Presentation is loading. Please wait.

Presentation is loading. Please wait.

INF526: Secure Systems Administration Course Introduction Prof. Clifford Neuman Lecture 1 24 May 2016 OHE100C.

Published byDamon Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "INF526: Secure Systems Administration Course Introduction Prof. Clifford Neuman Lecture 1 24 May 2016 OHE100C."— Presentation transcript:

1 INF526: Secure Systems Administration Course Introduction Prof. Clifford Neuman Lecture 1 24 May 2016 OHE100C

2 Course Identification INF 526 –Secure Systems Administration –3.0 units (Next time offered it will be 4 units) Class meeting schedule –9AM to 12:10PM Friday’s –Room OHE 100C Class communication –inf526@csclass.info –Goes to instructor and TA and is archived. 1

3 General Course Information Professor office hours –Friday 1:30PM to 2:30 PM PHE 514 –Other times by appointment Primary office in MDR at Information Sciences Institute –E-mail: inf526@csclass.info and bcn@isi.edu TA for the class –Yatin Wadhawan –inf526@csclass.info, ywadhawa@usc.edu –Office hours TBD 2

4 Guidelines for Students Class will be primarily group projects Student deliverables –Homework assignments 20% –Group exercises 20% on group performance –Group exercises 20% on individual writeup –Midterm exam 20% –Final exam 20% Read the assigned readings before class! –Responsible for content of assigned reading 3

5 Guidelines for Students Academic integrity is taken very seriously –Libraries are a resource for USC academic standards –http://www.usc.edu/libraries/about/reference/tutorials/ academic_integrity/index.phphttp://www.usc.edu/libraries/about/reference/tutorials/ academic_integrity/index.php 4

6 Grading Schema Final: 20% Mid-Term: 20% Performance of Group on Project: 10% Individual Submission Project Reports: 15% Hour presentation (PPT) on assigned topic: 15% Homework Assignments: 20% __________________ Total100% 5

7 Letter Grade Assignment 6 A letter grade will be assigned for each assignment, project, or exam. The individual assignment scores are based on overall class performance. Course grade is determined by weighted calculation from the component grades.

8 Group Projects Three Administration case studies drawn from: –Banks –Retailer –Government –Cloud –Critical Infrastructure –Criminal Enterprise Rotating Groups –VG0, RR1, MU2, SA3, JE4, AL5, JM6, SS7 –Low order bit is group (0 or 1) on first project –Mid order but is group (0 or 1) on second project –High order bit is group (0 or 1) on third project. 7

9 Individual Project On topic from course syllabus –1 HR PPT presentation –If remote and connection issues, I can present, but better if you can present remotely. –Will select topics from among: Adversarial Security Plan Response Plans Red teaming and penetration testing tools Linux security administration Network Security Components Network Security administration Configuration Management Network Attack Administration (SIEM) Network Monitoring and Attack Forensics Accreditation and acceptance testing 8

10 Questions on Course Structure 9

11 Initial Homework Assignment (due before 6/3 class) Submit as email to inf526@csclass.infoinf526@csclass.info System Structure for Banking Case Study Consider the description of the banking system to be used for the first exercise – as discussed in class on 5/24. –Enumerate the classes of data –Enumerate the classes of users –Identify the protection domains –Enumerate the systems (hardware) –Enumerate the systems (software components) This write-up is expected to be about 3 pages in length (could be more or less) –It will be shared later with your group members to begin discussion for the group architecture. 10

12 Initial Reading Assignment (due before 5/27 class) (ANON) Anonymous. (2002). Maximum Linux Security: A Hackers Guide to Protecting Your Linux Server and Workstation. SAMS Publishing. –Chapters 1, 2, 3, 4 11

13 Course Outline Introduction to Secure System Administration Generation of Security Requirements Composition of systems and protection domains Adversarial Security Plan Red teaming and penetration testing tools Response Plans Linux security administration Network Security Components Network Security administration Configuration Management Network Attack Administration (SIEM) Network Monitoring and Attack Forensics Accreditation and acceptance testing 12

14 Introduction to Secure Systems Administration Secure –Ability to correctly implement relevant policy System –A computer? –A network? –The combination of all system components implanting a particular function Administration –Selection of components (purchases of products) –Architecture – how the pieces fit together –Installation and configuration –Security Testing –Operation –Monitoring –Repair and Maintenance –Threat response 13

15 Application Architecture What are the functional requirements of the system. –This guides equipment needs Processing, Storage, and Network. –What are the functional goals of the system. This defines the meaning of availability –What constitutes a breach of availability – the system no longer meets its functional goals. –Critical Infrastructure –Critical for you Consequences of failure 16

