Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Transcription

1 Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

2 Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy. Page 2

3 Key Concepts The role of an audit in effective security baselining and gap analysis The importance of monitoring systems throughout the IT infrastructure Penetration testing and ethical hacking to help mitigate the gaps Security logs for normal and abnormal traffic patterns and digital signatures Security countermeasures of auditing, testing, and monitoring test results Page 3

4 DISCOVER: CONCEPTS Page 4

5 The Security Cycle Page 5

6 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. Page 6

7 IT Security Audit Terminology Verification Validation Testing Evaluation Page 7

8 Purpose of an IT Infrastructure Audit Verify that established controls perform as planned. Internal audits examine local security risks and countermeasures. External audits explore attacks from outside. Page 8

9 IT Infrastructure Audit Domains Page 9

10 IT Security Assessment vs. Audit Security Assessment: Examines systems for established security policies and regulatory compliance Security Audit: Identifies what weaknesses exist despite established security controls Page 10

11 Ethical Hacking Seeks to identify and demonstrate exploits for discovered vulnerabilities Good guys employ technical methods used by the bad guys. Also called penetration testing Black, white, or gray box testing Page 11

12 Role of Ethical Hacking Ethical hackers are white hats experienced in penetration testing and security assessments. Ethical hacking tests security controls against actual attacks. Page 12

13 DISCOVER: PROCESS Page 13

14 Security Testing Page 14

15 Security Testing Page 15

16 Penetration Testing Employs testing methodologies depending on the scope of access and information provided by client: Black box White box Gray box Page 16

17 Covert and Overt Testers Page 17

18 DISCOVER: ROLES Page 18

19 Roles in an IT Security Assessment and Audit Information Systems Security (ISS) officers/managers Network and systems administrators Managers/data owners Auditors Penetration testers or ethical hackers Page 19

20 DISCOVER: CONTEXTS Page 20

21 Real-Time Monitoring Host Intrusion Prevention System (HIPS): Monitors individual hosts for suspicious activity Network Intrusion Prevention System (NIPS): Monitors entire network for suspicious traffic Wireless Intrusion Prevention System (WIPS): Specifically monitors the wireless network for suspicious traffic Page 21

22 IDS As a Firewall Complement Page 22

23 Basic NIDS Page 23

24 Real-Time Monitoring Functions Respond to incidents as they occur. HIPS denies and disrupts a live attack on a system. NIPS intercepts and interrupts a live attack on the wire. Page 24

25 Ways to Detect Bad Behavior in Real-Time Monitoring Attack signatures Statistical anomalies Stateful protocol analysis Page 25

26 Real-Time Monitoring Targets Authentication failures Application crashes Service disruptions System intrusions Network abuses Policy violations Unauthorized activities Inventory changes Page 26

27 Ingress and Egress Firewalls Intrusion detection system (IDS) Intrusion prevention system (IPS) Page 27

28 Employing Countermeasures Monitor security at several layers of the environment: System logs Service logs Application logs Network logs Page 28

29 Layered Network Devices Page 29

30 Host Isolation Page 30

31 Summary IT security assessments and audits verify, validate, test, and evaluate the infrastructure. Penetration testing helps mitigate security gaps. Security log monitoring reveals normal and abnormal traffic patterns and digital signatures. System and network monitoring helps prevent attacks and unauthorized access. Appropriate security countermeasures are determined through auditing, testing, and monitoring test results. Page 31