Presentation is loading. Please wait.

Presentation is loading. Please wait.

INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C.

Published byShavonne Sullivan Modified over 7 years ago

Similar presentations

Presentation on theme: "INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C."— Presentation transcript:

1 INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture 11 29 July 2016 OHE100C

2 Announcements Final exam on Friday August 5 th –Material will be on the lectures, assigned readings, and what was learned from the projects. –Two hour, closed book (if I need you to refer to specific material I will include it on the exam) Review for final exam at end of todays lecture 1

3 Group Report for Lab Exercise 2 By Tuesday August 9th please submit a report including: A network diagram: –including your virtual machines and other systems like client browsers –Show containment regions A description of all software components used in the implementation of your scenario, including: –Application software components (e.g. databases, servers) –Security software components –Administration and management software components For each software component: –Describe where it is installed –Where obtained (or written yourself), and version information »How you manage updates –A table listing the authorized information flows. For the system as a whole –List tools used to monitor, detect and recover from intrusions –What kind of red-teaming or pen-testing you performed –A risk assessment – what threats do you defend against, how do you mitigate impact of an attack, what are you still vulnerable to, and justification for your decisions regarding such threats. 2

4 Student Presentations July 29th Disaster Recover Planning – Vini Gupta 10:00-10:45 As proposed: –Steps to recover and protect IT assets in event of a disaster –To Minimize downtime and Data Loss –Includes discussion of the steps to be taken in advance, how to manage backups, and how to manage redundant sites. Some specific suggested points to be covered: –How to facilitate a switchover to redundant resources, and possibly separate sites, when the disaster event occurs. –How to keep the redundant sites and storage up to date. 3

5 Exercise One Please have your systems up and running with ability to connect to the web service from the outside. –One designated individual from each group (0 and 1) should show me how to connect and verify operation. –We should also be provided with VNC access to the web server machine so that we can run tests from the inside. –The majority of your grade will be based on the written report submitted, however. 4

6 Second Exercise - Criminal Enterprises Chosen because of differences in the high level principles. –Not because I expect you to implement these kinds of systems in your future endeavors. –But you may be called upon to break some of these systems if later employed by government organizations. Your organization must: –Accept Bitcoin as payment (not really, but it must accept something that stands in for bitcoin) –Manage an inventory of stolen account identifiers with passwords –Control access to such information –Prevent collection of evidence or intelligence by third parties. –Note, do not deal in any illegal goods, but use dummy information to stand in for such goods. Also, do not use terms associated with such illegals goods or information in communications, make up new names for this dummy information. 5

7 Group Exercise Two Last Weeks Assignment Decide on the software components to be deployed to implement software requirements on next slide. –Custom development should be simple scripts. –Use packages for database and other components. Decide on the VM’s to be created to run those software components. –You can run more than one software component within a VM if you choose. –Decide on the methods you will use to contain access to those software components, and to the information managed by those components. Configure communication between VM’s and to the outside Install packages Write scripts and demonstrate basic flow through system. Report on progress as group by email on Wednesday. 6

8 Project Status Updates/Discussion Group A and B working on scenario 2. –Group A VMs setup and accessible via VNC Nessus run to assess vulnerabilities and mitigation plan developed. Application for purchasing created. –Group B Has submitted their plan for VMs, software, and allowed flows. They are developing the application scripts. Have set up some of the VMs. 7

9 INF526: Secure Systems Administration Review for Final Exam Prof. Clifford Neuman Lecture 11 29 July 2016 OHE100C

10 Mid-term Outline Comprehensive, so there may still be items on: –Introduction to Secure System Administration –Generation of Security Requirements –Composition of systems and protection domains –Adversarial Security Plan –Red teaming and penetration testing tools –Linux security administration –Network Security Components –Network Security administration But focus will be on second half: –Detecting Intrusions –Configuration Management –Network Monitoring and Forensics –Network Administration –Black Hat Attack Tools –Intrusion response and event handling –Virtualization for Security Administration –Disaster Recovery Planning 9

11 Detecting Intrusions Best Observation Point is Outside System Network based vs Host Based Anomaly Based vs Signature Based SIEM Tools (e.g. Snare) 10

12 Configuration Management –Purpose to Track and maintain consistency in deployment of hardware and software artifacts. Detect unauthorized change in the state of the system. –Manage updates –Determine which components might be vulnerable 11

13 Network Monitoring and Forensics –Network Monitoring Monitor liveness of a system Monitor traffic flowing through a system Visibility –Addressing information –Internal packet information in some cases Visibility of monitoring points and volume are issues. Visualization tools to provide situational awarness –Forensics Live monitoring Collected and used after the fact What may be pieced together Visualization tools 12

14 Network Administration –Admission control or network access control –Virtual Lans (VLANS) and Port Security –AAA tools –Management of policies 13

15 Black Hat Tools –You need awareness of the kinds of tools that are out there. –You may use some tools to evaluate your own systems. 14

16 Incident Response Plans –Formal Plan is needed in any organization –Lifecycle: Preparation Detection and Analysis Eradication and Recovery Post Incident Activities –Must define responsibilities and how to contact Including required notifications to external entities 15

17 Virtualization –Isolation of the OS –Isolation on the Network –Virtual Desktop tools –Configuration management for the VMs 16

18 Disaster Recovery 1. Risk identification (Risk register and matrix) 2. Assess vulnerability to those risks (Business impact analysis (BIA)) 3. Determine impact on the business 4. Identify critical business functions 5. Design and implement mitigation strategies 6. Agree on activation plans - Writing the runbook 7. Testing and documentation 8. Ongoing changes and maintenance Backup and Parallel Operation Technologies 17

Download ppt "INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Security Controls – What Works

Security Controls – What Works
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network security policy: best practices

Network security policy: best practices
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS-7493-01 Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Similar presentations

Ads by Google