Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.
|
|
- Cecil Perkins
- 8 years ago
- Views:
Transcription
1 Running head: UNIT 3 RESEARCH PROJECT 1 Unit 3 Research Project Eddie S. Jackson Kaplan University IT540: Management of Information Security Kenneth L. Flick, Ph.D. 10/07/2014
2 UNIT 3 RESEARCH PROJECT 2 Table of Contents Abstract.. 3 Part I Host Detail Screen...4 BASE Alerts Detail Screen... 5 Individual BASE Alert Detail Screen... 6 ATTACK RESPONSE on BASE Alert Screen Part II Assessing the Compromised Server Checking Files... 8 Checking Network Activity. 9 Checking Possible Vulnerabilities Checking Network Account Activity...11 Protecting Network Resources References
3 UNIT 3 RESEARCH PROJECT 3 Abstract The unit three research project presents a two-part assignment that relates to computer forensics, which encompasses the steps and tools that are required for incident response and attack prevention. Both parts of the assignment are meant to reinforce the fundamental concepts associated with forensic science. In Part I, there is a hands-on Snort lab. The Snort lab exercise is a real-world scenario that allows the student to become familiar with Snort software, and in turn learn to scan a network stream, capture alerts, and assess specific alert types. In Part II of the assignment, the student is asked to assess a hypothetical server break-in, and respond in essay form to a series of questions. These questions are intended to highlight the steps and tools utilized in network resource protection.
4 UNIT 3 RESEARCH PROJECT 4 Unit 3 Research Project Part I The Jones & Bartlett Lab. In this lab, Snort was used in incident handling. See snapshots below. Screen capture of the host detail screen from the Lab #10 SNORT Scan:
5 UNIT 3 RESEARCH PROJECT 5 Screen capture of the BASE alerts detail screen:
6 UNIT 3 RESEARCH PROJECT 6 Screen capture of an individual BASE alert detail:
7 UNIT 3 RESEARCH PROJECT 7 Screen capture of an ATTACK RESPONSE on the BASE alert detail screen: Part II The break-in. In the second part of the assignment, there is a hypothetical break-in which requires a five question assessment. Each question explores the ideas and concepts of computer forensics.
8 UNIT 3 RESEARCH PROJECT 8 What are the steps and tools used in assessing a compromised server? When hackers compromise servers, sometimes there are obvious signs of malicious activity, and sometimes the exploits are more stealth. In either case, the information security officer, upon notification that something is wrong with a server, must have a plan for assessing a compromised server; this plan contains the steps or tools necessary to determine exactly what damaged has been done to the server. Considering the break-in, the first step the information security officer should take is verifying that the server has indeed been compromised (Obialero, 2005). This verification can be a visual inspection of the running processes and network activity using a process manager; on Microsoft-based operating systems, this is called the task manager (Microsoft, n.d., para. 1). A second technique for assessing a compromised server would be to scan the system to verify the integrity of the files. For example, in Microsoft operating systems, there is a system file checker (sfc) which can be executed to scan, report, and even repair compromised files (Microsoft TechNet, n.d. para. 1). If this server is a domain controller running Microsoft s Active Directory, and audit access has been defined, the event properties of the object can be accessed and reviewed in the Event Viewer (Levin, 2007). Finally, other tools such as anti-virus scanners and malware scanners can also be utilized to scan a server to validate whether or not the server has been compromised. Which files would be checked? Of course, knowing exactly which files should be checked for integrity is critical to the overall assessment of the compromised server. Hackers target particular areas of an operating; these areas contain the required system files and essential services. System files are file types that end in DLL, OCX, and EXE. Server services are usually associated with these file types as well. To check the integrity of files and services, forensic
9 UNIT 3 RESEARCH PROJECT 9 applications, such as those from NirSoft, can be used to verify integrity. For example, NirSoft s RegDllView utility scans registered DLL, OCX, and EXE files. Additionally, RegDllView returns when the files were registered with the system, and provides a list of files that are no longer needed (NirSoft, 2014). If this server is a web server, it is possible that hackers may have compromised the server through web-based services. A common web server attack is where a hacker uses Cross Site Scripting, or XSS, to modify server scripts and web pages that will be accessed by other users (Valentino, n.d.). The specific files that should be checked in an XSS attack are PHP scripts, session cookies, and other unknown or new scripts on the web server (Acunetix, n.d.). Likewise, webpages coded in HTML and CSS should be analyzed for any recent changes to their content. Where do you check for network activity? While it is crucial to identify which files may have been compromised in an attack, scanning and monitoring network activity is equally important. When servers have been compromised, it is common that a hacker will open communication ports to be able to steal data or maintain open access to the server; unknown established connections to a server, or other network resource for that matter, can be an obvious sign of malicious activity. It is the responsibility of the security information officer to assess network activity and determine whether or not these undesirable lines of communication exist. There are simple tools such as netstat which can be used for viewing open ports. When using netstat, there are options for displaying active TCP and UDP connections, Ethernet statistics, and port numbers. (Microsoft TechNet, n.d.). A more advanced approach to evaluating network activity would be to utilize packet analyzers. Packet analyzers can peer into a network communication stream and allow an
