Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Slides:



Advertisements
Similar presentations
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Advertisements

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.
Ch-11 Project Execution and Termination. System Testing This involves two different phases with two different outputs First phase is system test planning.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
What Is My Role in Information Survivability? Why Should I Care? Julia H. Allen Networked Systems Survivability CERT ® Coordination Center Software Engineering.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
© Carnegie Mellon University The CERT Insider Threat Center.
An Introduction to System Administration Chapter 1.
DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
System and Network Security Practices COEN 351 E-Commerce Security.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
1 Carnegie Mellon University CERT Coordination Center Firewalls Institute of Internal Auditors Advanced Technology Conference and InfoExpo September 21,
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Enterprise Network Security Accessing the WAN – Chapter 4.
Security Assessments FITSP-A Module 5
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Protecting Your Website / Network Onno W. Purbo
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Protecting Your Website / Network Onno W. Purbo
( ) 1 ISYE 7210—Fall 2005 Design of Real-Time Interactive Simulations (in Java) Initial Notes Christine M. Mitchell Director & Professor Center for.
1-1 System Development Process System development process – a set of activities, methods, best practices, deliverables, and automated tools that stakeholders.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Module 7 Configure User and Computer Environments By Using Group Policy.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
CSCI 6231 – Final Lecture Additional Resources and Topics.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—1-1 Planning Routing Services Creating an Implementation Plan and Documenting the Implementation.
Enterprise Network Security Accessing the WAN – Chapter 4.
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Introduction to Systems Security (January 12, 2015) © Abdou Illia – Spring 2015.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Pittsburgh, PA CMMI Acquisition Module - Page M5-1 CMMI ® Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University This.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
McAfee Support | McAfee Helpline Number
Managing User Desktops with Group Policy
© 2002, Cisco Systems, Inc. All rights reserved.
Norton Antivirus Installation, Activation & Malware Support
Chapter 6 Application Hardening
Successful Verification
Implementing Update Management
Enterprise Network Security
5.0 : Windows Operating System
Introduction to System Administration
Introduction to System Administration
Release Management Release Management.
Introduction to Operating Systems
2018 Dell EMC E Study Guide Killtest
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Enterprise Network Security
Introduction to Systems Security
What is DBA? Discus the basic duties of DBA.
Maintaining Information Systems (SAD- 18)
Enterprise Network Security
An Introduction to System Administration
Module 1: Overview of Systems Management Server 2003
CERT® System and Network Security Practices
Presentation transcript:

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie Mellon University ® CERT, CERT Coordination Center and Carnegie Mellon are registered in the U.S. Patent and Trademark Office Information Security for Technical Staff Module 4: Security Knowledge in Practice

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 2 Instructional Objectives Define The Security Knowledge in Practice (SKiP) method List the steps in the SKiP method Explain the attributes of each step in the method Describe the benefits of implementing the SKiP method

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 3 Overview The SKiP method is: New way to think about system administration Organized and orderly Repeatable Simple Has many applications

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 4

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 5 Raw materials Some tools for crafting Responsibility lies with SA “One size fits all” mentality

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 6 Solves today’s known problems Remove unnecessary functionality Configure remaining parts correctly Add needed additional software

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 7 Characterize: Files and directories Kernel Processes The network

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 8 Unexpected changes Acceptable - update characterization Unacceptable - intrusion? External stimulus Patches/new versions for OS and applications New versions of tools

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 9 Repair Return to production Diagnose/Take Off-line

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 10 Post mortem Update policies and procedures Update response tools Support business case

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 11 Repeat

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 12 Review Questions -1 1.Name the seven steps in the SKiP Method. 2.The Hardening and Securing steps addresses what kind of problems? 3.The Prepare step addresses what kind of problems? 4.In the Detect step, anomalous behavior can have two meanings. What are they? 5.In which step are patches installed? 6.To which step does the repeat of the SKiP Method return?

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 13 Review Questions -2 7.How long should the SKiP Method be applied to a system? 8.When you are in the Respond step as the result of an intrusion, when should you eliminate intruder access? 9.When applying the SKiP Method to an organization’s Intranet, name 2 “known” problems that you would address in the Hardening and Securing step. 10.When applying the SKiP Method to an organization’s Intranet, name 2 practices that you would do to characterize that network.

© 2002 Carnegie Mellon University Module 4: Security Knowledge in Practice - slide 14 Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.