Copyright 2001 Marchany1 Auditing Networks, Perimeters and Systems Introduction.

Slides:

Advertisements

Similar presentations

Incident Response Managing Security at Microsoft Published: April 2004.

Advertisements

Copyright 2003, Marchany Hiding Text in MP3 Files Randy Marchany VA Tech Computing Center Blacksburg, VA

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Copyright 2001 Marchany1 Randy Marchany VA Tech Computing Center Blacksburg, VA Applying Risk Analysis Techniques.

Vulnerability Analysis Borrowed from the CLICS group.

Educause MARC 2003Copyright 2002, Marchany1 Risk Analysis Know what to protect before protecting it…. Unit 2 – Security, Targetting & Analysis of Risk.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 

Randy Marchany VA Tech Computing Center

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.

DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

That’s Really not the Point… haroon meer | charl van der walt SensePost.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation.

Hands-On Ethical Hacking and Network Defense Chapter 8 Microsoft Operating System Vulnerabilities.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran.

Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication.

ITTIP SeminarCopyright 2001 R.C.Marchany1 The Top 10/20 Internet Security Vulnerabilities – A Primer Randy Marchany VA Tech Computing Center Blacksburg,

1 The Top 10/20 Internet Security Vulnerabilities – A Primer This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis.

Copyright 2000, Marchany Forging Partnerships Between Auditors and Security Managers: Breakthrough Methods That Work Randy Marchany VA Tech Computing Center.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Copyright 2001 Marchanyh1 Auditing Networks, Perimeters and Systems The SANS Top Ten Audit Checklists, Part 1.

Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.

Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Cracking Techniques Onno W. Purbo

Lesson 5 Introduction to Incident Response. UTSA IS 6353 Incident Response Overview Hacker Lexicon Incident Response.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute.

TCOM Information Assurance Management System Hacking.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.

OWASP Secure Configuration Guide Alexander Antukh 25/11/2014.

Role Of Network IDS in Network Perimeter Defense.

How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Networks Lecture 12.

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Common Methods Used to Commit Computer Crimes

Onno W. Purbo Cracking Techniques Onno W. Purbo

Building a Security Operations Center

Current Threats to Corporate Information Security Management

Introduction to Systems Security

Operating System Security

Intrusion Detection system

Copyright 2001 Marchany, SANS Institute

Presentation transcript:

Copyright 2001 Marchany1 Auditing Networks, Perimeters and Systems Introduction

Copyright 2001 Marchany2 Who should be here  Unix Sys Admins  NT Sys Admins  Auditors  In general, just really cool people!

Copyright 2001 Marchany3 The Audit Track Goal  Auditors – need to know a little bit of techie to be able to perform a meaningful audit  Sys Admins – need to think a little more like auditors  Everybody! – Think like an attacker!

Copyright 2001 Marchany4 Randy Marchany VA Tech Computing Center Blacksburg, VA SANS 2001 Applying Risk Analysis Techniques to Information Systems

Copyright 2001 Marchany5 Unit 1: Pay Me Now or Pay Me Later Why we need to check our infrastructure

Copyright 2001 Marchany6 Why Bother?  This section will give you some concrete examples of what can happen if you don’t have basic security rules at your site.  Every one of these attacks could have been prevented ahead of time with minimal effort.  The cost to fix it afterwards was much higher!

Copyright 2001 Marchany7 Pay Me Now or Pay Me Later  E = D + R –E = amount of time you’re exposed –D = amount of time it takes to detect an attack –R = amount of time it takes to react to an attack  Easiest way to calculate the cost of an Incident –Multiply average hourly wage * Time * People

Copyright 2001 Marchany8 The Top 10 Vulnerabilities  BIND (Unix/Linux/NT/Win2K)  CGI programs (www servers)  RPC (Tooltalk) (Unix/linux/NT/Win2K)  Microsoft IIS – RDS and others (NT/Win2K)  Sendmail (Unix/Linux)  Sadmind and mountd (Unix/Linux)  Global file sharing (NetBios, NFS, Appleshare)  Weak/no passwords, demo/guest accounts  IMAP/POP buffer overflow  Default SNMP community strings (Network)

Copyright 2001 Marchany9.77%Webdist#2, #4 15.5%IMAP#9 12.4%Qpopper#9.52%Innd 26.1%Tooltalk#3, #6 10.8%RPC_mountd#3, #6 18.1%BIND#1 12.2%WWW# Hosts scannedTOTAL Percent VulnerabilityTop 10 #

Copyright 2001 Marchany10 The Top 10 Internet Threats for 2000  Available at  You should check your systems for these vulnerabilities  The fix is simple. Apply Patches or ServicePaks.  Your sysadmins/netadmins should check your system(s) for the top 10 threats. –Bindview Hackershield – NT systems –SARA, SAINT – Unix/Linux freeware tools

Copyright 2001 Marchany11 References   –Top 10 threats, Defeating Ddos, etc.    –Early Warning Vulnerability list   –Federal Search & Seizure Guidelines

Copyright 2001 Marchany12 Course Revision History