Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cosc 4765 Risk Assessment And Security Auditing. First a Security Plan Policies –A plan must take into account the policy Which almost always leads to.

Published byDwain Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "Cosc 4765 Risk Assessment And Security Auditing. First a Security Plan Policies –A plan must take into account the policy Which almost always leads to."— Presentation transcript:

1 Cosc 4765 Risk Assessment And Security Auditing

2 First a Security Plan Policies –A plan must take into account the policy Which almost always leads to writing a policy first. –Who should be allowed to access? –What system and organization resources should acess be allowed? –What types of access should each user be allowed for each resource? It should allow state goals and responsibility: who, where, what

3 Security Plan (2) Current security status –Is there any Security? –Risk analysis, both system and financial Requirements –Functional or performance demands placed on system(s) to ensure a desired level of security Recommend controls Responsibility –Who responsible, also listed in the policy.

4 TCSEC 6 requirements Security policy Well defined and explicit security policy to be enforced Identification Every subject must be uniquely and convincingly identified, so that the subject/object access can be checked Marking Every object must be associated with a label of it’s security level Accountability Maintain a complete and secure records of all actions involving security (pretty much everything!) Assurance Mechanisms that can enforce security and evaluate it Continuous protection Mechanisms that implement security must be protected against unauthorized change.

5 Security overlaps into Business continuity plans –What happens in “catastrophic situations” Fire, floods and other nature and man made disasters. –What happens in “long durations” Power outages or really bad weather –Theft –Cold site  A faculty with power and cooling where systems can be quickly installed –Hot site  A faculty with ready-to-run systems Maybe even have a full/live backup of data, so it ready to run at a moments notice.

6 Recovery What to do when your site has been attacked and possibly compromised?

7

8 The attack usually happened hours or even days ago. Don’t Panic. Figure out who all needs to deal with the problem Find and make copies all of tracking information –logs, accounting files, traps logs, etc.

9 Assess your degree of exposure –Find out what they damaged, removed, added, etc. What information might they have gotten. If necessary disconnect the computer from the network. –Don’t let the problem compromise other computers.

10 Based on the damage, figure out the recovery plan. communicate the plan –Also take this time to educate users and management about the problem and steps to prevent from happening again. Implement the recovery plan

11 Lastly, report the incident to authorities –CERT has a phone number, fax number, and web site to report the incident. And if need be, call the police or FBI –At worse this covers your “assests” in case of future problems, law suits, etc.

12 Risk Assessment A risk assessment, no matter which method used –Figure out what is important It can’t be lost, exposed, and/or damage This is really what you are trying to secure! –If lost, exposure and/or damage is “not a concern” about an asset or item, then –it maybe be covered by the security implemented for the “important” assets. –Now the figure how to secure it

13 Risk Assessment (2)

14 Risk Assessment (3) AssetSecrecyIntegrityAvailabilitySolution Hardware?Overloaded Destroyed Tampered with Failed Stolen/Destroyed unavailable Replace Repair Involve lawyers SoftwareStolen Copied/pirated Impaired (virus …) Modified Deleted/Misplaced Unavailable Reinstall Purchase Involve lawyers DataDisclosed unauthorized access Damaged -software, hardware, user err Deleted, misplaced Destroyed Recover from backups Involve lawyers People??UnavailableHire Involve lawyers Documentation?ModifiedLost, stolen, destroyed Recover from backups/replace Involve lawyers Supplies??Lost, stolen, destroyed Get more Involve lawyers

15 Security Audit Once you know what to protect, you need to know what the “vulnerabilities” are. –Some are very easy Physical security for example, is there any? Authentication; Can any “use and modify” the asset? Say a your laptop. –Harder ones Vulnerabilities and “lapses” in security –Many tools to test with and articles describing vulnerabilities and how to spot them. –Many viruses and worms will weaken security »so that even if they are removed the computer is easier to break into.

16 Security Information System Administrators and Hackers get their information from the same places CERT: a registered service mark of Carnegie Mellon University –www.cert.org provides advisories and when patches are released to fix problems.

