Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Published byEmery Clark Modified over 9 years ago

Similar presentations

Presentation on theme: "Common Cyber Defenses Tom Chothia Computer Security, Lecture 18."— Presentation transcript:

1 Common Cyber Defenses Tom Chothia Computer Security, Lecture 18

2 Wi-Fi A Typical Business Network WebServer Comp1 DataBase … E-mail Server SSH/RDP Web Proxy … Comp2 NAT

3 Defenses Remove specific attack vectors. Make attacks more difficult. Make attacks easier to detect. Have good policies in place to ensure the system stays secure.

4 Defenses: Fast Patches Most importantly of all. Make sure all security patches are installed immediately. There is almost always a patch to stop any well known exploit.

5 Defenses: Anti-Virus Anti-Virus products scan the computer for known malware. Can also scan e-mail and network traffic Only as good as the last update. Can be disabled by an attacker with admin access.

6 Defenses: Firewalls Firewalls block Internet traffic. May be on the computer (host) or built into a router (network). Firewalls can be stateless of statefull Stateless firewalls could e.g. block all traffic block all traffic not on port 80.

7 Defenses: Firewalls Statefull firewalls record the traffic and use it to make future decisions. E.g. block incoming connection but allow replies to outgoing connections. Can’t firewall services used by outside world.

8 See mac settings.

9

10 Wi-Fi A Typical Business Network WebServer Comp1 DataBase … E-mail Server SSH/RDP Web Proxy … Comp2 NAT

11 A Typical Firewall Policy Wi-Fi WebServer Comp1 DataBase … E-mail Server Comp2 Credit Card Prosessing DMZ Web Proxy VPN

12 Possible Firewall Policy DMZ Webserver: incoming to ports 80, 443, 22 (and replies). Web proxy new connections only from internal network. E-mail server traffic via ports 22, 25 only.

13 Possible Firewall Policy Internal Outgoing connections only allow to the DMZ. –exceptions for particular apps e.g. skype Only VPN can open connections into the internal network. Wi-fi network, only allows traffic to and from outside the network.

14 Defenses: Intrusion Detection Systems A good system administrators will monitor their network. IDSs look at all packets (like wireshark) and report suspicious behavior. Can catch nmap and metasploit. E.g. Snort: www.snort.org

15 Defense: Encryption Security sensitive data should not be stored in plain text. E.g. Credit cards should always be encrypted. –But attacker may find key on the system Passwords should be hashed –But attacker can try to crack them.

16 Top Defenses: 1.Apply patches 2.Firewall 3.Anti-Virus 4.Intrusion Detection Systems 5.Good password and user policies 6.Encryption policy First 2 should be fine for Linux or Mac, first 3 for windows. All 6 if you are a sys. admin.

17 Computer Security Policy NIST defines “Policy” as documentation of computer security decisions. It’s all about the documentation. Usually: needs of the business come first, the security comes second. See example policies: http://www.sans.org/security- resources/policies/computer.php

18 It’s all about the documentation

19 Payment Card Industry Data Security Standard (PCI-DSS) PCI-DSS is a standard for protecting organisations. All organisations that handle credit card data should comply with the standard. Card payments could be refused for non- compliant organisation. –In practice, most of the time, non-compliant organisation, will only get into trouble if there is a problem or an audit..

20 A Typical Network Wi-Fi WebServer Comp1 DataBase … E-mail Server Comp2 DMZ NAT Proxy

21 A Typical Business Network PCI-DSS Wi-Fi WebServer Comp1 DataBase … E-mail Server Comp2 Credit Card Prosessing DMZ Payment Gateway e.g. Authorize.net NAT Proxy

22 Key Steps Towards PCI-DSS Compliance. 1: A secure network –Firewalls 2: Correctly configure your equipment – Remove default passwords, services etc. 3: Protect credit card data. –Use encryption or do not store. 4: Encrypted transmission of data. –Use SSL/TLS

23 Key Steps Towards PCI-DSS Compliance. 5: Vulnerability Management Program. –Run anti-virus. 6: Secure Systems and Applications: –Patches –Update policy and design –Check for web attacks. 7 & 8 : Access Control –Use access control, e.g. RBAC –Good password policy

24 Key Steps Towards PCI-DSS Compliance. 9: Physical Access Control to Card Data –Video cameras, site badges, shred data etc. 10: Monitor and Test –Log access, ensure clocks are correct, have a policy for reacting to alerts. 11: Regular testing and processes –Run quarterly pen. Tests, IDS 12: Maintain a Security Policy.

25 Conclusion Simple steps and good policy are the best way to keep a network secure. PCI-DSS is a simple security check up for a organization that uses credit cards. Next three lectures: Ian Batten on information security policy.

Download ppt "Common Cyber Defenses Tom Chothia Computer Security, Lecture 18."

Similar presentations

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Chapter 12 Network Security.

Chapter 12 Network Security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Ads by Google