Course Objectives Critical Security Controls Networks Weaknesses, Defenses and Vigilances Protection, Detection and Decontamination Past, Current and Theoretical
CSIA WARNING The material that you will learn in the CSIA track is dual use. The ethical and legal implications of your use of information and techniques presented should always be part of your decisions.
Outline Intro to Course Critical Security Controls LAN Network Security LAN Network Assessment Intrusion Detection Systems Vulnerability Assessment Internet Security (IPSec, VPN's and SSL) Secure Computing Environment Design
Information Security Model Confidentiality Integrity Availability Transmission Storage Processing Technology Policies Training Information States Critical Information Characteristics Security Measures
Information Systems Security Engineering ISSE Art and science of discovering users' information protection needs. Designing systems with economy and elegance, so that safely resists the forces to which they will be subjected. Building and testing such systems.
Network Security The Perimeter Design Firewalls Routers Design NAT
Network Assessment Be careful Vulnerability scanners Port scanners Audits
Intrusion Detection Systems Who's after me? What did they get? What did I do wrong? How did they do it?
Internet Security Cryptography IPSec and VPN's SSH SSL
Network Design Perimeter Security Security in depth Layered protection
Server Configuration Gateway configuration Apache installation and configuration DNS installation and configuration Design of a small home/office network
Security Dogma Policy of least privilege Deny all Permit only with a lot of whining
Network Security Fundamentals Definitions Defense in Depth – The perimeter – The DMZ – The internal networks
The Perimeter The perimeter is a fortified boundary controlling ingress and egress. Routers Firewalls IDS Software Screened subnets Secure sessions
Border Router The first point of ingress The last point of egress Choke point between the organization and the Internet First and last line of defense
Firewall Application or device with rules that accepts or rejects network traffic Types Hardware, application or script Static, stateful or proxy – Static – Nortel Accellar – Stateful – iptables, Cisco pix, Linksys – Proxy -Secure Computing's Sidewinder
IDS Intrusion Detection System Consists of a set of sensors and an analysis program Sensors – host based and network based Sensors collect data on network traffic patterns Analysis program – Suspicious activity – Predefined signatures Sends alerts on suspected intrusion
Secure Session Secure communication from outside the network to inside the network VPN – virtual private networks ssl & ssh https Encrypted communication channel
Software Architecture The collection of applications that the organization makes available outside the organization's network. Includes supporting applications e-commerce site Web sites
DMZ DeMilitarized Zone Portion of the network between the border router and the non-public computing services
Screened Subnets Subnetworks that are protected by a firewall Each subnet has a particular function within the organization. It's firewall has rules specific for that function.
Defense in Depth Architecture of an onion but no odor Every layer has a single point of egress and ingress All layers have a specified configuration Each configuration must be maintained
Internal Networks Ingress & egress filtering on every router Internal firewalls to segregate resources Proxy firewalls at certain choke points IDS sensors on each subnet and router
Configuration Management Windows boxes are patched at level x Linux boxes are running kernel.x.x.x. Anti-virus, spyware updated daily Accepted acceptable use policy Remote access protected and source is hardened
Audit Check configuration periodically Enforce the configuration policy Issue final audit report Follow up on recommendations
Hardened Hosts Every host both remote and local must be hardened in accordance with policy – Personal firewalls – Anti-virus protection – OS hardening
Host Hardening Local attacks Network attacks Application attacks
Hardening against Local Attacks Restrict administrative utilities Levels of administrative privileges File permissions Derive from policies Users and groups Derive from policies Strict adherence Log everything that is important and that will be analyzed