SlideShare ist ein Scribd-Unternehmen logo

Dncybersecurity

Anne Starr
Anne Starr

2

Bildung
1 von 34
WITH Leo Lourdes FOUNDATION IN
CYBER SECURITY THE OBJECTIVE To prevent or mitigate harm to or destruction of Computer Networks, Applications, Devices, and Data.
Trainer Profile LEO LOURDES (MBA IT Management, BoM Hons. HRM) Implementer of ISO 20000-1:2011 Certified in COBIT® 5 Certified in ISO 9001 Auditor (PECB) Certified in PRINCE2® in Project Management Certified in ITIL® Practitioner Certified in ITIL® Intermediate Certificate in IT Service Operation Certified in ITIL Information Security based on ISO/IEC 27002 Certified in ITIL for Cloud Computing Certified in ITIL IT Service Management Certified in Coaching and Calibration Skills for Call Center Certified in Delivering Learning / Teaching by City & Guilds, United Kingdom wecare@thinkleosolutions.com ++6016-349 1793 Experience: Management Representative (MR) ISO 20000-1: 2011 IT Service Management (Incident, Problem, Change) Manager Security, Compliance & Risk Management Senior CRM Delivery Analyst Certified Trainer Certified IT Auditor & Consultant
CYBER SECURITY AWARENESS : DAY 2 • Vulnerabilities • Network Security • Access Control • Physical Security • Disaster Recovery
Vulnerability Assessments Perform when: • First deploy new/updated systems. • New vulnerabilities have been identified. • A security breach occurs. • Need to document security state of systems. Collect Store Organize Analyze Report
• Port scanner • Protocol analyzer • Packet analyzer • Network enumerator • Intelligence gathering • Vulnerability scanner Vulnerability Scanning
• Evaluate security by simulating an attack on a system. • Verify a threat exists. • Actively test and bypass security controls. • Exploit system vulnerabilities. • When compared to vulnerability assessment, it is: • Less common. • More intrusive. • An objective measurement. • A combination of multiple vulnerabilities to provide holistic understanding of vulnerability. • Follow real attacker’s methodology, including target preparation/research stages. • Difference between pen test and real attack is intent. • Need explicit permission of target organization. • Make sure organization knows test will not stop until attack is fully carried out. • Report should include: • Steps undertaken. • Weaknesses identified. • Recommendations. Penetration Testing
Penetration Test Components Component Description Network scanning • Uses a port scanner to identify devices attached to target network and to enumerate the applications hosted on the devices. This function is known as fingerprinting. Social engineering • Attempts to get information from users to gain access to a system. • Tests for adequate user training. • Stay mindful of ethical implications of deceiving people. • Don't want to undermine your employees' trust in you or their coworkers. War dialing • Uses a modem and software to dial a range of phone numbers to locate computer systems, PBX devices, and HVAC systems. War driving • Locates/attempts to penetrate wireless systems from public property, like a sidewalk. Vulnerability scanning • Exploits known weaknesses in operating systems and applications identified through reconnaissance and enumeration. Blind testing • Occurs when the target organization is not aware of penetration testing activities. Targeted testing • Target organization is informed of the test. • Less disruption to organization due to a more controlled climate.
• Event logs contain detailed information. • Often used to troubleshoot performance issues. • Should also review as part of security control test process. • Use an automated tool to help identify security events from mass of data. • May need to configure network devices to capture desired level of detail in a log. Event Log Review (Slide 1 of 2)
Common logged activities include: • Authentication requests, both successful and unsuccessful. • New user or group creation. • Group membership changes. • User privilege level changes. • Resource access, such as opening, changing, and deleting files and folders. • Client requests for server services. • The number of transactions per hour of a particular service. • Application or service shutdowns and restarts. • System shutdowns and restarts. • Service or system component errors and failures. • System policy changes. Event Log Review (Slide 2 of 2)
