Learn to Fish

Transkript

Learn to Fish

Tivoli BT Güvenlik Mimarisi
ve
Yasal Uyumluluk Çözümleri
Çağlar Uluğbay
Ürün Yöneticisi - Tivoli
[email protected]
Yazılım Zirvesi ‘08
Kurumların Karşılaştıkları BT Güvenlik Sorunları
 Kimlik hırsızlığı / değerli veri sızmaları
–
–
–
–
çalınan/kaybolan laptoplar, yedek kartuşları, vb.
– Her 5 kurumdan 4’ü içinde kritik bilgi
bulundarn en az 1 laptop kaybetmiş
bulunmaktadır*
şifreleme eksikliği
uygulama erişim denetiminde yetersizlik
“phishing”
 Yasal uyumluluk
–
–
–
–
PCI
SOX
ISO
COBIT
 Son kullanıcı web uygulamaları için
“Web SSO”
 İç kullanıcılar için “Enterprise SSO”
 Maliyetlerin azaltılması
* Kaynak: “Confidential Data at Risk, Ponemon Institute”
2
Hungry For Change - Değişim Açlığı
SOX
HIPAA
GLBA
SEC
Basel II
USA
Patriot Act
SB 1386
PCI / CISP
Manage Change
X
X
X
X
X
Ensure System Security
X
X
X
X
X
Manage Configuration
X
X
X
X
X
Manage Problems &
Incidents
X
X
X
X
X
Manage Data
X
X
X
X
X
Manage Operations
X
X
X
X
X
Manage 3rd Party Services
X
X
X
X
Acquire or Develop
Application Software
X
X
Acquire Technology
Infrastructure
X
X
Develop & Maintain
policies & procedures
X
X
Install & Test Application
SW and Infrastructure
X
Define & Manage Service
Levels
X
Customer data validation &
3 privacy protection
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Güvenlik eksiklikleri = Finansal kayıplar
4
Şubat 2005 – Eylül 2007 dönemine ait güvenlik ihlalleri
Feb. 15, 2005 ChoicePoint Bogus accounts established by ID thieves 145,000Feb. 25 , 2005 Bank of America Lost backup tape1,200,000Feb. 25, 2005 PayMaxxExposed online 25,000March 8, 2005
DSW/Retail VenturesHacking100,000March 10, 2005 LexisNexis Passwords compromised 32,000March 11, 2005 Univ. of CA, Berkeley Stolen laptop 98,400March 11, 2005 Boston College
Hacking120,000March 12, 2005 NV Dept. of Motor Vehicle Stolen computer 8,900March 20, 2005 Northwestern Univ.Hacking21,000March 20, 2005 Univ. of NV., Las Vegas Hacking5,000March 22, 2005
Calif. State Univ., Chico Hacking59,000March 23, 2005 Univ. of CA, San FranciscoHacking7,000March 28, 2005 Univ. of Chicago Hospital Dishonest insider unknown April ?, 2005 Georgia DMV Dishonest
insider 465,000April 5, 2005 MCI Stolen laptop16,500April 8, 2005 Eastern NationalHacker15,000April 8, 2005San Jose Med. Group Stolen computer 185,000April 11, 2005 Tufts University
Hacking106,000April 12, 2005 LexisNexis Passwords compromised Additional 280,000April 14, 2005 Polo Ralph Lauren/HSBCHacking180,000April 14, 2005 Calif. Fastrack Dishonest Insider4,500April 15,
2005 CA Dept. of Health Services Stolen laptop 21,600April 18, 2005 DSW/ Retail Ventures Hacking Additional 1,300,000 April 20, 2005 AmeritradeLost backup tape 200,000April 21, 2005 Carnegie Mellon
Univ. Hacking19,000April 26, 2005 Mich. State Univ's Wharton Center Hacking40,000April 26, 2005 Christus St. Joseph's Hospital Stolen computer 19,000April 28, 2005 Georgia Southern Univ.Hacking "tens
of thousands "April 28, 2005 Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp Dishonest insiders 676,000April 29, 2005 Oklahoma State Univ. Missing laptop 37,000May 2,
2005 Time WarnerLost backup tapes 600,000May 4, 2005 CO. Health Dept. Stolen laptop1,600 (families) May 5, 2005 Purdue Univ. Hacking11,360May 7, 2005 Dept. of Justice Stolen laptop80,000May 11,
2005 Stanford Univ. Hacking9,900May 12, 2005 Hinsdale Central High School Hacking2,400May 16, 2005 Westborough Bank Dishonest insider 750May 18, 2005 Jackson Comm. College,
MichiganHacking8,000May 18, 2005 Univ. of Iowa Hacking30,000May 19, 2005 Valdosta State Univ., GA Hacking40,000May 20, 2005 Purdue Univ. Hacking11,000May 26, 2005 Duke Univ.
Hacking5,500May 27, 2005 Cleveland State Univ Stolen laptop Update 12/24: CSU found the stolen laptop [44,420] Not included in total below May 28, 2005 Merlin Data Services Bogus acct. set up
9,000May 30, 2005 Motorola Computers stolen Unknown June 6, 2005CitiFinancialLost backup tapes 3,900,000June 10, 2005 Fed. Deposit Insurance Corp. (FDIC) Not disclosed6,000June 16, 2005
CardSystemsHacking40,000,000June 17, 2005 Kent State Univ.Stolen laptop 1,400June 18, 2005 Univ. of Hawaii Dishonest Insider 150,000June 22, 2005 Eastman Kodak Stolen laptop 5,800June 22, 2005
East Carolina Univ. Hacking250June 25, 2005 Univ. of CT (UCONN) Hacking72,000June 28, 2005 Lucas Cty. Children Services (OH) Exposed by email 900June 29, 2005Bank of America Stolen laptop
18,000June 30, 2005 Ohio State Univ. Med. Ctr. Stolen laptop 15,000July 1, 2005 Univ. of CA, San Diego Hacking3,300July 6, 2005 City National Bank Lost backup tapes unknown July 7, 2005 Mich. State
Univ. Hacking27,000July 19, 2005 Univ. of Southern Calif. (USC) Hacking270,000 possibly accessed; "dozens“ exposed July 21, 2005 Univ. of Colorado-BoulderHacking42,000July 30, 2005 San Diego Co.
