1 / 26

SAFE AND SOUND

SAFE AND SOUND. INTRODUCTION. Elements of Security Auditing Applications to Customers Network. Modular Approach. User layer…….Server layer……..Network layer …………..interconnects (cabling)……………. User Layer. Thin-clients, or physically-secure workstations Login + passworded access

dewitt
Download Presentation

SAFE AND SOUND

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAFE AND SOUND

  2. INTRODUCTION Elements of Security Auditing Applications to Customers Network

  3. Modular Approach User layer…….Server layer……..Network layer …………..interconnects (cabling)……………

  4. User Layer Thin-clients, or physically-secure workstations Login + passworded access Access only to relevant services, applications Run background malware prevention software

  5. Server Layer Remove unnecessary services User groups to match physical topology Don’t run services as root / admin Run OS as read-only

  6. Network Layer Backup IOS, OS, data Distribute & centralise topology (failover, and ordered & documented design & layout) Use firewalls & logging Use IDS, IPS, traffic monitoring

  7. Cabling Use more secure cable types Use patch-panels and colour-coding Layouts that make testing, fault-finding easy

  8. Security Considerations

  9. Network Threats Viruses Tend to be inadvertently activated ….or may be installed deliberately

  10. Network Threats Worms Travel the internet, scanning for vulnerabilities Often disrupt networks by flooding, forking

  11. Network Threats Spiders and webbots Can be used maliciously – Automated signups, website duplication, spam

  12. Network Threats • Trojans • Masquerade as regular software • Tend to allow attacker to control infected machine

  13. Network Threats Spyware and Phishing Information stealing, user profiling Used in advert targeting, spam, ID theft

  14. Network Threats Spam Can contain other malware Congests networks

  15. Network Threats Delete traces of intrusions Alter logs Forensics get-around Bombs

  16. Solutions for Customer Separate physical network for WAN access Honeypot to track & ID intrusions Monitoring station for internal LANs

  17. Solutions for Customer Honeypot Mimics internal network or DMZ Allows profiling of network threats

  18. Solutions for Customer SAN - storage area network RAID 40 : RAID level 4 & RAID level 0 4 – block striping with parity: failure tolerant & faster rebuilds 0 – striping: faster writes

  19. Solutions for Customer RAID 40

  20. Tenable’s Security Center Each node is a router, hosts behind router

  21. Advisor Parallel co-ordinate plot of firewall logs

  22. Flamingo Port scan 1 source many targets

  23. Rumint Visualisation Jamming Attack

  24. Psad Nachi worm network behaviour Red nodes are ICMP packets

  25. Web server log, Raju Varghese Spider attack on web server from single IP Red colouration indicates 5xx status codes

  26. f i n Network monitoring visualisations from: http://www.secviz.org/category/image-galleries/graph-exchange

More Related