Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing



Similar documents
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

June 2014 WMLUG Meeting Kali Linux

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Certified Ethical Hacker (CEH)

Network Security: Introduction

Intro to Firewalls. Summary

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Special Issues for Penetration testing of Firewall

Exam 1 - CSIS 3755 Information Assurance

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Domain 5.0: Network Tools

CS5008: Internet Computing

Sample Report. Security Test Plan. Prepared by Security Innovation

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

NETWORK SECURITY WITH OPENSOURCE FIREWALL

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

PREEMPTIVE. Preventive methodology and tools to protect utilities Main goal

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

Cisco Security Optimization Service

Packet Sniffer Detection with AntiSniff

4. Getting started: Performing an audit

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation

Global Partner Management Notice

An Introduction to Network Vulnerability Testing

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

MCSA Security + Certification Program

SANS Top 20 Critical Controls for Effective Cyber Defense

Penetration Testing Report Client: Business Solutions June 15 th 2015

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

A Decision Maker s Guide to Securing an IT Infrastructure

A Layperson s Guide To DoS Attacks

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Networks and Security Lab. Network Forensics

A Study on the Security aspects of Network System Using Penetration Testing

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Penetration Testing Service. By Comsec Information Security Consulting

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

The Queen s Horses, London, May Application Security From Jerry Scott

Detection of illegal gateways in protected networks

Radware s Behavioral Server Cracking Protection

Critical Controls for Cyber Security.

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

External Network Penetration Test Report

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Course Title: Penetration Testing: Security Analysis

Simple Steps to Securing Your SSL VPN

IntruPro TM IPS. Inline Intrusion Prevention. White Paper

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT


Fuzzy Network Profiling for Intrusion Detection

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Linux Network Security

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

The Self-Hack Audit Stephen James Payoff

What is Penetration Testing?

FREQUENTLY ASKED QUESTIONS

Pentests: Exposing real world attacks

eeye Digital Security Product Training

CNA 432/532 OSI Layers Security

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Top 5 Essential Log Reports

Passive Vulnerability Detection

Print Audit Facilities Manager Technical Overview

Concierge SIEM Reporting Overview

About Effective Penetration Testing Methodology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Build Your Own Security Lab

Chapter 8 Security Pt 2

VOIP Attacks On The Rise

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

A Vulnerability Assessment Tool based on OVAL in Linux System

ICTN Enterprise Database Security Issues and Solutions

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Network Incident Report

Course: Information Security Management in e-governance. Day 3. Session 1: Information Security Audits

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

INFORMATION TECHNOLOGY

Wireless Tools. Training materials for wireless trainers

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

How To Protect A Web Application From Attack From A Trusted Environment

CMPT 471 Networking II

Review: McAfee Vulnerability Manager

Study of Network Security along with Network Security Tools and Network Simulators

Designing Security for Microsoft SQL Server 2005

Transcription:

One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management Dang Thanh Binh Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing In information security, a risk is the likelihood that a threat agent will exploit a vulnerability More generally, a risk can be defined as an event or condition that could occur And if it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset

Realistically, risk cannot ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed Risk management A systematic and structured approach to managing the potential for loss that is related to a threat Along with the assets, the attributes of the assets need to be compiled Attributes are details Important to determine each item s relative value The first step or task in risk management is to determine the assets that need to be protected Asset identification The process of inventorying and managing these items Types of assets: Data Hardware Personnel Physical assets Software

Factors that should be considered in determining the relative value are: How critical is this asset to the goals of the organization? How difficult would it be to replace it? How much does it cost to protect it? How much revenue does it generate? The next step is to determine the threats from threat agents Threat agent Any person or thing with the power to carry out a threat against an asset Threat modeling Constructs scenarios of the types of threats that assets can face Helps to understand who the attackers are, why they attack, and what types of attacks might occur Factors that should be considered in determining the relative value are: (continued) How quickly can it be replaced? What is the cost to replace it? What is the impact to the organization if this asset is unavailable? What is the security implication if this asset is unavailable?

Provides a visual image of the attacks that may occur against an asset Finding security weaknesses that expose assets to threats Takes a snapshot of the security of the organization as it now stands Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the background and experience of the assessor

Determining: The damage that would result from an attack, and The likelihood that the vulnerability is a risk to the organization Single Loss Expectancy (SLE) The expected monetary loss every time a risk occurs Annualized Loss Expectancy (ALE) The expected monetary loss that can be expected for an asset due to a risk over a one-year period The final step--determine what to do about the risks Options when confronted with a risk: Diminish the risk Transfer the risk Outsourcing or insurance Accept the risk

Vulnerability scanning is typically used by an organization to identify weaknesses in the system That need to be addressed in order to increase the level of security Tools include port scanners, network mappers, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers Identifying vulnerabilities through a vulnerability appraisal Determines the current security weaknesses that could expose assets to threats Two categories of software and hardware tools Vulnerability scanning Penetration testing Internet protocol (IP) addresses The primary form of address identification on a TCP/IP network Used to uniquely identify each network device Port number TCP/IP uses a numeric value as an identifier to applications and services on the systems Each datagram (packet) contains not only the source and destination IP addresses But also the source port and destination port

Port scanner Sends probes to interesting ports on a target system Determines the state of a port to know what applications are running and could be exploited Three port states: Open, closed, and blocked

Software tools that can identify all the systems connected to a network Most network mappers utilize the TCP/IP protocol ICMP Internet Control Message Protocol (ICMP) Used by PING to identify devices Less useful for modern versions of Windows Also called a sniffer Captures each packet to decode and analyze its contents Can fully decode application-layer network protocols Common uses include: Network troubleshooting Network traffic characterization Security analysis

Products that look for vulnerabilities in networks or systems Help network administrators find security problems Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect Other types of vulnerability scanners combine the features of a port scanner and network mapper OVAL Designed to promote open and publicly available security content Standardizes the transfer of information across different security tools and services A common language for the exchange of information regarding security vulnerabilities These vulnerabilities are identified using industry-standard tools

OVAL vulnerability definitions are recorded in Extensible Markup Language (XML) Queries are accessed using the database Structured Query Language (SQL) OVAL supports Windows, Linux, and UNIX platforms Password A secret combination of letters and numbers that only the user knows Because passwords are common yet provide weak security, they are a frequent focus of attacks Password cracker programs Use the file of hashed passwords and then attempts to break the hashed passwords offline The most common offline password cracker programs are based on dictionary attacks or rainbow tables

A defense against password cracker programs for UNIX and Linux systems On a system without a shadow fiile The passwd file that contains the hashed passwords and other user information is visible to all users The shadow file can only be accessed at the highest level and contains only the hashed passwords SATAN could improve the security of a network by performing penetration testing To determine the strength of the security for the network and what vulnerabilities may still have existed SATAN would: Recognize several common networking-related security problems Report the problems without actually exploiting them Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem Method of evaluating the security of a computer system or network By simulating a malicious attack instead of just scanning for vulnerabilities Involves a more active analysis of a system for vulnerabilities One of the first tools that was widely used for penetration testingaswellasbyattackerswassatan

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information