Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 10 Conducting Security Audits.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 10 Conducting Security Audits."— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition Chapter 10 Conducting Security Audits

2 Security+ Guide to Network Security Fundamentals, Third Edition Objectives Define privilege audits Describe how usage audits can protect security List the methodologies used for monitoring to detect security-related anomalies Describe the different monitoring tools 2

3 Security+ Guide to Network Security Fundamentals, Third Edition Privilege Auditing _________ methodical ________ and ________ of something that ___________________ of findings A _________ can be considered a _____________ __________________________ ____________________________ (PoLP)  Users should be given only the _____________________ necessary to perform his or her job function ____________________________  Reviewing a _____________________________________  Requires knowledge of privilege management, how privileges are assigned, and how to audit these security settings More to come on each of these…. 3

4 Security+ Guide to Network Security Fundamentals, Third Edition Privilege Management ___________________________  The process of ___________________________ to objects Roles of owners and custodians are generally well-established  Where those roles fit into the organization often depends upon how the organization is structured The ______________ for privilege management can be either ______________ ______________________________ 4

5 Security+ Guide to Network Security Fundamentals, Third Edition Privilege Management (continued) In a _______________ structure  ____________ is _____________________ of assigning or revoking privileges  All custodians are part of that unit A _____________ organizational structure for privilege management  Delegates the authority for assigning or revoking privileges _____________________________ __________________________ 5

6 Security+ Guide to Network Security Fundamentals, Third Edition Assigning Privileges The foundation for assigning privileges is dictated by the existing access control model Recall that there are four major access control models:  Mandatory Access Control (MAC)  Discretionary Access Control (DAC)  Role Based Access Control (RBAC)  Rule Based Access Control (RBAC) 6

7 Security+ Guide to Network Security Fundamentals, Third Edition Auditing System Security Settings Auditing system security settings for user privileges involves:  A regular _______________________  Using ______________________  Implementing ______________________ More to come on each of these 7

8 Security+ Guide to Network Security Fundamentals, Third Edition Auditing System Security Settings (continued)- User access and rights review: It is important to periodically review user access ______________________ Most organizations have a _____________ that mandates regular reviews Reviewing user access rights for logging into the network can be performed on the _____________________ Reviewing user permissions over objects can be viewed on the _______________ 8

9 Security+ Guide to Network Security Fundamentals, Third Edition9

10 Auditing System Security Settings (continued)- Group Policies Instead of setting the same configuration baseline on each computer, a ______________ can be created Security template  A method to ___________________________________ On a Microsoft Windows computer, one method to deploy security templates is to use ___________  A feature that provides __________________________ ____________________ of computers and remote users who are using Active Directory (AD) 10

11 Security+ Guide to Network Security Fundamentals, Third Edition Auditing System Security Settings (continued)- Group Policies The ____________________________ within group policies are known as Group Policy Objects (______).  GPOs are a ______________________________ that can be applied to user objects or AD computers Settings are manipulated using administrative template files that are included within the GPO 11

12 Security+ Guide to Network Security Fundamentals, Third Edition Auditing System Security Settings (continued)- Storage and retention policies Information lifecycle management (______)  A set of strategies for ____________________________ ________ computer storage systems in order to _________ ILM strategies are typically recorded in storage and retention ___________________  Outline the requirements for data storage _____________________ 1 st step in developing storage and retention policies  Assigns a ____________________________________ ___________ and regulation requirements to __________ Example on next slide… 12

13 Security+ Guide to Network Security Fundamentals, Third Edition Auditing System Security Settings (continued)- Storage and retention policies 13

14 Security+ Guide to Network Security Fundamentals, Third Edition Auditing System Security Settings (continued)- Storage and retention policies Grouping data into _________ often requires the assistance of the users who save and retrieve the data on a regular basis The 2 nd step is to ______________________ __________________________________ Occasional _____________ of storage and retention policies is important 14

15 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing ____________________  Audits what objects a user has ____________________  Involves an examination of _____________________ ______________________ and how frequently Sometimes access privileges can be very ________ Usage auditing can help _____________________ ____________________  Permissions given to a higher level “parent” will also be ___________________________  Adds to the complexity of access privileges  See example on next slide 15

16 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing (continued) 16

17 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing (continued) Inheritance becomes more complicated with ______ GPO inheritance  Allows administrators to set a ____________________ ______________________ in the Microsoft AD Other administrators can apply more specific policies at a lower level  That apply only to subsets of users or computers GPOs that are _________________________ are processed _______________  Followed by the order that policies were linked to a container object 17

18 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Log Management A ______ is a record of events that occur Logs are composed of ____________________  Each entry contains _____________________________ that has occurred Logs – from both hardware and software systems- have been used primarily for _______________ problems __________________________  The process for ________________________________ ___________________ of computer security log data 18

19 Usage Auditing involves Log Management (continued) Security _____________________  Antivirus software  Remote Access Software  Automated patch update service Security __________________________  Network intrusion detection systems (NIDS) and host and network intrusion prevention systems (HIPS/NIPS)  Domain Name System (DNS)  Authentication servers  Proxy servers  Firewalls- more info a few slides down… Security+ Guide to Network Security Fundamentals19

20 Security+ Guide to Network Security Fundamentals, Third Edition20

21 Security+ Guide to Network Security Fundamentals, Third Edition21 Usage Auditing involves Log Management (continued)

22 Security+ Guide to Network Security Fundamentals, Third Edition22 Usage Auditing involves Log Management (continued)

23 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Log Management (continued) Types of items that should be examined in a _________________ include:  IP addresses that are being rejected and dropped  Probes to ports that have no application services running on them  Source-routed packets  Suspicious outbound connections  Unsuccessful logins 23