Employees Retirement Assoc. Hacking33,000July 30, 2005Calif. State Univ., Dominguez Hills Hacking9,613July 31, 2005 Cal Poly-PomonaHacking31,077 Aug. 2, 2005 Univ. of ColoradoHacking36,000Aug.
9, 2005 Sonoma State Univ. Hacking 61,709Aug. 9, 2005 Univ. of Utah Hacking100,000Aug. 10, 2005 Univ. of North TexasHacking39,000Aug. 17, 2005 Calif. State University, StanislausHacking900Aug. 19,
2005 Univ. of ColoradoHacking49,000Aug. 22, 2005 Air ForceHacking33,300Aug. 27, 2005 Univ. of Florida, Health Sciences Center/ChartOne Stolen Laptop 3,851Aug. 30, 2005 J.P. Morgan, Dallas Stolen
Laptop Unknown Aug. 30, 2005 Calif. State University, Chancellor's Office Hacking154Sept. 10, 2005 Kent State Univ. Stolen computers100,000Sept. 15, 2005 Miami Univ. Exposed online 21,762Sept. 16,
2005 ChoicePoint (2nd notice, see 2/15/05 for 145,000)ID thieves accessed; also misuse of IDs & passwords. 9,903 Sept. 17, 2005 North Fork Bank, NY Stolen laptop (7/24/05) with mortgage data 9,000Sept.
19, 2005 Children's Health Council, San Jose CA Stolen backup tape 5,000 - 6,000 Sept. 22, 2005 City University of New York Exposed online350Sept. 23,2005 Bank of America Stolen laptop with info of Visa
Buxx users (debit cards) Not disclosedSept. 28, 2005 RBC Dain Rauscher Illegitimate access to customer data by former employee 100+ customers' records compromised out of 300,000 Sept. 29, 2005 Univ. of
Georgia HackingAt least 1,600 Oct. 12, 2005 Ohio State Univ. Medical Center Exposed online. Appointment information including SSN, DOB, address, phone no., medical no., appointment reason,
physician.2,800 Oct. 15, 2005 Montclair State Univ.Exposed online 9,100Oct. 21, 2005 Wilcox Memorial Hospital, Hawaii Lost backup tape 130,000Nov. 1, 2005 Univ. of Tenn. Medical CenterStolen laptop
3,800Nov. 4, 2005 Keck School of Medicine, USC Stolen computer50,000Nov. 5, 2005 Safeway, Hawaii Stolen laptop 1,400 in Hawaii, perhaps more elsewhere Nov. 8, 2005ChoicePointBogus accounts
established by ID thieves. Total affected now reaches 162,000 (See Feb. 15 & Sept. 16) 17,000 more Nov. 9, 2005 TransUnion Stolen computer3,623Nov. 11, 2005 Georgia Tech Ofc. of Enrollment Services
Stolen computer, Theft 10/16/05 13,000 Nov. 11, 2005 Scottrade Troy Group Hacking UnknownNov. 19, 2005 Boeing Stolen laptop with HR data incl. SSNs and bank account info. 161,000Dec. 1, 2005
Firstrust Bank Stolen laptop 100,000Dec. 1, 2005 Univ. of San Diego Hacking. Faculty, students and employee tax forms containing SSNs 7,800Dec. 2, 2005 Cornell Univ. Hacking. Names, addresses, SSNs,
bank names and acct. numbers. 900Dec. 6, 2005 WA Employment Security Dept. Stolen laptop. Names, SSNs and earnings of former employees. 530Dec. 12, 2005 Sam's Club/Wal-Mart Unknown. Exposed
credit card data at gas stations. UnknownDec. 16, 2005 La Salle Bank, ABN AMRO Mortgage Group Backup tape with residential mortgage customers lost in shipment by DHL, containing SSNs and account
information. Update 12/20: DHL found the lost tape [2,000,000] Not included in total below Dec. 16, 2005 Colorado Tech. Univ. Email erroneously sent containing names, phone numbers, email addresses,
Social Security numbers and class schedules.1,200Dec. 20, 2005 Guidance Software, Inc. Hacking. Customer credit card numbers3,800Dec. 22, 2005 Ford Motor Co. Stolen computer. Names and SSNs of
current and former employees.70,000Dec. 25, 2005 Iowa State Univ. Hacking. Credit card information and Social Security numbers. 5,500Dec. 28, 2005 Marriot InternationalLost backup tape. SSNs, credit card
data of time-share owners 206,000Late Dec. Ameriprise Stolen laptop containing names and Social Security numbers and in some cases, Ameriprise account information. UnknownJan. 1, 2006 University of
Pittsburgh Medical Center, Squirrel Hill Family Medicine6 Stolen computers. Names, Social Security numbers, birthdates 700Jan. 2, 2006H&R Block SSNs exposed in 40-digit number string on mailing
labelUnknownJan. 9, 2006 Atlantis Hotel - Kerzner Int'l Dishonest insider or hacking. Names, addresses, credit card details, Social Security numbers, driver's licence numbers and/or bank account data.
55,000Jan. 12, 2006 People's Bank Lost computer tape containing names, addresses, Social Security numbers, and checking account numbers.90,000Jan. 17, 2006 City of San Diego, Water & Sewer Dept.
Dishonest employee accessed customer account files, including SSNs, and committed identity theft on some individuals.Unknown Jan. 20, 2006 Univ. Place Conference Center & Hotel, Indiana Univ. Hacking.
Reservation information including credit card account number compromised. UnknownJan. 21, 2006 California Army National Guard Stolen briefcase with personal information of National Guardsmen
including a "seniority roster," Social Security numbers and dates of birth."hundreds of officers" Jan. 23, 2006Univ. of Notre Dame Hackers accessed Social Security numbers, credit card information and check
images of school donors. UnknownJan. 24, 2006 Univ. of WA Medical Center Stolen laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data.1,600Jan.
25, 2006 Providence Home Services (OR) Stolen backup tapes and disks containing Social Security numbers, clinical and demographic information. In a small number of cases, patient financial data was
stolen.365,000Jan. 27, 2006State of RI web site (www.RI.gov)Hackers obtained credit card information in conjunction with names and addresses.4,117 Jan. 31, 2006 Boston Globe and The Worcester Telegram
& Gazette Inadvertently exposed. Credit and debit card information along with routing information for personal checks printed on recycled paper used in wrapping newspaper bundles for distribution.3,490Feb.