10 UNIT 3 RESEARCH PROJECT 10 information security officer to assess and analyze data at the packet level. These features are particularly important because source and destination IP addresses can be observed. The reason this is significant is because when hackers make connections to network resources, their source address can often be determined from analyzing packets in the bitstream. Similarly, unusual network traffic, specific ports, as well as user-defined network protocols can be scrutinized for existing threats (Rouse, n.d.). A popular application for analyzing packets is Wireshark. Wireshark has features such as saving network activity captures for later examination, setting up alerts, protocol filters, and support for multiple platforms (Wireshark, n.d.). Still, there are other methods for evaluating network traffic; for example, firewalls that have auditing enabled and intrusion detecting systems (IDS). Firewalls normally act as a barrier of protection between an organization and the outside world controlling incoming and outgoing connections however, firewalls such as the Cisco PIX firewall, can maintain event data and firewall messages (IBM, n.d.). This stored data, which contains connection information, can be analyzed in the event of a compromised server; thus offering another method of network activity assessment. One final technique for monitoring or reviewing network activity is the IDS. An IDS, such as the Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module, offers features that perform analysis across multiple network layers, and even has the ability to prevent attacks (Cisco, n.d.). It is important to note, no single network monitoring strategy is perfect; thus implementing a multi-tiered approach to scanning network activity is best practice. How do you check for possible vulnerabilities? Once network activity has been scanned, the next step would be to determine possible vulnerabilities. Operating systems are susceptible to many types of vulnerabilities, such as DLL, OCX, Distributed Component Object Model (DCOM), and Remote Procedure Call (RPC) exploits (Microsoft TechNet, n.d.). One
11 UNIT 3 RESEARCH PROJECT 11 method for defining weak spots in these areas is to use the Microsoft Baseline Security Analyzer (MBSA). The MBSA identifies missing security updates, common misconfigurations, as well as possible threats due to unknown or modified system DLL and OCX files (Microsoft, n.d.). Another application that could be used in determining vulnerabilities is Symantec Endpoint Protection (SEP). SEP is a suite of utilities that offers a plethora of features which include antivirus, spam removal, data loss protection, and host integrity (Symantec, n.d.). Additionally, SEP provides a layered approach to deal with potential threats and performs threat analysis; thus, SEP provides a best practice strategy for determining if vulnerabilities exists, how to remove them, and how to prevent future attacks. How do you track network account activity? After determining exactly what the vulnerabilities are, tracking network account activity becomes a necessity. Network account activity includes logging in, logging out, as well as the frequency of accessing network resources. There are a couple of common methods for a network administrator to track network activity; one technique is to use Microsoft s domain-level or local group policy. By accessing the group policy editor, and navigating to Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy, the audit account logon events can be configured; the account logon and logon audit policy should be enabled (Microsoft, n.d.).. Another method for tracking logon events is to use third party software. ManageEngine sells ADAudit Plus software that monitors user logins and logouts, generates reports, and has the ability to track a user across multiple machines (ManageEngine, n.d.). Additionally, the ADAudit Plus software visually represents the login data, making it much easier to understand and track network account activity. How do you protect network resources? Lastly, it is critical to formulate an overall
12 UNIT 3 RESEARCH PROJECT 12 strategy to protect network resources. Some of the best methods for protecting the resources on the network have already been highlighted. For instance, network resources need to be protected against outside attacks; it is best practice to install a firewall to control, audit, and report on incoming and outgoing connections. Secondly, an IDS will provide the added benefit of being able perform threat analysis and generate alerts on suspicious network activity. Likewise, every network should be protected against viruses, worms, and spam. This is where implementing an enterprise-based solution, such as SEP, becomes critical to maintaining the integrity of network resources. Finally, one essential component for protecting network resources is an updates and patching server. Update servers, such as Windows Server Update Services (WSUS), allow system administrators to centrally manage which security updates, system updates, and patches get deployed to workstations and servers throughout the enterprise (Microsoft TechNet, n.d.). The reason it is important to consistently update and patch machines on the network is to maintain the highest levels of operating system integrity. Ultimately, no one piece of technology can fully protect all network resources; thus, implementing multiple layers of technology throughout the enterprise has become best practice.
