Protecting Your Website / Network Onno W. Purbo

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

Incident Response Managing Security at Microsoft Published: April 2004.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Security Controls – What Works

Information Security Policies and Standards

System and Network Security Practices COEN 351 E-Commerce Security.

Chapter 7 HARDENING SERVERS.

Intrusion Detection Systems and Practices

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Lesson 19: Configuring Windows Firewall

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Computer Security: Principles and Practice

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Module 8: Implementing Administrative Templates and Audit Policy.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

Incident Response Updated 03/20/2015

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Information Systems Security Computer System Life Cycle Security.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Module 14: Configuring Server Security Compliance

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Protecting Your Website / Network Onno W. Purbo

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Note1 (Admi1) Overview of administering security.

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Chapter 2 Securing Network Server and User Workstations.

Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.

Introduction to Information Security

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 10: Implementing Administrative Templates and Audit Policy.

Understand Audit Policies LESSON Security Fundamentals.

IS3220 Information Technology Infrastructure Security

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Critical Security Controls

Secure Software Confidentiality Integrity Data Security Authentication

Lesson 16-Windows NT Security Issues

Operating System Security

Intrusion Detection system

PLANNING A SECURE BASELINE INSTALLATION

Chapter # 3 COMPUTER AND INTERNET CRIME

6. Application Software Security

Presentation transcript:

Protecting Your Website / Network Onno W. Purbo

“Information Security is about technology, policy, people and common sense”

Excellence References

Extreme References

Outline Technical Tips Security Policies Knowing Your Friends & Enemies

CERT Technical Tips URL – Covering –Securing System or Networks –Responding to Incidents –Web Security Issues –Mail Abuse –Understanding Attacks –Securing Network Systematically

Where It All Started … Choosing an Operating System

In-House vs. Outside Tech Support –Do you have the HR to do it? Freely-Available vs. Commercial Software –Do you have the HR to do it? Understand Your Needs –Availability of source code vs. binaries –Availability of technical expertise (internal and external) –Maintenance and/or customer support –Customer requirements and usability –Cost of software, hardware, and technical support staff

Choosing an Operating System Regardless of the choice you make, you should first carefully review and understand the needs of your organization or customer base in terms of resources, cost, and security risk, as well as any site-specific constraints; compare the available products and services to your needs; and then determine what product best matches your needs.

Network Security Technology Map

Internet Security Aspects Penetration testing Certificate Authority / PKI Vulnerability Testing Managed Security Services

Penetration Testing Active Content Monitoring / Filtering. Intrusion Detection – Host Based. Firewall. Intrusion Detection – Network Based. Authorization. Air Gap Technology Network Authentication. Security Appliances. Security Services: Penetration Testing. Authentication.

Certificate Authority / PKI Certificate Authority. File & Session Encryption. VPN & Cryptographic Communications. Secure Web Servers. Single Sign On Web Application Security.

Vulnerability Testing Vulnerability Scanners – Host Based Real-Time Security Awareness, Response & Threat Management. Vulnerability Scanners – Network Based.

Managed Security Services Enterprise Security Policy Implementation. Managed Security Services. Enterprise Security Administration. Security Services: Policy Development. Trusted Operating Systems. Anti D.D.O.D Tools.

Some Tips Securing Networks Systematically — the Security Knowledge in Practice - SKiP Method General Advice Pertaining to Intrusion Detection Minimal Steps in Compromised System Intruder Detection Checklist Windows Intruder Detection Checklist Steps for Recovering from a UNIX or NT System Compromise

SKiP Method

1.Select systems software from a vendor and customize it according to an organization’s needs. 2.Harden and secure the system against known vulnerabilities. 3.Prepare the system so that anomalies may be noticed and analyzed for potential problems. 4.Detect those anomalies and any other system changes that could indicate evidence of an intrusion. 5.Respond to intrusions when they occur. 6.Improve practices and procedures after updating the system. 7.Repeat the SKiP process as long as the organization needs to protect the system and its information assets.

SKiP Method Customizing Vendor Software eliminate services that are unneeded and insecurely configured restrict access to vulnerable files and directories turn off software “features” that introduce vulnerabilities mitigate vulnerabilities that intruders can use to break into systems

SKiP Method Harden and Secure the Network configure their system to meet organizational security requirements retaining only those services and features needed to address specific business needs Securing a system against known attacks eliminates vulnerabilities and other weaknesses commonly used by intruders. The practices performed during this step may change over time to address new attacks and vulnerabilities.

SKiP Method Prepare Network administrators characterize their system in the Prepare step. An administrator knows what to expect in terms of –changes in files and directories and the operating system –normal processes, when they run, by whom, and what resources they consume –network traffic consumed and produced –hardware inventory on the system

SKiP Method Detect Administrators concentrate on detecting signs of anomalous or unexpected behavior since it may indicate possible intrusions and system compromise. Administrators also watch for early warning signs of potential intruder actions such as scanning and network mapping attempts.

