Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Computer Security set of slides 10 Dr Alexei Vernitski.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Lecture 18 Page 1 CS 136, Spring 2014 Security Your System CS 136 Computer Security Peter Reiher June 5, 2014.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Module 14: Configuring Server Security Compliance
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Small Business Security Keith Slagle April 24, 2007.
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Computer Security By Duncan Hall.
Lecture 12 Page 1 CS 236 Online Network Security: Firewalls, VPNs, and Honeypots CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Information Security tools for records managers Frank Rankin.
Computer Security Sample security policy Dr Alexei Vernitski.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Lecture 12 Page 1 CS 236, Spring 2008 Network Security: Firewalls, VPNs, and Honeypots CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Lecture 18 Page 1 CS 136, Spring 2016 Securing Your System Computer Security Peter Reiher June 2, 2016.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Security fundamentals
Securing Your System Computer Security Peter Reiher March 16, 2017
Critical Security Controls
Common Methods Used to Commit Computer Crimes
Security Standard: “reasonable security”
Firewall Configuration and Administration
Putting It All Together
Putting It All Together
Your Computer Wants To Ruin Your Life
Introduction to Networking
Introduction to Networking
Audit Findings: SQL Database
Information Security Session November 11, 2004
Information Security Session October 24, 2005
Chapter 27: System Security
Information Security Awareness
16. Account Monitoring and Control
6. Application Software Security
Presentation transcript:

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry point –Both commodity applications and custom in-house applications –Applications offer large attack surfaces and many opportunities

Lecture 19 Page 2 CS 236 Online Quick Wins Install and use special web- knowledgeable firewalls –To look for XSS, SQL injection, etc. Install non-web application specific firewalls, where available Position these firewalls so they aren’t blinded by cryptography

Lecture 19 Page 3 CS 236 Online 7. Wireless Device Control Why it’s important: –Wireless reaches outside physical security boundaries –Mobile devices “away from home” often use wireless –Unauthorized wireless access points tend to pop up –Historically, attackers use wireless to get in and stay in

Lecture 19 Page 4 CS 236 Online Quick Wins Know what wireless devices are in your environment Make sure they run your configuration Make sure you have administrative control of all of them –With your standard tools Use network access control to know which wireless devices connect to wired network

Lecture 19 Page 5 CS 236 Online 8. Data Recovery Capability Why it’s important: –Successful attackers often alter important data on your machines –Sometimes that’s the point of the attack –You need to be able to get it back

Lecture 19 Page 6 CS 236 Online Quick Wins Back up all machines at least weekly –More often for critical data Test restoration from backups often Train personnel to know how to recover destroyed information

Lecture 19 Page 7 CS 236 Online 9. Security Skills Assessment and Training Why it’s important: –Attackers target untrained users –Defenders need to keep up on trends and new attack vectors –Programmers must know how to write secure code –Need both good base and constant improvement

Lecture 19 Page 8 CS 236 Online Quick Wins Assess what insecure practices your employees use and train those Include appropriate security awareness skills in job descriptions Ensure policies, user awareness, and training all match

Lecture 19 Page 9 CS 236 Online 10. Secure Configurations for Network Devices Why it’s important: –Firewalls, routers, and switches provide a first line of defense –Even good configurations tend to go bad over time Exceptions and changing conditions –Attackers constantly look for flaws in these devices

Lecture 19 Page 10 CS 236 Online Quick Wins Create documented configurations for these devices Periodically check actual devices against your standard configurations Turn on ingress/egress filtering at Internet connection points

Lecture 19 Page 11 CS 236 Online 11. Limitation and Control of Ports, Protocols, and Services Why it’s important: –Many systems install software automatically –Often in weak configurations –These offer attackers entry points –If you don’t need and use them, why give attackers’ that benefit?

Lecture 19 Page 12 CS 236 Online Quick Wins Turn off unused services –If no complaints after 30 days, de-install them Use host-based firewalls with default deny rules on all systems Port scan all servers and compare against known intended configuration Remove unnecessary service components

Lecture 19 Page 13 CS 236 Online 12. Controlled Use of Administrative Privileges Why it’s important: –Administrative privilege gives attackers huge amounts of control –The more legitimate users who have it, the more targets Phishing attacks, drive-by downloads, password guessing, etc.

Lecture 19 Page 14 CS 236 Online Quick Wins Use automated tools to validate who has administrative privileges Ensure all admin password/phrases are long and complex –Force them to change often Change all default passwords on new devices –Firewalls, wireless access points, routers, operating systems, etc.

Lecture 19 Page 15 CS 236 Online More Quick Wins Store passwords hashed or encrypted –With only privileged users allowed to access them, anyway Use access control to prevent administrative accounts from running user-like programs –E.g., web browsers, games, Require different passwords for personal and admin accounts

Lecture 19 Page 16 CS 236 Online Yet More Quick Wins Never share admin passwords Discourage use of Unix root or Windows administrator accounts Configure password control software to prevent re-use of recent passwords –E.g., not used within last six months

Lecture 19 Page 17 CS 236 Online 13. Boundary Defense Why it’s important: –A good boundary defense keeps many attackers entirely out –Even if they get in, proper use of things like a DMZ limits damage –Important to understand where your boundaries really are

Lecture 19 Page 18 CS 236 Online Quick Wins Black list known bad sites or white list sites you need to work with –Test that periodically Use a network IDS to watch traffic crossing a DMZ Use the Sender Policy Framework (SPF) to limit address spoofing

Lecture 19 Page 19 CS 236 Online 14. Maintenance, Monitoring and Analysis of Security Logs Why it’s important: –Logs are often the best (sometimes only) source of info about attack –If properly analyzed, you can learn what’s happening on your machines –If not, you’re in the dark

Lecture 19 Page 20 CS 236 Online Quick Wins Ensure all machines have reasonably synchronized clocks (e.g., use NTP) Include audit log settings as part of standard configuration –And check that Ensure you have enough disk space for your logs

Lecture 19 Page 21 CS 236 Online More Quick Wins Use log retention policy to ensure you keep logs long enough Fully log all remote accesses to your machines Log all failed login attempts and failed attempts to access resources

Lecture 19 Page 22 CS 236 Online 15. Controlled Access Based on Need to Know Why it’s important: –If all your machines/users can access critical data, –Attacker can win by compromising anything –If data kept only on protected machines, attackers have harder time

Lecture 19 Page 23 CS 236 Online Quick Wins Put all sensitive information on separate VLANs Encrypt all sensitive information crossing the network –Even your own internal network