1, 2006 Blue Cross and Blue Shield of North Carolina Inadvertently exposed. SSNs of members printed on the mailing labels of envelopes with information about a new insurance plan.600Feb. 4, 2006 FedEx
Inadvertently exposed. W-2 forms included other workers' tax information such as SSNs and salaries. 8,500
Feb. 23, 2006 Deloitte & Touche (McAfee employee information) External auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee
employees.9,290Mar. 1, 2006 Medco Health Solutions (Columbus, OH)Stolen laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in
some cases, prescription drug histories.4,600Mar. 1, 2006 OH Secretary of State's Office SSNs, dates of birth, and other personal data of citizens routinely posted on a State web site as part of standard business
practice.
5
UnknownMar. 2, 2006 Olympic Funding (Chicago, IL) 3 hard drives containing clients names, Social Security numbers, addresses and phone numbers stolen during break in.UnknownMar. 2, 2006 Los Angeles Cty.
Dept. of Social Services (Los Angeles, CA) File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended and
unshredded. [Potentially 2,000,000, but number unknown] Not included in number below.Mar. 2, 2006 Hamilton County Clerk of Courts (OH)SSNs, other personal data of residents posted on county web site, were
stolen and used to commit identity theft.[1,300,000] Not included in number below. Mar. 3, 2006 Metropolitan State College (Denver, CO) Stolen laptop containing names and Social Security numbers of students
who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester.93,000Mar. 5, 2006 Georgetown Univ. (Washington, D.C.) Hacking. Personal information including
names, birthdates and Social Security numbers of District seniors served by the Office on Aging.41,000Mar. 8, 2006 Verizon Communications (New York, NY) 2 stolen laptops containing employees' personal
information including Social Security numbers."Significant number"Mar. 8, 2006 iBill (Deerfield Beach, FL) Dishonest insider or possibly malicious software linked to iBill used to post names, phone numbers,
addresses, e-mail addresses, Internet IP addresses, logins and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and SSNs were NOT included,
but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information.[17,781,462] Not included in total below.Mar. 11, 2006 CA Dept. of Consumer Affairs (DCA)
(Sacramento, CA) Mail theft. Applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license
numbers, and potentially payment checks. "A small number" Mar. 14, 2006 General Motors (Detroit, MI) Dishonest insider keep Social Security numbers of co-workers to perpetrate identity theft. 100Mar. 14 2006
Buffalo Bisons and Choice One Online (Buffalo, NY)Hacker accessed sensitive financial information including credit card numbers names, passwords of customers who ordered items online. UnknownMar. 15,
2006Ernst & Young (UK)Laptop lost containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP
employees exposed. UnknownMar. 16, 2006Bananas.com (San Rafael, CA) Hacker accessed names, addresses, phone numbers and credit card numbers of customers. 274Mar. 23, 2006 Fidelity Investments
(Boston, MA) Stolen laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was
stolen.196,000Mar. 24, 2006 CA State Employment Development Division (Sacramento, CA) Computer glitch sends state Employment Development Division 1099 tax forms containing Social Security numbers and
income information to the wrong addresses, potentially exposing those taxpayers to identity theft.64,000Mar. 24, 2006 Vermont State Colleges (VT) Laptop stolen containing Social Security numbers and payroll data
of students, faculty and staff associated with the five-college system from as long ago as 2000. 14,000Mar. 30, 2006 Marines (Monterey, CA) Portable drive lost that contains personal information used for research on
re-enlistment bonuses. 207,750Mar. 30, 2006 Georgia Technology Authority (Atlanta, GA) Hacker exploited security flaw to gain access to confidential information including Social Security numbers and bankaccount details of state pensioners. 573,000 Mar. 30, 2006 Conn. Technical High School System (Middletown, CT) Social Security numbers of students and faculty mistakenly distributed via email. 1,250April 6,
2006 Progressive Casualty Insurance (Mayfield Village, OH) Dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure
properties she was interested in buying.13April 7, 2006 DiscountDomainRegistry.com (Brooklyn, NY) Exposed online. Domain registrants' personal information including usernames, passwords and credit card
numbers were accessible online. "thousands of domain name registrations"April 9, 2006 University of Medicine and Dentistry of New Jersey (Newark, NJ)Hackers accessed Social Security numbers, loan information,
and other confidential financial information of students and alumni.1,850April 12,2006 Ross-Simons (Providence, RI)Security breach exposed account and personal information of those who applied for its private
label credit card. Information exposed includes private label credit card numbers and other personal information of applicants. UnknownApril 14,2006 Univ. of South Carolina (Columbia, SC) Social Security numbers
of students were mistakenly e-mailed to classmates.1,400April 21, 2006 University of Alaska, Fairbanks (Fairbanks, AK)Hacker accessed names, Social Security numbers and partial e-mail addresses of current and
former students, faculty and staff.38,941April 21, 2006 Ohio University Innovation Center (Athens, OH) a server containing data including e-mails, patent and intellectual property files, and 35 Social Security
numbers associated with parking passes was compromised. UnknownApril 24, 2006 University of Texas' McCombs School of Business (Austin, TX) Hackers accessed records containing names, biographical
information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members. 197,000April 24,2006 Ohio University
(Athens, OH)Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum. 300,000April 26, 2006 Purdue
University (West Lafayette, IN) Hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for
undergraduate scholarships.1,351April 26, 2006 Aetna -- health insurance records for employees of 2 members, including Omni Hotels and the Dept. of Defense NAF (Hartford, CT) Laptop containing personal
information including names, addresses and Social Security numbers of Dept. of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car. 38,000April 27, 2006MasterCard
(Potentially UK only) Though MasterCard refused to say how the breach occurred, fraudsters stole the credit card details of holders in a major security breach.[2,000] Not included in total below.April 27,2006 Long
Island Rail Road (Jamaica, NY)Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of "virtually everyone" who worked for the agency was lost by
delivery contractor Iron Mountain while enroute. Data tapes belonging to the U.S. Department of Veterans Affairs may also have been affected. 17,000April 28,2006 Ohio's Secretary of State (Cleveland, OH) The
names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The
records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained SSNs, which were not supposed to have been included on the CDs."Potentially millions of registered
voters" April 28,2006 Dept. of Defense (Washington, DC)Hacker accessed a Tricare Management Activity (TMA) public server containing personal information about military employees.UnknownMay 2, 2006
Georgia State Government (Atlanta, GA) Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia
citizens.UnknownMay 4, 2006 Idaho Power Co. (Boise, ID)Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security
numbers, and confidential memos to the company's CEO.UnknownMay 4, 2006 Ohio University Hudson Health Center (Athens, OH)Names, birth dates, Social Security numbers and medical information were
accessed in records of students dating back to 2001, plus faculty, workers and regional campus students.60,000May 2006 Ohio University (Athens, OH) A breach was discovered on a computer that housed IRS 1099
forms for vendors and independent contractors for calendar years 2004 and 2005. 2,480May 2006 Ohio University (Athens, OH)A breach of a computer that hosted a variety of Web-based forms, including some that
processed on-line business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security
numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration.
