Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Chapter 3 Part 5 Pages 248 to 252.

Published byAnnabelle Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control Chapter 3 Part 5 Pages 248 to 252."— Presentation transcript:

1 Access Control Chapter 3 Part 5 Pages 248 to 252

2 Accountability Auditing capabilities ensure users are accountable for their actions, verify that security policies are enforced, and can be used as investigation tools. Audit users, systems, and applications in log files.

3 Audit Logs Investigate suspicious activities Determine how far an attack has gone and how much damage is done.

4 Audit Logs Store logs securely Keep size under control Make sure the ability to delete logs is only available to administrators Log activities of high privileged accounts In a high security account, more activities should be audited and logged

5 What activities should be logged? Can waste disk space and CPU time is too much is audited. See page 249 – System-level events – Application-level events – User-level events

6 Threshold Audit all login attempts or Audit all failed logins

7 Intrusion Detection Systems IDS can scan audit logs for suspicious activities and alert administrators If an attacker is accessing confidential information on a database, this computer could be temporarily disconnected from the Internet.

8 Review of Audit Logs After a security breach, to piece together what happened Manually – Can be overwhelming – Audit-reduction tools

9 SIEM Security Information Event Management Gathers logs from various devices – Servers, firewalls, routers – Different vendor products with different formats Data mining to identify patterns

10 Protecting Audit Logs Attackers like to scrub audit logs Protect the integrity of the log files Digital signatures Write-only log files

11 Keystroke Monitoring www.keyghost.com If a security professional is suspicious of an individual’s activities An attacker installing a Trojan Horse keylogger Must be stated in security policy and get legal approval

Download ppt "Access Control Chapter 3 Part 5 Pages 248 to 252."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
BalaBit Shell Control Box

BalaBit Shell Control Box
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network security policy: best practices

Network security policy: best practices
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

Similar presentations

Ads by Google