STAFF SYMPOSIUM SERIES · 2016. 4. 13. · STAFF SYMPOSIUM - IT TRACK STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK FACILITATORS 4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 1

STAFF SYMPOSIUM - IT TRACK

STAFF SYMPOSIUM SERIESINFORMATION TECHNOLOGY TRACK FACILITATORS

4/14/2016 SESSION 4 - ENDPOINT MANAGEMENT 1

Carl Brooks System Manager - Detroit, MIChapter 13 Standing Trustee – Tammy L. Terry

William Drake System Manager – Ruskin, FLChapter 13 Standing Trustee – Kelly Remick

Scot Turner System Manager – Las Vegas, NVChapter 13 Standing Trustee – Rick Yarnall

Tom O’Hern Program Manager, ICF International, Baltimore, MDSTACS - Standing Trustee Alliance for Computer Security


Information Systems Managers

Endpoint Management

Carl W. BrooksManager of Information Systems

Regional Staff Symposium - IT TrackApril 14and 15, 2016

Atlanta, GA


4/14/2016 SESSION 4 – ENDPOINT MANAGEMENT 3





ENIAC was designed and built for the United States Army to calculate artillery firing tables. However, it was ENIAC’s power and general-purpose programmability that excited the public’s imagination. When it was announced in 1946, ENIAC was referred to in the media as a “giant brain.”

ENIAC weighed 30 tons and covered an area of about 1,800 square feet. In contrast, a current smartphone weighs a few ounces and is small enough to slip into a pocket.



Internet-capable, TCP/IP network-capable Hardware

Endpoint Devices

Tablets Thin clientsVirtual Machines

ServerDesktop Laptops Smart phones




Endpoint Security

In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats.


webopedia.com


Endpoint Management

Asset Control

Security

Software Updates

Document

Communicate

Redundancy

4/29/2015 SESSION 3 - SYSTEM MANAGEMENT 9


Asset Control

Eliminate “ghost” assets

Conduct physical asset inventories

Tag assets appropriately

Use the right labels for the job

Select the right asset inventory software



Inventory Software

Snipe-IT◦ www.snipeitapp.com

PDQ Inventory◦ www.adminarsenal.com

Open AudIT◦ www.open-audit.org

Spiceworks◦ www.spiceworks.com



Asset Disposal

Repurpose or Dispose

Wipe Data

Removing Tags

Removing from Inventory

Removing from Premises◦ Charity Organization

◦ Recycle

◦ Destroy \ Shred

◦ Buy Back


STAFF SYMPOSIUM IT TRACK

• Physical Security

• Patch management

• Anti-virus, SPAM,

Malware

• Browser Plugins

• Window/Desktop

firewall

• Risk/vulnerability

assessment

• Security policy

management

• Endpoint Loss and

Recovery

Endpoint Security





Support Strategies

Trustee and staff ◦ In Office

◦At Court

◦At Home

◦On the Road

3rd Party Support\vendors

Debtors\Trainees

Visitors and Auditors




Strategies for supporting auditors and visitors ◦ Access to network for Internet, printing,

Case data

◦ File transfer electronic files

◦ Credentialed access to network computer, case management software, ECF/PACER, Wi-Fi/Internet



Using Computers (Dos and the Don’ts)

Personal device uses

Access to email

USB charging, connections to Trustee Equipment

Access to Wi-Fi, LAN, VPN, Internet

Two-Factor authentication

Security Considerations


The Weakest Link: People

A leakage can be avoided if the person involved can have better knowledge in data protection.

Users are recommended to develop information security mindset, build and reinforce good practice through regular updates of information security awareness.



Computer/Data Usage: Risk

Loss of data

Compromise security policies

Misuse of data



Computer/Data Usage: Dos

Be accountable for IT assets and data

Adhere to Policy on Use of IT Resources

Use good judgment to protect data

Protect your laptop during trip

Ensure sensitive information is not visible to others

Protect your user ID and password


http://wikisites.cityu.edu.hk/sites/upolicies/itpolicy/Wiki Pages/Home.aspx


Computer/Data Usage: Don’ts

Don’t store sensitive information in portable device without strong encryption

Don’t leave your computer / sensitive documents unlocked

Don’t discuss something sensitive in public place. People around you may be listening to your conversation



