|
|
- Belinda Harmon
- 8 years ago
- Views:
Transcription
1 IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS and honeypots can serve in this role by monitoring the traffic traversing the network. Second layer is responsible for monitoring computer systems for malicious activity. HIDS and honeypots have this duty. HIDS are implemented as software on productionsystems to continually monitor actions on these systems. Honeypots can also help organisations to understand what system attacks are being directed against them. Third layer is the analysis of the data collected by the intrusion detection devices over time. By understanding the trends and types of attacks that are occurring, organizations divert security resources to the most vulnerable area. Fourth layer is current news such as traditional media, websites and newsgroups that offer information about current attacks or increases in malicious activity. Using all of these layers, security professionals can proactively monitor a network and block attacks before they occur. FOUR (4) detective controls that could be utilised to maintain system security. Antivirus Antivirus software is detective in that it catches malicious software code when it appears on the computer system. Updating antivirus software has become easier in the last few years. Antivirus companies have come up with innovative ways to help organizations automatically update and track antivirus signature and software. Auditing and logging The basic operation of a system logging facility is to collect information from the operating system or application whenever specific actions occur. There are similar items usually audited; namely logs cleared, logon failures and successes, system restarts and shutdowns, right changes or group membership changes and object accesses. Firewall Protection which can be implemented as software applications or hardware devices and is designed to restrict access between networks. For remote or mobile workers who may use a personal ISP to connect to the corporate network, system firewalls can help to ensure that malicious traffic cannot originate from these remote computers. Host Intrusion Detection Systems Sensors that are installed directly on production computer systems to monitor a wide range of activities which occur on the system. Among the functions are to monitor incoming network connections for malicious activity and to act as log analysis tools to monitor log files created by the operating system and installed applications. Policy Verification The activity of ensuring that systems meet the established security policy. Examine all user accounts to make sure that passwords have been changed according to guidelines. Check password policies to ensure that the system requires password changes at regular intervals. Check that auditing Techniques utilised by honeypots to trap an attacker. Delaying network responses is a popular method. By configuring the network drivers to respond more slowly as more requests are made, the attacker is forced to wait for responses to his actions.
2 Some honeypots can also respond with errors or deceptive messages to tease the abuser into continuing. The honeypot allows inbound connections to connect only for a short period of time. After the time period is up, the honeypot drops the network connection and forces the attacker to reconnect. The trapping system lets an inbound connection make only a finite number of requests before dropping the connection. The honeypot denies all inbound connections. As the abuser tries to find open network ports, the victim system records and reports all activity. The victim system runs services and applications as a non privileged user. This gives limited access to the system reducing the ability to cause harm. The use of filtering and summation techniques to efficiently reduce false positives. 8 Filtering: Filtering is a common mechanism used for reducing false positives. Filtering is achieved by configuring a sensor so that instead of reporting every event, it reports only those that could be successful. For example, one company has only web servers running the Linux operating system. In order to monitor Internet traffic, the company deploys NIDS sensors in the network. However, the NIDS sensors report malicious activity that matches known attacks for Web servers running the windows operating system. These attacks, however, are not valid because there are no Web servers running Windows. Although filtering out these events is commonsense, it does present some danger. This malicious activity, although not successful, may still warrant careful monitoring. This trade-off between false positive suppression and detecting all malicious activity is a larger challenge for all intrusion detection systems. Summation: Summation is another technique commonly used to reduce false positives. IDS sensors have signatures to detect packets that may be part of a DOS attack. If the instruction detection system reports an event for every malicious packet received, the effect can cause an indirect denial of service on the intrusion detection system itself. These events are not harmful if seen a few at a time, but hundreds or thousands at a time spell trouble. By summarising events, the sensor can be configured so that it only generates events when it detects 10 packets or 100 packets that match a signature. The risk of summation is slightly less than the risk in filtering, because events are not removed. False positives such a problem in intrusion detection The single largest problem in intrusion detection sensors is their tendency to generate a large number of false positives. In a general sense, a false positive is an event that incorrectly reports malicious activity. False positives can overwhelm the IDS to the extent that real attacks go undetected. The constant influx of false positives can cause the people monitoring the IDS to ignore much of the incoming activity - including valid malicious activity.
3 Popular examples of a honeypot. A computer system that is built to be secure and generates an event for any computer that attempts to bypass its security controls. A computer that was formerly a company s Web server. A Linux server that is configured to respond like a Windows machine to record malicious attacks against Windows hosts. A server that that has a tool installed to decrease response times to incoming requests. Briefly describe the Division B requirements defined by the Trusted Computer System Evaluation Criteria (TCSEC) standard to meet the security requirements of the United States Department of Defense (DoD). Division B Mandatory Access Controls Systems and applications classified in this division have mandatory access controls in place. Within these types of systems, each subject (e.g., user, application or process) must be assigned a level that signifies what level of information the subject can access and each object (e.g. file, directory or network connection) must also be labelled signifying the level of security necessary to access this information. Mandatory access controls then ensure that each subject is authorised to access each object. With mandatory access controls the access policy is objectively based on user identity and access level. ETHICAL HACKING: Ethical hacking is a type of security testing that enables IT organisations to objectively view the strengths and weaknesses of their security policies and procedures. With this type of testing, trusted employees pose as abusers to uncover possible avenues of attack. Benefits of security testing. Audits that measure an IT environment against security best practices help to determine if existing security policies and controls are sufficient. Security testing is more accurate than audits in determining whether current security controls are sufficient because ethical hackers actually try to breach security defences. By acting as an abuser, the ethical hacker can use all possible methods to uncover exposures and vulnerabilities. An unfortunate side effect of sitting inside fortified castle walls is that the defending organisation does not have the same view as attackers. The friendly forces that simulate an attack can report weakness in defences. The analogy applies to testing. A variety of tools compliance checking, security advisory service and IDS can identify the exposures that must be fixed. Organisations must then direct a significant work effort to close the exposures. Security testing can help to determine whether the vulnerabilities were actually fixed and verify or refute the success of security remediation.