Wireless Security (Slide 1 of 2) Wireless Security Protocol Description WEP • Wired Equivalent Privacy. • Relies on stream cipher with 24-bit initialization vector (IV). • Attack on IV can easily predict short value. • Can be compromised in minutes. • Obsolete – do not use. WPA • Wi-Fi Protected Access. • Provides additional encryption using Temporal Key Integrity Protocol (TKIP). • TKIP is vulnerable to transmission of arbitrary packets. • Also vulnerable to decryption of arbitrary packets. • Obsolete – do not use. WPA2 (802.11i) • Improvement on WPA. • Includes stronger encryption (CCMP protocol using AES standard). • Biggest known vulnerability is choosing a weak password. • The current best choice for Wi-Fi security. WPS • Automated mechanism for wireless devices to obtain the Wi-Fi key from the router. • Wi-Fi setup is easy and convenient. • Negotiation can be intercepted and cracked by hacking tools.
When implementing wireless security: • Select WPA2 (even WPA2 personal) over WEP or WPA. • When possible, use a RADIUS server for wireless authentication. • If you must use a pre-shared key, make the password complex and change it regularly. • Manually enter Wi-Fi passwords into your device, rather than allowing them to autoconfigure themselves by using WPS. • If necessary, enter the MAC addresses of all devices that are permitted to connect to the wireless network into the access point. Wireless Security (Slide 2 of 2)
Networking Hardware • Router • Wireless router • Switch • Hub • Gateway • Modem • Multiplexer • Concentrator • Front-end processor • Repeater • Firewall • Proxy • Reverse Proxy • Appliance Switch Modem Hub Router Firewall Wireless Router
• If a router is compromised, attacker can use it in a man-in-the-middle attack. • Like planting a bug in a room to listen in remotely. • Can also initiate DoS attacks. • Router must be physically protected first and foremost. • Theft or tampering with router will result in major network issues. • Routers are also subject to logical attacks. • Attacker may attempt to access router using a remote protocol like Telnet/SSH. • May also try to send excessive or malformed packets to router, causing a DoS. Router Vulnerabilities
• Deploy the router in a secure, locked area. • Disable all unnecessary services on the router. • Disable any unnecessary routing protocols. • Harden the router per the manufacturer's recommendations. • Use SSH instead of Telnet. • Create access control lists. • Require strong authentication for administrator connections. • Limit number of admin connections, and disconnect inactive sessions. • Require authentication to a centralized server on higher-end routers. • Create custom administrative accounts with limited privileges for support personnel. • Ensure passwords are stored using encryption. • Forward all security events to a central syslog server. • Monitor activity on the router, watching for suspicious behavior. Router Security
• Comprehensive solution to secure mobile devices as they connect to network. • Ensures that these devices are healthy and cannot compromise network. • Software installed on devices includes: • Firewall • VPN client • Antivirus • Anti-malware • Encryption • Uses client/server security model. • Central server on network pushes updates to mobile clients and controls access. • Endpoint security often includes mobile device management (MDM). Endpoint Security
• Various devices enable networking capabilities. • Often found in server rooms. • Use the following methods to secure these devices: • Physically secure all devices against tampering or accidents. • Lock cabinets and rack doors. • Use cable locks on laptops and small PCs. • Mount power adapters, smart jacks, media converters, etc., where they can be easily monitored and serviced. • Consider using a "lights out" approach to server management. • Place non-rack-mountable equipment on boltable trays above the rack floor. • Route all cables both inside racks and in the ceiling in managed bundles and cable trays. Physical Devices
• Physical and Logical Access Control • Identification, Authentication, and Authorization • Identity as a Service • Authorization Mechanisms • Access Control Attack Mitigation Identity and Access Management
• Process of allowing only authorized entities to observe/modify/take possession of a computer system or physical property. • Subject – entity requesting access: • Person. • System. • Process. Access Control • Object – entity being accessed – any resource. • Limits subject’s access to object using predefined rules/roles/labels. Subjects Objects