24 Security+ Guide to Network Security Fundamentals, Third Edition24 Usage Auditing involves Log Management (continued)

25 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Log Management (continued) Operating System (OS) logs  Two common types of security related OS logs: 1. _____________________________ 2. ____________________________ ___________________  An occurrence within a software system that is communicated to users or other programs ___________ _______________________ 1. System events  _____________________ that are performed by the ________________________ 25

26 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Log Management (continued) System events that are commonly recorded include:  _________________________________  ____________________ information 2. Logs based on audit records  The second common type of security-related operating system logs  Audit records that are commonly recorded include: _____________________________ ______________________________ 26

27 Security+ Guide to Network Security Fundamentals, Third Edition27

28 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Log Management (continued) Log management _______________:  A routine review and analysis of logs helps to __________________, policy violations, fraudulent activity, and _________________ shortly after they have occurred  Logs can also be used in providing information for ___________________________  Logs may be useful for ___________________ __________, supporting the organization’s internal investigations, and identifying operational trends and long-term problems 28

29 Security+ Guide to Network Security Fundamentals, Third Edition29

30 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Log Management (continued) It is recommended that organizations enact the following log management solutions:  Enact ______________________  Establish __________________ and procedures for log management  Maintain a ____________________ infrastructure  Prioritize log management throughout the organization  Use __________________________  Provide adequate support 30

31 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Change Management ___________________________  Refers to a methodology for ____________ and ___________________________, often manually  Seeks to approach changes _____________ and provide the necessary __________________ of the changes Two major types of changes regarding security that are routinely documented  Any change in _______________________  _______________ classification 31

32 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Change Management (continued) Change management team (CMT)  Created to ________________________  Any proposed change must first be approved by the CMT The team might be typically composed of:  Representatives from all areas of IT (servers, network, enterprise server, etc.)  Network security  Upper-level management 32

33 Security+ Guide to Network Security Fundamentals, Third Edition Usage Auditing involves Change Management (continued) The duties of the CMT include:  Review proposed changes  Ensure that the risk and impact of the planned change is clearly understood  Recommend approval, disapproval, deferral, or withdrawal of a requested change  Communicate proposed and approved changes to co-workers 33

34 Security+ Guide to Network Security Fundamentals, Third Edition Monitoring Methodologies and Tools There are several types of instruments that can be used on systems and networks to _______________________________ Monitoring involves ___________________, ________________________________ Monitoring methodologies include _________ ____________________ and ______________________ monitoring More to come on each of these… 34

35 Security+ Guide to Network Security Fundamentals, Third Edition Methodologies for Monitoring Anomaly-based monitoring  Designed for detecting ________________  _______________________ A ___________________ – considered “normal” for that network- against which ______________________ __________________  Whenever there is a ____________________ from this baseline, an alarm is raised Advantage  ___________ the anomalies ______________ 35

36 Security+ Guide to Network Security Fundamentals, Third Edition Methodologies for Monitoring (continued) Anomaly-based monitoring (continued) ________________________  Alarms that are raised when there is _________ _______________________ Normal behavior can change easily and even quickly  Anomaly-based monitoring is _____________ __________________________ 36

37 Security+ Guide to Network Security Fundamentals, Third Edition Methodologies for Monitoring (continued) Signature-based monitoring  Compares activities against a _________________  Requires access to an ____________________________ Current behavior must then be compared against a collection of signatures Weaknesses  The signature databases must be __________________  As the number of signatures grows the behaviors must be ___________________________________________ of signatures 37

38 Security+ Guide to Network Security Fundamentals, Third Edition Methodologies for Monitoring (continued) Behavior-based monitoring  Designed to be ______________________ instead of reactive  Uses the “normal” ____________________ as the standard  Continuously analyzes the behavior of processes and programs on a system Alerts the user if it detects any _________________ Advantage  _________________ to update signature files or compile a baseline of statistical behavior 38

39 Security+ Guide to Network Security Fundamentals, Third Edition Methodologies for Monitoring (continued) 39

40 Security+ Guide to Network Security Fundamentals, Third Edition Three Monitoring Tools 1. Performance baselines and monitors  __________________________ A reference set of data established to _____________ _____________________ for a system or systems  Data is accumulated through the ___________ _________________ and networks through _____________________________  _____________ is compared with the baseline data to determine how closely the norm is being met and if any adjustments need to be made 40

41 Security+ Guide to Network Security Fundamentals, Third Edition Three Monitoring Tools (continued) 2.______________________  A low-level system program that uses a __________________ designed to monitor and ______________________ on a desktop system, server, or even a PDA or cell phone Some system monitors have a Web-based interface System monitors generally have a fully customizable notification system 41

42 Security+ Guide to Network Security Fundamentals, Third Edition Three Monitoring Tools (continued) 3. ___________________________  Also called a ____________________  ____________________________________ its contents  Can fully decode application-layer network protocols  The different parts of the protocol can be analyzed for any suspicious behavior 42

43 Security+ Guide to Network Security Fundamentals, Third Edition Summary A “privilege” can be considered a subject’s access level over an object Auditing system security settings for user privileges involves a regular review of user access and rights Information lifecycle management (ILM) is a set of strategies for administering, maintaining, and managing computer storage systems in order to retain data Usage auditing involves an examination of which subjects are accessing specific objects and how frequently 43

44 Security+ Guide to Network Security Fundamentals, Third Edition Summary (continued) Logs related to computer security have become particularly important Change management refers to a methodology for making changes and keeping track of those changes, often manually Monitoring involves examining network traffic, activity, transactions, or behavior in order to detect security-related anomalies 44

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 10 Conducting Security Audits."

Similar presentations

IP ADDRESS MANAGEMENT [IPAM]

IP ADDRESS MANAGEMENT [IPAM]
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Department Of Computer Engineering

Department Of Computer Engineering
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google