Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Operating Systems.
Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Incident Response Updated 03/20/2015
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
CS CS 5150 Software Engineering Lecture 18 Security.
Lecture 18 Page 1 CS 136, Spring 2014 Security Your System CS 136 Computer Security Peter Reiher June 5, 2014.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Computer Security! Emma Campbell, 8K VirusesHackingBackups.
10 Deadly Sins of Administrators about Windows Security Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE:
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Security CS Introduction to Operating Systems.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Microsoft Management Seminar Series SMS 2003 Change Management.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Computer Security By Duncan Hall.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Lecture 18 Page 1 CS 136, Spring 2016 Securing Your System Computer Security Peter Reiher June 2, 2016.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
DATA SECURITY FOR MEDICAL RESEARCH
Securing Your System Computer Security Peter Reiher March 16, 2017
Critical Security Controls
Common Methods Used to Commit Computer Crimes
Firewall Configuration and Administration
Putting It All Together
Putting It All Together
Information Security 101 Richard Davis, Rob Laltrello.
Joe, Larry, Josh, Susan, Mary, & Ken
Forensics Week 11.
Determined Human Adversaries: Mitigations
Local Administrator Rights
Cybersecurity Am I concerned?
Cyber Security - Protecting Information
Determined Human Adversaries: Mitigations
16. Account Monitoring and Control
6. Application Software Security
Presentation transcript:

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s watching them –Sometimes even “left behind” by dishonest employees

Lecture 19 Page 2 CS 236 Online Quick Wins Review your accounts and disable those with no current owner Set expiration date on all accounts Produce automatic daily report on all old/unused/expired accounts Create procedure to quickly delete accounts of departed employees

Lecture 19 Page 3 CS 236 Online More Quick Wins Monitor account usage to find dormant accounts (disable them eventually) Encrypt and move off-line all files belonging to dormant accounts Lock out accounts after some modest number of consecutive failed login attempts

Lecture 19 Page 4 CS 236 Online 17. Data Loss Prevention Why it’s important: –Many high impact attacks are based on your data being stolen –You need to know when critical data is leaving your custody –You need to understand how and why that happens

Lecture 19 Page 5 CS 236 Online Quick Wins Use full disk encryption –On all mobile devices –On all devices holding particularly critical data Again, encrypt password files especially Other measures are more advanced

Lecture 19 Page 6 CS 236 Online 18. Incident Response Capability Why it’s important: –Probably you’ll be attacked, sooner or later –You’ll be happier if you’re prepared to respond to such incidents –Can save you vast amounts of time, money, and other critical resources

Lecture 19 Page 7 CS 236 Online Quick Wins Create written response procedures, identifying critical roles in response Ensure you have assigned important duties to particular employees Set policies on how quickly problems should be reported Know which third parties can help you Make sure you employees know what to do when there’s a problem

Lecture 19 Page 8 CS 236 Online 19. Secure Network Engineering Why it’s important: –Attackers often break in at one place in your system –They then try to navigate to where they really want to go –Don’t make that easy

Lecture 19 Page 9 CS 236 Online Quick Wins Use a DMZ organization –Connect private network to DMZ with middleware All machines directly contacting the Internet go in the DMZ No machines with sensitive data should be in the DMZ User education important for this problem, but not quick

Lecture 19 Page 10 CS 236 Online 20. Penetration Testing and Red Team Exercises Why it’s important: –You probably screwed up something Everybody does –You’ll be happier finding out what if you do it yourself –Or have someone you trust find it

Lecture 19 Page 11 CS 236 Online Quick Wins Regularly perform penetration testing –From both outside and inside your system boundaries Keep careful control of any user accounts and software used for penetration testing

Lecture 19 Page 12 CS 236 Online Applying the Controls Understand all 20 controls well Analyze how well your system already incorporates them Identify gaps and make a plan to take action to address them –Quick wins first –Those alone help a lot

Lecture 19 Page 13 CS 236 Online Creating an Ongoing Plan Talk to sysadmins about how you can make further progress Create long term plans for implementing advanced controls Think for the long haul –How far along will you be in a year, for example?

Lecture 19 Page 14 CS 236 Online 20 Controls Is a Lot What if you can’t take the time for even the quick wins on these 20? You have just a little time, but you want to improve security What to do?

Lecture 19 Page 15 CS 236 Online The Australian Signals Directorate Controls A body of Australia’s military They have a list of 35 useful cybersecurity controls Well, if 20 is too many, 35 certainly is But they also have prioritized just 4 of them

Lecture 19 Page 16 CS 236 Online The ASD Top 4 Controls 1.Application whitelisting 2.Patch your applications 3.Patch your OS 4.Minimize administrator privileges In ASD’s experience, handling these four stops 85% of attacks

Lecture 19 Page 17 CS 236 Online 1. Application Whitelisting Only allow approved applications on your machines Use a technology to ensure others do not get installed and run Identify apps you actually need to run to do your business Outlaw all the others

Lecture 19 Page 18 CS 236 Online Enforcing Whitelists If running Windows, you can use Microsoft AppLocker –Available with post-Windows 7 OSes Prevents apps not on the whitelist from running More challenging if you’re running Linux –MacAfee Application Control or configurations of SE Linux are possible

Lecture 19 Page 19 CS 236 Online 2. Patch Your Applications Apply patches to all applications you use –Especially those interacting with Internet Prefer up-to-date versions of software –Older versions may not have patches provided Ideally have a centralized method controlling patches for entire system –E.g., for Windows, Microsoft System Center Configuration Manager

Lecture 19 Page 20 CS 236 Online 3. Patch Your Operating System Go with most up-to-date releases of OS –E.g., desktop malware infections dropped 10x from XP to Windows 7 Use system-wide tools that will apply patches to all machines you control –Microsoft System Center Configuration Manager, again –Similar tools available for Linux

Lecture 19 Page 21 CS 236 Online 4. Minimize Administrator Privilege Get rid of methods allowing users to alter their environments –Especially those allowing software installation Malicious intruders look for these capabilities Those allowing access to other machines especially dangerous

Lecture 19 Page 22 CS 236 Online Further Controlling Administrator Privileges Use role based access control for admin privileges –If not available, separate accounts –Not normal administrator user accounts Avoid allowing admin accounts to have Internet access

Lecture 19 Page 23 CS 236 Online Conclusion You can’t perfectly protect your system But you can do a lot better than most –And the cost need not be prohibitive At worst, you can make the attacker’s life hard and limit the damage These steps work in the real world