Types of Access Control Services Access Control Service Description Identification and Authentication (I&A) • Provides unique identifier for each authorized subject attempting to access the object. • Includes method or methods to ensure identity of subject (authentication). • Typically administered with Identity Management System and support of a directory. Authorization • Determines the capabilities or rights of the subject when accessing the object. Audit • Creates a log or record of system activities. Accountability • Reports and reviews the contents of log files. • Each subject identifier must be unique to relate activities to one subject.
Access Control Services Implementation Individual/entity attempting to access an object. Identify Individual’s identity. Verify Rules/roles to see what individual is permitted to do. Evaluate Audit trail – write each access attempt and function performed to log file. Create Log to see what was completed when and by whom. Review
Identity and Access Provisioning Lifecycle Provisioning Review Revocation/ Deprovisioning
• Start with administrative policies. • Reinforce with technical policies. • All passwords must be at least seven characters long using three different types of characters. • A user's identity must be verified before IT staff can reset that person's password. • Process to suspend/deactivate user account in case of termination/compromise/infection. • Inactive user accounts must be disabled after 60 calendar days. • User account will be locked out for 15 minutes after three bad logon attempts. • Users can’t have local administrative privileges on their computer unless approved by manager. • Existing local administrative privilege will be reviewed annually. • All administrator accounts must use two-factor authentication to log on to the network. • All workstations must implement a screen lock after 15 minutes of inactivity. • Access to administrator systems must be reviewed annually. • IT staff may not use administrator accounts for general purpose. Access Control Policies (Slide 1 of 2)
• Reinforce with technical policies (Cont.) • Vendor and contractor access list to be approved, monitored, and limited to the length of the contract. • Default administrator passwords must be changed before the system goes into production. • Default ports for administrator access must be changed when possible. • Administrative access cannot be accomplished through a public interface. • Each new user account will receive a unique first-time password that must be changed upon first use. • Any reset passwords must be set to unique value for each user and changed upon first use. Access Control Policies (Slide 2 of 2)
Information Access Logical Access Concern Mitigation Databases with sensitive information are prime targets. • Isolate database from rest of network. • Use authentication/authorization mechanisms. Inability to determine who is using remote connections. • Implement remote authentication protocols. All accounts allow full access to data. • Set up varied levels of access permissions. Physical Access Concern Mitigation Attackers simply walking out with a bunch of servers. • Lock and monitor server rooms/data centers. Hard copies of sensitive information. • Keep hard copies in locked file cabinets/safes.
Layered Protection Perimeter Facility Secured Area
• Fencing • Walls • Doors • Windows • Lighting • Bollards Physical Access Barriers
• Key lock • Deadbolt lock • Keyless lock or cipher lock • Combination lock • Intelligent keys • Device locks • Biometric or access card locks Lock Types
• Container • Safe • Vault Secure Storage
• Lights • Bells and sirens • Local activation/local response • Local activation/remote response • Remote activation/local response • Remote activation/remote response Alarm Systems
• Maintained by access control systems and by security guards. • Should clearly identify: • The name of the individual attempting access. • The date and time of access. • The access portal or entry point. • The user ID entered to attempt access. • The location of access to internal spaces, if required. • Unsuccessful access attempts, including those during unauthorized hours. Physical Access Logs
DRPs • Well-documented policy that defines: • How people/resources will be protected during disaster. • How organization will recover. • Plan should be tested for effectiveness and fine-tuned before a disaster strikes. • Train staff on policy so they can respond automatically in case of emergency.
Disaster Recovery Strategy Considerations Risks Personnel safety Essential items Relocation scheme Cost vs. benefit Weigh goals and costs to ensure an effective DRP Prioritization Recover business critical processes first
END