SKiP Method Respond analyze the damage caused by the intrusion and respond by adding new technology or procedures to combat it monitor an intruder’s actions in order to discover all access paths and entry points before acting to restrict intruder access. eliminate future intruder access return the system to a known, operational state while continuing to monitor and analyze

SKiP Method Improve the System hold a post-mortem review meeting to discuss lessons learned update policies and procedures select new tools collect data about the resources required to deal with the intrusion and document the damage it caused

General Advice Pertaining to Intrusion Detection

Proactive auditing and monitoring are essential steps in intrusion detection. It is ineffective to audit altered data or compromised systems -- their logs are unreliable. Establish a baseline for what you consider normal activity for your environment so you can determine unusual events and respond appropriately

Minimal Steps in Compromised System

Document every step that you perform in detail. Perform a sector-by-sector backup of the hard disk drive. If your organization intends to take legal action in connection with intrusions, then consult with your legal department before performing any step.

Intruder Detection Checklist

Examine log files Look for setuid and setgid Files Check system binaries Check for packet sniffers Examine files run by 'cron' and 'at'. Check for unauthorized services Examine /etc/passwd file Check system and network configuration Look everywhere for unusual or hidden files Examine all machines on the local network

Windows Intruder Detection Checklist

Look for Signs For System Compromised Rootkits Examine Log Files Check for Odd User Accounts and Groups Check All Groups for Unexpected User Membership Look for Unauthorized User Rights Check for Unauthorized Applications Starting Automatically Check Your System Binaries for Alterations

Windows Intruder Detection Checklist Look for Signs For System Compromised Check Your Network Configurations for Unauthorized Entries Check for Unauthorized Shares Check for Any Jobs Scheduled to Run Check for Unauthorized Processes Look Throughout the System for Unusual or Hidden Files Check for Altered Permissions on Files or Registry Keys

Windows Intruder Detection Checklist Look for Signs For System Compromised Check for Changes in User or Computer Policies Ensure the System has not been Joined to a Different Domain Audit for Intrusion Detection

Windows Intruder Detection Checklist Consider Running Intrusion Detection Systems Freeware/shareware Intrusion Detection Systems Commercial Intrusion Detection Systems

Windows Intruder Detection Checklist Review CERT Documents Steps for Recovering from a Windows NT Compromise Windows NT Configuration Guidelines NIST Checklists

Recovering from Compromise

Before you get started Regain control Analyze the intrusion Contact the relevant CSIRT for Incident Reporting Recover from the intrusion Improve the security of your system and network Reconnect to the Internet Update your security policy

Recovering from Compromise A. Before you get started Consult your security policy If you do not have a security policy Consult with management Consult with your legal counsel Contact law enforcement agencies Notify others within your organization Document all of the steps you take in recovering

Recovering from Compromise B. Regain control Disconnect compromised system(s) from the network Copy an image of the compromised system(s)

Recovering from Compromise C. Analyze the intrusion Look for modifications made to system software and configuration files Look for modifications to data Look for tools and data left behind by the intruder Review log files Look for signs of a network sniffer Check other systems on your network Check for systems involved or affected at remote sites

Recovering from Compromise D. Contact the relevant CSIRT and other sites involved Incident Reporting Contact the CERT Coordination Center Obtain contact information for other sites involved

Recovering from Compromise E. Recover from the intrusion Install a clean version of your operating system Disable unnecessary services Install all vendor security patches Consult CERT advisories, external security bulletins and vendor-initiated bulletins Caution use of data from backups Change passwords

Recovering from Compromise F. Improve the security of your system and network Review security using the UNIX or NT configuration guidelines document Install security tools Enable maximal logging Configure firewalls to defend networks

Recovering from Compromise G. Reconnect to the Internet H. Update your security policy Document lessons learned from being compromised Calculate the cost of this incident Incorporate necessary changes (if any) in your security policy

Security Policies

URL – – df Template For –Wireless Communication Policy –Server Security Policy –Anti-Virus Process –Extranet Policy

A Security Policy Framework Policies define appropriate behavior. Policies set the stage in terms of what tools and procedures are needed. Policies communicate a consensus. Policies provide a foundation for HR action in response to inappropriate behavior. Policies may help prosecute cases. Ref: Michele D. Guel, The SANS Policy Primer.

Policy Outline Purpose Scope Guidelines Policy –Ownership Responsibilities –Scenarios & Business Impact –Prohibited Use –Network Control –Scanning period –Monitoring Enforcement Definitions

Knowing Friends & Enemies

Type of Communities IT Policy & Politics IT Network Administrators Programmer (Formal & White Collar) Hacker & Virus

IT Policy & Politics Namemembers genetika2205 telematika1750 mastel-anggota337

IT Network Administrators Namemembers asosiasi-warnet6241 Ilmukomputer-networking5636 It-center4889 indowli4766

Programmer Namemembers Ilmukomputer-programming5226 Indoprog-vb5215 delphindo2844 jug-indonesia1783 csharp-indo699

Hacker & Virus Namemembers jasakom-perjuangan12278 newbie-hacker5636 majalahneotek5633 vaksin3388 yogyafree2251 indocrack1175 bandunghack1046

IT Politics & Policy telematika

Programmer Csharp-indo Jug-indonesia Dephindo Indoprog-vb Ilmukomputer-programming

Delphindo

Hacker Communities Bandunghack Indocrack yogyafree Jasakom-perjuangan

bandunghack

Jasakom-perjuangan