1 / 27

CIT 443

CIT 443. FCAPS – Security Management. Announcements. Listserv Readings The Definitive Guide to Security Management Whitehat Web Security Whitepaper. Security Management.

happy
Download Presentation

CIT 443

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CIT 443 FCAPS – Security Management

  2. Announcements • Listserv • Readings • The Definitive Guide to Security Management • Whitehat Web Security Whitepaper

  3. Security Management • Security management is concept that deals with protection of data in a network system against unauthorized access, disclosure, modification, or destruction and protection of the network system itself against unauthorized use, modification, or denial of service.

  4. CIA Model • Confidentiality • Integrity • Availability • Provides for the prevention of security vulnerabilities, the detection and remediation of breeches in security .

  5. Confidentiality • The security management tenet that only authorized users, processes, & or devices can access data/information. • aka Privacy

  6. Integrity • Data &/or Information is complete, accurate, up-to-date, and free from unauthorized/undocumented changes • It is important to understand the scope of the data/information • What is the source of the data? • Where is the data stored? • Who has authorized access to the data? • What applications make use of the data?

  7. Availability • All data, servers, and communications equipment must be available when the resources are needed. • Goal: Prevent uncontrolled resource outage(s) through proactive steps • Graceful Service degradation • Recovery-Oriented approach

  8. Beyond CIA • “Information security [security management] must preserve both availability and utility, integrity and authenticity, and confidentiality and possession of information.” (Parker, 1999) Parker, D (1999). Advancing Security. Information Security Magazine Online. Retreived on Feb 6, 2007 from http://infosecuritymag.techtarget.com/articles/1999/parker2.shtml

  9. Enforcing Security Management • Network Security by Design • System Monitoring • Security Awareness Training • Personnel Background Checks • Secure Software Development Practices

  10. Information Security Concept Flow impose Protective Measures Owners May be aware of That may possess To reduce May be reduced by Threat agents Leading to vulnerabilities Risk That exploit Give rise to to That increase Wish to minimize threats Assets Wish to abuse and/or may damage value

  11. Security Management - Where? • Perimeter Security • System Security • Security Policies

  12. Perimeter Security: Best Practices • Actively monitor ALL TCP ports to detect intrusion attempts • Block unused TCP ports - minimum requirement for perimeter security • Exercise a default deny: • More effective security practice than port blocking • Easier on router and firewall administrators • Configurations and control lists tend to be shorter • Warning: blocking some TCP ports may disable needed services • Beware of: • Rogue modems • Trojan e-mail attachments • User activity behind the filter point

  13. Perimeter Security: Best Practices • ICMP: Forego legitimate uses of ICMP to block some known malicious uses? • Block incoming echo request (ping and Windows traceroute) • Block outgoing echo replies, time exceeded, and destination unreachable messages • Ingress Filtering: • Block “spoofed” addresses - packets coming from outside your company sourced from internal addresses • Block private addresses (RFC 1918) and IANA reserved addresses http://www.iana.org/assignments/ipv4-address-space • Block packets bound for (undocumented) broadcast or multicast addresses • Block source-routed packets • Block packets with IP options set • Egress Filtering: • Block “spoofed” packets originating from your network. • Allow packets sourced from your assigned addresses to be routed out of your organization

  14. What *is* Source Routing? • Defined in RFC791 • IP option which allows the originator of a packet to specify: • What path that packet will take • What path return packets will take • Useful when the default route that a connection uses fails or is in a sub-optimal state • Source routing is often abused by malicious users on the Internet • Make machine A think it is talking to machine B, when it is really talking to a third machine (C) • This means that C (the attacker) has control over B's IP address for some purposes • Resolution: Configure network devices to ignore source-routed packets where appropriate • For some operating systems, a kernel patch is required to make this work correctly (notably SunOS 4.1.3) • Last Resort - If disabling source routing on all your clients is not possible: • Disable source routing at every router • foobar(config-if)#no ip source-route

  15. System Security: Considerations • Most worms and cyber attacks target vulnerabilities in a few common operating system services. • Attackers are opportunistic: • Count on organizations not fixing the problems • Scan the Internet for vulnerable systems • Attack indiscriminately, usually taking the path of least resistance • Exploit the best-known flaws • Utilize the most effective and widely available attack tools • The spread of worms is tied to exploited vulnerabilities

  16. SANS - Top Vulnerabilities to Windows Systems (2005) • Web Servers & Services • Workstation Service • Windows Remote Access Services • Microsoft SQL Server (MSSQL) • Windows Authentication • Web Browsers • File-Sharing Applications • LSAS Exposures • Mail Client • Instant Messaging

  17. SANS - Top Vulnerabilities to UNIX Systems (2005) • BIND Domain Name System • Web Server • Authentication • Version Control Systems • Mail Transport Service • Simple Network Management Protocol (SNMP) • Open Secure Sockets Layer (SSL) • Mis-Configuration of Enterprise Services NIS/NFS • Databases • Kernel

  18. SANS Institute • Instead of OS specific vulnerabilities, now publishes vulnerabilities by area: • OS • Cross-Platform • Network Devices • Security Policy & Personnel • Special Areas

  19. Security Management Policy • Must meet the needs of the business from both a productivity perspective as well as a security perspective • Requirements generated both internally (operational requirements) and externally (legal requirements) • Ultimately, businesses are responsible for protecting their assets

  20. System Security Strategy • Keep an inventory of all software installed on network systems • Prevent users from installing software • Keep ALL systems patched with the latest updates for system software • Don’t forget to patch system firmware! • Manage Risk

  21. Risk Management • The purpose of risk management is to balance the needs of the business to have access to all resources against the cost of guaranteeing access to those resources via necessary safeguards

  22. Risk Management Process • Determine Value of Assets • Itemize Threats to Assets • Estimate Likelihood of Attack • Calculate Total Cost of Threats • Develop Action Plan • Mitigation • Insurance • Acceptance

  23. Security Management Policy • Multiple levels of policies • Granularity • Organizational • Functional • System • Incidents/Attacks will occur – need to have a policy to deal with Incident Response • Document compliance with every policy for every user, application, system, piece of equipment, etc.

  24. Security Management Trends • Centralized & Automated Solutions • Policy-Based Event Notification • Asset-Based Event Prioritization • Multi-Platform Correlation • Advanced Reporting • Auditing Systems – Compliance Verification

  25. Topics for Further Study • Identity Management • Security Management with Biometrics • Risk Management for IT (CIT 55x) • Securing Wireless Networks • VoIP Security – Special Considerations • Kerberos • Security Assertion Markup Language • Security Information Management? • Network Security Architecture

  26. Security Management –Network Elements • PBX • Hubs • Routers • Switches • Servers • Workstations • Firewalls • Wireless Access Points • Power Management Systems • Network SCADA Systems • Temperature Management Systems (HVAC) • Home Appliances? • Others?

  27. References • Sullivan, D. (2006). The Definitive Guide to Security Management. San Francisco, CA: Realtimepublishers. • http://www.ccert.edu.cn/education/cissp/hism/003-006.html#Heading1 • http://www.sans.org/top20/

More Related