1 / 34

System Admin Security Training

System Admin Security Training. Orange Team. Overview. System Admin Duties Employee Documents and Security Controls Security Threats Threat Mitigation Incident Response. System Admin Duties. Perform backup and restore data Add and remove users Add and remove hardware and software

arlo
Download Presentation

System Admin Security Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Admin Security Training Orange Team

  2. Overview • System Admin Duties • Employee Documents and Security Controls • Security Threats • Threat Mitigation • Incident Response

  3. System Admin Duties • Perform backup and restore data • Add and remove users • Add and remove hardware and software • Configure and maintain hardware and software • General user support • Maintain documentation and licenses • Negotiate with vendors • System planning • Security management

  4. System Admin Duties • Monitor system resource usage and performance • Detect and correct problems • Optimize performance • Manage resources • Automate tasks • Determine and enforce usage policy • Educate users • Corporate priority liaison

  5. A Lot Of Things To Do… • … and it’s better to do them securely! • “Bake in” security • Can’t anticipate all problems • Can limit the problems you have

  6. Perform Backup and Restore Data • Encrypt backups • Secure storage • Physical access control • Environmental protections • Controlled restorations • No network connections • Clean destination (no malware) • Verified assistance

  7. Add and Remove Hardware and Software • Old accounts can be used as backdoor • Completely remove old access rights • Add users while adhering to… • Need-to-know • Minimum privilege

  8. Add and Remove Hardware and Software • Inform users of potential outages • Secure install • Configure first • Attach to network as late as possible • Secure removal • Install replacements first • Avoid loss of functionality • Dispose securely (data retrieval)

  9. Configure and Maintain Hardware and Software • Keep copies of configurations • Configure new elements before attaching to network • Use standard maintenance routines • Document • Update • Verified assistance

  10. General User Support • Beware of social engineering • Callers provide credentials • Educate users to safeguard credentials • Do not prompt • Safeguard credentials • Do not reveal unnecessarily • Protect methods for credential creation

  11. Maintain Documentation and Licenses • Document procedures • New SA education • Consistency • Audit Assurance • Do not use illegitimate software • Cheaper • Unethical • Illegal • Insecure

  12. Negotiate With Vendors • Licensed products can get expensive • Minimize the cost of secure behavior • Vendor relationships are important • Inform them of security concerns • Request new products/solutions • Receive updated hard/firm/software • Continued business is valued and will be rewarded

  13. System Planning • Scaling • Security problems and solutions scale differently • New node = new possible failure • New AV != more secure • Assessing new technology • Anticipate problems • “Shinier” does not mean “safer” • Anticipating and avoiding problems • Malware/attack trends • Follow day-to-day guidelines strictly

  14. Security Management • “An ounce of prevention is worth a pound of cure.” • Prioritize security • Ideal management solution • Simple • Reproducible • Covers security needs • Your job, not the users

  15. Monitor System Resource Usage and Performance • Do not invade privacy • Use data to… • Identify future purchases • Notice potential threats • Excessive or unusual usage • Antivirus logs • Ensure expectations are met (SLA)

  16. Detect and Correct Problems • Use system monitoring devices • Preemptive corrections • Patching • Updating • Upgrading • Reactive corrections • See incident response

  17. Optimize Performance • Users get frustrated with poor system performance • Users will optimize for themselves • Non-compliance • Installing adware/freeware • Working around slow or ineffective processes • Don’t optimize by removing/compromising security

  18. Manage Resources • Know what you have and use • Bad situations • Unaccounted-for router on network • Unconfigured workstation • Ordering unneeded license keys • Wasting resources leads to budget cuts and layoffs • Misplacing resources leads to vulnerabilities

  19. Automate Tasks • Script day-to-day tasks • Focus extra time on harder tasks • Don’t introduce security holes • Unauthorized use of privileged scripts/programs • Scripts disabling security features • Testing/Debugging/Configuration programs used on ‘live’ network

  20. Determine and Enforce Usage Policy • Correct usage is essential • Meaningless without enforcement

  21. Educate Users • A smart user is a safe user • Eliminate “low hanging fruit” • Social engineering • Bad links • Phishing emails • Removal media

  22. Corporate Priority Liaison • Competing goals • Management’s budget • Your security • Customer’s service needs • Employee convenience • Security needs to win • Sell to management • Educate users

  23. Employee Documents • Acceptable Use Policy (AUP) • Service Level Agreement (SLA) • Non-Disclosure Agreement (NDA) • Employee Contract Your responsibility to enact if there are no documents.

  24. Security Controls • Need-to-know • Security awareness training • Separation of duties • Job rotation • Vacations • Auditing/reviews

  25. Security Threats • External • Hacking • E-mail attacks • Internal • Malware • Ignorance • Insider

  26. Security Threats: Hacking • Exploitation of web services • Poorly configured gateways • Use of backdoors • Social engineering • Previous intrusion • Internal corroborator

  27. Security Threats: E-mail • Phishing • Spam • Trojans • Viruses

  28. Security Threats: Malware • Many sources • Hacking • Insider • Ignorance • Spreads quickly • Use up resources

  29. Security Threats: Ignorance • Clicking bad links • Poor e-mail discretion • Downloading malware • USB attacks

  30. Security Threats: Insider • Usually hardest to detect • They know the system • Sometimes privileged user • Disgruntled employee • Abuse of trust

  31. Threat Mitigation • Preparation • Security practices • Education • Incident Response Plan • If none, create one • Form a Computer Security Incident Response Team • Individuals capable of correct response • Include members of management

  32. Incident Response • Identify • Initial Response • Record basic details • Assemble CSIRT • Notify important individuals • Formulate strategy • Investigate • Thorough data collection • Determine what/who/how • Report • Resolve

  33. Rules To Work By • A smart user is a safe user • Policy enforcement is the first step to a secure system • Put security first in everything you do

  34. Bibliography Mandia, Kevin, Chris Prosise, and Matt Pepe. Incident Response & Computer Forensics. Second ed. N.p.: Brandon A. Nordin, n.d. 11-32. Print.

More Related