Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monitoring Systems Richard Newman. Security in Depth Layered Security – Physical access control – Identification and Authentication – know who is using.

Published byColin Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "Monitoring Systems Richard Newman. Security in Depth Layered Security – Physical access control – Identification and Authentication – know who is using."— Presentation transcript:

1 Monitoring Systems Richard Newman

2 Security in Depth Layered Security – Physical access control – Identification and Authentication – know who is using system Individual authentication – for audit Detect patterns of behavior – Logical Access Control Programs, files, resources, etc. Check – use issues – Real-time monitoring IDS – Off-line monitoring Audit Forensic uses Chain of control

3 Computer System Monitoring - Detection – May be done at any level – Pattern matching – Statistical anomaly – Self/Non-self - Classification – Severity level – Special considerations - Response – Event logging – Email alert to user/admin Per event Digest – RT call/page/IM – System reconfiguration

4 Event Logging - System log – Start-up, shut-down of system, major processes – Opening/closing of important files, major resources - Security log – Major access control requests, logins – Access control failures - Application logs – Application specific events

5 Log Entry Append-only file – Prevent log entry modification or loss Log entry fields – Time and date of event – Event source (process/component) – User identity – Event type – Event details – depend on event type

6 Event Logging Mechanisms Process detects an event – configured to log – Creates log entry – Puts entry in buffer – Alerts logging process Logging process retrieves event from buffer – Classifies as worthy of collection or not Logging process writes events to audit log – Log selection – May fire other responses also Sysadmins review audit log – Data mining – Direct study Archiving – Signature, compression

7 Access Control Strategies - Islands – Isolation and mediation – Untrusted process given “sandbox” - Vaults – Access to wider (more dangerous) resources requested individually with system mediation on a case-by-case basis – Required for access to shared resources - Puzzles – Process uses secret or hidden information to access desired resources – must be impractical to find it or to guess – Cryptography, steganography, security through obscurity - Patterns – Access patterns compared with known bad patterns, blocked or audited if match (virus signatures) – Normal access patterns noted and deviations detected (anomalies)

8 External Requirements & Policy Treat external reqts as separate input to policy – Allows compliance tracking Treat possible legal or contractual problems as risks – Acknowledges non-compliance as risk Treat certifications as assets – More than marketing

Download ppt "Monitoring Systems Richard Newman. Security in Depth Layered Security – Physical access control – Identification and Authentication – know who is using."

Similar presentations

Access Control Methodologies

Access Control Methodologies
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Information Security Policies and Standards

Information Security Policies and Standards
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
95-752:7-1 Operating System Features. 95-752:7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object.

95-752:7-1 Operating System Features :7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
seminar on Intrusion detection system

seminar on Intrusion detection system
Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Network security policy: best practices

Network security policy: best practices
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Security Guidelines and Management

Security Guidelines and Management
1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.

1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.
10-Conducting Security Audits. Privilege Auditing Person’s access level over an object – User should be given minimal amount of privilege necessary to.

10-Conducting Security Audits. Privilege Auditing Person’s access level over an object – User should be given minimal amount of privilege necessary to.

Similar presentations

Ads by Google