Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan"— Presentation transcript:

1 Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan yin.pan@rit.edu

2 Rochester Institute of Technology Secure IT 2007 Agenda Motivation Motivation Course development Course development Procedures used to develop basic auditing labs Procedures used to develop basic auditing labs Outcomes and feedback from students Outcomes and feedback from students Improvements Improvements

3 Rochester Institute of Technology Secure IT 2007 Why think about security? Facts (one year ago) Facts (one year ago) By average, every 20 minutes, one unpatched machine is compromised By average, every 20 minutes, one unpatched machine is compromised Once a patch is announced, an exploit will be available in 2-3 days Once a patch is announced, an exploit will be available in 2-3 days Between 2004-2005, Between 2004-2005, Unauthorized access increased 500% Unauthorized access increased 500% Identity theft increase 100% Identity theft increase 100% Targets Targets Government agencies Government agencies Customized trojan horse designed to pilfer sensitive government secrets Customized trojan horse designed to pilfer sensitive government secrets E-commerce sites, banks and credit-cared processors E-commerce sites, banks and credit-cared processors Companies Companies Source code, coca-cola recipe? Game? Source code, coca-cola recipe? Game?

4 Rochester Institute of Technology Secure IT 2007 Why think about security? (con’t) There are people who are actively seeking your resources There are people who are actively seeking your resources But I don’t have anything anyone wants! But I don’t have anything anyone wants! Even just as a hiding place for files or a way to become anonymous, you are targeted Even just as a hiding place for files or a way to become anonymous, you are targeted Personal video recorders (PVR) Personal video recorders (PVR) Carjacking and carhacking Carjacking and carhacking

5 Rochester Institute of Technology Secure IT 2007 Course Objective Designed for Designed for system administrators system administrators network administrators network administrators security personnel security personnel to defend to defend their systems from attack their systems from attack by by designing and implementing the most effective defense designing and implementing the most effective defense using using effective defensive techniques effective defensive techniques The objective of this course is to provide students with the knowledge to develop security network audits, apply appropriate auditing tools to conduct professional audits, analyze results, and provide recommendations to mitigate any risks. The objective of this course is to provide students with the knowledge to develop security network audits, apply appropriate auditing tools to conduct professional audits, analyze results, and provide recommendations to mitigate any risks.

6 Rochester Institute of Technology Secure IT 2007 Outcomes Upon completion of this course, students will be able to Upon completion of this course, students will be able to Explain the fundamental techniques, processes and procedures of networks, and systems auditing. Explain the fundamental techniques, processes and procedures of networks, and systems auditing. Describe the basic design and configuration of routers, firewalls, and Intrusion Detection Systems (IDS). Describe the basic design and configuration of routers, firewalls, and Intrusion Detection Systems (IDS). Identify and apply appropriate tools to perform systems (Unix/Windows), servers, and network infrastructure components audit. Identify and apply appropriate tools to perform systems (Unix/Windows), servers, and network infrastructure components audit. Conduct vulnerability and validation testing. Conduct vulnerability and validation testing. Write and present an auditing report on security vulnerability. Write and present an auditing report on security vulnerability.

7 Rochester Institute of Technology Secure IT 2007 Course outline Auditing Process and Procedure Auditing Process and Procedure Different phases of an audit Different phases of an audit Discovery methods Discovery methods Network Identification and Penetration Network Identification and Penetration Systems Auditing Systems Auditing Servers and Network perimeters auditing Servers and Network perimeters auditing Audit Reports Audit Reports Auditing Recommendations Auditing Recommendations Writing audit report Writing audit report Security improvements Security improvements

8 Rochester Institute of Technology Secure IT 2007 Topics Audit Process and procedure Audit Process and procedure Network Audit Essentials Network Audit Essentials Wireless Audit Essentials Wireless Audit Essentials Unix/linux system audit Unix/linux system audit Windows audit Windows audit Network Perimeter Audit Network Perimeter Audit Web Servers Audit Web Servers Audit Audit Report Audit Report

9 Rochester Institute of Technology Secure IT 2007 Concerns… Many tools covered in this class can harm your system Many tools covered in this class can harm your system Some tools may include hidden features that exploit your systems Some tools may include hidden features that exploit your systems