4 SIX (6) items required by the Trusted Computer System Evaluation Criteria (TCSEC) security standard. Security policy: There must be an explicit and well-defined security policy enforced by the computer system. Marking: Access control labels must be associated with the information stored on a computer system. Identification: Access to sensitive information must be regulated by the proven identity of a user and based on the access level granted to the user. Accountability: Audit information must be selectively kept and protected so that actions affecting security can be traced to the responsible party. Assurances: The computer system must contain hardware and software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces the first four requirements in this list. Continuous protection: The trusted mechanisms that enforce these basic requirements must be continuously protected against tampering and unauthorized changes. Purpose of using the ping utility in an operating system. The ping utility is often used to check whether a computer is connected to the network. Ping can also quickly test the responsiveness of a target server and ensure that the server is operational. In additional, by running ping against a list of servers also referred to as ping sweeps, testers can quickly determine which IP addresses are active on the target network. The purpose of having the Kerberos function in the UNIX system. Kerberos is an authentication technology to ensure that passwords could not be intercepted while in transit over the network Using secret-key technology, Kerberos encrypts passwords before sending them over the network thereby greatly reducing the chances that passwords can be intercepted by abusers using packet sniffers Kerberos implements symmetric encryption to hide the authentication communication between the user requesting access to a network resource (e.g. files on a server, remote printer, remote application) and the system controlling access. The term principle of least privilege in the context of access control. To ensure the highest level of security, administrators should use the principle of least privilege, which states that each user should be granted no more privileges than those necessary for him to do his job. Administrators should start by granting everyone no rights to data and when business needs dictate, grant access to data in accordance with established security policies. This approach ensures that access is denied to any files that do not have explicit access granted. The use of TWO (2) probing tools available in most operating systems. Ping The Ping utility is often used to check whether a computer is connected to the network. In relation to security testing, ping can quickly test the responsiveness of a target server and
5 ensure that the server is operational. In addition, by running ping against a list of servers, also referred to as ping sweeps, testers can quickly determine which IP addresses are active on the target network. Traceroute The traceroute utility allows a tester to view the route an IP packet follows in travelling from one host to another. Using traceroute the tester can not only determine how many devices exist between him and the target server, but also list the server name and IP address of each intermediary device, listing the paths by which network traffic reaches the destination, a tester can successfully sketch out the network architecture of the target organization. The purpose of security testing and THREE (3) of its benefits. Security testing is used to view the strength and weaknesses of an organizations security policies and procedures. The benefit of security testing is that it identifies the problems before the abusers can. Benefits: To help to determine if existing policies and controls are sufficient. To help to report the weakness in defences. To help to determine whether the vulnerability were actually fixed or not. The purpose of security auditing. The purpose of security auditing is to periodically compare the environment against established standards and to verify that the proper controls are in place. Audits can be applied to any area of controls whether they are financial, business, governmental, operational, or security. Example: Accounting may have financial auditors review current accounting practices, or the IT Department may have a technology review to ensure that system architecture and capacity is adequate to meet user needs. Audits usually carry a good deal of weight because the results come from a trusted, objective third-party and are normally presented to senior management. FOUR (4) major components of public-key infrastructure (PKI). PKI is designed to manage the keys necessary to perform public-key encryption. PKI consists of: 1. digital certificates, 2. a certificate authority (CA), 3. a registration authority (RA), 4. certificate directory and a key backup and recovery server. How boot loaders and consoles are used to implement physical security in UNIXsystems. Boot loaders: A boot loader is a program that accepts a hand-off from BIOS and initiates the boot sequence for the operating system. With Red Hat Linux, the default boot loaders LILO and GRUB can both be configured to require passwords. Console: Access to a system s console can be restricted in a number of ways that also limit or totally eliminate user privileges to access system devices, shutdown commands, or other privileged resources.
