Copyright © 2002 ProsoftTraining. All rights reserved. Security Auditing, Attacks, and Threat Analysis.

Slides:



Advertisements
Similar presentations
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
Advertisements

Copyright © 2002 ProsoftTraining. All rights reserved. Network Security and Firewalls.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
System Security Scanning and Discovery Chapter 14.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals
Computer Security and Penetration Testing
Intrusion Detection Systems and Practices
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Web server security Dr Jim Briggs WEBP security1.
Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Intrusion Detection (cont)
Network security policy: best practices
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
IST346:  Information Security Policy  Monitoring and Logging.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
APA of Isfahan University of Technology In the name of God.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
COEN 252 Computer Forensics
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Linux Networking and Security
IS Network and Telecommunications Risks Chapter Six.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Note1 (Admi1) Overview of administering security.
CHAPTER 9 Sniffing.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
Module 11: Designing Security for Network Perimeters.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Working at a Small-to-Medium Business or ISP – Chapter 8
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
IS4680 Security Auditing for Compliance
Operating System Security
Intrusion Detection system
Presentation transcript:

Copyright © 2002 ProsoftTraining. All rights reserved. Security Auditing, Attacks, and Threat Analysis

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 1: Security Auditing

Objectives Identify a security auditor’s chief duties List security auditing principles Assess risk factors for a network Describe the security auditing process Plan an audit

What Is an Auditor? Network security Risk assessment

What Does an Auditor Do? Compliance Risk Analysis

Auditor Roles and Perspectives Auditor as security manager Auditor as consultant Insider threats

Conducting a Risk Assessment Check for a written security policy Analyze, categorize and prioritize resources Consider business concerns Evaluate existing perimeter and internal security Use existing management and control architecture

Risk Assessment Stages Discovery Penetration Control

Summary Identify a security auditor’s chief duties List security auditing principles Assess risk factors for a network Describe the security auditing process Plan an audit

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 2: Discovery Methods

Objectives Describe the discovery process Identify specific discovery methods Install and configure network-based and host- based discovery software Conduct network-level and host-level security scans Configure and deploy enterprise-grade network vulnerability scanners

Security Scans Whois nslookup The host command The traceroute ( tracert ) command Ping scanning Port scans Network-discovery and server- discovery applications NMAP Share scans Service scans Using Telnet

Using SNMP The SetRequest command SNMP software

TCP/IP Services Finger –User names –Server names – accounts –User connectivity –User logon status

Enterprise-Grade Auditing Applications Protocol support Network scanners Subnetting Configuring network scanners Configuring host scanners

Scan Levels Profiles and policies Reporting Symantec NetRecon ISS Internet Scanner eEye Retina Additional scanning application vendors

Social Engineering Telephone calls Fraudulent Education

What Information Can You Obtain? Network-level information Host-level information Research Legitimate versus illegitimate auditing tools

Summary Describe the discovery process Identify specific discovery methods Install and configure network-based and host- based discovery software Conduct network-level and host-level security scans Configure and deploy enterprise-grade network vulnerability scanners

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 3: Auditing Server Penetration and Attack Techniques

Objectives Identify common targets Discuss penetration strategies and methods List potential physical, operating system, and TCP/IP stack attacks Identify and analyze specific brute-force, social engineering, and denial-of-service attacks Implement methods designed to thwart penetration

Attack Signatures and Auditing Reviewing common attacks –Dictionary –Man in the middle –Hijacking –Viruses –Illicit servers –Denial of service

Common Targets Routers FTP servers Databases Web servers DNS WINS SMB

Routers Using your firewall to filter Telnet Routers and bandwidth consumption attacks

Databases The most desirable asset for a hacker to attack –Employee data –Marketing and sales information –R & D –Shipping information

Web and FTP Servers Common problems Web graffiti

Servers Spam Relaying

Naming Services Unauthorized zone transfers DNS poisoning Denial-of-service attacks WINS SMB NFS NIS

Auditing Trap Doors and Root Kits Auditing bugs and back doors

Buffer Overflow Preventing denial-of-service attacks Auditing illicit servers, Trojans and worms

Combining Attack Strategies Penetration strategies –Physical –Operating system –Bad password policies –NAT –Bad system policies –Auditing file system weaknesses IP spoofing and hijacking –Blind and non-blind spoofing

Denial of Service and the TCP/IP Stack SYN flood Smurf and Fraggle attacks Teardrop/Teardrop2 Ping of death Land attack

Summary Identify common targets Discuss penetration strategies and methods List potential physical, operating system, and TCP/IP stack attacks Identify and analyze specific brute-force, social engineering, and denial-of-service attacks Implement methods designed to thwart penetration

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 4: Security Auditing and the Control Phase

Objectives Define control procedures Identify control methods List ways to document control procedures and methods

