Copyright, 2005 Pinnacle Entertainment, Inc. 1 Auditing the Windows Network Bart A. Lewin Chief Technology Officer Pinnacle Entertainment, Inc. CS 3-2.

Slides:



Advertisements
Similar presentations
Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.
Advertisements

4 Information Security.
AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Chapter 11 Security and Privacy: Computers and the Internet.
Securing Information Systems
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Defining Security Issues
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
Copyright 2009 Trend Micro Inc. Classification 9/9/ Corporate End User Study Employee Online Behavior.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Cyber crime & Security Prepared by : Rughani Zarana.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
C8- Securing Information Systems
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Protecting Your Business Against the Unthinkable SBA Houston, August 2, 2006 Mark Piening Sr. Director Worldwide SMB Marketing.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University
Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
IS Network and Telecommunications Risks Chapter Six.
13-1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 13 Information Technology for Business.
INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Completing network setup. INTRODUCTION Course Overview Course Objectives.
CYBER CRIME AND SECURITY If we can defeat them sitting at home……who needs to fight with tanks and guns!!!! Presented By Lipsita Behera. B.Sc IST, 3 rd.
HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.
Managing Operations Chapter 8 Information Systems Management In Practice 6E McNurlin & Sprague.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Malicious Software.
Hot Topics in Information Security Rick Shaw – President, CorpNet Security, Inc. Mick Johannes – CTO, CorpNet Security, Inc.
Bahasa Inggris 3 Arranged by Pikir Wisnu Wijayanto, M.Hum Aris Hermansyah, S.S. Prodi D3 Manajemen Informatika Fakultas Ilmu Terapan Universitas Telkom.
Copyright © EWA IIT, Inc. June 17, 2002 © 2002  IIT, Inc. EWA Information & Infrastructure Technologies, Inc. 3 FOR OFFICIAL USE ONLY June 17, 2002 ©
Bay Ridge Security Consulting (BRSC). Importance in Securing System  If don’t keep up with security issues or fixes Exploitation of root access Installation.
Cyber crime and security issues
Security Awareness Our security depends on you. What IT Security Protects ECU Campus network and everything attached to it Information –personal data.
Securing Information Systems
Information Systems Security
CS457 Introduction to Information Security Systems
Securing Information Systems
CompTIA Security+ SY0-401 Real Exam Question Answer
Security in the Workplace: Information Assurance
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Securing Information Systems
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Copyright, 2005 Pinnacle Entertainment, Inc. 1 Auditing the Windows Network Bart A. Lewin Chief Technology Officer Pinnacle Entertainment, Inc. CS 3-2

Copyright, 2005 Pinnacle Entertainment, Inc. 2 Introduction Today, PC based networks contain mission critical applications and data. PC’s are also the gateway to applications and data contained on non-PC hosts. Auditing networks is essential to their security. Today you will learn the why, how and positive results of network audits. But first, let me know a little about you.

Copyright, 2005 Pinnacle Entertainment, Inc. 3 Agenda Discover the specific reasons why an organization should regularly audit its networks. –What is a network? –Why should a network be audited? Examine the most common techniques used to audit networks, what they uncover, and why. –Scanners –Blockers –Live Intrusion –Interviews Discuss a case study and examine actual audit results. Discuss appropriate remediation for audit findings.

Copyright, 2005 Pinnacle Entertainment, Inc. 4 Why Regularly Audit a Network?

Copyright, 2005 Pinnacle Entertainment, Inc. 5 Why Regularly Audit a Network? What are We Trying to Prevent? –Hampered Network Services Viruses Denial of Service Attacks –Information Theft Hacking Spyware Trojan Horses, etc.

Copyright, 2005 Pinnacle Entertainment, Inc. 6 Why Regularly Audit a Network? Why are We Trying to Prevent this? –Hampered Network Services Loss of Revenue Loss of Labor Productivity –Information Theft Loss of Trade Secrets Loss of other Confidential Business Information Legal Liability

Copyright, 2005 Pinnacle Entertainment, Inc. 7 Why Regularly Audit a Network? Top Ten Windows System Vulnerabilities from involve: –W1 Web Servers & ServicesW1 Web Servers & Services –W2 Workstation ServiceW2 Workstation Service –W3 Windows Remote Access ServicesW3 Windows Remote Access Services –W4 Microsoft SQL Server (MSSQL)W4 Microsoft SQL Server (MSSQL) –W5 Windows AuthenticationW5 Windows Authentication –W6 Web BrowsersW6 Web Browsers –W7 File-Sharing ApplicationsW7 File-Sharing Applications –W8 LSAS ExposuresW8 LSAS Exposures –W9 Mail ClientW9 Mail Client –W10 Instant MessagingW10 Instant Messaging

Copyright, 2005 Pinnacle Entertainment, Inc. 8 Why Regularly Audit a Network? $ Effort Cost of Not Securing Cost of Securing Security Aversion Risk Aversion Acceptance, Mitigation, Transference, Avoidance Chart adapted from page 50http://

Copyright, 2005 Pinnacle Entertainment, Inc. 9 Auditing Techniques Scanners –Security scanners test network nodes for vulnerabilities and report them. Free scanners include Nessus ( and the Microsoft Baseline Security Analyzers ( Commercial scanners (i.e., Include the ability to automate scans and report variances from stated security policies. –Advantage of assisting to preempt attacks.

Copyright, 2005 Pinnacle Entertainment, Inc. 10 Auditing Techniques Verify Blockers are in Place (Scanners usually do this) –Blockers Stop Incoming Threats Include Spam, spyware, trojan horse blockers. Firewalls –Prevents known threats, but are little help with unknown threats.

Copyright, 2005 Pinnacle Entertainment, Inc. 11 Auditing Techniques Live Intrusion –Attempting to gain network access information as an outside party confederate. –Utilizing from outside the firewalls to attempt to gain access. –Assessing the security of physical devices. –Assessing the loyalty of employees.

Copyright, 2005 Pinnacle Entertainment, Inc. 12 Auditing Techniques Threats to InformationOccurrence Laptop Theft29% Virus28% Insider Abuse of Network11% Telecommunications Fraud6% Financial Fraud4% System Penetration4% Theft of Proprietary Information4% Unauthorized Insiders4% Sabotage3% Denial of Service3% Telecommunications Eavesdropping2% Active Wiretapping? Source: page 49http://

Copyright, 2005 Pinnacle Entertainment, Inc. 13 Auditing Techniques Interviews –Interviewing those responsible for the entry, maintenance and custody of IT systems will assist with: Identifying potential security risks. Identifying the costs of the risk.

Copyright, 2005 Pinnacle Entertainment, Inc. 14 Case Study

Copyright, 2005 Pinnacle Entertainment, Inc. 15 Remediation

Copyright, 2005 Pinnacle Entertainment, Inc. 16 Questions?

Copyright, 2005 Pinnacle Entertainment, Inc. 17 Where to Get More Information Other training sessions List books, articles, electronic sources Consulting services, other sources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.