6 The operations of auditing and logging. Auditing refers to the tracking of specific events on the system and recording them in a system log. Auditing can also refer to the action of reviewing system settings to ensure that they match the security policy. As a detective control, logging is perhaps one of the best ways to get a picture of what is happening or what happened on a system. The basic operation of a system logging facility is to collect information from the operating system or application whenever specific actions occur. The standard guidelines for restoring Windows systems. Keep any and all original software media from which to restore the system. Because abusers can replace the default system commands and utilities, never trust that system integrity on an attacked system is intact. Have a good backup methodology in place to back up data. Backup or use a commercial product like ArcServeIT, NetBackup, or NetWorker. Once a system has been rebuilt using original media and backup can be verified, a backup will allow an organization to restore critical data. Periodically test backups to ensure data is being archived properly. It may be necessary to keep a spare computer system handy to perform a full backup and test the integrity of the data. Briefly describe the following probing tools available in most operating systems: i) Ping ii) Traceroute iii) Telnet and FTP iv) Nbtstat i. The ping utility is often used to check whether a computer is connected to the network. Ping can also quickly test the responsiveness of a target server and ensure that the server is operational. In addition, by running ping against a list of servers, also referred to as ping sweeps, testers can quickly determine which IP addresses are active on the target network. ii. The traceroute utility allows a tester to view the route an IP packet follows in travelling from one host to another. Using traceroute the tester can not only determine how many devices exist between him and the target server, but also list the server name and IP address of each intermediary device. By listing the paths by which network traffic reaches the destination, a tester can successfully sketch out the network architecture of the target organization. iii. Although both Telnet and FTP can be used innocuously for remote system management and file transfers, both can also be used to probe the target network. The Telnet client can also be used to grab information from Web servers. iv. The utility nbtstat is included with most versions of Windows to display the Windows, logged on users, MAC address, and other information used in NetBT communications. Like ping, the nbtstat command can only query one system at a time and display its output.
FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationCNA 432/532 OSI Layers Security
CNA 432/532 OSI Layers Location: ECC 116 Days: Thursday Semester: Fall 2012 Times: 5:00-7:50 pm Professor: Dr. Amos Olagunju E-mail: aoolagunju@stcloudstate.edu Office Hrs: 3-4 MW, Office: ECC256 Other
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationUnderstanding and evaluating risk to information assets in your software projects
Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional
More informationWindows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours
Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Introduction The following lab allows the trainee to obtain a more in depth knowledge of network security and
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationUMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY Firewall Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator: Recommended by Director
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationWhy Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.
Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationStandard: Event Monitoring
Standard: Event Monitoring Page 1 Executive Summary The Event Monitoring Standard defines the requirements for Information Security event monitoring within SJSU computing resources to ensure that information
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationIntrusion Detection System (IDS)
Intrusion Detection System (IDS) Characteristics Systems User, Process predictable actions describing process under that actions what pattern subvert actions attack of correspond the systems processes
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationMCSA Security + Certification Program
MCSA Security + Certification Program 12 credit hours 270 hours to complete certifications Tuition: $4500 Information technology positions are high-demand occupations that support virtually all industries.
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationEC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led
EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationWhat is Firewall? A system designed to prevent unauthorized access to or from a private network.
What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls
More informationFirewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08
Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationApplication Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
More informationBlended Security Assessments
Blended Security Assessments Combining Active, Passive and Host Assessment Techniques October 12, 2009 (Revision 9) Renaud Deraison Director of Research Ron Gula Chief Technology Officer Table of Contents
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationCH ENSA EC-Council Network Security Administrator Detailed Course Outline
CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical
More informationHow To Control Vcloud Air From A Microsoft Vcloud 1.1.1 (Vcloud)
SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationWHITE PAPER. An Introduction to Network- Vulnerability Testing
An Introduction to Network- Vulnerability Testing C ONTENTS + Introduction 3 + Penetration-Testing Overview 3 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and
More information6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access
OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated IIS Web Servers Group The policies shipped with StormWatch address both application-specific
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationDomain 5.0: Network Tools
ExamForce.com CompTIA Network+ N10-004 Study Guide 1 Domain 5.0: Network Tools Chapter 5 5.1 Given a scenario, select the appropriate command line interface tool and interpret the output to verify functionality
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More information3. Firewall Evaluation Criteria
Firewall Management Prep. drd. Radu Constantinescu Academy of Economics Studies, Bucharest ABSTRACT Network connectivity can be both a blessing and a curse. On the one hand, network connectivity can enable
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More information6WRUP:DWFK. Policies for Dedicated SQL Servers Group
OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated SQL Servers Group The sample policies shipped with StormWatch address both application-specific
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationAdvanced Honeypot System for Analysing Network Security
ISSN: 2347-3215 Volume 2 Number 4 (April-2014) pp. 65-70 www.ijcrar.com Advanced Honeypot System for Analysing Network Security Suruchi Narote 1* and Sandeep Khanna 2 1 Department of Computer Engineering.
More informationHONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More informationMay 11, 2011. (Revision 10)
Blended Security Assessments Combining Active, Passive and Host Assessment Techniques May 11, 2011 (Revision 10) Renaud Deraison Director of Research Ron Gula Chief Technology Officer Copyright 2011. Tenable
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationBendigo and Adelaide Bank Ltd Security Incident Response Procedure
Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Table of Contents 1 Introduction...1 2 Incident Definition...2 3 Incident Classification...2 4 How to Respond to a Security Incident...4
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More information