Office
17
1. The Great East Japan EarthquakeThe Largest Earthquake to Hit JapanThe magnitude 9.0 quake struck Japan at14:46 on March 11 2011
Quake-stricken areas
14:46 on March 11, 2011
The TsunamiA i h i ht f 38 t d d ×A maximum wave height of 38 meters was recordedon the Pacific coastAn area of 400 km2 was flooded
★
Epicenter
Tokyo
Fukushima Daiichi Nuclear Power Plant Cooling function lost
Blackout areas(Soon after the quake)
A nuclear power emergency was declared at 19:03
Tokyo ×EpicenterTokyo
A maximum intensity of 5 was measuredPublic transportation was stoppedApproximately 120,000 individuals struggled to get home
★
Epicenter
Tokyo
18
pp y , gg g Tokyo
2.1 Disaster-Affected Area (Near the epicenter)
Collapsed buildings-> Significant data loss
Flooded Computer Room
Flooded OfficeOverturned Computers
Damaged computer rooms-> Local backup data was moved
Evacuation areas
pby the water ×
××
×Nuclear power plants
Epicenterof the quake
Exclusion zone around the l l t ★
×Nuclear power plants●Evacuation area● Need to stay indoors
19
nuclear power plant-> Data could not be removed
★
Tokyo
Ab l h t d ith t UPS i t ll ti2.2 Disaster-Affected Areas (Tokyo)
Abnormal shut down without UPS installation-> Disks were damaged, data was lost
Execution of reboot-> Recovery processes had been prepared beforehand, but did not work
as planned/describedas planned/described-> Lengthy recovery period
Air conditioning stoppedAir-conditioning stopped-> The temperature in computer
rooms rose> Permitted temperature for servers-> Permitted temperature for servers
exceeded
Affects on commuting-> Trains and subways were forced
to stop operatingQ f th 1 000 l
20
-> People had to work from home Queue of more than 1,000 people at a station in Tokyo
3.1 Fujitsu’s Data Center
Suitable Location for a Data Center
70 km from Tokyo-> Not affected by a Tokyo inland earthquake-> There is no active fault line in the area
5 km from the Tone neighborhood river (no serious flooding in the past)Data Center g ( g p )-> 1st floor (ground floor) is 3.7 m high and built based on the Prefecture’s hazard maps
Q k P fQuake-absorbing structure, earthquake resistant double flooring
> No problems with providing services even during the Great East JapanQuake-Proof Infrastructure
-> No problems with providing services - even during the Great East Japan Earthquake (maximum intensity of 5 in Tatebayashi city)-> Designed to withstand a magnitude 7 earthquake.
Guaranteed heavy oil supplyPrivate Electric
Generator
Guaranteed heavy oil supply-> The data center can operate for 72 hours using a private electric
generator.Priority contract with three oil companies around Tatebayashi city
> This will enable the center to keep operating during blackouts
Location of Tatebayashi Datacenter
-> This will enable the center to keep operating during blackouts
★ ★ Tatebayashi
×Epicenter
21
★★
★ Tokyo★ Tatebayashi
Buildup rubber shoe
Resilience skidding shoe
3.2 Fujitsu’s Disaster Recovery
PrimaryPrimaryPrimaryPrimaryThe First Fujitsu-Dedicated IDC (Toyama)
(1) Design, Development Work(1) Design, Development Work
System design
SecondarySecondaryIDC (Toyama)
NASNAS Data BackupSystem design
◆A d i T k i l d th k
System design site A
Data LibraryData Library 96 TB
System design site B
◆Assumed scenario: Tokyo inland earthquake◆RTO: 3 days◆Business data: Difference backup transfer during the night◆Offices: Secured alternatives
The Second Fujitsu-Dedicated IDC (Tochigi)Backup business data
◆Offices: Secured alternatives for employees from affected areas◆Network: duplicated
(2) HR, General Business, CRM, Booking/Ordering(2) HR, General Business, CRM, Booking/OrderingInternal
Employeesnetwork ◆Fujitsu group’s internal systems, CRM, order booking
and ordering systems◆Mission-critical servers (approx.1,000) installed in the Fujitsu-dedicated IDC with all data backed up at the
22
j psecondary Fujitsu-dedicated IDC◆Disaster-ready through network monitoring and 24x7 backup
4.1 Customer SitesA: Financial Services CustomerFujitsu helped to remove cash from Fujitsu ATMs which had drifted as a result of the tsunami. > Securing the customer’s assets-> Securing the customer s assets.
B: Telecom CustomerFujitsu helped to restore cellular phoneFujitsu helped to restore cellular phonebase stations in the disaster affected area.-> Securing a communication network foremergency use by citizens.
