User Security Education and System Hardening



Similar documents
Footprinting and Reconnaissance Tools

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Section 12 MUST BE COMPLETED BY: 4/22

Locking down a Hitachi ID Suite server

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Presented by Evan Sylvester, CISSP

Data Access Request Service

SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support

Desktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Protecting Your Organisation from Targeted Cyber Intrusion

Industrial Security for Process Automation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Information Technology Career Cluster Advanced Cybersecurity Course Number:

ITS425: Ethical Hacking and Penetration Testing

Hackers are here. Where are you?

NetDefend Firewall UTM Services

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

On-Site Computer Solutions values these technologies as part of an overall security plan:

NetDefend Firewall UTM Services

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

IBM Managed Security Services Vulnerability Scanning:

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Better secure IT equipment and systems

Why The Security You Bought Yesterday, Won t Save You Today

End-user Security Analytics Strengthens Protection with ArcSight

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

InterPath Financial Institution: Network Security Implementation. By Allan Feid

The Leading Provider of Endpoint Security Solutions

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Hackers are here. Where are you?

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

VESZPROG ANTI-MALWARE TEST BATTERY

ITS425: Ethical Hacking and Penetration Testing

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Total Defense Endpoint Premium r12

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Best Practices for DanPac Express Cyber Security

Global Partner Management Notice

How To Secure Your System From Cyber Attacks

Can Your Budget Reshape Your Threat Landscape?

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Incident Report

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

A Decision Maker s Guide to Securing an IT Infrastructure

Medical Device Security Health Group Digital Output

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Topic 1 Lesson 1: Importance of network security

Ovation Security Center Data Sheet

Guidance Regarding Skype and Other P2P VoIP Solutions

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Defending Against Data Beaches: Internal Controls for Cybersecurity

Common Cyber Threats. Common cyber threats include:

Network and Host-based Vulnerability Assessment

Windows Remote Access

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Supplier Information Security Addendum for GE Restricted Data

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Microsoft Labs Online

IT Security Risks & Trends

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Introduction (Contd )

CHOOSE CONNECTRIA CLOUD AND MANAGED HOSTING

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

PCI-DSS Penetration Testing

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

VoipSwitch Security Audit

Description: Objective: Attending students will learn:

Department of Education. Network Security Controls. Information Technology Audit

EC-Council Certified Security Analyst (ECSA)

Data Security and Healthcare

Cyber Security Awareness

Metasploit The Elixir of Network Security

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Nessus Agents. October 2015

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Deep Security Vulnerability Protection Summary

CYBERTRON NETWORK SOLUTIONS

Building A Secure Microsoft Exchange Continuity Appliance

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Ethical Hacking Course Layout

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

Security Policy for External Customers

How To Manage Your Information Systems At Aerosoft.Com

13 Ways Through A Firewall

Transcription:

User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings. Discuss a situation where you received security education. How was it delivered? How long did it take? How often, if ever, did you receive refresher or update training? Was the training effective? Why or why not? If you have never received such training, discuss what you think should be included in such training and why it would be effective? Edward Jackson 4/25/2015 2:50:55 PM We need more At one of my previous jobs, we did receive security training. Each year, every employee was required to complete a security awareness course, however, I believe it was lacking in real security-related issues. The delivery of the content was through software known as NetLearning. NetLearning is web software where a company can send content to NetLearning, and they will adapt it to a web-driven interface. The idea was that employees be given a NetLearning ID, they log into the web portal, and then complete any scheduled training. My problem was not with the delivery---it was actually quite good---my issue was with the content itself. The course content did include important security concepts like password complexity and not giving out passwords, however, did not include things like what if you see someone s password written down and out in the open, phishing attempts, more advanced forms of social engineering, and was even missing the concept of tailgating (people who wait or just follow behind authorized employees into secure areas). I also thought that a single security did not fit all. I believe IT staff should have received more advanced course content. Because IT is charged with supporting thousands of people, computers, and servers, it would have been nice to understand more about port scanning, denial-of-service attacks, why black hats do the things they do, and how they do it. It was all missing from the security training. The security we had did have plenty of text, a little bit of audio, and one or two videos. Nonetheless, I think the material could have been a lot more thorough. Now, if we zoom to the job I have now, the security training is better, but still needs a lot of work. The course material is delivered over the web, and text, audio, and video are used. I do like the fact there are even little quizzes all along the way, just to make you re paying attention. Even though the security concepts are a little more involved, they are missing the more advanced concepts that every IT person should know, but does not. I think it is should become mandatory that every IT person receive 6 hours a year of advanced security concepts training. The training should include things like what viruses, worms, and malware look like when running on machines, how to check ARP and DNS cache, how to mount proper defenses, and explain the many ways hackers break into networks. This ethical hacker course has really opened my eyes to what is missing from security training. I think we all know by now password complexity is important; we all know not to give out our passwords; we even know what phishing attempts look like. Thus, the security awareness training is not a one-size-fits-all course, nor should it be. Reference