UnknownMay 5,2006 Wells Fargo (San Francisco, CA) Computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been
stolen while being delivered from one bank facility to another.UnknownMay 12, 2006Mercantile Potomac Bank (Gaithersburg, MD)Laptop containing confidential information about customers, including Social
Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification
numbers (PIN numbers) or account expiration dates.48,000May 19,2006 American Institute of Certified Public Accountants (AICPA) (New York, NY) An unencrypted hard drive containing names, addresses and
Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company. 330,000 [Updated 6/16/06] May 19, 2006Unknown retail merchantVisa,
MasterCard, and other debit and credit card numbers from banks across the country were stolen when a national retailer's database was breached. No names, Social Security numbers or other personal identification
were taken.Unknown (www.privacyrights.org)
6
May 22, 2006 Dept. of Veterans Affairs (Washington, DC) Data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone
numbers and addresses, was stolen from a VA employee's home. The employee was not authorized to take the files home to work on a data collation project. The data did not contain medical or financial
information, but may have disability numerical rankings. UPDATE: Rather than 50,000 Navy and National Guard personnel initially noted as part of this breach, new numbers indicate as many as 1.1 million
active-duty personnel from all the armed forces (80 percent of all active-duty members) are believed to have been included, along with 430,000 members of the National Guard, and 645,000 members of the
Reserves.28,650,000May 23, 2006 Univ. of Delaware (Newark, DE) Security breach of a Department of Public Safety computer server potentialy exposes names, Social Security numbers and driver's license
numbers.1,076May 23, 2006M&T Bank (Buffalo, NY) Laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a
vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name.UnknownMay 24,2006 Sacred Heart Univ. (Fairfield, CT) It was discovered
on May 8th that a computer containing personal information including names, addresses and Social Security numbers was breached.UnknownMay 24,2006 American Red Cross, St. Louis Chapter (St. Louis,
Dishonest employee had access to Social Security numbers of donors to call urging them to give blood again. The employee misused the persoal information of at least 3 people to perpetrate identity theft and had
access to the personal information of 1 million donors. 1,000,000May 30, 2006Texas Guaranteed Student Loan Corp. (Round Rock, TX) via subcontractor, Hummingbird (Toronto, Canada)Texas Guaranteed
(TG) was notified by subcontractor Hummingbird that an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers. 1,300,000May 30, 2006Florida Int'l Univ.
(Miami, FL)Hacker accessed a database that contained personal information, such as student and applicant names and Social Security numbers."thousands"June 1,2006 Miami University (Oxford, OH) An
employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006.851June 1,2006 Ernst & Young (UK) A laptop containing names,
addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas.243,000June 1, 2006 Univ. of Kentucky (Lexington, KY) Personal information of current and
former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days last month. 1,300June 2, 2006 Buckeye Community Health Plan (Columbus,
OH)Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider.72,000June 2, 2006 Ahold USA (Landover, MD) Parent
company of Stop & Shop, Giant stores and Tops stores via subcontractor Electronic Data Systems (Plano, TX) An EDS employee lost a laptop computer during a commercial flight that contained pension data of
former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts.UnknownJune 2, 2006 YMCA (Providence, RI)Laptop computer containing personal
information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare
programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies.65,000June 2, 2006 Humana (Louisville, KY)
Personal information of Humana customers enrolled in the company's Medicare prescription drug plans could have been compromised when an insurance company employee called up the data through a hotel
computer and then failed to delete the file.17,000June 5, 2006 Internal Revenue Service (Washington, DC) A laptop computer containing personal information of employees and job applicants, including
fingerprints, names, Social Security numbers, and dates of birth, was lost during transit on an airline flight 291June 6, 2006 Univ. of Texas (El Paso, TX) Students demonstrated that student body and faculty
elections could be rigged by hacking into student information including Social Security numbers. 4,719June 8, 2006 Univ. of Michigan Credit Union (Ann Arbor, MI) Paper documents containing personal
information of credit union members were stolen from a storage rooms. The documents were supposed to have been digitally imaged and then shredded. Instead, they were stolen and used to perpetrate identity
theft.5,000June 11, 2006 Denver Election Commission (Denver, CO) Records containing personal information on more than 150,000 voters are missing at city election offices. The microfilmed voter registration
files from 1989 to 1998 were in a 500-pound cabinet that disappeared when the commission moved to new offices in February. The files contain voters' Social Security numbers, addresses and other personal
