Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?
|
|
- Clyde Knight
- 5 years ago
- Views:
Transcription
1 Detection Vulnerability Assessment Week 4 Part 2 How Much Danger Am I In? Vulnerability Assessment Aspects of Assessment Vulnerability Assessment is a systematic evaluation of asset exposure to threats Such as: attackers forces of nature any potentially harmful entity 1. Asset identification 2. Threat evaluation 3. Vulnerability appraisal 4. Risk assessment 5. Risk mitigation 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Asset Identification 1. Asset Identification Asset Identification is the process of inventorying items with economic value Common assets people physical assets data hardware software Determine item's relative value how critical is the asset for the company goals how much revenue asset generates how difficult to replace asset impact of the asset if it is unavailable to the organization Could rank using a number scale 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
2 2. Threat Evaluation Common Threat Agents Threat Evaluation is the process of listing dangers Understanding the threats (and how they work) gives insight into what is vulnerable Also, like Asset Evaluation, a ranking system is useful Category Natural disasters Theft Espionage Extortion Hardware failure Example Fire, flood, or earthquake destroys data Software is pirated, hardware stolen, or copyright infringed Spy steals production schedule Mail clerk is blackmailed into intercepting letters Firewall blocks all traffic 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Common Threat Agents 2. Threat Evaluation Category Human error Sabotage Software attacks Software error Utility failure Example Employee drops a laptop in the parking lot Employee deletes data out of spite Virus, worm, denial of service, etc Bug in application prevents database access Electrical power is lost for an hour Threat modeling goal: understand attackers and their methods often done by constructing scenarios Attack tree provides visual representation of potential attacks inverted tree structure 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Attack Tree: Car Radio Attack Tree: Grading System 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
3 3. Vulnerability Appraisal 3. Vulnerability Appraisal Vulnerability Appraisal determine current weaknesses at a specific time Every asset should be viewed in light of each threat Catalog each vulnerability Impact No impact Small / minor Significant Major Catastrophic Description Would not have a notable affect on the company. (e.g. computer mouse is lost) Result in inconvenience that might require procedure change (lack of supplies) Results in low productivity and requires cost to alleviate (malware attack) Considerable negative impact on revenue (theft of project data) Causes the company to cease functioning or be crippled (tornado destroys all data) 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Risk Assessment 4. Risk Assessment Risk assessment determines the damage resulting from attack Assess likelihood that vulnerability is a risk to organization Exposure factor is the probability that an asset will be destroyed by a particular risk Annualized rate of occurrence is the probability that a risk will occur in a particular year 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Risk Assessment 5. Risk Mitigation Single loss expectancy (SLE) expected monetary loss each time a risk occurs calculated: asset value exposure factor Annualized loss expectancy (ALE) expected monetary loss over one year calculate: SLE annualized rate of occurrence Risk Mitigation is the process of eliminating risk to assets Common tasks what to do about risks how much risk can be tolerated 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
4 5. Risk Mitigation Options for dealing with risk diminish transfer (outsourcing, insurance) accept Assessment Techniques How to Protect Your System 6/18/2018 CSC Cook - Sacramento State - Summer Assessment Techniques Application Development There are a number of techniques that are employed to better assess risk Baseline reporting baseline is a standard for solid security compare system to baseline note, evaluate, and possibly address differences Minimize vulnerabilities during software development Challenges to approach: software application size and complexity smaller and simpler is better (simplicity!) lack of security specifications future attack techniques unknown new designs have flaws 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Software Assessment Assess Ports 1. Review design in requirements phase 2. Conduct design reviews consider including a security consultant review code during implementation phase examine the "attack surface" (code executed by users) 3. Correct bugs during verification phase 4. Create and distribute security updates Know the ports available on each system Some can be used by attacker to target specific service Port scanner software searches system for port vulnerabilities used to determine port state: open, closed, blocked 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