13 UNIT 3 RESEARCH PROJECT 13 References Acunetix. (n.d.). Cross-site Scripting (XSS) Attack. What is cross-site scripting? Retrieved from Cisco. (n.d.). Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module. Retrieved from series-intrusion-detection-system-idsm-2-services-module/index.html IBM. (n.d.). Configuring auditing for Cisco PIX firewall. Retrieved from 01.ibm.com/support/knowledgecenter/SSSN2Y_1.0.0/com.ibm.itcim.doc/tcim85_install 197.html%23cspxfw Levin, Alik. (2007/4/1). File access auditing - I am not afraid of GPO. Retrieved from Microsoft. (n.d.). Audit logon events. Retrieved from Microsoft. (n.d.). Microsoft Baseline Security Analyzer 2.3 (for IT professionals). Retrieved from Microsoft. (n.d.). What is task manager? Retrieved from Microsoft TechNet. (n.d.). Best practices for mitigating RPC and DCOM vulnerabilities. Retrieved from Microsoft TechNet. (n.d.). Netstat. Retrieved from
14 UNIT 3 RESEARCH PROJECT 14 Microsoft TechNet. (n.d.). System file checker. Retrieved from Microsoft TechNet. (n.d.). Windows Server Update Services. Retrieved from NirSoft. (2014). RegDllView v View registered dll/ocx/exe files on your system and register DLL files from Explorer. Retrieved from registered_dll_view.html Obialero, Roberto. (2005). Forensic analysis of a compromised intranet server. Retrieved from Rouse, Margaret. (n.d.). Network analyzer (protocol analyzer or packet analyzer). Retrieved from Symantec. (n.d.). Symantec Endpoint Protection. Retrieved from endpoint-protection Valentino, Vishnu. (n.d.). Basic hacking via Cross Site Scripting (XSS) The logic. Retrieved from Whitman, Michael E., & Mattord, Herbert J. (2011). Principles of Information Security. 4th edition. Independence, KY: Cengage. Wireshark. (n.d.). Wireshark frequently asked questions. Retrieved from org/faq.html#q1.1
Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University
Security Consultant Scenario INFO 517-900 Term Project Drexel University Author Note This paper was prepared for INFO-517-900 taught by Dr. Scott White. Table of Contents ABSTRACT.1 THE INTERVIEW...2 THE
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationUser Security Education and System Hardening
User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings.
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationSymantec Endpoint Protection Analyzer Report
Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationSOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013
SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and
More informationFIREWALL POLICY November 2006 TNS POL - 008
FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationMany network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationOfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010
OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 What is Trend Micro OfficeScan? Trend Micro OfficeScan Corporate Edition protects campus networks from viruses, Trojans, worms, Web-based
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationHosts HARDENING WINDOWS NETWORKS TRAINING
BROADVIEW NETWORKS Hosts HARDENING WINDOWS NETWORKS TRAINING COURSE OVERVIEW A hands-on security course that teaches students how to harden, monitor and protect Microsoft Windows based networks. A hardening
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationINFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More informationSCADA Security Example
SCADA Security Example Christian Paulino and Janusz Zalewski Florida Gulf Coast University December 2012 1. Introduction SCADA systems are always connected to a network, so they are vulnerable to attack.
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak CR V4.1 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationOur Security. History of IDS Cont d In 1983, Dr. Dorothy Denning and SRI International began working on a government project.
