IA10 Regency IT Consulting Workshop – Synopsis


To allow you to achieve a deeper understanding of key issues, exchange ideas and hatch real action plans for the future, a strong workshop programme is being offered at IA10.

WORKSHOP B (Sponsored by Portcullis/ Regency)

Detecting and Preventing Network Attacks

How can departments and agencies identify if and when they are being attacked by either external or internal elements? This workshop will demonstrate how proper preparation can help victims quickly spot true malicious activity and then promptly investigate and report any potential data loss, enabling them to learn lessons that will allow defences to be strengthened, preventing a repeat attack. This session will demonstrate how compliance with CPGs 13 and 18 assist departments meet their obligations under SPF and DHR.

This workshop will deliver a walk-through scenario of a typical intrusion. Speakers will take the audience through a series of screen shots showing how forensic readiness is implemented. This will be followed by a demonstration of how properly configured protective monitoring can alert analysts to an intrusion by showing the types of activity which will typically be seen following an incident. It will demonstrate how protective monitoring can provide the following information:

Where, when and how the intrusion was made.
Which systems and files have been accessed.
Information to allow the compromise to be recreated if required.
A proper assessment of changes needed to secure the system against repeat attacks, whilst allowing business activity to take place.

The structure of the workshop will be a series of interactive presentations. These presentations will broadly be broken into 4 core components, these components each referencing HMG controls (where applicable) although not in detail. The aim will be to consider how compliance with SPF and DHR controls can be greater achieved through planning – policy – procedure and technical measures.

Forensic Readiness Planning
This component will cover the basic aspects of an FRP plan and how this can greatly improve an organisation/department’s ability and speed in investigating, analysing and preserving incident data. An effective FRP also typically reduces the cost of incident investigations and provides compliance with SPF requirement 37b.

Protective Monitoring and Governance
This component will demonstrate how a properly configured and resourced protective monitoring regime can help deliver compliance with numerous SPF mandatory controls including MR6 – mandatory reporting, MR8 – oversight and compliance, MR37 – forensic readiness, MR38 auditing of user activity, demonstrating compliance with MR39 – technical compliance and MR44 – incident reporting. Additional benefits not always considered when looking at protective monitoring include improved capacity management and better configuration control both of which can save departments time and money by ensuring systems run to their best.

IT Health Checks
This component will cover the benefits gained from effectively using CESG’s CHECK service and how a well managed IA Assessment Service provider can contribute to reducing risks identified within the IS1 process. As well a demonstrating compliance with CESG’s policy, an effective ITHC provider will also aid in the assurance of compliance with codes of connection, provide substantive data for inclusion in Information Risk Returns and provide secondary benefit in the form of advice on existing policy’s, for example Patching Policy (SPF 39a).

Network Forensics
This component will cover the comparatively newer service offering of NIDAS (Network Intrusion Detection Analysis System) with the aim of demonstrating via an authorised case study how NIDAS can greatly aid in the detection of compromised systems, identify types and volumes of data egress, ongoing espionage and aid the detection of similar attacks by the creation of reliable attack signatures for deployment within IDS based systems.