Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Slides:



Advertisements
Similar presentations
Applying Technical Solutions. The ables Addressable Arguable Reasonable.
Advertisements

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
The State of Security Management By Jim Reavis January 2003.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
IS Network and Telecommunications Risks
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security administrators The experts need better tools too!
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
seminar on Intrusion detection system
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Intrusion Detection (cont)
INTRUSION DETECTION SYSTEM
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Security Guidelines and Management
Norman Endpoint Protection Advanced security made easy.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.
2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Security Information Management.  Thesis  Managing security event information is a difficult task  Most successful deployments start with a clear understanding.
Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.
CERN’s Computer Security Challenge
Intrusion Detection Systems Austen Hayes Cameron Hinkel.
Honeypot and Intrusion Detection System
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
MIS Week 6 Site:
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Wireless Intrusion Prevention System
Security Information and Event Management
Cryptography and Network Security Sixth Edition by William Stallings.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
IS3220 Information Technology Infrastructure Security
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Dr. Hussein Al-Bahadili Faculty of Information Technology Petra University Week #5 1/10 Securing E-Transaction - SIEM.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Some Great Open Source Intrusion Detection Systems (IDSs)
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
SIEM Rotem Mesika System security engineering
IoT Security Part 2, The Malware
OIT Security Operations
Detection and Analysis of Threats to the Energy Sector (DATES)
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Intrusion Detection & Prevention
Cloud Security for Endpoints
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
CIPSEC Framework components: XL-SIEM
By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.
Presentation transcript:

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security

Agenda Security Administration Purpose of Security Tools Examples of Security Tools Security Incident Manager (SIM) –Security Monitoring Cases from the Field Problems with Security Administration Improvements

Security Administration? is the process of maintaining a safe computing environment. Purpose? Need? Security Administrator Responsibilities?

Purpose of Security Tools Combining text and visuals Reporting Monitoring Correlating Simplify the life of a Security Administrator

Combining Text and Visuals Size and complexity of networks A System Administrator has a variety of responsibilities: install, configure, monitor, debug and patch Visualization vs. Perl Scripts VisFlowConnect-IP (who is connecting to whom on my network?) Other tools (discuss later)

Reporting Many security tools have an in built capability for reporting Why is reporting important? Examples: –Nessus (vulnerability information) –SIM (security incidents information)

Monitoring Some security tools have live data feed for the network Different types of monitoring –Network monitoring –Security event monitoring –Network Security Incident monitoring

Correlation Correlation integrates the key security factors that are critical in determining the potential for significant damage within an organization. These factors are: –Real time events from heterogeneous devices –Results of vulnerability scans and other sources of threat data –The value of the host, database or application to the organization.

Life of a Security Administrator According to the paper “Combining Text and Visual Interfaces for Security- System Administration”, Security administrators are very conservative when it comes to technology adoption. Why?

Security Admin Tools Mentioned in Text: –Bro –Nessus –Symantec Anti-virus –Tripwire –Rootkit –Sebek

Bro Bro ( is a NIDS. Bro supports signature analysis, and in fact can read Snort signatures. (Snort is one of the most popular NIDS available.) Bro also performs (a limited form of) anomaly detection, looking for activity that resembles an intrusion.

Structure of Bro

Nessus Nessus is a free comprehensive vulnerability scanning software. Its goal is to detect potential vulnerabilities on the tested systems

Nessus Screenshot - 1

Nessus Screenshot - 2

Nessus Screenshot - 3 Nessus - Screenshot 3

Other tools Security Incident Management System –ArcSight –Novell e-Security Sentinel Network Incident Management System –Whatsup Gold –IBM Tivoli

ArcSight Large Enterprises and Governments infrastructures are growing increasingly dynamic and complex ArcSight ESM is an event management tool Different capabilities: filters, correlation, reporting, threat monitor, vulnerability knowledge base, asset information, risk management, zones, etc.

Architecture - ArcSight ESM SmartAgents (residing on remote systems or on a separate layer) Devices or Remote Systems (Firewalls, IDSs etc.) Correlation engine Central database ArcSight Manager (console/browser)

Testing ArcSight Real strength - analyzing huge volumes at data When tested at an ISP that provided managed services to many corporate clients, generating millions of events a day (stress test), ArcSight had no hiccups. Biggest advantage: Scaling

ArcSight screenshot 1

ArcSight screenshot 2

ArcSight screenshot 3

e-Security Sentinel Competitor of ArcSight, Network Intelligence, Symantec Security Information Manager Event collector Analyses and correlates events to determine if an event violates a predetermined condition or acceptable threshold. Control Center & Correlation Engine Unlike Arcsight, e-Security Sentinel has an iScale Message Bus that is based on the Sonic JMS* bus architecture. –Highly scalable –Doesn’t rely on a relational database

E-Sentinel Screenshot 1

E-Security Screenshot 2

Security Checkup –Latest fixes/patches –Use of IDS + regular scanning of network –Security Engineers need to be well informed (discussions on forums) Cases from the Field

Case 1 - virus/worm/spyware on the network

Case 2 - false alarms

Case 3 - Real time network security monitoring

Case 4 - Security Scans

Problems with Security Administration Integration is required –From firewalls to IDSs to Websense to vulnerability information to KB Challenges –Too much to look at –No single standard data format –Out of sync system clocks Correlation becomes difficult

Problems cont. Information asymmetry –Use of manual tools (location, address books, information directories) Process is slow because of very little integration –A problem in times of actual attacks Critical factor - “Time” New vulnerabilities - proactive work pays Administrator motto - “Know Thy Network”

Improvements New tools to help security administrators need to be developed –Standardization of event formats for easier integration –Application of data mining in event classification, analysis and noise reduction –Automated event stream processing –Improved information management tools

Questions ????????????????????

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.