Our Security Ways we protect our valuables: By Edith Butler Fall 2008 Locks Security Alarm Video Surveillance, etc. History about IDS It began in 1980, with James Anderson's paper: History of IDS Cont
More informationSecurity Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems
IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationby New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document
Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationGuideline on Firewall
CMSGu2014-02 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Firewall National Computer Board Mauritius Version 1.0 June
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationMedical Device Security Health Group Digital Output
Medical Device Security Health Group Digital Output Security Assessment Report for the Kodak Color Medical Imager 1000 (CMI-1000) Software Version 1.1 Part Number 1G0434 Revision 2.0 June 21, 2005 CMI-1000
More informationHow To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
More informationSECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)
WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationNessus and Antivirus. January 31, 2014 (Revision 4)
Nessus and Antivirus January 31, 2014 (Revision 4) Table of Contents Introduction... 3 Standards and Conventions... 3 Overview... 3 A Note on SCAP Audits... 4 Microsoft Windows Defender... 4 Kaspersky
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Medical Image Manager (MIM) Version 6.1.1 Part Number 1G0119 Version 1.0 Eastman Kodak Company, Health Group
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DR V2.0 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
More informationDescription: Objective: Attending students will learn:
Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of
More informationFirewalls and Software Updates
Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General
More informationSECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES
REQUIREMENT 6.1 TO 6.2 SECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES 6.1 TO 6.2 OVERVIEW In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, [company
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationWatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
SMALL BUSINESS NETWORK SECURITY GUIDE WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION AUGUST 2004 SMALL BUSINESS NETWORK SECURITY GUIDE: WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationVULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION
VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION copyright 2003 securitymetrics Security Vulnerabilities of Computers & Servers Security Risks Change Daily New
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationCourse Title: Penetration Testing: Security Analysis
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More informationGetting Started. Symantec Client Security. About Symantec Client Security. How to get started
Getting Started Symantec Client Security About Security Security provides scalable, cross-platform firewall, intrusion prevention, and antivirus protection for workstations and antivirus protection for
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationAN OVERVIEW OF VULNERABILITY SCANNERS
AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationWHITE PAPER. Best Practices for Securing Remote and Mobile Devices
WHITE PAPER Best Practices for Securing Remote and Mobile Devices Table of Contents Executive Summary 3 The Rise of Mobile and Remote Computing 3 Risks from Remote Computing 3 Risks for Mobile Workers
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationA Prevention & Notification System By Using Firewall. Log Data. Pilan Lin
A Prevention & Notification System By Using Firewall Log Data By Pilan Lin 1 Table Of Content ABSTRACT... 3 1 INTRODUCTION... 4 2. Firewall Log data... 6 2.1 How to collect log data... 6 3. Prevention
More informationReporting and Incident Management for Firewalls
Reporting and Incident Management for Firewalls The keys to unlocking your firewall s secrets Contents White Paper November 8, 2001 The Role Of The Firewall In Network Security... 2 Firewall Activity Reporting
More informationRedhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.
Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationHack Proofing Your Organization
Hack Proofing Your Organization Who am I Gary Bates Director of Information Services for the City of Harker Heights Microsoft Certified System Engineer Microsoft Certified Information Technology Professional
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationFirewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08
Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationMicrosoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support m-satut@northwestern.edu
Microsoft Software Update Services and Managed Symantec Anti-virus Michael Satut TSS/Crown IT Support m-satut@northwestern.edu Introduction The recent increase in virus and worm activity has created the
More informationCautela Labs Cloud Agile. Secured.
Cautela Labs Cloud Agile. Secured. Vulnerability Management Scanning and Assessment Service Vulnerability Management Services New network, application and database vulnerabilities emerge every day. Because
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationNew Zealand National Cyber Security Centre
Unclassified New Zealand National Cyber Security Centre Application Whitelisting With Microsoft Applocker June 2012 V1.0.5 Application Whitelisting with Microsoft Applocker Cyber Security Plan As outlined
More informationPlugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help
Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help About ManageEngine Network Servers & Applications Desktop ServiceDesk Windows Infrastructure
More informationWeb Application Security 101
dotdefender Web Application Security Web Application Security 101 1 Web Application Security 101 As the Internet has evolved over the years, it has become an integral part of virtually every aspect in
More information