Outline. Security. Security of network. Security



Similar documents
7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Detailed Description about course module wise:

40 Essential measures

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Information Security Basic Concepts

Securing Linux Servers Best Practice Document

Security Considerations White Paper for Cisco Smart Storage 1

Section 12 MUST BE COMPLETED BY: 4/22

Passing PCI Compliance How to Address the Application Security Mandates

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

IT Security Procedure

Network Security: Introduction

Recommended IP Telephony Architecture

11 NETWORK SECURITY PROJECTS. Project Understanding Key Concepts. Project Using Auditing and Event Logs. Project 11.3

Payment Card Industry (PCI) Data Security Standard

Developing Network Security Strategies

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Radware s Behavioral Server Cracking Protection

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

SonicWALL PCI 1.1 Implementation Guide

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Potential Targets - Field Devices

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

information security and its Describe what drives the need for information security.

Security Security by Separation

Basics of Internet Security

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Remote Access Security

Using Network Attached Storage with Linux. by Andy Pepperdine

How To Protect Your Network From Attack

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

SS7 & LTE Stack Attack

Firewalls. Chapter 3

PCI Security Scan Procedures. Version 1.0 December 2004

Security + Certification (ITSY 1076) Syllabus

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Penetration testing. A step beyond missing patches and weak passwords

GE Measurement & Control. Cyber Security for NEI 08-09

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Information Technology Security Procedures

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

PA-DSS Implementation Guide. Version Document Owners. Approval Date: January 2012

CS5008: Internet Computing

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Security Audit Report for ACME Corporation

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Summer Webinar Series

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Chapter 15: Computer and Network Security

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Commercially Proven Trusted Computing Solutions RSA 2010

The Self-Hack Audit Stephen James Payoff

Hacking the WordpressEcosystem

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006

CMS Operational Policy for Firewall Administration

How users bypass your security!

Catapult PCI Compliance

Networked Systems Security

SECURITY DOCUMENT. BetterTranslationTechnology

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Locking down a Hitachi ID Suite server

Cisco Certified Security Professional (CCSP)

Security Considerations for DirectAccess Deployments. Whitepaper

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Designing a security policy to protect your automation solution

PENTEST. Pentest Services. VoIP & Web.

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

A Decision Maker s Guide to Securing an IT Infrastructure

Privileged Account Access Management: Why Sudo Is No Longer Enough

White Paper How Noah Mobile uses Microsoft Azure Core Services

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Transcription:

Outline Introduction Security Gregory Mounie 2012-10-16 mar. General recommendations How to secure your environment Kerberhos SSH IPV6 1 / 28 2 / 28 Security of network Security The main problem Internet connection are bi-directional. Any computer of the world may be connected to any other one Intruders will appear. If Somebody want access, he will get it with: time and money if collected/modified data are valuable for him Goal of security Delay the intrusion as long as possible The security is not a product A secure computer is not connected to a network, is locked in a strongbox, and is turn off. The security is an activity You have to collect data and to manage and change your network The security will annoy your user You have to keep the balance between security and usability 3 / 28 4 / 28

Collect of data 3 kinds of network attack security institution http://www.cert.org hacking website mailing-list (eg. ter) website of system provider (microsoft) Security by obscurity do not work, but it helps to gain some time. 1. DoS (Denial of Services). Easy to do: just send a lot of requests. 2. Intrusion: More difficult need a connection to a host (web server, ftp server) sometimes required password sniffing sometimes required spoofing 3. Intrusion and root access required system exploit full access to data, troyan horse installation, relay 5 / 28 6 / 28 Security breaks Standard recommendation 1. the users 2. external connections 3. physical access ANSSI The national agency of the security of information systems, created in 2008, ( http://www.ssi.gouv.fr ) define the security rules for the information systems of French national institutions. It investigates attacks. It also edits the rules that are presented in the following slides. 7 / 28 8 / 28

On-line exercise among the lecture Know the information system and its user Build and maintain a map of hardware and software For every general recommendation in the following slides Could you find 1. how to do it easily; 2. what are the requirement to do it; 3. why you or the users will not apply it. Keep the map on par with the reality. The map include network architecture (external connection, servers) The map of the network should not be stored in the network List of all administrator accounts Keep the list on par with the reality not only root including users with their own hosts (root on their systems) 9 / 28 10 / 28 Know the information system and its user II Control and manage the network Write the procedure of arrival and departure of users how to create/destroy account physical access management mobile access management Limit Internet access No connection of personal hardware to the information system 11 / 28 12 / 28

Upgrade the software Authentication and password Know how to upgrade your software Check new published vulnerability and software update Define the upgrade policy and apply it strictly Identify every user No generic account Define rules and length of password http://xkcd.com/936 Check and enforce password rules 13 / 28 14 / 28 Authentication and password II Secure the hosts Do not keep passwords on the system Suppress default passwords and certificates Use physical device authentication access card with PIN code Homogeneous security policy No useless services as low as possible access right No mobile storage or at least no autorun (and no exec) Central management tool of the security and upgrade 15 / 28 16 / 28

Secure the hosts II Split the network and control user dictionary Same security policy for mobile hosts Crypt the data on mobile host and mobile storage Audit frequently your central directory Active Directory, LDAP, etc. Especially data access right Split the network Hosts with sensitive data should be on a sub-network with a specific gateway 17 / 28 18 / 28 Protect you network from the Internet Monitor your system No internet access on admin hosts Limit the number of gateway to the Internet No admin interface should be accessible from the Internet Define monitoring goal Check the logs Avoid Wifi or any radio network At least, use wifi on an isolated subnetwork. use WPA (EAP-TPS, WPA2 CCMP) with certificate when a large number of external clients will use the wifi (no share password). 19 / 28 20 / 28

Protect administrator station Control physical access Specific sub-network for admin hosts Physical or Logical (IPSec tunnel) Never give admin right to the users Especially not to the manager! Remote access only with strong authentication and cryptography Control mechanism should define profile employee, internship, external,... Keep secure the keys and alarm code No physical access to the internal network in a public room Printing rule eg. destroy forgotten documents 21 / 28 22 / 28 Organize the reactions to incidents Educate Prepare reaction before the incident Check for propagation, not only the treatment of the infected host Plan the standard activities in case of incident Educate your user to minimal rules data are important data security is dependent of rule respect Every user should know the guy to contact in case of problem 23 / 28 24 / 28

Check your security Next lecture Check your security at least once a year. 25 / 28 26 / 28 Disabing an account sudo lock :: passwd -l username unlock :: passwd -u username sharing administrator right username ALL=(ALL) ALL 26 / 28 27 / 28

quota activate it in /etc/fstab: usrquota, grpquota soft and hard limits on blocks and on inodes 28 / 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information