310 likes | 530 Views
CIT 443. FCAPS – Security Management. Announcements. Listserv Readings The Definitive Guide to Security Management Whitehat Web Security Whitepaper. Security Management.
E N D
CIT 443 FCAPS – Security Management
Announcements • Listserv • Readings • The Definitive Guide to Security Management • Whitehat Web Security Whitepaper
Security Management • Security management is concept that deals with protection of data in a network system against unauthorized access, disclosure, modification, or destruction and protection of the network system itself against unauthorized use, modification, or denial of service.
CIA Model • Confidentiality • Integrity • Availability • Provides for the prevention of security vulnerabilities, the detection and remediation of breeches in security .
Confidentiality • The security management tenet that only authorized users, processes, & or devices can access data/information. • aka Privacy
Integrity • Data &/or Information is complete, accurate, up-to-date, and free from unauthorized/undocumented changes • It is important to understand the scope of the data/information • What is the source of the data? • Where is the data stored? • Who has authorized access to the data? • What applications make use of the data?
Availability • All data, servers, and communications equipment must be available when the resources are needed. • Goal: Prevent uncontrolled resource outage(s) through proactive steps • Graceful Service degradation • Recovery-Oriented approach
Beyond CIA • “Information security [security management] must preserve both availability and utility, integrity and authenticity, and confidentiality and possession of information.” (Parker, 1999) Parker, D (1999). Advancing Security. Information Security Magazine Online. Retreived on Feb 6, 2007 from http://infosecuritymag.techtarget.com/articles/1999/parker2.shtml
Enforcing Security Management • Network Security by Design • System Monitoring • Security Awareness Training • Personnel Background Checks • Secure Software Development Practices
Information Security Concept Flow impose Protective Measures Owners May be aware of That may possess To reduce May be reduced by Threat agents Leading to vulnerabilities Risk That exploit Give rise to to That increase Wish to minimize threats Assets Wish to abuse and/or may damage value
Security Management - Where? • Perimeter Security • System Security • Security Policies
Perimeter Security: Best Practices • Actively monitor ALL TCP ports to detect intrusion attempts • Block unused TCP ports - minimum requirement for perimeter security • Exercise a default deny: • More effective security practice than port blocking • Easier on router and firewall administrators • Configurations and control lists tend to be shorter • Warning: blocking some TCP ports may disable needed services • Beware of: • Rogue modems • Trojan e-mail attachments • User activity behind the filter point
Perimeter Security: Best Practices • ICMP: Forego legitimate uses of ICMP to block some known malicious uses? • Block incoming echo request (ping and Windows traceroute) • Block outgoing echo replies, time exceeded, and destination unreachable messages • Ingress Filtering: • Block “spoofed” addresses - packets coming from outside your company sourced from internal addresses • Block private addresses (RFC 1918) and IANA reserved addresses http://www.iana.org/assignments/ipv4-address-space • Block packets bound for (undocumented) broadcast or multicast addresses • Block source-routed packets • Block packets with IP options set • Egress Filtering: • Block “spoofed” packets originating from your network. • Allow packets sourced from your assigned addresses to be routed out of your organization
What *is* Source Routing? • Defined in RFC791 • IP option which allows the originator of a packet to specify: • What path that packet will take • What path return packets will take • Useful when the default route that a connection uses fails or is in a sub-optimal state • Source routing is often abused by malicious users on the Internet • Make machine A think it is talking to machine B, when it is really talking to a third machine (C) • This means that C (the attacker) has control over B's IP address for some purposes • Resolution: Configure network devices to ignore source-routed packets where appropriate • For some operating systems, a kernel patch is required to make this work correctly (notably SunOS 4.1.3) • Last Resort - If disabling source routing on all your clients is not possible: • Disable source routing at every router • foobar(config-if)#no ip source-route
System Security: Considerations • Most worms and cyber attacks target vulnerabilities in a few common operating system services. • Attackers are opportunistic: • Count on organizations not fixing the problems • Scan the Internet for vulnerable systems • Attack indiscriminately, usually taking the path of least resistance • Exploit the best-known flaws • Utilize the most effective and widely available attack tools • The spread of worms is tied to exploited vulnerabilities
SANS - Top Vulnerabilities to Windows Systems (2005) • Web Servers & Services • Workstation Service • Windows Remote Access Services • Microsoft SQL Server (MSSQL) • Windows Authentication • Web Browsers • File-Sharing Applications • LSAS Exposures • Mail Client • Instant Messaging
SANS - Top Vulnerabilities to UNIX Systems (2005) • BIND Domain Name System • Web Server • Authentication • Version Control Systems • Mail Transport Service • Simple Network Management Protocol (SNMP) • Open Secure Sockets Layer (SSL) • Mis-Configuration of Enterprise Services NIS/NFS • Databases • Kernel
SANS Institute • Instead of OS specific vulnerabilities, now publishes vulnerabilities by area: • OS • Cross-Platform • Network Devices • Security Policy & Personnel • Special Areas
Security Management Policy • Must meet the needs of the business from both a productivity perspective as well as a security perspective • Requirements generated both internally (operational requirements) and externally (legal requirements) • Ultimately, businesses are responsible for protecting their assets
System Security Strategy • Keep an inventory of all software installed on network systems • Prevent users from installing software • Keep ALL systems patched with the latest updates for system software • Don’t forget to patch system firmware! • Manage Risk
Risk Management • The purpose of risk management is to balance the needs of the business to have access to all resources against the cost of guaranteeing access to those resources via necessary safeguards
Risk Management Process • Determine Value of Assets • Itemize Threats to Assets • Estimate Likelihood of Attack • Calculate Total Cost of Threats • Develop Action Plan • Mitigation • Insurance • Acceptance
Security Management Policy • Multiple levels of policies • Granularity • Organizational • Functional • System • Incidents/Attacks will occur – need to have a policy to deal with Incident Response • Document compliance with every policy for every user, application, system, piece of equipment, etc.
Security Management Trends • Centralized & Automated Solutions • Policy-Based Event Notification • Asset-Based Event Prioritization • Multi-Platform Correlation • Advanced Reporting • Auditing Systems – Compliance Verification
Topics for Further Study • Identity Management • Security Management with Biometrics • Risk Management for IT (CIT 55x) • Securing Wireless Networks • VoIP Security – Special Considerations • Kerberos • Security Assertion Markup Language • Security Information Management? • Network Security Architecture
Security Management –Network Elements • PBX • Hubs • Routers • Switches • Servers • Workstations • Firewalls • Wireless Access Points • Power Management Systems • Network SCADA Systems • Temperature Management Systems (HVAC) • Home Appliances? • Others?
References • Sullivan, D. (2006). The Definitive Guide to Security Management. San Francisco, CA: Realtimepublishers. • http://www.ccert.edu.cn/education/cissp/hism/003-006.html#Heading1 • http://www.sans.org/top20/