Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute.

Published byJade Norton Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute."— Presentation transcript:

1 Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute

2 Copyright 2001 Marchany, SANS Institute2 APPENDIX 1  The following matrices are examples of your matrix reports –Exhibit A (ASSET Matrix) –Exhibit B (ASSET WEIGHT Matrix) –Exhibit C (RISKS Matrix) –Exhibit D (RISK WEIGHT Matrix) –Exhibit E (ASSET-RISK Matrix) –Exhibit F (CONTROLS Matrix)

3 Copyright 2001 Marchany, SANS Institute3 APPENDIX 2 The following spreadsheets are the compliance reports. Overall Compliance Report that lists the general vulnerabilities a system has. This is a quick 1 page report for mgt. or the auditors. Asset/Risk Matrix list whether a system is affected by a risk. The risks are more specific. Controls Matrix lists what controls are in place for a given system. Individual Action Matrix lists the details of an audit for each node. Did the system comply?

4 Copyright 2001 Marchany, SANS Institute4 APPENDIX 3  The following checklist gives the detailed commands to be performed in the “audit”.  The categories are based on the Risk Matrices in Appendix 1.  The results of the checklist commands are inserted in the Compliance matrices of Appendix 2.  This checklist and the matrices form the overall audit/security checklist package.

5 Copyright 2001 Marchany, SANS Institute5 APPENDIX 4  Your company’s response policy will dictate the degree of audit record keeping you’ll have to maintain.  There are 2 strategies: –Protect and Proceed –Pursue and Prosecute

6 Copyright 2001 Marchany, SANS Institute6 Incident Handling: Protect and Proceed ? - Which strategy should your organization follow to handle an incident? This dictates the level of record keeping needed to fulfill the strategy. (RFC2196) - the protection and preservation of site facilities - return to normal operations as soon as possible - actively interfere with intruder attempts - begin immediate damage assessment and recovery Use if: - assets are not well protected - continued penetration could result in financial risk - possibility or willingness to prosecute is not present - user community is unknown - unsophisticated users and their work is vulnerable - the site is vulnerable to lawsuits from users if their resources are undermined

7 Copyright 2001 Marchany, SANS Institute7 Incident Handling: Pursue and Prosecute? - allow intruders to continue their activity until the site can identify them. This is recommended by law enforcement agencies - Use if: - system assets are well protected - good backups are available - asset risks are outweighed by risk of future penetrations - it's a concentrated and frequent attack - the site has a natural attraction to intruders, e.g. university, bank - the site is willing to spend the money and risk to catch the guy - intruder access can be controlled - well-developed monitoring tools are available - you have a technically competent support staff - management is willing to prosecute - system administrators know in general what evidence will aid in prosecution - there is established contact with law enforcement agencies - the site has involved their legal staff

8 Copyright 2001 Marchany, SANS Institute8 Appendix 5 – CIS Rulers  The current CIS rulers are included here. A sample Solaris Level 1 ruler is included.  The NT rulers are incomplete at this date (3/6/01) but should be available in the summer.  The VT AD ROE is available at http://www.w2k.vt.edu http://www.w2k.vt.edu

9 Copyright 2001 Marchany, SANS Institute9 Appendix 6 – AUP Example  This appendix contains the VA Tech Acceptable Use Policy and the Acceptable Use Guidelines

10 Copyright 2001 Marchany, SANS Institute10 References –“Time Based Security”, Winn Schwartau, Interpact Press, 1999, ISBN: 0-9628700-4-8 The discussion on TBS was derived from this text. –“Firewalls and Internet Security”, Cheswick & Bellovin, Addison-Wesley, 1994, ISBN: 0-201- 63357-4 –RFC 2196, Guide to Writing a Site Security Policy –http://Diicoe.disa.mil/coe

11 Copyright 2001 Marchany, SANS Institute11 References  The complete Top 10 document can be found in the appendix.  Some WWW sites to visit: –www.sans.orgwww.sans.org –www.cert.orgwww.cert.org –www.nipc.govwww.nipc.gov –www.securityfocus.comwww.securityfocus.com –www.rootshell.comwww.rootshell.com –http://security.vt.edu –www.cornell.edu/CPL

12 Copyright 2001 Marchany, SANS Institute12 Course Revision History

Download ppt "Copyright 2001 Marchany, SANS Institute1 Auditing Networks, Perimeters and Systems Appendices/Supplemental Material The SANS Institute."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
IT Security Policy Framework

IT Security Policy Framework
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Software Quality Assurance Plan

Software Quality Assurance Plan
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works

Security Controls – What Works
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Educause MARC 2003Copyright 2002, Marchany1 Risk Analysis Know what to protect before protecting it…. Unit 2 – Security, Targetting & Analysis of Risk.

Educause MARC 2003Copyright 2002, Marchany1 Risk Analysis Know what to protect before protecting it…. Unit 2 – Security, Targetting & Analysis of Risk.
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
The Information Systems Audit Process

The Information Systems Audit Process
Network security policy: best practices

Network security policy: best practices
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Ensuring Information Security

Ensuring Information Security

Similar presentations

Ads by Google