Download presentation
Presentation is loading. Please wait.
Published byRobert Ryan Modified over 9 years ago
1
Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico
2
Session Prerequisites Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003 Knowledge of Active Directory and Group Policy concepts Level 200
3
Agenda Dia 1 Comunidades Technet Mexico Entrenamiento Comunidades Mexico Essentials of Security Parte 1 Dia 2 Essentials of Security Parte 2 Security Risk Management Parte 1 Dia 3 Security Risk Managemnt Parte 2 Peguntas y Respuestas
4
Comunidades Technet Mexico Dia 1
5
Comunidades en Mexico On Line http://groups.msn.com/itpromexico http://groups.msn.com/itpromexico Presénciales Comunidad DF IT Pro Mexico Aida Lara alora@hubbell.com.mx Victor Guadarrama Olivares vmgo@mvps.org http://itpromexico.com.mx
6
Comunidades Comunidad Monterrey Carlos Alberto Morales cmorales@madisa.com Astrid Rodríguez Garza Vrodriguez@mail.risoul.com.mx http://groups.msn.com/itpromonterrey Comunidad San Quintín Baja California Genaro N. Lopez Norori gnlopez@hotmail.comgnlopez@hotmail.com http://groups.msn.com/ITproSanQuintin http://groups.msn.com/ITproSanQuintin
7
Comunidades Comunidad Guadalajara Oscar T. Aceves Dávalos itan040@hotmail.com itan040@hotmail.com http://groups.msn.com/itprogdl http://groups.msn.com/itprogdl Comunidad Coatzacoalcos Gabriel Castillo jcastillo@celanese.com.mx jcastillo@celanese.com.mx http://groups.msn.com/ITcoatzacoalcos
8
Comunidades Tijuana Andree Ochoa andreeochoa@netscape.net andreeochoa@netscape.net http://groups.msn.com/itprotijuana http://groups.msn.com/itprotijuana Puebla Jorge Garcia MasterFx@masterfx.net MasterFx@masterfx.net http://groups.msn.com/ITICOPuebla http://groups.msn.com/ITICOPuebla
9
Procedimientos Comunidades Evento presencial 1.Enviar la información de las reuniones del siguiente mes Lugar, fecha, hora, descripción del evento, lugar del evento 2.Confirmar que el evento este dado de alta en http://wwww.microsoft.com/mexico/eventos http://wwww.microsoft.com/mexico/eventos 3.Todos los participantes deberán registrarse vía Web en el evento y entregar su registro con el código de barra el dia del evento 4.El instructor deberá recolectar las evaluaciones y hojas de registro para entregárselas al director del área
10
Essentials of Security Dia 1
11
Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security
12
Impact of Security Breaches Loss of Revenue Damage to Reputation Loss or Compromise of Data Damage to Investor Confidence Legal Consequences Interruption of Business Processes Damage to Customer Confidence
13
2003 CSI/FBI Survey The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises
14
Benefits of Investing in Security Reduced downtime and costs associated with non-availability of systems and applications Reduced labor costs associated with inefficient security update deployment Reduced data loss due to viruses or information security breaches Increased protection of intellectual property
15
Security Risk Management Discipline Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security
16
Security Risk Management Discipline (SRMD) Processes Assessment Assess and valuate assets Identify security risks and threats Analyze and prioritize security risks Security risk tracking, planning, and scheduling Development and Implementation Develop security remediation Test security remediation Capture security knowledge Operation Reassess assets and security risks Stabilize and deploy new or changed countermeasures
17
Assessment: Assess and Valuate Assets Asset Priorities (Scale of 1 to 10) – Example * * For example purposes only – not prescriptive guidance
18
Types of threats Examples S poofing Forge e-mail messages Replay authentication packets T ampering Alter data during transmission Change data in files R epudiation Delete a critical file and deny it Purchase a product and later deny it I nformation disclosure Expose information in error messages Expose code on Web sites D enial of service Flood a network with SYN packets Flood a network with forged ICMP packets E levation of privilege Exploit buffer overruns to gain system privileges Obtain administrator privileges illegitimately Assessment: Identify Security Risks and Threats – STRIDE
19
Assessment: Analyze and Prioritize Security Risks – DREAD DREAD D amage R eproducibility E xploitability A ffected Users D iscoverability Risk Exposure = Asset Priority x Threat Rank Example Worksheet
20
Assessment: Security Risk Tracking, Planning, and Scheduling Types of threats Examples Spoofing Forge e-mail messages Replay authentication packets Tampering Alter data during transmission Change data in files Repudiation Delete a critical file and deny it Purchase a product and later deny it Information disclosure Expose information in error messages Expose code on Web sites Denial of service Flood a network with SYN packets Flood a network with forged ICMP packets Elevation of privilege Exploit buffer overruns to gain system privileges Obtain administrator privileges illegitimately Detailed Security Action Plans Example Worksheets
21
Development and Implementation Configuration management Patch management System monitoring System auditing Operational policies Operational procedures Detailed Security Action Plans Testing Lab Knowledge Documented for Future Use Security Remediation Strategy Production Environment Production Environment
22
Operation: Reassess Assets and Security Risks New Web Site Internet Services Reassess risks when there is a significant change in assets, operation, or structure Assess risks continually Testing Lab Documented Knowledge Production Environment
23
Operation: Stabilize and Deploy New or Changed Countermeasures System Administration Team System Administration Team New or Changed Countermeasures New or Changed Countermeasures Network Administration Team Network Administration Team Security Administration Team Security Administration Team Production Environment Production Environment
24
Defense in Depth Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security
25
The Defense-in-Depth Model Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success OS hardening, authentication, patch management, HIDS Firewalls, Network Access Quarantine Control Guards, locks, tracking devices Network segments, IPSec, NIDS Application hardening, antivirus ACLs, encryption, EFS Security documents, user education Policies, Procedures, & Awareness Physical Security Perimeter Internal Network Host Application Data
26
Description of the Policies, Procedures, and Awareness Layer I think I will use my first name as a password. Hey, I need to configure a firewall. Which ports should I block? I think I will wedge the computer room door open. Much easier. They have blocked my favorite Web site. Lucky I have a modem.
