Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Policy. Topics for Discussion IT Security in the Business – Risk, Audit Support, Compliance Policies, Standards, and Procedures – IT Security’s.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Policy. Topics for Discussion IT Security in the Business – Risk, Audit Support, Compliance Policies, Standards, and Procedures – IT Security’s."— Presentation transcript:

1 Security Policy

2 Topics for Discussion IT Security in the Business – Risk, Audit Support, Compliance Policies, Standards, and Procedures – IT Security’s Role in Creation and Enforcement Typical IT Security Technical Work – Intrusion Detection/Prevention – Ethical Hacking/Penetration Testing

3 The CISO Agenda Core Functions Business RegulatoryCompliance TechnologyEnablement Alignment with Business Goals / Objectives Brand Protection & Enhancement Linkage to Enterprise Risk Mgmt Risk Mgmt Metrics / Benchmarking Business Continuity Compliance / Internal Audit Disaster Recovery Strategy Privacy / Security Breach Vulnerability / Patch Management Staffing Support High Availability Identity Management M&A Executive / Board Reporting Executive / Board Reporting Mobile Computing Evolving Threats Managing 3rd Party Risk (Outsourcers) Culture / Awareness CISO

4 Risk IT Security performs a critical role in assessing risk in the organization. Vulnerability Scanning Penetration Testing Industry Trends IT Strategy Familiarity with Audit and Compliance measures

5 Audit Support In many cases, IT Security is heavily relied upon to perform in depth testing required by an audit organization. Security is enlisted by audit because: Technical expertise Familiarity with current issues from internal testing Familiarity with Policies, Standards, and Procedures

6 Compliance Compliance may relate to internal compliance or external compliance. Internal compliance: Policies and Standards Security and Configuration baselines Framework use – ISO, COBIT, ITIL, GAISP, NIST Best Practices

7 Compliance cont’d External compliance: SOX (Sarbanes Oxley) – COSO Framework HIPAA PCI Safe Harbor

8 ISO Leading Practices Source: www.rsa.com

9 Compliance in Action Source: www.rsa.com

10 Internal Policy IT Security is regularly tasked with creation and enforcement of IT policies, standards, and procedures. Creation and enforcement of these documents require: Understanding of audit roles and procedures Familiarity with all systems, networks, and applications Compliance considerations

11 Internal Policy cont’d Definitions: A Policy is a set of directional statements and requirements aiming to protect corporate values, assets and intelligence. Policies serve as the foundation for related standards, procedures and guidelines. A Standard is a set of practices and benchmarks employed to comply with the requirements set forth in policies. A standard should always be a derivation of a policy, as it is the second step in the process of a company’s policy propagation. A Procedure is a set of step-by-step instructions for implementing policy requirements and executing standard practices.

12 Internal Policy cont’d

13 Policy creation and enforcement cycle

14 Policy Business Case A top 5 global food retailer has a massive IT/IS infrastructure and good governance….but no real policies! Policies are the foundation for enforcing IT compliance and governance. What policies were written for the client…

15 Policy Business Case cont’d Policies written for IT Security: Acceptable Use Policy Information Classification & Ownership Policy Risk Assessment & Mitigation Policy Access Control Policy Network Configuration and Communication Policy Remote Access Policy Business Continuity Policy Incident Response Policy Third Party Data Sharing Policy System Implementation & Maintenance Secure Application Development Cryptography & Key Management Mobile Computing Physical & Environmental Security

16 Policy Business Case cont’d Sample Policies

17 Ethical Hacking Ethical hacking is a very common profession within the IT security industry. White hat, Grey hat, Black hat Sometimes synonymous with penetration testing – A method of assessing the security posture of a system or network by simulating an “attack”

18 Ethical Hacking Why perform an ethical hack? Determine flaws and vulnerabilities Provide a quantitative metric for evaluating systems and networks Measure against pre-established baselines Determine risk to the organization Design mitigating controls

19 Ethical Hacking

20 Administrative items: Authorization letter – “Get out of jail free card” Risk report – Likelihood of risk – Mitigation plans – Trends (performed with recurring clients)

21 Q & A ANY QUESTIONS?

22 Slide material sourced from the Black Hat presentation presented by Sean Convery of Cisco Systems Layer 2 Hacking

23 Topics for Discussion Layer 2 Protocols and Weaknesses – ARP – MAC/CAM – VLAN/Encapsulation – STP/BPDU – DHCP – MPLS – BGP Tools Carrier “Ethernet” Appendix

24 Why Layer 2

25 ARP ARP Spoofing is the process of sending a crafted ARP request across the network to enable the sniffing of one or many hosts on a network. ARP poisoning is also a similar attack but you attack all hosts on a subnet. This is useful to ARP spoof the address of a switch or router so all traffic can be send through you!

