1 / 9

Final Project

Final Project. Juan Ortega 12/15/09 NTS355. Recent Network Exploit. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service. Flaw on SMBv2 supposedly opened two holes. One flaw could let hackers execute code remotely; the other could let them

rollin
Download Presentation

Final Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Final Project Juan Ortega 12/15/09 NTS355

  2. Recent Network Exploit Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two holes. One flaw could let hackers execute code remotely; the other could let them send a system into a crash spiral. The exploit code has been published on the Web. No fixes contained in Microsoft's latest Patch Tuesday package, which was issued less than a week ago, targeted Windows 7. (November, 2009). Microsoft Security Advisory (977544). Retrieved December 15, 2009 from Microsoft Web site: http://www.microsoft.com/technet/security/advisory/977544.mspx (November, 2009). E-Commerce News: Exploits & Vulnerabilities: Microsoft Addresses Prickly of Windows 7 Flaws. Retrieved December 15, 2009 from eccomercetimes Web site: http://www.ecommercetimes.com/story/68659.html

  3. Recent Network Exploit cont. • Zero-day exploit • The new security department will take measures to minimize the damage done to prevent downtime. • Prepare Backups • New threats will undoubtedly appear in • the near future, and the security of the • organization will be in jeopardy if not • prepared accordantly.

  4. Security Department’s Roles and Responsibilities • Plan and Organize • All implementations require extensive planning. • Perform risk assessment • Obtain Approval • Implement • Security Policies, procedures, standards, baselines, and guidelines. • Risk management • Security Awareness training • Physical Security • Operate and Maintain • Audits • Procedures are followed to maintained the baseline very implementation. • Monitor and Evaluate • Logs, audit results, goals, improvement. Harris, S. (February, 2009).How should a company’s security program define roles and responsibilities? Retrieved December 15, 2009 from TechTarget Web site: http://searchmidmarketsecurity.techtarget.com/tip/0,289483,sid198_gci1347047,00.html

  5. Information Assets, and possible risk mitigation strategies • Information Assets • Databases • Data Files • Operation and support procedures • Continuity Plans • Software Assets • Application software • System software • Physical Assets • Equipment • Services • Outsourced Services • Communication services • Environmental conditions (2001). Identifying and classifying assets. Retrieved December 15, 2009 from networkmagazineindia Web site: http://www.networkmagazineindia.com/200212/security2.shtml#

  6. Information Assets, and possible risk mitigation strategies cont. • Information Assets • Security Devices • Access Controls • Storage and Backups • Contingency planning/testing • Encryption • Pen Testing • Software Assets • Physical and Digital storage • Manage Licenses • Compatibility • Physical Assets • Locks • Biometrics • Security Awareness • Services • QoS set up correctly • Pay bills on time Identification and Assessment of Assets and Risks. Retrieved December 15, 2009 from sinclair Web site: http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Identification_and_Assessment_of_Assets_and_Risks.htm

  7. Organizational Chart • CISSP • Graduate Degree • Bachelors • Network+ • Experience • Certifications • Cisco • Bachelors • Admin Certifications • Bachelors • Experience • Bachelors • Certifications • Experience • Bachelors • Web Experience • Bachelors • CISM, GIAC Crts. • Clearance • Bachelors • Certifications • Experience • Bachelors • Experience CEO report. Retrieved December 15, 2009 from ufl Web site: http://www.it.ufl.edu/ciooffice/images/figure5.png

  8. Bringing order in Chaos • Currently with the lack of a security department, the organization is functioning in thin ice. • With security included in the infrastructure, the organization: • Will not be in fear of liability issues from collecting personal information from customers. • Be able to protect the organizations assents. • Risk management will provide mitigations to prevent the likelihood of catastrophic event, and continue the consistency of the organization. • Establish proper security policies to set the • overall behavior of the organization how • security will be handles.

  9. Potential Oppositions • Where afraid the creation of a new security department will cost much more than expected, and this organization does not sure if the money is in out budget. • Having a security department will vastly expand the life span of the organization, it is not simply a nice-to-have implementation anymore. Cost is not necessarily a factor as the department will start small and expand as the budget grows. • Will security get in the way of the business? What if employees start to complain? • Security and access will balance out as security must not get in the way of business needs. • Won’t solving the recent security threat be enough? • As the business grows and becomes more well knows, the organization will endure much more frequent attacks.

More Related