Empfohlen

Network scanner
Network scannerNetwork scanner
Network scannerShrikrishna Parab
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewallSubrata Kumer Paul
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaArpit Bhatia
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 

Empfohlen

Network scanner
Network scannerNetwork scanner
Network scannerShrikrishna Parab
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewallSubrata Kumer Paul
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaArpit Bhatia
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Saksham Agrawal
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Firewall
FirewallFirewall
Firewallthinkahead.net
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsFredrick Hall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan SecuritySANDEEPONSLIDESHARE
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPSSAurabh PRajapati
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN SecurityAbu Rayhan Ahmmed Rimu
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDSMAURICE NTAHOBARI
 
NIDS ppt
NIDS pptNIDS ppt
NIDS pptMahendar Reddy
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Saksham Agrawal
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDSMAURICE NTAHOBARI
 

Was ist angesagt? (20)

640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Firewall
FirewallFirewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1Network_Intrusion_Detection_System_Team1
Network_Intrusion_Detection_System_Team1
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Firewall
FirewallFirewall
Firewall
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
 
Intrusion detection system IDS
Intrusion detection system IDSIntrusion detection system IDS
Intrusion detection system IDS
 
NIDS ppt
NIDS pptNIDS ppt
NIDS ppt
 

Ähnlich wie Dncybersecurity

Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webST_World
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...ManageEngine, Zoho Corporation
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)Zara Nawaz
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012AVEVA
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 

Ähnlich wie Dncybersecurity (20)

Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
Scada security webinar 2012
Scada security webinar 2012Scada security webinar 2012
Scada security webinar 2012
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 

Mehr von Anne Starr

I01letor20so201leutor2020
I01letor20so201leutor2020I01letor20so201leutor2020
I01letor20so201leutor2020Anne Starr
 
Iso27001leadauditor2020
Iso27001leadauditor2020Iso27001leadauditor2020
Iso27001leadauditor2020Anne Starr
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
2 slides(2ndvariadaystion)
2 slides(2ndvariadaystion)2 slides(2ndvariadaystion)
2 slides(2ndvariadaystion)Anne Starr
 
Awtitioneressentialsdeckscloudprac401-577
Awtitioneressentialsdeckscloudprac401-577Awtitioneressentialsdeckscloudprac401-577
Awtitioneressentialsdeckscloudprac401-577Anne Starr
 
01wslouAsentialsdeck2dpractitioneres-400
01wslouAsentialsdeck2dpractitioneres-40001wslouAsentialsdeck2dpractitioneres-400
01wslouAsentialsdeck2dpractitioneres-400Anne Starr
 
uderessAwscloentialsdeck1-2ion00
uderessAwscloentialsdeck1-2ion00uderessAwscloentialsdeck1-2ion00
uderessAwscloentialsdeck1-2ion00Anne Starr
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
CloudhnologysstecociatAnne Starr
 
Cmbysantocsddsh
CmbysantocsddshCmbysantocsddsh
CmbysantocsddshAnne Starr
 
Cddmbysantcsosh
CddmbysantcsoshCddmbysantcsosh
CddmbysantcsoshAnne Starr
 
Ccbysantsddosh
Ccbysantsddosh Ccbysantsddosh
Ccbysantsddosh Anne Starr
 
Ccsdbyhday1santodms
Ccsdbyhday1santodmsCcsdbyhday1santodms
Ccsdbyhday1santodmsAnne Starr
 

Mehr von Anne Starr (20)

I01letor20so201leutor2020
I01letor20so201leutor2020I01letor20so201leutor2020
I01letor20so201leutor2020
 
Iso27001leadauditor2020
Iso27001leadauditor2020Iso27001leadauditor2020
Iso27001leadauditor2020
 
Ccsddm5days
Ccsddm5daysCcsddm5days
Ccsddm5days
 
Dayblic
DayblicDayblic
Dayblic
 
Day1cspbeblic
Day1cspbeblicDay1cspbeblic
Day1cspbeblic
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
2 slides(2ndvariadaystion)
2 slides(2ndvariadaystion)2 slides(2ndvariadaystion)
2 slides(2ndvariadaystion)
 
Sec4
Sec4Sec4
Sec4
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
Securityic2
Securityic2Securityic2
Securityic2
 
)k
)k)k
)k
 
inte
inteinte
inte
 
Awtitioneressentialsdeckscloudprac401-577
Awtitioneressentialsdeckscloudprac401-577Awtitioneressentialsdeckscloudprac401-577
Awtitioneressentialsdeckscloudprac401-577
 
01wslouAsentialsdeck2dpractitioneres-400
01wslouAsentialsdeck2dpractitioneres-40001wslouAsentialsdeck2dpractitioneres-400
01wslouAsentialsdeck2dpractitioneres-400
 
uderessAwscloentialsdeck1-2ion00
uderessAwscloentialsdeck1-2ion00uderessAwscloentialsdeck1-2ion00
uderessAwscloentialsdeck1-2ion00
 
