Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Published byAntony Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry."— Presentation transcript:

1 Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry point –Both commodity applications and custom in-house applications –Applications offer large attack surfaces and many opportunities

2 Lecture 19 Page 2 CS 236 Online Quick Wins Install and use special web- knowledgeable firewalls –To look for XSS, SQL injection, etc. Install non-web application specific firewalls, where available Position these firewalls so they aren’t blinded by cryptography

3 Lecture 19 Page 3 CS 236 Online 7. Wireless Device Control Why it’s important: –Wireless reaches outside physical security boundaries –Mobile devices “away from home” often use wireless –Unauthorized wireless access points tend to pop up –Historically, attackers use wireless to get in and stay in

4 Lecture 19 Page 4 CS 236 Online Quick Wins Know what wireless devices are in your environment Make sure they run your configuration Make sure you have administrative control of all of them –With your standard tools Use network access control to know which wireless devices connect to wired network

5 Lecture 19 Page 5 CS 236 Online 8. Data Recovery Capability Why it’s important: –Successful attackers often alter important data on your machines –Sometimes that’s the point of the attack –You need to be able to get it back

6 Lecture 19 Page 6 CS 236 Online Quick Wins Back up all machines at least weekly –More often for critical data Test restoration from backups often Train personnel to know how to recover destroyed information

7 Lecture 19 Page 7 CS 236 Online 9. Security Skills Assessment and Training Why it’s important: –Attackers target untrained users –Defenders need to keep up on trends and new attack vectors –Programmers must know how to write secure code –Need both good base and constant improvement

8 Lecture 19 Page 8 CS 236 Online Quick Wins Assess what insecure practices your employees use and train those Include appropriate security awareness skills in job descriptions Ensure policies, user awareness, and training all match

9 Lecture 19 Page 9 CS 236 Online 10. Secure Configurations for Network Devices Why it’s important: –Firewalls, routers, and switches provide a first line of defense –Even good configurations tend to go bad over time Exceptions and changing conditions –Attackers constantly look for flaws in these devices

10 Lecture 19 Page 10 CS 236 Online Quick Wins Create documented configurations for these devices Periodically check actual devices against your standard configurations Turn on ingress/egress filtering at Internet connection points

11 Lecture 19 Page 11 CS 236 Online 11. Limitation and Control of Ports, Protocols, and Services Why it’s important: –Many systems install software automatically –Often in weak configurations –These offer attackers entry points –If you don’t need and use them, why give attackers’ that benefit?

12 Lecture 19 Page 12 CS 236 Online Quick Wins Turn off unused services –If no complaints after 30 days, de-install them Use host-based firewalls with default deny rules on all systems Port scan all servers and compare against known intended configuration Remove unnecessary service components

13 Lecture 19 Page 13 CS 236 Online 12. Controlled Use of Administrative Privileges Why it’s important: –Administrative privilege gives attackers huge amounts of control –The more legitimate users who have it, the more targets Phishing attacks, drive-by downloads, password guessing, etc.

14 Lecture 19 Page 14 CS 236 Online Quick Wins Use automated tools to validate who has administrative privileges Ensure all admin password/phrases are long and complex –Force them to change often Change all default passwords on new devices –Firewalls, wireless access points, routers, operating systems, etc.

15 Lecture 19 Page 15 CS 236 Online More Quick Wins Store passwords hashed or encrypted –With only privileged users allowed to access them, anyway Use access control to prevent administrative accounts from running user-like programs –E.g., web browsers, games, email Require different passwords for personal and admin accounts

16 Lecture 19 Page 16 CS 236 Online Yet More Quick Wins Never share admin passwords Discourage use of Unix root or Windows administrator accounts Configure password control software to prevent re-use of recent passwords –E.g., not used within last six months

17 Lecture 19 Page 17 CS 236 Online 13. Boundary Defense Why it’s important: –A good boundary defense keeps many attackers entirely out –Even if they get in, proper use of things like a DMZ limits damage –Important to understand where your boundaries really are

18 Lecture 19 Page 18 CS 236 Online Quick Wins Black list known bad sites or white list sites you need to work with –Test that periodically Use a network IDS to watch traffic crossing a DMZ Use the Sender Policy Framework (SPF) to limit email address spoofing

19 Lecture 19 Page 19 CS 236 Online 14. Maintenance, Monitoring and Analysis of Security Logs Why it’s important: –Logs are often the best (sometimes only) source of info about attack –If properly analyzed, you can learn what’s happening on your machines –If not, you’re in the dark

20 Lecture 19 Page 20 CS 236 Online Quick Wins Ensure all machines have reasonably synchronized clocks (e.g., use NTP) Include audit log settings as part of standard configuration –And check that Ensure you have enough disk space for your logs

21 Lecture 19 Page 21 CS 236 Online More Quick Wins Use log retention policy to ensure you keep logs long enough Fully log all remote accesses to your machines Log all failed login attempts and failed attempts to access resources

22 Lecture 19 Page 22 CS 236 Online 15. Controlled Access Based on Need to Know Why it’s important: –If all your machines/users can access critical data, –Attacker can win by compromising anything –If data kept only on protected machines, attackers have harder time

23 Lecture 19 Page 23 CS 236 Online Quick Wins Put all sensitive information on separate VLANs Encrypt all sensitive information crossing the network –Even your own internal network

Download ppt "Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Computer Security set of slides 10 Dr Alexei Vernitski.

Computer Security set of slides 10 Dr Alexei Vernitski.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts

Understand Database Security Concepts
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.

10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Lecture 18 Page 1 CS 136, Spring 2014 Security Your System CS 136 Computer Security Peter Reiher June 5, 2014.

Lecture 18 Page 1 CS 136, Spring 2014 Security Your System CS 136 Computer Security Peter Reiher June 5, 2014.

Similar presentations

Ads by Google