Security+ Guide to Network Security Fundamentals, Fourth Edition

Slides:



Advertisements
Similar presentations
Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Advertisements

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security+ Guide to Network Security Fundamentals
Introducing Computer and Network Security
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Security Awareness: Applying Practical Security in Your World
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lecture 11 Reliability and Security in IT infrastructure.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
PRM 702 Project Risk Management Lecture #28
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
CSCE 548 Secure Software Development Risk-Based Security Testing.
Chapter 11: Project Risk Management
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Honeypot and Intrusion Detection System
Module 14: Configuring Server Security Compliance
Chapter 6 of the Executive Guide manual Technology.
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
CC3020N Fundamentals of Security Management CC3020N Fundamentals of Security Management Lecture 2 Risk Identification and Risk Assessment.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Chapter 5: Implementing Intrusion Prevention
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Alaa Mubaied Risk Management Alaa Mubaied
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Information Security
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Module 10: Windows Firewall and Caching Fundamentals.
Risk Identification and Risk Assessment
Role Of Network IDS in Network Perimeter Defense.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
IS3220 Information Technology Infrastructure Security
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
RISK MANAGEMENT: CONTROLLING RISK IN INFORMATION SECURITY By Collin Donaldson.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Headquarters U.S. Air Force
Information Systems Security
CS457 Introduction to Information Security Systems
Security+ Guide to Network Security Fundamentals, Fifth Edition
CSCE 548 Secure Software Development Risk-Based Security Testing
Secure Software Confidentiality Integrity Data Security Authentication
Compliance with hardening standards
Click to edit Master subtitle style
Network hardening Chapter 14.
Presentation transcript:

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 4 Vulnerability Assessment and Mitigating Attacks

Objectives Define vulnerability assessment and explain why it is important List vulnerability assessment techniques and tools Explain the differences between vulnerability scanning and penetration testing List techniques for mitigating and deterring attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment Systematic evaluation of asset exposure Attackers Forces of nature Any potentially harmful entity Aspects of vulnerability assessment Asset identification Threat evaluation Vulnerability appraisal Risk assessment Risk mitigation Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Asset identification Process of inventorying items with economic value Common assets People Physical assets Data Hardware Software Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Determine each item’s relative value Asset’s criticality to organization’s goals How much revenue asset generates How difficult to replace asset Impact of asset unavailability to the organization Could rank using a number scale Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Threat evaluation List potential threats Threat modeling Goal: understand attackers and their methods Often done by constructing scenarios Attack tree Provides visual representation of potential attacks Inverted tree structure Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 4-1 Common threat agents Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-1 Attack tree for stealing a car stereo © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-2 Attack tree for breaking into grading system © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Vulnerability appraisal Determine current weaknesses Snapshot of current organization security Every asset should be viewed in light of each threat Catalog each vulnerability Risk assessment Determine damage resulting from attack Assess likelihood that vulnerability is a risk to organization Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 4-2 Vulnerability impact scale Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Single loss expectancy (SLE) Expected monetary loss each time a risk occurs Calculated by multiplying the asset value by exposure factor Exposure factor: percentage of asset value likely to be destroyed by a particular risk Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Annualized loss expectancy (ALE) Expected monetary loss over a one year period Multiply SLE by annualized rate of occurrence Annualized rate of occurrence: probability that a risk will occur in a particular year Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Assessment (cont’d.) Estimate probability that vulnerability will actually occur Risk mitigation Determine what to do about risks Determine how much risk can be tolerated Options for dealing with risk Diminish Transfer (outsourcing, insurance) Accept Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 4-3 Risk identification steps Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Techniques Baseline reporting Baseline: standard for solid security Compare present state to baseline Note, evaluate, and possibly address differences Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Techniques (cont’d.) Application development techniques Minimize vulnerabilities during software development Challenges to approach Software application size and complexity Lack of security specifications Future attack techniques unknown Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Techniques (cont’d.) Software development assessment techniques Review architectural design in requirements phase Conduct design reviews Consider including a security consultant Conduct code review during implementation phase Examine attack surface (code executed by users) Correct bugs during verification phase Create and distribute security updates as necessary Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-3 Software development process © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools IP addresses uniquely identify each network device TCP/IP communication Involves information exchange between one system’s program and another system’s corresponding program Port number Unique identifier for applications and services 16 bits in length Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools (cont’d.) Well-known port numbers Reserved for most universal applications Registered port numbers Other applications not as widely used Dynamic and private port numbers Available for any application to use Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 4-4 Commonly used default network ports Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools (cont’d.) Knowledge of what port is being used Can be used by attacker to target specific service Port scanner software Searches system for port vulnerabilities Used to determine port state Open Closed Blocked Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-4 Port scanner © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 4-5 Port scanning Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools (cont’d.) Protocol analyzers Hardware or software that captures packets: To decode and analyze contents Also known as sniffers Common uses for protocol analyzers Used by network administrators for troubleshooting Characterizing network traffic Security analysis Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-5 Protocol analyzer © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools (cont’d.) Attacker can use protocol analyzer to display content of each transmitted packet Vulnerability scanners Products that look for vulnerabilities in networks or systems Most maintain a database categorizing vulnerabilities they can detect Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-6 Vulnerability scanner © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools (cont’d.) Examples of vulnerability scanners’ capabilities Alert when new systems added to network Detect when internal system begins to port scan other systems Maintain a log of all interactive network sessions Track all client and server application vulnerabilities Track which systems communicate with other internal systems Security+ Guide to Network Security Fundamentals, Fourth Edition