17 SecurityFocus.com and BugTraq mail list –specializes in security-related new and information. –see the book about how to get on their mailing lists SANS: the System Administration, Networking, and Security Institute –www.sans.org

18 Vendor-specific security resources –Each vendor from SUN, sgi, and linux groups all have specific mailing lists or places to look for patches and/or information about security problems.

19 Patches and update. First and for most patches and updates –One of the best way to plug vulnerabilities is to patch the software, operating system, network equipment, etc… –See vendors for each product Any good vendor will offer patches free. –If they don’t… seriously rethink using it. A security Audit is similar in nature to how a hacker breaks into, so first “How ‘they’ get in”.

20 How “they” get in. 1 Reconnaissance –Social engineering, physical break, etc… –Search the web Google, newsgroups, blogs, etc. Whois databases Domain Name Systems –Varying reconnaissance tools 1 Sam Spade: www.samspade.org/sww/www.samspade.org/sww/ Other internet based “research” tools –Some free and some paid.

21 How “they” get in. (2) 2. Scanning –War driving (find wireless access points) –War Dialing (find modems) –Network Mapping –Scan for open ports via port scanners –Vulnerability-Scanning Tools

22 How “they” get in. (3) 3. Gain access via application and O/S attacks –Script kiddie exploits –Buffer Overflow Exploits –Password Attacks –Web applications attacks –Redirect for to Exploit Browser Flaws.

23 How “they” get in. (4) 3 continued: network attacks –Sniff the network Looking for passwords, OS Idents, etc. –IP Address Spoofing –Session Hijacking –Tools: Netcat, General Purpose Network Tool “The Swiss Army knife of network tools”, for attacks and sys admin to do numerous tasks.

24 How “they” get in. (5) 3 continued: Denial of Service attacks –Locally stopping services and exhausting resources –Remotely: stopping services and exhausting resources

25 How “they” get in. (6) 4. Maintaining access –Trojan horse programs –Backdoors –Malware, Spyware and bots –Viruses and Worms –Rootkits 5 Covering up –With things from 4: shutdown AV products and logging, hiding files in hard to find spots.

26 Security audit again. So we use the 1 through 3 –Except probably the DOS to run a security audit on our own systems. –Most are run internally and sometimes from a remote site. with all the legal consistent of the remote location! And legal consistent from inside too, just in case. –Just like a fire drill, otherwise, the fire department would show up!

27 Tools Some On-line tools –www.attackportal.netwww.attackportal.net On-line tools that you research, probe and attack systems by filling out web forms! –Scan.sygatetech.com Will scan the machine you are on. –Note, behind the firewall it could only determine the browser. –www.dnstuff.com –www.traceroute.org –www.network-tools.comwww.network-tools.com –www.cotse.com/refs.htm –www.securityspace.com –www.dslreports.com/scan

28 Tools (2) There are hundreds of tools, this is just a short list of some common platform independent ones. Downloadable tools: –nmap Network MAP of the ports of a target network or individual machine. –Hydra a tool to find valid login/password pairs for many different processes and systems –nessus A security scanner, with plug-ins and a scripting language to test any number of things.

29 Tools (3) –Netcat Many network features, see netcat.source.net and many other web sites for it varied uses. –Tcpdump A simple Packet sniffer –Snort A packet sniffer with many features like a IDS –Ethereal A packet sniffer and a network packet analyzer –Also allows loads of captured data from tcpdump. –Jack the Ripper, crack and many others Password cracker programs.

30 Addition References Many web sites Counter Hack Reloaded, 2rd edition, Skoudis and Liston, Prentice Hall, 2006 Introduction to Computer Security, Bishop, Addison Wesley, 2005

31 Q A &

Download ppt "Cosc 4765 Risk Assessment And Security Auditing. First a Security Plan Policies –A plan must take into account the policy Which almost always leads to."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Securing Information Systems

Securing Information Systems
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Similar presentations

Ads by Google