16 Information Flow and Containment Understand your applications Information Flow: –What is to be protected –Against which threats –Who needs to access which apps –From where must they access it Do all this before you invest in the latest products that salespeople will say will solve your problems. 16

17 What is to be protected Is it the service or the data? –Data is protected by making it less available –Services are protected by making them more available (redundancy) –The hardest cases are when one needs both. 16

18 Classes of Data Decide on multiple data classes –Public data –Customer data –Corporate data –Highly sensitive data (not total ordering) These will appear in different parts of the network 16

19 Classes of Users Decide on classes of users –Based on the access needed to the different classes of data. You will architect your system and network to enforce policies at the boundaries of these classes. –You will place data to make the mapping as clean as possible. You will manage the flow of data 16

20 Component Selection What systems do you need –System or VM for different classes of protection domains. Network Components –To interconnect –To Segregate You will manage the flow of data 16

21 Conduct an Inventory – of physical assets –What Kinds of systems do you have E.g. POS terminals, SCADA, servers, network hardware –Understand the access to each system Employees, customers, etc –How are the different classes of systems protected from one another Network zones, etc –How do you contain breaches to particular zones. –What happens to your business if any of these are compromised or shut down. An NSA Center for Academic Excellence - Research 20 Inventory

22 Identity Management Interrelation of identity with policy –Selection of authentication technology –Enrollment issues –Balancing cost with security What is needed for strong audit capability –Not just intrusion detection –Regulatory and recovery/remediation 16

23 Configuration Management Catalog of systems –What is approved for connection Catalog of software –What is approved for use –Patch management Configuration checkers Change detectors –E.g. tripwire, AFIK 16

24 Adversarial Security Plan Enumerate goals of attacker –Consider likelihood of targets Enumerate consequences of various attacks –Consider cost to organization of effective attack Prioritize deployed resources to defend systems Develop attack defense trees Consider mitigations Design red teams System red teams Penetration testing 23

25 Response depends on many factors, but most importantly: – Your containment architecture - How the system has been set up according to the information discussed earlier But also on your preparation –Emergency Response Plan –Emergency Response Team –How the system has been set up - Backups, Data Collection for Forensics, Baselines Response Handling the Inevitable Breach

26 Collect Baseline On all Assets Software and system checksums –Used to detect changes to the system –To identify which assets are affected –To enable recovery – reinstall those affected systems Baseline data communication from all assets –In your network infrastructure, use this to identify anomalous flows –As they happen to block exfiltration –From Logs to identify where data went and how much, and over what time periods An NSA Center for Academic Excellence - Research 25

27 After a breach: Containment –You will need to shut down or take offline those systems affected by the breach (those you can no longer trust) to prevent further loss of data. –Collect forensic data to assist in assessing impact, to identify attackers, and for prosection. –Stronger containment (from preparation phase) means fewer critical services that you need to take offline. An NSA Center for Academic Excellence - Research 26

28 After a breach: analysis –Check for changes to your systems and data. –Use forensic data collected using technologies in place from your planning phase to identify sources of the attack, and the techniques used. –Use this information to determine which customers data and which systems were affected. –Use this information to fix the vulnerabilities in your existing systems. –Subject to legal requirements, share this information as appropriate with the authorities and the security community. An NSA Center for Academic Excellence - Research 27

29 After a breach: recovery –Systems/data must be restored to a trusted state. Using backups Legitimate updates to data may need to be reapplied –Vulnerably used in the attack must be patched before systems are brought back online. –You need a plan for operating your business for some period without the impacted systems. Part of your planning phase An NSA Center for Academic Excellence - Research 28

30 System Administration What must be administered: –User accounts – Least Privilege –Software –Servers –Storage –Network (next slide) –Keys –Monitoring Core principles –Minimization 29

31 Network Administration Creation of network protection domains –Firewalls –VLANs –VPNs for access –Ipsec –Wireless Management Network Monitoring Network Admission Control 30

32 SIEM Monitoring Forsenscs Network Attack Administration (SIEM) Network Monitoring and Attack Forensics Accreditation and acceptance testing 31

33 Accreditation and acceptance Determining when it is OK to bring your system live Certification for government agencies Periodic audits Certification for customers or upstream parties –E.g. PCI Compliance 32

Download ppt "INF526: Secure Systems Administration Course Introduction Prof. Clifford Neuman Lecture 1 24 May 2016 OHE100C."

Similar presentations

Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Drs.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Drs.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Enterprise Architecture

Enterprise Architecture
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Introduction to Network Defense

Introduction to Network Defense

Similar presentations

Ads by Google