1 / 17

Security Administration Tools

Security Administration Tools. Hanan Hibshi & Tim Vidas. Putting it All Together. Web browser and Web security  PKI and Secure Communication Phishing & Semantic Attacks User Education  Passwords, graphical passwords and alternatives Challenge Questions Access Control  Other issues.

ekram
Download Presentation

Security Administration Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Administration Tools Hanan Hibshi & Tim Vidas

  2. Putting it All Together • Web browser and Web security  • PKI and Secure Communication • Phishing & Semantic Attacks • User Education  • Passwords, graphical passwords and alternatives • Challenge Questions • Access Control  • Other issues...

  3. Why Security Administration? • Hackers. • Attacks. • Vulnerabilities. • Terrorism. • etc. • Thus, we need front liners!

  4. Who? • Security Admin Personnel  • Can be one person • Can be a team • Scalability: size of organization, cost….

  5. Why can’t one person do it? • Too many things to keep track of.  • Monitoring and maintenance of a number of complicated tasks.  • Need to "keep an eye" • Security tools supposed to be "to the rescue" • Make administrators life easier • Provide them with better reporting and monitoring • Paper in assigned readings defined a number of factors: • Organizational • Human • Tools themselves

  6. Common Tools • Network Traffic and Packet analyzers • Wireshark, TCP Dump, Cain and Able (PW), Ntop, Netcat • Vulnerability Testing • Metasploit, Nessus • Intrusion Detection Systems (IDS) • Snort, Splunk • File/host integrity tools • Tripwire • Others • OpenSSH honeypots, Scripting tools, Websecurity

  7. Wireshark - ScreenShot

  8. Wireshark – Screenshot 2

  9. TCPdump – Screenshot

  10. Cain and Abel

  11. Ntop – Screenshot

  12. Ntop – Screenshot 2

  13. Metasploit - Screenshot

  14. Nessus - Interface

  15. Snort - Screenshot

  16. Problems • GUI vs. Command line • Technical background • Is usability important anyway? • Issues: • Too much to look at • No single data format for output • Out-of-sync clocks • The human!

  17. Some Proposed Solutions • Visualizations • Training users • Understand implications • Understand least privilege • Understanding different players: organization, human, tools • Improving IDS Usability • Assist users with configuration and installation • Some other recommendations • Heuristics evaluation • Developed ITSM Heuristics • Compared ITSM to Nielsen’s Heuristics • With ITSM Heuristics, more problems were found

More Related