information.150,000June 13, 2006 Minn. State Auditor (St. Paul, MN) Three laptops possibly containing Social Security numbers of employees and recipients of housing and welfare benefits along with other
personal information of local governments the auditor oversees have gone missing.493June 13,2006 Oregon Dept. of Revenue (Salem, OR) Electronic files containing personal data of Oregon taxpayers may
have been compromised by an ex-employee's downloaded a contaminated file from a porn site. The "trojan" attached to the file may have sent taxpayer information back to the source when the computer was
turned on. 2,200June 13, 2006U.S. Dept of Energy, Hanford Nucear Reservation (Richland, WA) Current and former workers at the Hanford Nuclear Reservation that their personal information may have been
compromised, after police found a 1996 list with workers' names and other information in a home during an unrelated investigation. 4,000June 14, 2006 American Insurance Group (AIG), Midwest Office (New
York, NY) The computer server was stolen on March 31 containing personal information including names, Social Security numbers and tens of thousands of medical records.930,000June 14, 2006 Western
Illinios Univ. (Macomb, IL) On June 5th, a hacker compromised a University server that contained names, addresses, credit card numbers and Social Security numbers of people connected to the
University.240,000June 16, 2006 Union Pacific (Omaha, NE) On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates
and Social Security numbers. 30,000June 16, 2006 NY State Controller's Office (Albany, NY) State controller data cartridge containing payroll data of employees who work for a variety of state agencies was lost
during shipment. The data contained names, salaries, Social Security numbers and home addresses
Chronology of Breaches Reported Feb 2005 – June 2006
Additional 493 Breaches (not listed) July 2006 – September 2007
Total Records Compromised Jan 2005 – September 2007
7
166,844,653
(www.privacyrights.org)
Tivoli Software - Güvenlik Ürünleri
Tivoli Identity Manager . . . . . . . . . . . Provisioning & Kullanıcı Yönetimi
Tivoli Access Mgr. for e-business . . . Authentication, Web SSO & Authorization
TAM for Enterprise SSO . . . . . . . . . . Enterprise Single Sign-On
Tivoli Federated Identity Mgr. . . . . . . Federated SSO & SOA Kimlik Yönetimi
Tivoli Security Operations Mgr. (TSOM) . . . 24 x 7 Güvenlik Operasyon Yönetimi
Tivoli Access Mgr. (TAM) for OS . . . .Yetkili Kullanıcı Denetimi– UNIX/Linux
Tivoli Security Compliance Mgr. . . . . Desktop/Server Güvenlik Politikası Yönetimi
Tivoli zSecure Suite . . . . . . . . . . . . . .RACF Yönetimi
Tivoli Compliance Insight Mgr. (TCIM) . . . Yetkili Kullanıcı Izleme & Raporlama
Tivoli Security Information & Event Mgr. . . (TSOM + TCIM)
Tivoli Directory Server . . . . . . . . . . . LDAP Dizin Sunucusu
Tivoli Directory Integrator . . . . . . . . .Kullanıcı veri ambarları arası senkronizasyon
8
Tivoli Software - Kurumların güvenliğini sağlamayı hedefliyor
KURUM
9
Her kurumun hem çalışanları hem de müşterileri var...
Müşteriler
Çalışanlar
10
… bu kullanıcılar çeşitli uygulamalar kullanıyor …
Müşteriler
Çalışanlar
CRM
11
HR
ERP
App
… bütün uygulamalar kritik BT altyapısı üzerinde çalışıyor…
Müşteriler
Çalışanlar
CRM
12
HR
ERP
App
… aynı zamanda kurumsal bilgi kaynaklarına erişiyor…
Müşteriler
Çalışanlar
CRM
M/F
13
HR
ERP
DB
App
LEGACY
…bağlantılar ağ ve SOA altyapısı üzerinde gerçekleşiyor …
Müşteriler
Çalışanlar
CRM
M/F
14
HR
ERP
DB
App
LEGACY
… bu sistemlerin tamamı BT merkezinde (datacenter) duruyor…
Müşteriler
Çalışanlar
CRM
M/F
15
HR
ERP
DB
App
LEGACY
… aynı zamanda da iş ortaklarına destek veriyor…
Müşteriler
İş Ortakları
Çalışanlar
CRM
M/F
16
HR
ERP
DB
App
LEGACY
…bu sistemler kurumsal ve yasal denetime açık olmak zorunda…
Müşteriler
İş Ortakları
Çalışanlar
DB
App
Kurumsal Yönetim
17
ERP
Yönetmelikler –Uyumluluk
M/F
HR
Operasyonel Güvenlik
CRM
LEGACY
...kullanıcıların veriler ve uygulamalara erişimi için yetkilendirme
yapılmasıMüşteriler
gerekiyor...
İş Ortakları
Çalışanlar
DB
App
LEGACY
Kurumsal Yönetim
18
ERP
M/F
HR
CRM
AUDIT
… yetkilendirmenin yönetilebilir ve denetlenebilir olması gerekli …
Müşteriler
İş Ortakları
Çalışanlar
DB
App
LEGACY
Kurumsal Yönetim
19
ERP
M/F
HR
CRM
AUDIT
… kullanıcıların, erişimi tek isim ve şifre ile yapması sağlanabilir…
Müşteriler
İş Ortakları
Çalışanlar
M/F
20
HR
ERP
DB
App
LEGACY
Kurumsal Yönetim
CRM
SSO
SSO
SSO
SSO
AUDIT
… kurumlar arası yetkilendirme ve erişim birliğine ihtiyaç
duyulabilir …
Müşteriler
İş Ortakları
U
KO ser:
zm
App
21
DB
LEGACY
U
K a s er :
dir
U
K a s er :
dir
O
U
50 s er :
98
M/F
AUDIT
Kurumsal Yönetim
ERP
HR
CRM
U
IB ser:
M0
1
Çalışanlar
Değişen
kimliklere
rağmen
yapılan
işlemlerin
denetimi
sağlanabilmeli
… yetkilendirme, sakıncalı kullanıcılar veya sistemlere yapılacak
saldırıları tek başına ortadan kaldıramaz …
Güvenlik için farklı kademelerde yapılandırma gerekebilir:
•
•
•
•
22
Ağ güvenliği
Sistem (sunucu/PC) güvenliği
Uygulama güvenliği
Fiziksel (datacenter) güvenliği
… ağ altyapısının güvenliği sağlanmalı …
Müşteriler
İş Ortakları
Çalışanlar
DB
App
LEGACY
Kurumsal Yönetim
23
ERP
M/F
HR
CRM
AUDIT
… kurum için sunucu ve PC’lerin güvenlik denetimi yapılmalı…
Müşteriler
İş Ortakları
Çalışanlar
DB
App
LEGACY
Kurumsal Yönetim
24
ERP
M/F
HR
CRM
AUDIT
… kritik sistemlerin yer aldığı alanların güvenliği sağlanmalı …
Müşteriler
İş Ortakları
Çalışanlar
DB
App
LEGACY
Kurumsal Yönetim
25
ERP
M/F
HR
CRM
AUDIT
... tüm güvenlik uygulamaları izlenmeli ve raporlanmalı...