Cloudhnologysstecociat
CloudhnologysstecociatCloudhnologysstecociat
Cloudhnologysstecociat
 
Cmbysantocsddsh
CmbysantocsddshCmbysantocsddsh
Cmbysantocsddsh
 
Cddmbysantcsosh
CddmbysantcsoshCddmbysantcsosh
Cddmbysantcsosh
 
Ccbysantsddosh
Ccbysantsddosh Ccbysantsddosh
Ccbysantsddosh
 
Ccsdbyhday1santodms
Ccsdbyhday1santodmsCcsdbyhday1santodms
Ccsdbyhday1santodms
 

Kürzlich hochgeladen

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 

Kürzlich hochgeladen (20)

Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 

Dncybersecurity

  • 2. CYBER SECURITY THE OBJECTIVE To prevent or mitigate harm to or destruction of Computer Networks, Applications, Devices, and Data.
  • 3. Trainer Profile LEO LOURDES (MBA IT Management, BoM Hons. HRM) Implementer of ISO 20000-1:2011 Certified in COBIT® 5 Certified in ISO 9001 Auditor (PECB) Certified in PRINCE2® in Project Management Certified in ITIL® Practitioner Certified in ITIL® Intermediate Certificate in IT Service Operation Certified in ITIL Information Security based on ISO/IEC 27002 Certified in ITIL for Cloud Computing Certified in ITIL IT Service Management Certified in Coaching and Calibration Skills for Call Center Certified in Delivering Learning / Teaching by City & Guilds, United Kingdom wecare@thinkleosolutions.com ++6016-349 1793 Experience: Management Representative (MR) ISO 20000-1: 2011 IT Service Management (Incident, Problem, Change) Manager Security, Compliance & Risk Management Senior CRM Delivery Analyst Certified Trainer Certified IT Auditor & Consultant
  • 4. CYBER SECURITY AWARENESS : DAY 2 • Vulnerabilities • Network Security • Access Control • Physical Security • Disaster Recovery
  • 5. Vulnerability Assessments Perform when: • First deploy new/updated systems. • New vulnerabilities have been identified. • A security breach occurs. • Need to document security state of systems. Collect Store Organize Analyze Report
  • 6. • Port scanner • Protocol analyzer • Packet analyzer • Network enumerator • Intelligence gathering • Vulnerability scanner Vulnerability Scanning
  • 7. • Evaluate security by simulating an attack on a system. • Verify a threat exists. • Actively test and bypass security controls. • Exploit system vulnerabilities. • When compared to vulnerability assessment, it is: • Less common. • More intrusive. • An objective measurement. • A combination of multiple vulnerabilities to provide holistic understanding of vulnerability. • Follow real attacker’s methodology, including target preparation/research stages. • Difference between pen test and real attack is intent. • Need explicit permission of target organization. • Make sure organization knows test will not stop until attack is fully carried out. • Report should include: • Steps undertaken. • Weaknesses identified. • Recommendations. Penetration Testing
  • 8. Penetration Test Components Component Description Network scanning • Uses a port scanner to identify devices attached to target network and to enumerate the applications hosted on the devices. This function is known as fingerprinting. Social engineering • Attempts to get information from users to gain access to a system. • Tests for adequate user training. • Stay mindful of ethical implications of deceiving people. • Don't want to undermine your employees' trust in you or their coworkers. War dialing • Uses a modem and software to dial a range of phone numbers to locate computer systems, PBX devices, and HVAC systems. War driving • Locates/attempts to penetrate wireless systems from public property, like a sidewalk. Vulnerability scanning • Exploits known weaknesses in operating systems and applications identified through reconnaissance and enumeration. Blind testing • Occurs when the target organization is not aware of penetration testing activities. Targeted testing • Target organization is informed of the test. • Less disruption to organization due to a more controlled climate.
  • 9. • Event logs contain detailed information. • Often used to troubleshoot performance issues. • Should also review as part of security control test process. • Use an automated tool to help identify security events from mass of data. • May need to configure network devices to capture desired level of detail in a log. Event Log Review (Slide 1 of 2)
  • 10. Common logged activities include: • Authentication requests, both successful and unsuccessful. • New user or group creation. • Group membership changes. • User privilege level changes. • Resource access, such as opening, changing, and deleting files and folders. • Client requests for server services. • The number of transactions per hour of a particular service. • Application or service shutdowns and restarts. • System shutdowns and restarts. • Service or system component errors and failures. • System policy changes. Event Log Review (Slide 2 of 2)