Assessment Tools (cont’d.) Problem with assessment tools No standard for collecting, analyzing, reporting vulnerabilities Open Vulnerability and Assessment Language (OVAL) Designed to promote open and publicly available security content Standardizes information transfer across different security tools and services Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 4-7 OVAL output © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Honeypots and Honeynets Computer protected by minimal security Intentionally configured with vulnerabilities Contains bogus data files Goal: trick attackers into revealing their techniques Compare to actual production systems to determine security level against the attack Honeynet Network set up with one or more honeypots Security+ Guide to Network Security Fundamentals, Fourth Edition

Vulnerability Scanning vs. Penetration Testing Automated software searches a system for known security weaknesses Creates report of potential exposures Should be conducted on existing systems and as new technology is deployed Usually performed from inside security perimeter Does not interfere with normal network operations Security+ Guide to Network Security Fundamentals, Fourth Edition

Penetration Testing Designed to exploit system weaknesses Relies on tester’s skill, knowledge, cunning Usually conducted by independent contractor Tests usually conducted outside the security perimeter May even disrupt network operations End result: penetration test report Security+ Guide to Network Security Fundamentals, Fourth Edition

Penetration Testing (cont’d.) Black box test Tester has no prior knowledge of network infrastructure White box test Tester has in-depth knowledge of network and systems being tested Gray box test Some limited information has been provided to the tester Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 4-6 Vulnerability scan and penetration testing features Security+ Guide to Network Security Fundamentals, Fourth Edition

Mitigating and Deterring Attacks Standard techniques for mitigating and deterring attacks Creating a security posture Configuring controls Hardening Reporting Security+ Guide to Network Security Fundamentals, Fourth Edition

Creating a Security Posture Security posture describes strategy regarding security Initial baseline configuration Standard security checklist Systems evaluated against baseline Starting point for security Continuous security monitoring Regularly observe systems and networks Security+ Guide to Network Security Fundamentals, Fourth Edition

Creating a Security Posture (cont’d.) Remediation As vulnerabilities are exposed, put plan in place to address them Security+ Guide to Network Security Fundamentals, Fourth Edition

Configuring Controls Properly configuring controls is key to mitigating and deterring attacks Some controls are for detection Security camera Some controls are for prevention Properly positioned security guard Information security controls Can be configured to detect attacks and sound alarms, or prevent attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

Configuring Controls (cont’d.) Additional consideration When normal function interrupted by failure: Which is higher priority, security or safety? Fail-open lock unlocks doors automatically upon failure Fail-safe lock automatically locks Highest security level Firewall can be configured in fail-safe or fail-open state Security+ Guide to Network Security Fundamentals, Fourth Edition

Hardening Purpose of hardening Techniques to harden systems Eliminate as many security risks as possible Techniques to harden systems Protecting accounts with passwords Disabling unnecessary accounts Disabling unnecessary services Protecting management interfaces and applications Security+ Guide to Network Security Fundamentals, Fourth Edition

Reporting Providing information regarding events that occur Alarms or alerts Sound warning if specific situation is occurring Example: alert if too many failed password attempts Reporting can provide information on trends Can indicate a serious impending situation Example: multiple user accounts experiencing multiple password attempts Security+ Guide to Network Security Fundamentals, Fourth Edition

Summary Vulnerability assessment Methodical evaluation of exposure of assets to risk Five steps in an assessment Risk describes likelihood that threat agent will exploit a vulnerability Several techniques can be used in a vulnerability assessment Port scanners, protocol analyzers, honeypots are used as assessment tools Security+ Guide to Network Security Fundamentals, Fourth Edition

Summary (cont’d.) Vulnerability scan searches system for known security weakness and reports findings Penetration testing designed to exploit any discovered system weaknesses Tester may have various levels of system knowledge Standard techniques used to mitigate and deter attacks Healthy security posture Proper configuration of controls Hardening and reporting Security+ Guide to Network Security Fundamentals, Fourth Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.