C: Other CustomersFujitsu helped to disassemble, rinse out and recover the HDDs of PCs and
Damaged ATM
servers.-> Recovery and security of confidential customer data.
D: Pharmaceutical CustomerD: Pharmaceutical CustomerFujitsu helped to develop a backup system by installing new servers. This was installed in western Japan and connected with servers in the disaster-affected area. (In western Japan, electricity is provided by a utility in that
23
a ected a ea ( este Japa , e ect c ty s p o ded by a ut ty t atarea.)-> To introduce a more robust backup system by securing electricity supply.
Cl d B d Di t Vi ti A t S t4.3 Fujitsu’s Social Contribution - Cloud Services
Cloud-Based Disaster Victim Assessment SystemDistributed to 70 organizations by Collaborating with NGOs
Problem: Relief supplies are not sent to the right locations. Solution: An IT system is needed to coordinate deliveries.
Needs-Collection methods- Info. ManagementPrediction of changes
Marching- Info. Sharing- Collection of contact points
Delivery- Results
- Delivery methods
Mechanism, System
Collection of information in evacuation centers
- Prediction of changes contact points- Availability of goods
Benefits of a Cloud-based system
Organizational activities
Benefits of a Cloud based systemQuick launch: the system was launched two weeks after the quakeLarge volume of data: the system handled large volumes of data which could not be managed using spreadsheets etc
24
which could not be managed using spreadsheets, etc.Response to the changing situation: new functions were added as required, based on the changing situation.Matching support needs with
available resources
5. Lessons LearntDisaster Recovery Centers in Two Different Locations- It is most important to prepare steady recovery discipline to cope with overwhelming disaster like this timeoverwhelming disaster like this time.Business Continuity Plan (BCP)- Many customers in Japan are reviewing their BCP following the disaster.- ICT/ facilities: data backup, restore and contingency measures for power outages are significant factors.- People: disaster drills are needed to ensure that plans work correctly.
C i ti bilit i f t t h ld b t f th l- Communication: mobility infrastructure should be part of the plan.Data Backup in Remote Areas- Data back up in cloud helped accelerate quick system recoveryData back up in cloud helped accelerate quick system recovery Confirmation of Employee Safety- Confirmation of employee safety is a priority for many companies.
25
Experience of each sector
Rule one Rule two Rule three
ConfidenceConfidential information
AvailabilityServices and information
IntegrityContent and data are
fmust be protected against unauthorized access
are available for the user when required
complete and not modified in any unauthorized manner
27
Experience of each sector
Rule one Rule two Rule three
ConfidenceConfidential information
AvailabilityServices and information
IntegrityContent and data are
fmust be protected against unauthorized access
are available for the user when required
complete and not modified in any unauthorized manner
ETERNUSData Safe
Hermann BrummerSeniorSenior Product Marketing
28
ETERNUS DX
Comprehensive family of disk storage systemsComprehensive family of disk storage systemsRanging from affordable entry-level up to large data center machines
Mature in developmentMature in development 40 years history in the Japanese market No. 2 in the Japanese marketNo. 1 in quality (Nikkei Magazine survey)
29
ETERNUS DX – the alternative in leading disk systems
ETERNUS DX – key strengths
Datasecurity
Performancearchitecture
Seamlessproductfamily securityfamily
Mainframeclassquality
Long-termproductstrategy
Flexiblearchitecture
30
quality strategy
ETERNUS DX prevents data corruption
ReadWriteThe challenge: data corruptionThe bigger the amount of data, the greater the
b bilit f d t ti Add D l tprobability of data corruptionMore failures in write or read operations can happen
CCAddCheck Code
CCDeleteCheck Code
How ETERNUS DX prevents data corruption
Storage Controller
Cache ECC Protected
A check code is added before data is written to caches or disksThe system can thus constantly verify that data CC
VerifyCheck Code
CCVerifyCheck Code
remains unchanged (Data Block Guard)The check code is removed before data leaves the system in read operations Disk Drive
Code Code
y p Disk Drive
Stored Data
31
CCA0 A1 A2CC CC
Summaryf SInformation Security helps to protect companies againstConflicts with law, damages as well as lost business, know-how, image and moneyand money
There are 3 existing golden rulesConfidence• Confidential information must be protected against unauthorized access Availability
S i d i f ti il bl f th h i d• Services and information are available for the user when requiredIntegrity• Content and data are complete and not modified in any unauthorized mannerp y
Fujitsu Delivers IT infrastructure with integrated securityHelps to identify and implement safeguardsH l t h t d d d tifi ti
33
Helps to reach standards and certifications