Presentation is loading. Please wait.

Presentation is loading. Please wait.

System Admin Security Training

Published byἌννας Λειβαδάς Modified over 5 years ago

Similar presentations

Presentation on theme: "System Admin Security Training"— Presentation transcript:

1 System Admin Security Training
Orange Team

2 Overview System Admin Duties Employee Documents and Security Controls
Security Threats Threat Mitigation Incident Response

3 System Admin Duties Perform backup and restore data
Add and remove users Add and remove hardware and software Configure and maintain hardware and software General user support Maintain documentation and licenses Negotiate with vendors System planning Security management

4 System Admin Duties Monitor system resource usage and performance
Detect and correct problems Optimize performance Manage resources Automate tasks Determine and enforce usage policy Educate users Corporate priority liaison “corporate priority liaison” - liaison between user needs, budgetary constraints and technological limitations

5 A Lot Of Things To Do… … and it’s better to do them securely!
“Bake in” security Can’t anticipate all problems Can limit the problems you have

6 Perform Backup and Restore Data
Encrypt backups Secure storage Physical access control Environmental protections Controlled restorations No network connections Clean destination (no malware) Verified assistance "Verified assistance" means the person doing the restoration should be trusted as much as the methods used to restore.

7 Add and Remove Hardware and Software
Old accounts can be used as backdoor Completely remove old access rights Add users while adhering to… Need-to-know Minimum privilege

8 Add and Remove Hardware and Software
Inform users of potential outages Secure install Configure first Attach to network as late as possible Secure removal Install replacements first Avoid loss of functionality Dispose securely (data retrieval)

9 Configure and Maintain Hardware and Software
Keep copies of configurations Configure new elements before attaching to network Use standard maintenance routines Document Update Verified assistance

10 General User Support Beware of social engineering
Callers provide credentials Educate users to safeguard credentials Do not prompt Safeguard credentials Do not reveal unnecessarily Protect methods for credential creation

11 Maintain Documentation and Licenses
Document procedures New SA education Consistency Audit Assurance Do not use illegitimate software Cheaper Unethical Illegal Insecure

12 Negotiate With Vendors
Licensed products can get expensive Minimize the cost of secure behavior Vendor relationships are important Inform them of security concerns Request new products/solutions Receive updated hard/firm/software Continued business is valued and will be rewarded

13 System Planning Scaling Assessing new technology
Security problems and solutions scale differently New node = new possible failure New AV != more secure Assessing new technology Anticipate problems “Shinier” does not mean “safer” Anticipating and avoiding problems Malware/attack trends Follow day-to-day guidelines strictly

14 Security Management “An ounce of prevention is worth a pound of cure.”
Prioritize security Ideal management solution Simple Reproducible Covers security needs Your job, not the users

15 Monitor System Resource Usage and Performance
Do not invade privacy Use data to… Identify future purchases Notice potential threats Excessive or unusual usage Antivirus logs Ensure expectations are met (SLA)

16 Detect and Correct Problems
Use system monitoring devices Preemptive corrections Patching Updating Upgrading Reactive corrections See incident response

17 Optimize Performance Users get frustrated with poor system performance
Users will optimize for themselves Non-compliance Installing adware/freeware Working around slow or ineffective processes Don’t optimize by removing/compromising security

18 Manage Resources Know what you have and use Bad situations
Unaccounted-for router on network Unconfigured workstation Ordering unneeded license keys Wasting resources leads to budget cuts and layoffs Misplacing resources leads to vulnerabilities

19 Automate Tasks Script day-to-day tasks
Focus extra time on harder tasks Don’t introduce security holes Unauthorized use of privileged scripts/programs Scripts disabling security features Testing/Debugging/Configuration programs used on ‘live’ network

20 Determine and Enforce Usage Policy
Correct usage is essential Meaningless without enforcement

21 Educate Users A smart user is a safe user
Eliminate “low hanging fruit” Social engineering Bad links Phishing s Removal media

22 Corporate Priority Liaison
Competing goals Management’s budget Your security Customer’s service needs Employee convenience Security needs to win Sell to management Educate users

23 Employee Documents Acceptable Use Policy (AUP)
Service Level Agreement (SLA) Non-Disclosure Agreement (NDA) Employee Contract Your responsibility to enact if there are no documents.

24 Security Controls Need-to-know Security awareness training
Separation of duties Job rotation Vacations Auditing/reviews

25 Security Threats External Internal Hacking E-mail attacks Malware
Ignorance Insider

26 Security Threats: Hacking
Exploitation of web services Poorly configured gateways Use of backdoors Social engineering Previous intrusion Internal corroborator

27 Security Threats: E-mail
Phishing Spam Trojans Viruses

28 Security Threats: Malware
Many sources Hacking Insider Ignorance Spreads quickly Use up resources

29 Security Threats: Ignorance
Clicking bad links Poor discretion Downloading malware USB attacks

30 Security Threats: Insider
Usually hardest to detect They know the system Sometimes privileged user Disgruntled employee Abuse of trust

31 Threat Mitigation Preparation Incident Response Plan
Security practices Education Incident Response Plan If none, create one Form a Computer Security Incident Response Team Individuals capable of correct response Include members of management

32 Incident Response Identify Initial Response Formulate strategy
Record basic details Assemble CSIRT Notify important individuals Formulate strategy Investigate Thorough data collection Determine what/who/how Report Resolve

33 Rules To Work By A smart user is a safe user
Policy enforcement is the first step to a secure system Put security first in everything you do

34 Bibliography Mandia, Kevin, Chris Prosise, and Matt Pepe. Incident Response & Computer Forensics. Second ed. N.p.: Brandon A. Nordin, n.d Print. 

Download ppt "System Admin Security Training"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Information Security Policies and Standards

Information Security Policies and Standards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Incidence Response & Computer Forensics, Second Edition

Incidence Response & Computer Forensics, Second Edition
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices

Network security policy: best practices
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Similar presentations

Ads by Google