500 likes | 1.02k Views
Fundamentals of Information Systems Security Chapter 7 Auditing, Testing, and Monitoring. Learning Objective. Explain the importance of security audits, testing, and monitoring to effective security policy. Key Concepts.
E N D
Fundamentals of Information Systems Security Chapter 7 Auditing, Testing, and Monitoring
Learning Objective • Explain the importance of security audits, testing, and monitoring to effective security policy.
Key Concepts • The role of an audit in effective security baselining and gap analysis • The importance of monitoring systems throughout the IT infrastructure • Penetration testing and ethical hacking to help mitigate the gaps • Security logs for normal and abnormal traffic patterns and digital signatures • Security countermeasures of auditing, testing, and monitoring test results
IT Security Audit Terminology • Verification • Validation • Testing • Evaluation
Ethical Hacking • Seeks to identify and demonstrate exploits for discovered vulnerabilities • Good guys employ technical methods used by the bad guys. • Also called penetration testing • Black, white, or gray box testing
Role of Ethical Hacking • Ethical hackers are white hats experienced in penetration testing and security assessments. • Ethical hacking tests security controls against actual attacks.
Penetration Testing • Employs testing methodologies depending on the scope of access and information provided by client: • Black box • White box • Gray box
Roles in an IT Security Assessment and Audit • Information Systems Security (ISS) officers/managers • Network and systems administrators • Managers/data owners • Auditors • Penetration testers orethical hackers
Real-Time Monitoring • Host Intrusion Prevention System (HIPS): Monitors individual hosts for suspicious activity • Network Intrusion Prevention System (NIPS): Monitors entire network for suspicious traffic • Wireless Intrusion Prevention System (WIPS): Specifically monitors the wireless network for suspicious traffic
Ways to Detect Bad Behavior in Real-Time Monitoring • Attack signatures • Statistical anomalies • Stateful protocol analysis
Employing Countermeasures • Monitor security at several layers of the environment: • System logs • Service logs • Application logs • Network logs
Summary • IT security assessments and audits verify, validate, test, and evaluate the infrastructure. • Penetration testing helps mitigate security gaps. • Security log monitoring reveals normal and abnormal traffic patterns and digital signatures. • System and network monitoring helps prevent attacks and unauthorized access. • Appropriate security countermeasures are determined through auditing, testing, and monitoring test results.