Müşteriler
İş Ortakları
Çalışanlar
DB
App
LEGACY
Kurumsal Yönetim
26
ERP
M/F
HR
CRM
AUDIT
IBM Service Management (ISM)
Kurumsal hedeflere ulaşmak için entegre bir yaklaşım gereklidir
İzlenebilirlik
Kontrol
Otomasyon
BT ile İş
süreçlerinin
ortak
izlenmesi
Varlıkların
kontrol
edilmesi
Operasyonel
iş yükünün
azaltılması
 Güvenlik olaylarının
yönetimi için tek
arayüz
 Yasal denetimleri
kolaylaştıran
“dashboard”lar
27
 Verilere politika
tabanlı erişim kontrolü
 Kurum içi
 Kurumlar arası
 İş akışları ile
yönetilen kullanıcı
yaşam döngüsü
(provisioning 
de-provisioning)
 Automated sign-on
ISM – Reaktif Güvenlik Yönetiminden – Risk Yönetimine Geçiş
Strateji
Security Risk
Measurement
Riskin
Farkında
Security Information
and Event
Management
Konsolide
Identity & Access
Mgmt.
Change & Config.
Mgmt.
Threat and
Vulnerability Mgmt.
Managed Firewall &
Anti-Virus
Uyumlu
Reaktif
Taktik
28
Otomasyon
Kontrol
Farkındalık
İzlenebilirlik
IBM Tivoli Güvenlik Çözümleri
Security Information
& Event Management
(SIEM)
 Tivoli Compliance InSight Mgr
 Tivoli Security Operations Mgr
 Tivoli Security Compliance Mgr
Identity & Access
Management
(IAM)
 Tivoli Identity Manager
 Tivoli Access Manager
SOA Security
Management
 Tivoli Federated Identity Mgr
 Tivoli FIM Business Gateway
 Tivoli Directory Integrator
 Tivoli Directory Server
 Tivoli zSecure Suite
29
Kimlik ve Erişim Yönetimi
Enforce
(Multiple Domains)
• authentication
• authorization
• federated SSO
Enforce
(Single Domain)
• authentication
• authorization
• SSO
IBM Tivoli Federated Identity Mgr.
Administer
• provision user
Synchronize
• meta-directory
Store
• directory
• LDAP
30
IBM Tivoli Access Manager
IBM Tivoli Identity Manager
IBM Tivoli Directory Integrator
IBM Tivoli Directory Server
Güvenlik ve Uyumluluk Çözümleri
Audit
Compliance and
Reporting
Security Event
Management
Security Status
Audit
Preemptive
Network
Security
!
Tivoli Compliance InSight Mgr.
IBM Tivoli Security Operations Mgr.
IBM Tivoli Security Compliance Mgr.
ISS
31
Analistlerin Tivoli Güvenlik Çözümlerini Değerlendirmesi...
#1
32
Wave: User Account Provisioning ( TIM )
Leader
Wave: Enterprise Security Information Management (TCIM)
Leader
MQ: User Provisioning (TIM)
Leader
MQ: Web Access Management (TAM, TFIM)
Leader
MQ: ISS Network Security, Firewalls and Managed Services
Leader
MQ: Security Information and Event Management (TSOM, TCIM)
Challenger
MQ: Enterprise SSO (Encentuate (now TAM E-SSO))
Challenger
#1
#1
Marketshare Web Access Management, Worldwide, 2005
(TFIM, TAM)
Marketshare Application Security Vulnerability Scanning,
2006 (Rational AppScan)
Identity Management (TIM, TAM, TFIM, TDI, TDS)
#1
Managed Security Services (Marketshare)
Ranked #1
#1
Marketshare: Identity and Access Management
Ranked #1
#1
Marketshare: Application Vulnerability Assessment
Ranked #1
#1
Best Identity Management Solution (2007,
Best SSO Solution (2006) – Encentuate (now TAM E-SSO)
Ranked #1
Ranked #1
Ranked #1
Ranked #1
Analistlerin Tivoli Güvenlik Çözümlerini Değerlendirmesi...
 #1 Identity Management Provider, IDC (2007)
 #1 Vulnerability Assessment Provider, Frost &









Sullivan (2006)
2005 Frost & Sullivan Global Market Leadership
Award for Identity Management
2004 SYS-CON Best Web Services Security
Solution Award
2004 Information Security Product-of-the-Year
Bronze Award for Authentication and
Authorization
2003 Frost & Sullivan Market Engineering
Leadership Award
2003 Crossroads A-List Award for Integrated
Identity Management Solution
2003 Network Computing Well-Connected Award
Finalist
2003 SC Magazine Reader Trust Awards – Best
General Security Finalist
2003 LinuxWorld Product Excellence Award –
Best Security Solution Finalist
2003 Top WLAN Companies of the Year for
Leadership in Wireless Security
 Gartner Leaders Quadrant, Network IPS (2006)
 Gartner Leaders Quadrant, Personal Firewalls
(2006)
 Gartner Leaders Quadrant, Managed Security
Services (2007)
 Forrester Wave Leadership, Security Information
Management (2006)
 Gartner Leadership Quadrant, Web Access
Management (September 2006)
 Gartner Leadership Quadrant, User Provisioning
(April 2006)
 Gartner Leadership Quadrant, Web Services
(2005)
 #1 Provisioning and Web SSO Vendor, IDC
(August 2005)
 Information Security Names IBM Tivoli to The
Influence List for 2003-2008
 2005 #1 Provisioning Vendor, Gartner Vendor
Selection Tool
 IBM Tivoli Access Manager Sets New
Performance Records – Mindcraft Benchmark
 IBM Tivoli Wins Information Security Excellence
Award for Second Year in a Row
 2002 Information World Editor’s Choice Award for
Security Software
33
Soru ? – Cevap
Teşekkür Ederiz...