NetLearning. (2015). NetLearning Healthcare learning management software. Retrieved from http://www.healthcaresource.com/products/netlearning.html Topic 2: System Hardening System hardening is the term used to improve a system s security incrementally making it more and more difficult for a hacker to breach it. Research and discuss some best practices in system hardening. Describe any hardening approaches you have seen used, if any. Edward Jackson Holistic Approach 4/25/2015 4:10:28 PM According to the University of Colorado (2012), hardening security is about layering different levels of protection (University of Colorado, 2012. For example, we all know installing anti-virus, and keeping it up to date, is pretty a necessity these days. However, anti-virus alone will not prevent a breach in security or cyber-attack. The first step in hardening security is education. System administrators and InfoSec teams must be educated on common security weaknesses, well-known exploits, and traditional areas of attack. Once this particular knowledge has been gained, then there are multiple areas of computers which should be protected. The first area, as already discussed, is installing anti-virus software and maintaining updates. The next area has to do with malware in general, and usually requires anti-malware software, or some kind of enterprise-level monitoring system. Once those two areas have sufficient protection, next will be to make sure operating systems are fully patched, and that there is some kind of system in place to install patches quickly and efficiently. For us, we use several desktop management enterprise applications to deliver updates; one of them includes using Microsoft WSUS. An easy way to prevent someone from connecting to computers is to enable each workstation s firewall, and then manage which ports should be open (through the imaging process or via group policy); all unused ports should be blocked by default. If a company needs to remotely access machines, then port 3389 (RDP) can be opened, but only to specific people in specific Active Directory groups (Microsoft, n.d.). Other great ways to harden system security is by locking down applications, application updates, and disable user s ability to install applications. All applications should be installed by authorized staff only, or even better yet, managed at the enterprise level by a desktop engineering team. Group policies could also be created to enforce password complexity, enforce password expirations, and manage how often passwords can be reused.

As for unneeded, or not used embedded applications and services, these should be disabled if possible. For example, if PC games are not to be used at work, then the games should not be installed. Likewise, if printers are not to be shared, the printer sharing service should be disabled. Finally, to further harden security---and manage it at an enterprise level---intrusion detection, intrusion prevention, data loss prevention, and enterprise anti-virus software can be installed on servers, which will be used to monitor the network and computer environments. When combining all of these security mechanisms into one security strategy, a more holistic approach can be taken to security, and computer and network systems will be hardened. Reference Microsoft. (n.d.). Forward TCP port 3389 to the destination computer s IP address. Retrieved from http://windows.microsoft.com/en-us/windows7/allow-remote-desktop-connections-from-outside-your-home-network University of Colorado. (2012). Security awareness hardening your computer. Retrieved from http://www.colorado.edu/oit/it-security/security-awareness/hardening-your-computer Investigating and Responding to Security Incidents As an IT professional, you must recognize and accept that eventually you will need to respond to a security incident involving our organization. Each individual s role in that response will differ some will have to address consumers, partners, or the media in a public way, while others will work behind the scenes to shore up the organization s defenses. You will investigate incident response more deeply and specifically in this unit. Internal to the organization, incident response should involve a process often referred to as post-mortem, which literally means after death. Usually a security incident does not lead to the death of the organization, but post-mortem is still an appropriate way to describe the work that must occur after a breach has happened. Incident post-mortems include such activities as identifying the root cause(s) of the breach, ensuring such vulnerabilities are addressed so they cannot be exploited again, cooperating with law enforcement when necessary, and dealing with any public relations fallout that may occur. Many of these activities are sometimes unpleasant, but they are crucial to improving security, and the ethical hacker will recognize the value of this work. The learning content will help you understand how and why such work is part of the ethical hacker s role in an organization.

Outcomes After completing this unit you should be able to: Interpret symptoms of system vulnerabilities. Identify breaches or risks to systems via scanning. Recommend mitigations for identified vulnerabilities. Course outcomes practiced in this unit: IT542-4: Recommend security solutions to address discovered vulnerabilities. What do you have to do in this unit? Complete assigned Reading. Participate in Discussion. Complete unit Assignment. Participate in Seminar or complete the Alternative Assignment. Complete the unit Quiz. Complete the optional Learning Activity. Read Chapter 13: Social Engineering in your textbook. This chapter addresses recent developments in social engineering and social media security attacks. Currently, greater than 80% of all successful hacking attempts involve some form of social engineering, often with the use of social media as an attack vector. Ethical hackers must learn to recognize such risks to the organization and educate users to do the same. Further, the Reading discusses appropriate ways to prepare for and to respond to events that impact the organization s information security. Recommendations include use of password managers, browser security features, physical protections, and user in-service education. A multi-pronged approach to organizational information security is recommended and discussed.

Attending live Seminars is important to your academic success, and attendance is highly recommended. The Seminar allows you to review the important concepts presented in each unit, discuss work issues in your lives that pertain to these concepts, ask your instructor questions, and allow you to come together in real time with your fellow classmates. There will be a graded Seminar in Units 1 through 6 in this course. You must either attend the live Seminar or you must complete the Seminar alternative assignment in order to earn points for this part of the class. Option 1: Attend the Seminar: During the Seminar, the instructor will briefly review the lab, ensuring you understand the goals and expectations of the lab activities. Assignment 5 Outcomes addressed in this activity: Unit Outcomes: Interpret symptoms of system vulnerabilities. Identify breaches or risks to systems via scanning. Recommend mitigations for identified vulnerabilities. Course Outcome: IT542-4: Recommend security solutions to address discovered vulnerabilities.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information