  • 11. Wireless Security (Slide 1 of 2) Wireless Security Protocol Description WEP • Wired Equivalent Privacy. • Relies on stream cipher with 24-bit initialization vector (IV). • Attack on IV can easily predict short value. • Can be compromised in minutes. • Obsolete – do not use. WPA • Wi-Fi Protected Access. • Provides additional encryption using Temporal Key Integrity Protocol (TKIP). • TKIP is vulnerable to transmission of arbitrary packets. • Also vulnerable to decryption of arbitrary packets. • Obsolete – do not use. WPA2 (802.11i) • Improvement on WPA. • Includes stronger encryption (CCMP protocol using AES standard). • Biggest known vulnerability is choosing a weak password. • The current best choice for Wi-Fi security. WPS • Automated mechanism for wireless devices to obtain the Wi-Fi key from the router. • Wi-Fi setup is easy and convenient. • Negotiation can be intercepted and cracked by hacking tools.
  • 12. When implementing wireless security: • Select WPA2 (even WPA2 personal) over WEP or WPA. • When possible, use a RADIUS server for wireless authentication. • If you must use a pre-shared key, make the password complex and change it regularly. • Manually enter Wi-Fi passwords into your device, rather than allowing them to autoconfigure themselves by using WPS. • If necessary, enter the MAC addresses of all devices that are permitted to connect to the wireless network into the access point. Wireless Security (Slide 2 of 2)
  • 13. Networking Hardware • Router • Wireless router • Switch • Hub • Gateway • Modem • Multiplexer • Concentrator • Front-end processor • Repeater • Firewall • Proxy • Reverse Proxy • Appliance Switch Modem Hub Router Firewall Wireless Router
  • 14. • If a router is compromised, attacker can use it in a man-in-the-middle attack. • Like planting a bug in a room to listen in remotely. • Can also initiate DoS attacks. • Router must be physically protected first and foremost. • Theft or tampering with router will result in major network issues. • Routers are also subject to logical attacks. • Attacker may attempt to access router using a remote protocol like Telnet/SSH. • May also try to send excessive or malformed packets to router, causing a DoS. Router Vulnerabilities
  • 15. • Deploy the router in a secure, locked area. • Disable all unnecessary services on the router. • Disable any unnecessary routing protocols. • Harden the router per the manufacturer's recommendations. • Use SSH instead of Telnet. • Create access control lists. • Require strong authentication for administrator connections. • Limit number of admin connections, and disconnect inactive sessions. • Require authentication to a centralized server on higher-end routers. • Create custom administrative accounts with limited privileges for support personnel. • Ensure passwords are stored using encryption. • Forward all security events to a central syslog server. • Monitor activity on the router, watching for suspicious behavior. Router Security
  • 16. • Comprehensive solution to secure mobile devices as they connect to network. • Ensures that these devices are healthy and cannot compromise network. • Software installed on devices includes: • Firewall • VPN client • Antivirus • Anti-malware • Encryption • Uses client/server security model. • Central server on network pushes updates to mobile clients and controls access. • Endpoint security often includes mobile device management (MDM). Endpoint Security
  • 17. • Various devices enable networking capabilities. • Often found in server rooms. • Use the following methods to secure these devices: • Physically secure all devices against tampering or accidents. • Lock cabinets and rack doors. • Use cable locks on laptops and small PCs. • Mount power adapters, smart jacks, media converters, etc., where they can be easily monitored and serviced. • Consider using a "lights out" approach to server management. • Place non-rack-mountable equipment on boltable trays above the rack floor. • Route all cables both inside racks and in the ceiling in managed bundles and cable trays. Physical Devices
  • 18. • Physical and Logical Access Control • Identification, Authentication, and Authorization • Identity as a Service • Authorization Mechanisms • Access Control Attack Mitigation Identity and Access Management
  • 19. • Process of allowing only authorized entities to observe/modify/take possession of a computer system or physical property. • Subject – entity requesting access: • Person. • System. • Process. Access Control • Object – entity being accessed – any resource. • Limits subject’s access to object using predefined rules/roles/labels. Subjects Objects