Yazılım Zirvesi ‘08 TCIM Desteklenen Sistemler
Operating Systems
Version
Application Packages
Version
CA ACF2 through zAudit ACF2
CA eTrust Access Control for AIX
CA eTrust Access Control for HP-UX
CA eTrust Access Control for Solaris
CA eTrust Access Control for Windows
CA Top Secret for VSE/ESA
CA Top Secret for z/OS via z/Audit
Hewlett-Packard HP NonStop (Tandem) SafeGuard
Hewlett-Packard HP-UX audit trail
Hewlett-Packard HP-UX syslog
Hewlett-Packard OpenVMS
Hewlett-Packard Tru64
IBM AIX audit trail
IBM AIX syslog
IBM OS/400 journals
IBM z/OS RACF - excl. DB2 through zAudit RACF Lite
IBM z/OS RACF through (already) installed zAudit RACF
IBM z/OS ACF2 -excl. DB2 through zAudit ACF2 Lite
IBM z/OS RACF through (already) installed zAudit ACF2
IBM z/OS TopSecret - excl. DB2 through zAudit Lite
Microsoft Windows security event log
Novell Novell Netware
Novell Novell Nsure Audit
Novell Novell Suse Linux
Red Hat Linux syslog
Stratus VOS
SUN Solaris audit trail (32 bit & 64 bit)
SUN Solaris syslog
8.0
5.0
5.0
5.0
4.10
3.0
5.2
D42
10.2, 11i
10.2, 11i
7.3.2
4.0, 5.1, 5.1B
4.x, 5.1, 5.2, 5.3
4.x, 5.1, 5.2, 5.3
4.5, 5r1-r2-r3
R10 to 1.7
R10 to 1.7
R10 to 1.7
R10 to 1.7
R10 to 1.7
NT4, 2000, 2003, XP
4, 5, 6, 6.5 (via Nsure Audit)
1.0.1, 1.0.2, 1.0.3
8.2, 9.x
6.2,7.2,8.0,9.0, ES 4, Fedora Core
13.x, 14.x, 15.x
7, 8, 9, 10
7, 8, 9, 10
Misys OPICS 5, 6, 6.1
SAP R/3 on Windows Number of applications
SAP R/3 on HP-UX Number of applications
SAP R/3 on AIX Number of applications
SAP R/3 on Solaris Number of applications
4.6, 4.7
4.6, 4.7
4.6, 4.7
4.6, 4.7
User Information Sources
Hewlett-Packard HP HP-UX
IBM IBM AIX
IBM IBM OS/400
IBM IBM z/OS
Microsoft Microsoft NT Domain Windows
Microsoft Microsoft Active Directory Windows
SUN Solaris
10.2,11i
4.x, 5.1, 5.2, 5.3
4.5, 5.1, 5.2, 5.3
R10 to 1.7
NT4, 2000, 2003
2000, 2003
7, 8, 9, 10
Authentication Sources
BMC Identity Manager on AIX / Oracle via ODBC
CA eTrust (Netegrity) SiteMinder (from Windows)
RSA Authentication Server (Ace)
3.2.0.3
5.5
4.1
6.0
Mail servers and GroupWare
IBM Lotus Domino (Notes) on Windows Max. of 3000 users
Microsoft Exchange Server Max. of 3000 users
5.0, 6.0, 6.5
2000, 2003
Proxy Servers
Blue Coat Systems ProxySG series SGOS
3.2.5
Web Servers
Microsoft Internet Information Server (IIS) on Windows
SUN iPlanet Web Server on Solaris
4.0, 5.0, 6.0
4.0, 6.0
VPN
Cisco VPN Concentrator 3000 (via Syslog)
4.1
Vulnerability Scanners
ISS System Scanner (from Windows)
35
4.2
Databases
IBM DB2 on z/OS through zAudit Lite
IBM UDB on Windows
IBM UDB on Solaris
IBM UDB on AIX
Microsoft SQL Server application logs
Microsoft SQL Server trace files
Oracle database server on Windows
Oracle database server on Solaris
Oracle database server on AIX
Oracle database server on HP-UX
Oracle database server FGA on Windows
Oracle database server FGA on Solaris
Oracle database server FGA on AIX
Oracle database server FGA on HP-UX
Sybase ASE on Windows
Sybase ASE on Solaris
Sybase ASE on AIX
Sybase ASE on HP-UX
7.x, 8.x
8.2
8.2
8.2
6.5, 7.0, 2000
2000, 2005
8i, 9i, 10g
8i, 9i, 10g
8i, 9i, 10g
8i, 9i, 10g
9i, 10g
9i, 10g
9i, 10g
9i, 10g
12.5, 15
12.5, 15
12.5, 15
12.5, 15
Firewalls
Check Point FireWall-1 (via SNMP)
Cisco PIX (from AIX)
Cisco PIX (from Windows)
6.0 – 6.3.3
Cisco PIX (via SNMP)
Cisco PIX (via Syslog)
Symantec (Raptor) Enterprise Firewall (via SNMP)
Symantec (Raptor) Enterprise Firewall (via Syslog)
4.1, NG, NGX
6.0 – 6.3.3
6.0 – 6.3.3
6.0 – 6.3.3
6.0, 6.5, 7.0
6.0, 6.5, 7.0
IDS, IPS
ISS RealSecure (alerts) via SNMP
ISS RealSecure (operational messages, Windows)
McAfee IntruShield IPS Manager (via Syslog)
Snort (Open Source) IDS (via Syslog)
Routers
Cisco Router (from AIX)
Cisco Router (from Windows)
Cisco Router (via SNMP)
Cisco Router (via Syslog)
Switches
Hewlett-Packard ProCurve switch (via SNMP)
Managed units, 2500 series & up
Virus Scanners
McAfee ePolicy Orchestrator (ePO)
TrendMicro ScanMail for Domino on Windows 5.3
TrendMicro Scanmail for MS Exchange
TrendMicro ServerProtect 5 for NT
Symantec AntiVirus Corporate Edition for Windows
6.0
6.0
1.9
2.1.3, 2.2.0, 2.3.3
IOS 12.x
IOS 12.x
IOS 12.x
IOS 12.x
3.5.2
5.3
5.3
9.0
Yazılım Zirvesi ‘08 TSOM Desteklenen Sistemler
Network Intrusion Detect/Prevention
Firewalls
Check Point Firewall-1
Cisco PIX
CyberGuard
Fortinet FortiGate
GNATBox
Juniper (Netscreen)
Linux IP Tables
Lucent Brick
Microsoft ISA Server
Nortel Switched Firewall
Stonesoft's StoneGate
Secure Computing's Sidewinder
Symantec's Enterprise Firewall
SonicWALL
Sun SunScreen
