SEC Information Security Infrastructure

1
SEC Information Security Infrastructure

• Tummanoon Ploedploen

2
The Defense-in-Depth Model

• Using a layered approach
• Increases an attackers risk of detection
• Reduces an attackers chance of success

3
Policies , Procedures

• SEC security Policy
• ???????????????????? 2546
• ?????????? ?????? (Policy) ????????????????
  (Procedure )
• ???????????????????????????????? ISO27001

4
Policies , Procedures

• ???????? Policies ??????
• ????????????????????
• ??????????????????????????????????????????????????
  ???? ??????????????????????????????????????????
• ??????????????????????????????????????????????????
  ??????????????????????????????????????????????????
  ????? ????????????????????????????????????????????
  ??
• ??????????????????????????????????????????????????
  ???????????????????????????????????????

5
Awareness

• ???????? Awareness ??? User ??????
• ?????? Security Awareness Handbill
  ????????????????????? ?
• ??? mail ?????????????????????????????????????????
  
• ??????????????????? Internet (???? 2549
  ??????????????????????????????????????,?? 2550
  ?????????????????????, ?? 2551 ???????????????????
  ?? 2 ?????)

6
Awareness

• ????????
• Security Awareness
• Handbill

7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
Physical Security

• ????????????????????
• ????????????????????????????????????????
• ????? Logging ??????????
• ???????? 2 Zone ???????? server ??????? Loading
• Monitoring ???????? ???????? ????? (????????
  redundant)
• ??? monitor log access

11
Perimeter

• ???????????????????????
• ?????????????????????????? (SET, NEWS)
• dedicated Leased line
• Identification IP address
• FW Rule
• ??????????????? User ?????????????????????
• SSL-VPN
• ???????????????????????????
• ??????????????????????????????????????????????????
  ??????????????? (Risk Assessment)
• ?????????????????????????? Work_at_home
• SSL
• Mail ActiveSync
• ?????????????????????????????????
• Dedicated Leased line and Encryption
• ???????????????
• SSL-internet
• SSL-modem
• Digital - Signature

12
Internal Network

• Segment the Network
• Third Party Zone
• DMZ
• Production Zone
• Development Zone
• POC Zone
• Quarantine Zone
• User Zone
• 2 Firewalls (Difference Brand)
• External Firewall
• Internal Firewall

13
Internal Network

• Anti-Virus/Spam (2-3 brands)
• Anti-virus/Spam mail Gateway
• Anti-virus/spam mail Server
• Anti-virus proxy server
• Anti-virus server/client
• URL Filtering
• Phishing, Pornography,Nudity , Gambling,weapons ,
  abortion , illegal Drugs, Games,Spyware
• IPS/IDS

14
HOST/Client

• Harden Client Server OS
• Disable Unnecessary Services
• Monitoring Audit
• Antivirus Host/Client
• Patch
• User Privilege / Administrator Privilege
• Unwanted Program List (http//stopbadware.org and
  user define)
• GPO Group Policy

15
Application

• Application Security Guideline
• QA-team (Standard , checklist)
• Development Guideline
• Etc Predefine Application type and development
  server Production Server , Database , Development
  style.
• EtcTestingStress Test , Functional Test,
  Integrated test
• SDLC (Systems Development Life Cycle)
• IDM (Identity Management)
• Account Role / Right
• User Account Management
• Security Comment

16
DATA

• Segregation of duty
• QA, DBA , developer , server, ISSO
• Test Production environment
• Regular Backup / procedure
• DATA Classification

17
Monitoring

• Daily Report,Weekly Report ,Monthly Report.
• Rule Alert
• Correlate log

18
Security Daily Report

• Network Traffic
• Network Traffic
• IP , Port
• Firewall , Router , IDS , IPS
• Virus
• Authentication
• Logon Fail Active Directory
• UnAuthorize Access , Logon
• Rule Alert

19
Testing

• Audit by outsource firm
• Penetration testing

20
Regulation

• Computer Related Crime Act. B.E.2550section 26
  (Log)
• SEC Regulation
• Brokerage Company
• ??./?..5/2547
• http//capital.sec.or.th/webapp/nrs/data/1942p.doc
  

21

• End.