10 Rochester Institute of Technology Secure IT 2007 What is “Auditing” A methodical examination and review of measuring something against a standard A methodical examination and review of measuring something against a standard Answer the question, “How do you know?” Answer the question, “How do you know?” Example of audits Example of audits

11 Rochester Institute of Technology Secure IT 2007 Why auditing? Manage IT-related risk Manage IT-related risk Ensure information security Ensure information security

12 Rochester Institute of Technology Secure IT 2007 Objective of Auditing To measure and report on risks To measure and report on risks Against existing policy within the organization Against existing policy within the organization Against existing standards or guidelines, best practices Against existing standards or guidelines, best practices Raise awareness and reduce risks Raise awareness and reduce risks

13 Rochester Institute of Technology Secure IT 2007 6 Step Process for Audit from SANS Audit Planning Audit Planning Meeting Relevant People With The Plan Meeting Relevant People With The Plan With high level people, Initiating audit With high level people, Initiating audit Measuring the Systems Measuring the Systems Preparing the Report Preparing the Report Presenting Results Presenting Results Report to Management Report to Management

14 Rochester Institute of Technology Secure IT 2007 Measuring the systems --Vulnerability assessment-- Starting with physical security Starting with physical security Networks (wired and wireless) Networks (wired and wireless) Secure the perimeter such as router, firewall, IDS, etc. Secure the perimeter such as router, firewall, IDS, etc. Secure the DMZ and Internal systems Secure the DMZ and Internal systems Scan network from both inside and outside Scan network from both inside and outside Audit systems Audit systems Focus on Unix/Linux and Windows Focus on Unix/Linux and Windows Eliminate externally accessible vulnerabilities Eliminate externally accessible vulnerabilities Eliminate internally accessible vulnerabilities Eliminate internally accessible vulnerabilities Search for Trojan horse program Search for Trojan horse program

15 Rochester Institute of Technology Secure IT 2007 Our goal To secure every possible path into our systems To secure every possible path into our systems

16 Rochester Institute of Technology Secure IT 2007 Network Audit Secure the DMZ Secure the DMZ Map the hosts in the DMZ Map the hosts in the DMZ Audit goal: Audit goal: Make sure there are no extra ports open on the DMZ hosts Make sure there are no extra ports open on the DMZ hosts Once you find out the open ports/services, use vulnerability tools to find any possible vulnerabilities associated with these services Once you find out the open ports/services, use vulnerability tools to find any possible vulnerabilities associated with these services

17 Rochester Institute of Technology Secure IT 2007 Scan directions From outside to eliminate externally accessible vulnerabilities From outside to eliminate externally accessible vulnerabilities Form inside to eliminate internally accessible vulnerabilities Form inside to eliminate internally accessible vulnerabilities

18 Rochester Institute of Technology Secure IT 2007 Perimeter Devices Audit Company policy/procedure review and interviews Company policy/procedure review and interviews Perimeter configuration Perimeter configuration Rule validation and perimeter penetration test Rule validation and perimeter penetration test From outside From outside From inside From inside

19 Rochester Institute of Technology Secure IT 2007 Web server and application audit Web server audit Web server audit Apache Apache Windows IIS Windows IIS Web applications audit Web applications audit Commercial/free tools Commercial/free tools AppScan from Firewatch AppScan from Firewatch Hailstorm from Cenzic Hailstorm from Cenzic Nikto Nikto

20 Rochester Institute of Technology Secure IT 2007 Practice makes perfect Practice allows them to obtain the skills and knowledge necessary Practice allows them to obtain the skills and knowledge necessary Allow students to discover new vulnerabilities and techniques Allow students to discover new vulnerabilities and techniques

21 Rochester Institute of Technology Secure IT 2007 The goal of the lab component The goal of the labs is to The goal of the labs is to provide students with hands-on experience in utilizing sophisticated technological tools provide students with hands-on experience in utilizing sophisticated technological tools to conduct vulnerability and validation testing on systems and networks. to conduct vulnerability and validation testing on systems and networks.