Vulnerability Assessment
Nessus
Vigilante
ISS Internet Scanner
QualysGuard
Foundstone
eEye Retina, REM
SPI Dynamics WebInspect
nCircle IP360
Harris STAT
Tenable Lightning
Routers/Switches
Cisco Routers
Cisco Catalyst Switches
Cisco RCMD
Foundry Switches
F5 Big IP, 3-DNS
Juniper JunOS
TACACS / TACACS+
Nortel Ethernet Routing Switch
5500, 8300, 8600, 400 series
Extreme Networks
Policy Compliance
Vericept
36
McAfee Intrushield
Sourcefire Network Sensor
Sourcefire RNA
Juniper IDP
ISS RealSecure Network Sensor
ISS Proventia G
ISS Proventia M
ISS BlackICE Sentry
Cisco Secure IDS
SNORT IDS
Enterasys Dragon
Nortel Threat Protection System (TPS)
Intrusion's SecureNetPro
Mirage Networks
NFR NID
Symantec ManHunt
ForeScout ActiveScout
QRadar
Top Layer Attack Mitigator
Labrea TarPit
IP Angel
Lancope StealthWatch
Tipping Point UnityOne NDS
Arbor Networks PeakflowX
Mazu Networks
Host-based Intrusion Detect/Prevention
Type80 SMA_RT (zOS-Mainframe RACF)
PowerTech (iSeries-AS/400)
Cisco CSA
NFR HID
IBM Netcool SSMs
Sana
Snare
Symantec Intruder Alert (ITA)
Sygate Secure Enterprise
Tripwire
ISS Server Sensor
McAfee Entercept
VPN
Juniper SSL VPN
Nortel VPN Router (Contivity)
Check Point
Cisco IOS VPN
Cisco VPN 3000
Juniper VPN
Nortel VPN Gateway (SSL VPN)
Applications
Apache
Microsoft IIS
IBM WebSphere
Oracle Database Server
Lotus Domino
SAP R3
Operating Systems Logs, Logging
Platforms
Solaris (Sun) *
AIX (IBM)
OS/400 (I Series)
RedHat Linux
SuSE Linux
HP/UX
Microsoft Windows Event Log
(W2K3 DHCP, W2K DHCP, IIS)
Microsoft SNMP Trap Sender
Nokia IPSO
Novell NetWare
OpenBSD
Tandem Non-Stop OS (HP)
Tru64
Tripplight UPS
Monitorware SYSLOG
KiwiSyslog
zOS-Mainframe IDS
Antivirus
CipherTrust IronMail
McAfee Virus Scan
Norton AntiVirus (Symantec)
McAfee ePO
Trend Micro InterScan
Application Security
Blue Coat Proxy
Nortel ITM (Intelligent Traffic Mgmt)
Teros APS
Sentryware Hive
IBM DataPower(coming soon)
Access and Identity Management
IBM Tivoli Identity Manager
Microsoft Active Directory
CA eTrust Access
CA eTrust Secure Proxy Server
CA eTrust Siteminder (Netegrity)
RSA SecureID RADIUS
Oracle Identity Management (Oblix)
Sun Java System Directory Server
Cisco ACS
Wireless Security
AirMagnet
AirDefense
Management Systems
TSOM escalates to:
IBM Netcool (Micromuse)
IBM/Tivoli Enterprise Console
Cisco Information Center
Remedy ARS
HP OpenView
CA Unicenter
Management Systems
Source of events into TSOM:
Check Point Provider-1
CiscoWorks
IBM Netcool (Micromuse)
ISS SiteProtector
Juniper Global Pro (Netscreen)
Juniper NSM (Netscreen)
Tripwire Manager
Intrusion, Inc. SecureNet Manager
McAfee ePO
Nortel Defense Center
Sourcefire Defense Center
Q1 QRadar Mgmt Server
Discovery Tools
Lumeta IPSonar
NMAP
Sourcefire RNA
TCIM ile Hangi Problemlere Çözüm Sunuyoruz?
"Denetçilerime ve düzenleyicilerime
raporlar sunmam gerekiyor"
"Etkin BT güvenliği denetimi
yaptığımı kanıtlamam gerekiyor"
"Çalışanlarımın günlükleri tarayacak
zamanı, deneyimi ve isteği yok"
"Ayrıcalıklı işlemlere ilişkin
kaygılarım var"
"Yasal işlemler için
günlükleri depolamam
gerekiyor"
37
Belgeleme
Analiz
Toplama
"Hangi günlükleri nasıl
toplayacağımı
bilemiyorum"
Düzenleyiciler ve
Denetçiler İşleri
Sıkıştırıyor
[ISO17799:2005]
10.10.1 Audit logging
İleride yapılacak
incelemelere yardımcı
olmak ve denetim
izlemelerine erişmek
amacıyla kullanıcı
etkinliklerini,
istisnaları ve bilgi
güvenliği olaylarını
kaydeden denetim
günlükleri
oluşturulmalı ve bu
günlükler üzerinde
anlaşılan bir süre
boyunca elde
tutulmalıdır.
38
Kurum İçindeki Günlüklerin Toplanmasındaki Zorluklar
 İşletmenin her yerindeki binlerce
noktada olay günlükleri
oluşturuluyor
 Düzenleyiciler ve denetçiler bu
günlük dosyalarını toplayıp
tutmanızı şart koşuyor
 İç ve dış tehditler nedeniyle
etkinlikleri incelemeniz gerekiyor
 Zaman ve maliyet kısıtlamaları
nedeniyle bu inceleme hızlı ve
uygun maliyetli olmalı
Toplama
39
40
Günlük Sürekliliği Raporu
Denetçilere ve düzenleyicilere
günlük yönetimi programınızın
eksiksiz ve sürekli olduğuna
ilişkin anında kanıt sunun.
Tüm Bunları Nasıl Anlamlı Hale Getirebilirim?
Analiz
Toplama
41
42
Uyumluluk Göstergesi
Milyonlarca günlük dosyasının
tek ekranda özeti
43
Mike Bonfire, DBA, bordro
bilgilerini okuyor.
44
45
Çeşitli uyumluluk standartları için
özel olarak tasarlanmış raporlar
hem maliyetleri azaltıp hem de
çalışanlara zaman kazandırarak
uyumluluk yönündeki çabalarınızı
en aza indirger

Learn to Fish

Transkript

Benzer belgeler

Closing Remarks during the IBM Summit at Start “Smarter Supply

bi̇li̇msel yayinlarin li̇stesi̇