Surfing the Web: Risk

Virus

Worms

Trojan

Spyware

Malware

Ramsonware

Remote Control

Fake “Official Looking” Popups




Surfing the Web: Dos

Validate the website you are accessing

Install personal Firewall

Be cautious if you are asked for personal information

Use encryption to protect sensitive data transmitted over public networks and the Internet

Install anti-virus, perform scheduled virus scanning and keep virus signature up-to-date

Apply security patching timely

Backup your system and data, and store it securely



Surfing the Web: Don’ts

Don't download data from doubtful sources

Don't visit untrustworthy sites out of curiosity, or access the URLs provided in those websites

Don't use illegal software and programs

Don't download programs without permission of the copyright owner or licensee (e.g. Torrent software)





Email: Dos

Do scan all email attachments for viruses before opening them

Use email filtering software

Only give your email address to people you know

Use PGP or digital certificate to encrypt emails which contain confidential information; staff can use confidential email

Use digital signature to send emails for proving who you are

http://www.cityu.edu.hk/csc/deptweb/support/faq/email/rms/index.htm



Email: Don’ts

Don't open email attachments from unknown sources

Don't send mail bomb, forward or reply to junk email or hoax messages

Don’t click on links embedded in spam mails

Don’t click on links in mails when not expecting a link from known parties

Don’t buy things or login from links


Training your Users


https://securityiq.infosecinstitute.com


Phishing your Users



Phishing your Users



Phishing your Users



Phishing your Users



Phishing your Users



Phishing your Users



Phishing your Users



Phishing your Users



Phishing your Users



What are the Threats?

Plain Old Deception: Phishing

Brute-Force: Password Guessing

Web Browser Vulnerabilities

USB Drive Attack Vector

Outdated Software\Drivers

Outdated Firmware



How to Secure Endpoints

BIOS or Pins at bootup

Encryption – Disk, Device, Data

Disclaimers, Right to Use, Login consent to use/monitoring/no rights

Patch the system regularly

Install security software (e.g. web filtering, anti-Virus, anti-Spam, anti-Spyware, personal firewall etc.)

Beware of P2P software



Hardest to Destroy Well Known Infections

Firmware-based Malware

Persistent Malware

Ransomware

Rootkit Malware

Storm Worm

Leap-A/Oompa-A

Sasser and Netsky

MyDoom

I LOVE YOU

Nimda

Code Red and Code Red II

The Klez Virus

Melissa

Endpoint Security: Malware Protection



Malware Solutions

Kaspersky Endpoint Security for Biz

http://usa.kaspersky.com

Malwarebytes for Business

www.malwarebytes.org/business

Symantec Endpoint Protection

www.symantec.com

Fortinet Endpoint Protection

www.fortinet.com


http://usa.kaspersky.com/

http://www.malwarebytes.org/business

http://www.symantec.com/

http://www.fortinet.com/



Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume.


Disk Encryption

Device deployment

Product management

Compatibility

Authentication service integration

Key recovery

Brute force mitigation

Cryptography



Disk Encryption

Symantec Endpoint Encryption

Check Point Full Disk Encryption

Dell Data Protection Encryption

McAfee Complete Data Protection

Sophos SafeGuard

DiskCryptor

Apple FileVault 2

Microsoft BitLocker




Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management.

Kevin Mitnick



If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch you might be leaving the door open for malware to come in. Malware exploits flaws in a system in order to do its work.


Patch Management

Operating System Patches

Office Software

Browsers (I.E., Chrome, Firefox, etc.)

3rd Party Software◦ Adobe Acrobat (PDF)

◦ Adobe Flash

◦ Oracle Java



Patch Management

Know your network

Scan and assess

Reply on a single source for patches

Have an “undo button” for patches

Support a good user and administratorexperience

Stay organized

Right-size




Patch Management

GFI LanGuardwww.gfi.com

Shavlik Patchwww.shavlik.com

Solarwinds Patchwww.solarwinds.com

ManageEnginewww.manageengine.com

http://www.gfi.com/

http://www.shavlik.com/

http://www.solarwinds.com/

http://www.manageengine.com/



A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems

Risk Assessment



The Microsoft Baseline Security Analyzer

OpenVas.org (Linux)

Tripwire SecureCheqwww.tripwire.com

Retina CS Communitywww.beyondtrust.com

NexPosewww.rapid7.com

Risk Assessment

http://www.tripwire.com/

http://www.beyondtrust.com/

http://www.rapid7.com/



Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management.