22 Rochester Institute of Technology Secure IT 2007 Challenges How to quarantine the vulnerable systems/networks in a controlled environment so that no risks are introduced to the rest of the networks How to quarantine the vulnerable systems/networks in a controlled environment so that no risks are introduced to the rest of the networks How to choose the appropriate tools and techniques How to choose the appropriate tools and techniques How to design the labs to fit in our future lab plan How to design the labs to fit in our future lab plan

23 Rochester Institute of Technology Secure IT 2007 Lab Exercise Design Virtual environment with VMware Virtual environment with VMware Select appropriate tools combining commercial tools with free tools Select appropriate tools combining commercial tools with free tools Nmap, Nessus, nikto, firewalk, cheops-ng, tripwire, windows’ tools, Linux/Univ tools, hping2, RAT,… Nmap, Nessus, nikto, firewalk, cheops-ng, tripwire, windows’ tools, Linux/Univ tools, hping2, RAT,… AppScan, N-stalker, hailstorm AppScan, N-stalker, hailstorm Closely tracks lecture content Closely tracks lecture content

24 Rochester Institute of Technology Secure IT 2007 Lab topics Lab 1: Network Discovery and Vulnerability Scanning Lab 1: Network Discovery and Vulnerability Scanning Lab 2: Network audit and analysis within DMZ Lab 2: Network audit and analysis within DMZ Lab 3: Audits and validations of routers, firewalls and Intrusion Detection System (IDS) configuration and technical rule bases Lab 3: Audits and validations of routers, firewalls and Intrusion Detection System (IDS) configuration and technical rule bases Lab 4: Audits of Unix/Linux systems including FreeBSD server and workstation, Fedora Core and Debian workstation Lab 4: Audits of Unix/Linux systems including FreeBSD server and workstation, Fedora Core and Debian workstation Lab 5: Audits of Windows systems including Windows 2000 Server, Windows 2003 server, Windows 2000 Pro and Windows XP. Lab 5: Audits of Windows systems including Windows 2000 Server, Windows 2003 server, Windows 2000 Pro and Windows XP. Lab 6: Audits of Web servers (Apache and Microsoft IIS) and applications Lab 6: Audits of Web servers (Apache and Microsoft IIS) and applications Lab 7. Create Alive CD Lab 7. Create Alive CD Project: Demonstrate tools used for auditing Project: Demonstrate tools used for auditing

25 Rochester Institute of Technology Secure IT 2007 Lab diagram

26 Rochester Institute of Technology Secure IT 2007 Physical Lab Design Dedicated hard drives Dedicated hard drives VMWares VMWares / BackTrack / Hakin9/ etc / BackTrack / Hakin9/ etc Imaging system Imaging system Air-gap capability Air-gap capability

27 Rochester Institute of Technology Secure IT 2007 How did labs work? Labs are effective at conveying and applying techniques discussed and discovered in lecture. Labs are effective at conveying and applying techniques discussed and discovered in lecture. General Student Feedback General Student Feedback Enjoyed hands-on learning Learned a lot through the labs. Appreciated the dedicated forensics machines/drives The final project allow us to build a VMware image and apply our favorite tools on the system. We learned a lot from others too The final project allow us to build a VMware image and apply our favorite tools on the system. We learned a lot from others too

28 Rochester Institute of Technology Secure IT 2007 Things can be improved Lack of time was an issue (insufficient time for great depth of study.) Combining the vulnerabilities to one machine allows in depth auditing Get rid of duplicate tools Focus on the audit report Reduce the time to set up the VMware images Labs need further tweaking

29 Rochester Institute of Technology Secure IT 2007 Future direction Remote lab systems Remote lab systems Split the course to two Split the course to two Training of other faculty Training of other faculty

30 Rochester Institute of Technology Secure IT 2007 What did we miss? Suggestions? Suggestions? Questions? Questions?

Download ppt "Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan"

Similar presentations

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur,

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur,
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Copyright, 2005 Pinnacle Entertainment, Inc. 1 Auditing the Windows Network Bart A. Lewin Chief Technology Officer Pinnacle Entertainment, Inc. CS 3-2.

Copyright, 2005 Pinnacle Entertainment, Inc. 1 Auditing the Windows Network Bart A. Lewin Chief Technology Officer Pinnacle Entertainment, Inc. CS 3-2.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google