  • 20. Types of Access Control Services Access Control Service Description Identification and Authentication (I&A) • Provides unique identifier for each authorized subject attempting to access the object. • Includes method or methods to ensure identity of subject (authentication). • Typically administered with Identity Management System and support of a directory. Authorization • Determines the capabilities or rights of the subject when accessing the object. Audit • Creates a log or record of system activities. Accountability • Reports and reviews the contents of log files. • Each subject identifier must be unique to relate activities to one subject.
  • 21. Access Control Services Implementation Individual/entity attempting to access an object. Identify Individual’s identity. Verify Rules/roles to see what individual is permitted to do. Evaluate Audit trail – write each access attempt and function performed to log file. Create Log to see what was completed when and by whom. Review
  • 22. Identity and Access Provisioning Lifecycle Provisioning Review Revocation/ Deprovisioning
  • 23. • Start with administrative policies. • Reinforce with technical policies. • All passwords must be at least seven characters long using three different types of characters. • A user's identity must be verified before IT staff can reset that person's password. • Process to suspend/deactivate user account in case of termination/compromise/infection. • Inactive user accounts must be disabled after 60 calendar days. • User account will be locked out for 15 minutes after three bad logon attempts. • Users can’t have local administrative privileges on their computer unless approved by manager. • Existing local administrative privilege will be reviewed annually. • All administrator accounts must use two-factor authentication to log on to the network. • All workstations must implement a screen lock after 15 minutes of inactivity. • Access to administrator systems must be reviewed annually. • IT staff may not use administrator accounts for general purpose. Access Control Policies (Slide 1 of 2)
  • 24. • Reinforce with technical policies (Cont.) • Vendor and contractor access list to be approved, monitored, and limited to the length of the contract. • Default administrator passwords must be changed before the system goes into production. • Default ports for administrator access must be changed when possible. • Administrative access cannot be accomplished through a public interface. • Each new user account will receive a unique first-time password that must be changed upon first use. • Any reset passwords must be set to unique value for each user and changed upon first use. Access Control Policies (Slide 2 of 2)
  • 25. Information Access Logical Access Concern Mitigation Databases with sensitive information are prime targets. • Isolate database from rest of network. • Use authentication/authorization mechanisms. Inability to determine who is using remote connections. • Implement remote authentication protocols. All accounts allow full access to data. • Set up varied levels of access permissions. Physical Access Concern Mitigation Attackers simply walking out with a bunch of servers. • Lock and monitor server rooms/data centers. Hard copies of sensitive information. • Keep hard copies in locked file cabinets/safes.
  • 27. • Fencing • Walls • Doors • Windows • Lighting • Bollards Physical Access Barriers
  • 28. • Key lock • Deadbolt lock • Keyless lock or cipher lock • Combination lock • Intelligent keys • Device locks • Biometric or access card locks Lock Types
  • 29. • Container • Safe • Vault Secure Storage
  • 30. • Lights • Bells and sirens • Local activation/local response • Local activation/remote response • Remote activation/local response • Remote activation/remote response Alarm Systems
  • 31. • Maintained by access control systems and by security guards. • Should clearly identify: • The name of the individual attempting access. • The date and time of access. • The access portal or entry point. • The user ID entered to attempt access. • The location of access to internal spaces, if required. • Unsuccessful access attempts, including those during unauthorized hours. Physical Access Logs
  • 32. DRPs • Well-documented policy that defines: • How people/resources will be protected during disaster. • How organization will recover. • Plan should be tested for effectiveness and fine-tuned before a disaster strikes. • Train staff on policy so they can respond automatically in case of emergency.
  • 33. Disaster Recovery Strategy Considerations Risks Personnel safety Essential items Relocation scheme Cost vs. benefit Weigh goals and costs to ensure an effective DRP Prioritization Recover business critical processes first
  • 34. END