27
Policies, Procedures, and Awareness Layer Compromise Say, I run a network too. How do you configure your firewalls? I can never think of a good password. What do you use? Hi, do you know where the computer room is? Hey, nice modem. What's the number of that line?
28
Policies, Procedures, and Awareness Layer Protection Firewall Configuration Procedure Physical Access Security Policy User Information Secrecy Policy Device Request Procedure Employee security training helps users support the security policy
29
Description of the Physical Security Layer All of the assets within an organization’s IT infrastructure must be physically secured
30
Physical Security Layer Compromise Install Malicious Code Damage Hardware View, Change, or Remove Files Remove Hardware
31
Physical Security Layer Protection Lock doors and install alarms Employ security personnel Enforce access procedures Monitor access Limit data input devices Use remote access tools to enhance security
32
Description of the Perimeter Layer Business Partner Internet Services LAN Main Office LAN Internet Services Branch Office Wireless Network LAN Network perimeters can include connections to: The Internet Branch offices Business partners Remote users Wireless networks Internet applications The Internet Branch offices Business partners Remote users Wireless networks Internet applications Remote User Internet
33
Perimeter Layer Compromise Business Partner Internet Services LAN Main Office LAN Internet Services Remote User Internet Branch Office Wireless Network LAN Network perimeter compromise may result in a successful: Attack on corporate network Attack on remote users Attack from business partners Attack from a branch office Attack on Internet services Attack from the Internet Attack on corporate network Attack on remote users Attack from business partners Attack from a branch office Attack on Internet services Attack from the Internet
34
Perimeter Layer Protection Business Partner Internet Services LAN Main Office LAN Internet Services Branch Office Wireless Network LAN Remote User Internet Network perimeter protection includes: Firewalls Blocking communication ports Port and IP address translation Virtual private networks (VPNs) Tunneling protocols VPN quarantine Firewalls Blocking communication ports Port and IP address translation Virtual private networks (VPNs) Tunneling protocols VPN quarantine
35
Description of the Internal Network Layer Sales Wireless Network Marketing Finance Human Resources
36
Internal Network Layer Compromise Unauthorized Access to Systems Access All Network Traffic Unauthorized Access to Wireless Networks Unexpected Communication Ports Sniff Packets from the Network
37
Internal Network Layer Protection Require mutual authentication Segment the network Encrypt network communications Restrict traffic even when it is segmented Sign network packets Implement IPSec port filters to restrict traffic to servers
38
Demonstration 1: Configuring IPSec Port Filtering Your instructor will demonstrate how to: Create and configure an IP Security policy that contains IPSec port filters that will be used to lock down unnecessary ports on an IIS server View IPSec port filter properties
39
Description of the Host Layer Contains individual computer systems on the network Often have specific roles or functions The term “host” is used to refer to both clients and servers
40
Host Layer Compromise Exploit Unsecured Operating System Configuration Exploit Operating System Weakness Unmonitored Access Distribute Viruses
41
Host Layer Protection Harden client and server operating systems Disable unnecessary services Keep security patches and service packs up to date Monitor and audit access and attempted access Install and maintain antivirus software Use firewalls
42
Windows XP SP2 Advanced Security Technologies Network protection Memory protection Safer e-mail handling More secure browsing Improved computer maintenance Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview Network protection Memory protection Safer e-mail handling More secure browsing Improved computer maintenance Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview
43
Demonstration 2: Overview of Windows XP SP2 Your instructor will demonstrate the new and enhanced security features in Windows XP SP2: Security Center Windows Firewall Internet Explorer
44
Preguntas http://groups.msn.com/itpromexico Sección de webcast
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.