26 ARP Poisoning

27 Start Sniffing

28 ARP Poisoning Scan for hosts

29 ARP Poisoning

30

31 Select the machines to poison We chose to ARP poison only the windows machine 192.168.1.2 and the router 192.168.1.1. Highlight the line containing 192.168.1.1 and click on the "target 1" button. Highlight the line containing 192.168.1.2 and click on the "target 2" button. If you do not select any machines as target, all the machine inside the subnet will be ARP poisoned.

32 ARP Poisoning

33

34

35 To recap the information found using Wireshark (or another sniffer) – 192.168.1.1 is at 11:22:33:44:11:11 (Router) – 192.168.1.2 is at 11:22:33:44:55:66 (Host) – 192.168.1.100 is at 11:22:33:44:99:99 (Attacker)

36 ARP Poisoning Before the ARP poisoning: SRC: 11:22:33:44:55:66 (host) DST: FF:FF:FF:FF:FF:FF (gateway/router) Message: Who has 192.168.1.1? Tell 192.168.1.2 SRC: 11:22:33:44:11:11 (gateway/router) DST: 11:22:33:44:55:66 (host) Message: 192.168.1.1 is at 11:22:33:44:11:11

37 During/After ARP Poisoning/Spoof Executing the ARP poisoning/spoof: Before: 192.168.1.1|11:22:33:44:11:11 (in host ARP table) Execution SRC: 11:22:33:44:99:99 DST: 11:22:33:44:55:66 (Host) Message: 192.168.1.1 is at 11:22:33:44:99:99 After attack: 192.168.1.1| 11:22:33:44:99:99 (in host ARP table)

38 ARP Poisoning

39 What to do once poisoned? – Man In The Middle Attacks DNS Spoof Manipulate Connections Steal Info Redirect Sessions SSH/Protocol Downgrade Attack

40 ARP Spoof Defense SARPI & DARPI: Static and Dynamic ARP inspection. Not practical -- Requires an agent on every host. DHCP Snooping: Keeps a record of each MAC address connected to a port and hence can detect false ARP responses. – Widely used on commercial network gear. – Can be easily circumvented by not using DHCP. This is the most common defense since almost all networks require a DHCP address be assigned, but it is not perfect. Static Mapping: Statically mapping IP-MAC relationships is an easy way to defend against only simple ARP Spoof attacks

41 ARP Spoof Defense Monitoring: There are numerous products and software packages that can actively monitor ARP requests and caches to clean caches and identify ARP attacks. – ARPDefender (appliance in network) – Arpwatch (software) – Xarp (software) – anti-arpspoof (software)

42 Exploiting Simple Masking Errors Here’s a rule on a Cisco firewall: –access-list outside permit ip 10.11.12.0 255.255.255.0 host a.b.c.d – That says “allow anyone in 10.11.12.* to reach a.b.c.d ” Here’s the same rule in Cisco IOS: –permit ip 10.11.12.0 0.0.0.255 host a.b.c.d – That does (almost) the same thing Note the way you have to write the mask “backwards” in IOS Suppose you forget – you say: –permit ip 10.11.12.0 255.255.255.0 host a.b.c.d – That “looks right”, even to very experienced technical folks What does that do?

43 Exploiting Simple Masking Errors The Backwards Mask: –permit ip 10.11.12.0 255.255.255.0 host a.b.c.d What does it do? It really looks like “permit one subnet” It actually permits 16,777,216 different hosts – Every address that ends in a zero Once you know this happens, the lesson is obvious – When in an unknown network, set your IP to something like *.*.*.0 – You may find a lot of doors suddenly spring open! In many networks, the right source IP grants magic access

44 MAC/CAM Every switch uses a Content Addressable Memory (CAM) space to store the physical address of a hosts so it knows where to send data destined for a host. This memory space of course has a limitation. In order to place a MAC in CAM the switch hashes all the various information regarding the host: MAC, VLAN, etc.

45 MAC/CAM There are tools like macof and dsniff that can generate thousands of CAM entries per minute. Why? To flood the CAM table. Once the CAM is flooded, all traffic on the switch is sent to all physically connected hosts because the switch cannot determine what traffic goes where, thereby allowing you to see all traffic on the switch.

46 MAC/CAM

47 CAM Flood Defense Port Security: This requires writing the MAC address of the host allowed to use a specified port on each port description in the switch configuration. Hard to implement. Not Scalable. Sticky MAC: Sticky MAC addresses allow MAC addresses to be dynamically learned and limit port access to said MAC address. The MAC address will be learned when the first MAC address attempts to connect to the port and will be written to the running configuration.

48 Hakipedia www.hakipedia.com

Download ppt "Security Policy. Topics for Discussion IT Security in the Business – Risk, Audit Support, Compliance Policies, Standards, and Procedures – IT Security’s."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Address Resolution Protocol.

CISCO NETWORKING ACADEMY Chabot College ELEC Address Resolution Protocol.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Introduction to Switched Networks Routing and Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 2: Introduction to Switched Networks Routing and Switching.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Similar presentations

Ads by Google