Network Monitoring

Network Mapping

Device Health Monitoring

Network Traffic Analysis

Flexible Alerting

Wireless Network Monitoring

Automatic Device Discovery

Reporting



Network Monitoring

PRTG

SolarWinds® NPM

Nagios Core

Wireshark

Cacti

ntopng

Zabbix

NMAP



Endpoint Solution Types

Standalone Clients vs Centralized Console

Internal Product vs External Cloud Product

Server Based vs Appliance Based



Backup Strategies

Data on endpoints

OS/firmware

Settings and configuration




Policy and Procedures (Where and How?)

• Trustee Smartphone, Tablet, Laptop

• Court tablets and laptops

Backup Strategies



• Local sync vs Cloud Sync • To use or not to use:

• iCloud, • iTunes, • One Drive• Google Drive• Dropbox

Backup Strategies



Backup Strategies and Products• Deep Freeze – Tool to

reset back to default state after reboot

• Macrium Reflect (freeware) – system imaging

• Acronis (freeware) –system imaging



Faronics Deep Freeze


Macrium Reflect Free

Disk cloning and imaging solution for free.

Backup to local, network and USB drives as well as burning to all DVD formats.

This version is for non-commercial home use.





• Find my iPhone (Apple)

• Android Device manager -Google Play (Android)

• MaaS360 by IBM

• Lo-jack for laptops (Windows)

Lost Recovery Resources









MaaS360 by IBM


http://www.spiceworks.com/free-mobile-device-management-mdm-software



• Intrusive vs non-intrusive remote access• Cloud/Agent based remote access (maybe

bad)• Backdoor into network • Excessive access through agent features

and capabilities• Access control of remote vendor (enable,

disable, terminate)• Who has access? (Local IT person, Cloud

vendor, Case Management Vendor)• Using two factor authentication

Remote Management Issues


Remote Management



Remote Management



Remote Management



Hardware Vitals◦ Brand

◦ Model

◦ Serial #

◦ Warranty

◦ Asset Tags

◦ Maintenance Terms

◦ Location

◦ Assigned User

Important IT Contact Information

Software◦ Keys

◦ Maintenance Terms

◦ Device Installed On

Passwords for sites, hardware, etc.

Device Settings

Disaster Plan

Policies

Procedures

Training Material

Document IT Essentials



Provide Policies and Procedures

Announce Policies and Procedures Changes

Announce Training Objectives\Results

Provide Encrypted IT Essentials and Password to Trustee

Quick Report of Problems\Resolutions

Update Cycles\Reboot

Inventory Changes

Communicate Important Item



Multiple Backup Methods

Multiple Security Points (Firewall, network, devices)

Multiple IT Reporting\monitoring

Documents: Hardcopy & Digital

Live Training, Webinar, Email Tips

Guard against inbound & outbound threats

Two Factor / Multiple Password for access

IT Redundancy





Remote Control

File Transfer

Help Desk Chat

Computer Settings Environment Variables

Virtual Memory

User Account Control

Time

Automatic Logon

Shared Resources

Automatic Priorities

Computer Management File Manager

User Manager

Event Viewer

Services

Processes

Drivers

Registry Editor

Command Prompt

Reboot

Monitor Host Screen

Update GPO

Dell Expert Assist (Desktop Authority)



Server Functions FTP Configuration

FTP Status

FTP Statistics

Port Forwarding Config

Port Forwarding Status

Active Directory

Scheduling & Alerts System Monitoring

Email Alerts

Task Scheduler

Scripts

Performance Monitoring CPU Load

Memory Load

Disk Space

Drive & Partition Info

Open TCP/IP Ports

Network

PCI Information

Open Files

Registry Keys In Use

DLLs In Use

EA Connections

Telnet Connections

Installed Applications

Dell ExpertAssist



Security◦ Access Control

◦ IP Address Lockout

◦ IP Filtering

◦ EA Logs

◦ User Management Log

◦ SSL Setup

◦ Windows Password

Preferences◦ Appearance

◦ Network

◦ Colors

◦ Log Settings

◦ ODBC messages

◦ Remote Control

◦ Telnet Server

Dell ExpertAssist



Spiceworks

Desktop Authority

Malwarebytes for Business

Symantec Endpoint Protect

Barracuda Web Filter 310

Barracuda - Spam & Virus Firewall 300

Some of the Security Tools I use
