1. UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edu Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET

2. UNIT 8 REVIEW Security Policies and Procedures In Chapter 8 we covered: Understanding Business Continuity Business Continuity Planning, Disaster Recovery Planning, Continuity of Operations (COOP) Plan Cyber Incident Response Plan Occupant Emergency Plan (OEP) The five nines…99.999 Backups Reinforcing Vendor Support Generating Policies and Procedures Enforcing Privilege Management 2

3. UNIT 9 Security Administration Unit 9: Understanding Security Management Drafting Best Practices and Documentation Simplifying Security Administration Common Logical Access Control Methods/Topics Understanding Security Awareness and Education Staying on Top of Security OS Updates - WSUS (Windows Server Update Service) Security TechCenter, other websites Regulating Privacy and Security Laws and Regulations, Federal and International 3

4. CHAPTER 9 Understanding Security Management The management of security is EVERYTHING! Best Practices and Documentation Using Policies and Procedures Allocating Resources Defining Responsibility Minimizing Mistakes Enforcing the Policies and Procedures We need tools!!! 4

5. CHAPTER 9 Examples of FREE Administration Tools… Windows Baseline Security Analyzer (MBSA) – Free download for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 http://technet.microsoft.com/en-us/security/cc184924.aspx Foglight from Quest – FREE Network Management System – VIEW Videos - Traffic Mgt, Configuration http://www.quest.com/landing/?ID=7483&s_kwcid=TC-24146-%7BOrderItemId%7D- %7BMatchType%7D-%7BAdId%7D Solarwinds – IT monitoring and management software for SysAdmins Free Tools and Free Trials – http://www.solarwinds.com/downloads/ Spiceworks - FREE Network Management tool http://www.spiceworks.com/ 5

6. CHAPTER 9 Example: Spiceworks Features http://www.spiceworks.com/ Inventory Your Network - Network Inventory - IT Asset Management - IT Audit Software - Warranty Tracking - Virtualization Management Monitor Your Network - Network Monitoring - Power Management Software - SNMP Network Management - SQL Server Monitoring Run an IT Help Desk - Help Desk Software - Active Directory Management - IT Purchasing Management - Help Desk iPhone App Manage Configuration Changes - TFTP Server - Change Management Map Your Network - Network Mapping Troubleshoot Network Problems - Remote control of PCs & servers with RDP or VNC, ping from one console, compare configurations 6

7. CHAPTER 9 Examples of Administration Tools These tools are not free… HP – Network Management/Security Software E-Series http://h17007.www1.hp.com/us/en/products/network-management/index.aspx IBM – Tivoli NetView distributed network management software http://www-01.ibm.com/software/tivoli/products/netview/ Others: Solarwinds Cisco Avaya Network Management Solutions SysAid LanDesk Mach5, Etc. Etc. 7

8. CHAPTER 9 Simplifying Security Administration Common Logical Access Control Methods/Topics Access Control Lists (ACLs) Account Expiration Domain Password Policy Group Policies Logical Tokens Password Policy Time-of-day restrictions Usernames and passwords 8

9. CHAPTER 9 Understanding Security Awareness and Education Using Communications and Awareness Providing Education – explaining policies, procedures, and current threats to users and management 1 - Organization as a whole 2 - Management 3 - Technical staff 9

10. CHAPTER 9 Staying on Top of Security Operating Systems Updates Applications Updates Network Device Updates Policies and Procedures Personal Development Web Sites – next slide… Trade Publications 10

11. CHAPTER 9 Security websites Ones we have discussed: CERT, SANS, McAfee Symantec http://www.symantec.com/connect/ http://www.securityfocus.com/ Computer Security Institute - http://gocsi.com/webinars http://www.databreaches.net/ Others: SC Magazine - http://www.scmagazine.com/ http://www.itsecurity.com/ http://hakin9.org/ http://www.privacyrights.org/data-breach 11

12. CHAPTER 9 Regulating Privacy and Security HIPAA – Health Insurance Portability and Accountability Act Gramm-Leach Bliley Act of 1999 Computer Fraud and Abuse Act FERPA – Family Educational Rights & Privacy Act Computer Security Act of 1987 Cyberspace Electronic Security Act (CESA) Cyber Security Enhancement Act Patriot Act International Efforts 12

13. UNIT 9 UNIT 9 Reading 13 Web Resources

14. UNIT 9 ASSIGNMENT UNIT 9 Assignment Three separate questions – review the Rubric 14

15. CHAPTER 9 Unit 9 Assignment Unit Nine Project 1. Table 9.1 on page 445 lists common logical access control methods/topics. Perform Internet research and examine past chapters of the text to describe critical aspects for 4 of the 8 topics listed. You must have at least 2 references besides our text book. 2. Describe what you feel is the most difficult aspect of education as it refers to end users in an organization. 3. Summarize one of the 8 Acts listed (between pages 454 thru 457) in terms of specific topics covered, need to know items and specifics as to how the ACT helps or hurts IT security efforts. 15

16. FINAL EXAM Unit 10 Assignment There is no Final Project There IS a Final Exam: 50 multiple choice questions, one hour One of the questions… Where might be the most up-to-date place to find out about security issues? Think about the quickest way to notify clients of a security breach. 16

17. FINAL SLIDE I hope you have enjoyed this class! All the best to each of you! Stay secure!! 17 Questions ???? Comments !!! Do you feel you have a good basis for security after taking this course? Are you planning on taking the CompTIA Security+ certification? What amazed you most about this information?