- Passwords
- All passwords should be minimum of 12-characters. It must contains Uppercase, lowercase, symbols and numbers. Increases entropy a lot
Force password changes every 90 days.No longer considered best practise. Old passwords cannot be re-used.- Enforce password changes on the handheld devices
- Two-factor authentication should be enabled
- IoS and Android - we use Outlook App - every 14 days, it will ask you login in again and ask for second factor authentication. It is very user friendly. (alternative is using the Native App - need to setup an app password (1-use password)
- Application on the laptop - native support to get two factor authentication
- Office 365 gives you different options: a) call you, b) send a text with a code or c) configure an app called Azure authenticator (notification of the app - approve/deny)
- Anti-virus
- Signature based anti-virus are slowly dying. Looks for files with known malware. Nowadays, it is easy to bypass that.
- Tools should look at how an executable behaves or a file behaves e.g. Sentinel One. It is not full on AI. It does behavioural analysis - anti-virus, malware, trojan and remote access tools.
- Encrypt all devices
- Bitlocker - comes free on Windows Professional. Checks that the boot environment is ok and if its weird, it will ask for a password. Otherwise, it will ask for a password on logon every time. Two different options.
- Enforced policy for devices - you can get some basic stuff done with ActiveSync with Office 365.
- Enforce encryption of the mobile phone itself - most modern devices will have encryption ON by default. But check this. Configured with ActiveSync, you can get it to check if the devices are encrypted or not before giving them access to emails. If the device is not encrypted, it won't even let you setup the email.
- Phishing - email filters
- Websense email scanning product. Don't know how well it integrated
- Very difficult to figure out what is a spear phishing attack and what's not
- Phishing - training
- DMARC - domain spoofing
- Cloud Access Security Broker (CASB) - can give you visibility and control around logs. This are many classes of products (different type of CASB solutions). Recently trialling one called Sky High Networks. Can't speak around how good it is.
ITC - security event management
- Attempted penetration of networks
- Privilege escalation
- Attacks on the outside
- Get logs from all the devices - firewalls, routers, intrusion detection systems.
- Feed into a correlation system
- Use cases
- Person walks into the building, person is also doing a VPN - this doesn't make sense
- Managed security
- DDOS attacks are quite hard to stop
- We look at both the external and the internal. Lots of companies are focused on the external.
- Social engineering (e.g. managing to get access to your site, gain credentials from the users e.g. can you reset my credentials for me?), plugging a physical device into someone's network, spear phising
- We focus on specific applications and servers that are key to an organization.
- We don't work a lot with end points.
- Firewalls, IPS devices, Network Access Control
We started looking at three SD-WAN - Cisco, Meraki, SteelConnect by RiverBed.
- Cisco is hard-core, technical
- Meraki is plug and play
- SteelConnect - aiming towards Cisco solution
SD-WAN benefits
- Performance based routing. If you have a primary and secondary link into an office, it will switch the traffic to another route.
- Easy deployment of new sites using MPLS or the Internet
- Connectivity between sites (Multi-point DMVPN)
- Our CTO (Kev Whelan) deployed something like 10-15 years ago. Manually configured.
- MPLS is a primary connection, Internet is a secondary connection.
Rafe - 07850308244