Control Phases Gain root access Gather information Open new security holes Erase evidence of penetration Spread to other systems Auditing UNIX file systems Auditing Windows 2000

UNIX Password File Locations The shadow password file Redirect information Create new access points Erase evidence of penetration Spread to other systems Port redirection

Control Methods System defaults Services, daemons, and loadable modules Illicit services, daemons, and loadable modules Keyloggers

Auditing and the Control Phase The auditor never truly enters the control phase The auditor must recognize suspicious traffic

Summary Define control procedures Identify control methods List ways to document control procedures and methods

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 5: Intrusion Detection

Objectives Define intrusion detection Differentiate between intrusion detection and automated scanning Discuss network- and host-based intrusion detection List the elements used in an IDS Implement intrusion-detection software

What Is Intrusion Detection? Capabilities –Network traffic management –System scanning, jails, and the IDS –Tracing Is intrusion detection necessary? IDS application strategies

Intrusion Detection Architecture Network-based IDS applications Host-based IDS architectures Host-based managers Host-based IDS agents Manager-to-agent communication

IDS Rules Network anomalies Network misuses Actions False positives and IDS configuration

IDS Actions and False Positives Creating rules Assigning actions to a rule Mistaking legitimate traffic for illegitimate traffic

Intrusion Detection Software eTrust Intrusion Detection Snort Intruder Alert ISS RealSecure Computer Misuse Detection System Network Flight Recorder CyberCop Monitor Cisco Secure IDS

Purchasing an IDS Product support Product training Update policy Company reputation IDS capacity Product scalability Network support Encryption

Summary Define intrusion detection Differentiate between intrusion detection and automated scanning Discuss network- and host-based intrusion detection List the elements used in an IDS Implement intrusion-detection software

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 6: Auditing and Log Analysis

Objectives Establish a baseline for your users’ activities Conduct log analysis Filter events found in Windows 2000 and Linux systems Establish auditing for logons, system restarts, and specific resource use

Baseline Creation and Firewall and Router Logs Baseline is standard activity for a network Logs help determine activity patterns of users

Operating System Logs Logging UNIX systems Logging Windows 2000 systems

Filtering Logs Filtering logs in Windows 2000 Filtering logs in Linux Operating system add-ons and third-party logging

Suspicious Activity Skilled hacking attempts to camouflage its use as legitimate system activity

Additional Logs Intrusion detection systems Telephony connections ISDN and/or frame relay connections Employee access logs

Log Storage Sending logs to a different machine for storage Replicating logs to a writable CD-ROM drive Scheduling hard-copy backups

Auditing and Performance Degradation Network traffic Packet sniffers

Summary Establish a baseline for your users’ activities Conduct log analysis Filter events found in Windows 2000 and Linux systems Establish auditing for logins, system restarts, and specific resource use

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 7: Audit Results

Objectives Recommend solutions based on specific network problems Suggest ways to improve compliance to a security policy Create an assessment report Enable proactive detection services

Objectives (cont’d) Cleanse operating systems Install operating system add-ons Implement native auditing Use SSH as a replacement for Telnet, rlogin, and rsh

Auditing Recommendations Recommending specific ways to continue or implement efficient auditing Confronting and correcting virus, worm and Trojan infections Recommending changes and improvements

Four Network Auditing Categories Firewalls and Routers Host and Personal Security Intrusion Detection and Traceback Policy Enforcement

Creating the Assessment Report Sample audit report elements include: –Overview of existing security –Estimates of time hackers require to enter system –Summary of important recommendations –Outline of audit procedures –Network element recommendations –Physical security discussion –Terms

Improving Compliance Steps for continued auditing and strengthening

Security Auditing and Security Standards ISO British Standard 7799 Common Criteria Evaluation Assurance Levels

Improving Router Security Ingress and egress filtering Disable broadcast filtering

Enabling Proactive Detection Scan detection, honey pots and jails –Detecting a NIC in promiscuous mode

Host Auditing Solutions Cleaning up infections Personal firewall software IPsec and personal encryption Native auditing services Fixing system bugs IPv6

Replacing and Updating Services Study the new product Determine the time needed to implement changes Test all updates Consider effect of updates on other services Determine whether end-user training is needed

Secure Shell (SSH) Security services provided by SSH Encryption and authentication in SSH SSH2 components Preparing SSH components

SSH and DNS Compatibility with SSH1 SSH and authentication: Establishing user- to-user trust relationships

Summary Recommend solutions based on specific network problems Suggest ways to improve compliance to a security policy Create an assessment report Enable proactive detection services

Summary (cont’d) Cleanse operating systems Install operating system add-ons Implement native auditing Use SSH as a replacement for Telnet, rlogin, and rsh

Security Auditing, Attacks, and Threat Analysis Security Auditing Discovery Methods Auditing Server Penetration and Attack Techniques Security Auditing and the Control Phase Intrusion Detection Auditing and Log Analysis Audit Results

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.