System Admin Security Training

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

Separate Domains of IT Infrastructure

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Information Security Policies and Standards

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Incidence Response & Computer Forensics, Second Edition

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Computer Security: Principles and Practice

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Stephen S. Yau CSE , Fall Security Strategies.

Network security policy: best practices

Security Guidelines and Management

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Information Systems Security Computer System Life Cycle Security.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Information Systems Security Operational Control for Information Security.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Information Systems Security Operations Security Domain #9.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Appendix C: Designing an Operations Framework to Manage Security.

CS5493(7493): Secure System Administration J. Childress Rayzor 2090

Chapter 2 Securing Network Server and User Workstations.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Policies and Procedures Security+ Guide to Network Security Fundamentals Chapter 11.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

TECHDOTCOMP SUPPORT TECHDOTCOMP nd Ave, Seattle, WA 98122, USA Phone:

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Security Awareness Our security depends on you. What IT Security Protects ECU Campus network and everything attached to it Information –personal data.

Managed IT Solutions More Reliable Networks Are Our Business

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Securing Network Servers

Add video notes to lecture

Cybersecurity - What’s Next? June 2017

Critical Security Controls

Security Standard: “reasonable security”

Data Compromises: A Tax Practitioners “Nightmare”

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Tool Server Workstation Router Universal

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Unit 7 – Organisational Systems Security

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

I have many checklists: how do I get started with cyber security?

Determined Human Adversaries: Mitigations

ITIL: Why Your IT Organization Should Care Service Support

The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture

Network management system

ITIL: Why Your IT Organization Should Care Service Support

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Information Security Awareness

How to Mitigate the Consequences What are the Countermeasures?

Drew Hunt Network Security Analyst Valley Medical Center

ITIL: Why Your IT Organization Should Care Service Support

Cybersecurity Threat Assessment

PLANNING A SECURE BASELINE INSTALLATION

Determined Human Adversaries: Mitigations

Chapter # 3 COMPUTER AND INTERNET CRIME

Presentation transcript:

System Admin Security Training Orange Team

Overview System Admin Duties Employee Documents and Security Controls Security Threats Threat Mitigation Incident Response

System Admin Duties Perform backup and restore data Add and remove users Add and remove hardware and software Configure and maintain hardware and software General user support Maintain documentation and licenses Negotiate with vendors System planning Security management

System Admin Duties Monitor system resource usage and performance Detect and correct problems Optimize performance Manage resources Automate tasks Determine and enforce usage policy Educate users Corporate priority liaison “corporate priority liaison” - liaison between user needs, budgetary constraints and technological limitations

A Lot Of Things To Do… … and it’s better to do them securely! “Bake in” security Can’t anticipate all problems Can limit the problems you have

Perform Backup and Restore Data Encrypt backups Secure storage Physical access control Environmental protections Controlled restorations No network connections Clean destination (no malware) Verified assistance "Verified assistance" means the person doing the restoration should be trusted as much as the methods used to restore.

Add and Remove Hardware and Software Old accounts can be used as backdoor Completely remove old access rights Add users while adhering to… Need-to-know Minimum privilege

Add and Remove Hardware and Software Inform users of potential outages Secure install Configure first Attach to network as late as possible Secure removal Install replacements first Avoid loss of functionality Dispose securely (data retrieval)

Configure and Maintain Hardware and Software Keep copies of configurations Configure new elements before attaching to network Use standard maintenance routines Document Update Verified assistance

General User Support Beware of social engineering Callers provide credentials Educate users to safeguard credentials Do not prompt Safeguard credentials Do not reveal unnecessarily Protect methods for credential creation

Maintain Documentation and Licenses Document procedures New SA education Consistency Audit Assurance Do not use illegitimate software Cheaper Unethical Illegal Insecure

Negotiate With Vendors Licensed products can get expensive Minimize the cost of secure behavior Vendor relationships are important Inform them of security concerns Request new products/solutions Receive updated hard/firm/software Continued business is valued and will be rewarded

System Planning Scaling Assessing new technology Security problems and solutions scale differently New node = new possible failure New AV != more secure Assessing new technology Anticipate problems “Shinier” does not mean “safer” Anticipating and avoiding problems Malware/attack trends Follow day-to-day guidelines strictly

Security Management “An ounce of prevention is worth a pound of cure.” Prioritize security Ideal management solution Simple Reproducible Covers security needs Your job, not the users

Monitor System Resource Usage and Performance Do not invade privacy Use data to… Identify future purchases Notice potential threats Excessive or unusual usage Antivirus logs Ensure expectations are met (SLA)

Detect and Correct Problems Use system monitoring devices Preemptive corrections Patching Updating Upgrading Reactive corrections See incident response

Optimize Performance Users get frustrated with poor system performance Users will optimize for themselves Non-compliance Installing adware/freeware Working around slow or ineffective processes Don’t optimize by removing/compromising security

Manage Resources Know what you have and use Bad situations Unaccounted-for router on network Unconfigured workstation Ordering unneeded license keys Wasting resources leads to budget cuts and layoffs Misplacing resources leads to vulnerabilities

Automate Tasks Script day-to-day tasks Focus extra time on harder tasks Don’t introduce security holes Unauthorized use of privileged scripts/programs Scripts disabling security features Testing/Debugging/Configuration programs used on ‘live’ network

Determine and Enforce Usage Policy Correct usage is essential Meaningless without enforcement

Educate Users A smart user is a safe user Eliminate “low hanging fruit” Social engineering Bad links Phishing emails Removal media

Corporate Priority Liaison Competing goals Management’s budget Your security Customer’s service needs Employee convenience Security needs to win Sell to management Educate users

Employee Documents Acceptable Use Policy (AUP) Service Level Agreement (SLA) Non-Disclosure Agreement (NDA) Employee Contract Your responsibility to enact if there are no documents.

Security Controls Need-to-know Security awareness training Separation of duties Job rotation Vacations Auditing/reviews

Security Threats External Internal Hacking E-mail attacks Malware Ignorance Insider

Security Threats: Hacking Exploitation of web services Poorly configured gateways Use of backdoors Social engineering Previous intrusion Internal corroborator

Security Threats: E-mail Phishing Spam Trojans Viruses

Security Threats: Malware Many sources Hacking Insider Ignorance Spreads quickly Use up resources

Security Threats: Ignorance Clicking bad links Poor e-mail discretion Downloading malware USB attacks

Security Threats: Insider Usually hardest to detect They know the system Sometimes privileged user Disgruntled employee Abuse of trust

Threat Mitigation Preparation Incident Response Plan Security practices Education Incident Response Plan If none, create one Form a Computer Security Incident Response Team Individuals capable of correct response Include members of management

Incident Response Identify Initial Response Formulate strategy Record basic details Assemble CSIRT Notify important individuals Formulate strategy Investigate Thorough data collection Determine what/who/how Report Resolve

Rules To Work By A smart user is a safe user Policy enforcement is the first step to a secure system Put security first in everything you do

Bibliography Mandia, Kevin, Chris Prosise, and Matt Pepe. Incident Response & Computer Forensics. Second ed. N.p.: Brandon A. Nordin, n.d. 11-32. Print.