5 Assess Ports Some Common Port Numbers Well-known port numbers reserved for most universal applications e.g. HTTP, POP, SMTP Registered port numbers other applications not as widely used e.g. instant messengers, MMOs Dynamic and private port numbers available for any application to use attackers may put their software on these Port Name Notes 20 FTP Data Data for File Transfer Protocol 21 FTP Control Control commands for FTP 23 Telnet Remote control of the computer 25 SMTP Simple Mail Transfer Protocol 54 DNS Domain Name Service 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Some Common Port Numbers Protocol Analyzers Port Name Notes 69 TFTP Trivial File Transfer Protocol 80 HTTP Hypertext Transfer Protocol 989 FTPS - Data Data for Secure File Transfer Protocol 990 FTPS Control Control for Secure File Transfer Protocol Protocol analyzers is hardware or software that captures packets Another name for "sniffers" Legitimate uses: troubleshooting by network administrators characterizing network traffic security analysis what can attackers see? Example: Wireshark 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Vulnerability Scanners Products that look for vulnerabilities in networks or systems Most maintain a database categorizing vulnerabilities they can detect Example: Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner 6/18/2018 CSC Cook - Sacramento State - Summer
6 Vulnerability Scanners Example Scanner Capabilities Creates report of potential exposures Should be conducted on existing systems and as new technology is deployed Usually performed from inside the security perimeter Does not interfere with normal network operations Watch for changes: alert when new systems added to network alert when a system configuration changes Track network activity detect when internal system begins to port scan other systems log interactive network sessions which systems talk to with other systems 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Problems with Assessment Tools Penetration Testing There is no standard for collecting, analyzing, reporting vulnerabilities Open Vulnerability and Assessment Language (OVAL) designed to promote open and publicly available security content standardizes information transfer across different security tools and services Designed to exploit system weaknesses Someone is hired to attack relies on tester s skill, knowledge, cunning usually conducted by independent contractor usually conducted outside security perimeter May disrupt network operations End result: penetration test report 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Types Penetration Testing Types Penetration Testing Black box test tester has no prior knowledge of network infrastructure the must hunt around like an attacker would White box test tester has in-depth knowledge of system simulates an inside job or attacker that researched target Gray box test some limited information has been provided to the tester tests average knowledge an attacker would have procured through dumpster-diving, etc allows a very in-depth analysis 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
7 Honeypots and Honeynets Honeypots & Honeynets Laying a Tasty Little Trap When an attacker breaks into a computer it is often to destroy data or steal it They, naturally, look in some areas and for specific files This knowledge of attacker behavior can be used against them 6/18/2018 CSC Cook - Sacramento State - Summer Honeypots and Honeynets Typical Attributes A honeypot is decoy computer designed to catch the attention of attackers A honeynet is a decoy network of honeypots Protected by minimal security Intentionally configured with vulnerabilities Contains bogus data files designed to look interesting perhaps these are the files that the attacker is after e.g. source code, password file 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Goals Reveal their techniques real system can be protected better as a result perhaps show knowledge about the attacker Alert the admin Waste the attacker's time "Shields Up!" Mitigating and Deterring Attacks 6/18/2018 CSC Cook - Sacramento State - Summer
8 Mitigating and Deterring Attacks Creating a Security Posture Defense and deterring attacks is essential for any network Standard techniques: 1. creating a security posture 2. configuring controls 3. hardening 4. reporting A security posture describes strategy regarding security Initial baseline configuration standard security checklist systems evaluated against baseline starting point for security 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Creating a Security Posture Configuring Controls Continuous security monitoring regularly observe systems and networks look for any unauthorized changes Remediation vulnerabilities will be exposed, put plan in place to address them Properly configuring controls is key to mitigating and deterring attacks Information security controls can be configured to detect attacks sound alarms prevent attacks 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Configuring Controls Configuring Controls: Failure Some controls are for detection security camera motion detector Some controls are for prevention properly positioned security guard locked door When normal function interrupted by failure: which is higher priority: security or safety? Fail-open lock unlocks doors automatically upon failure e.g. train brakes pressure loss causes lock Fail-safe lock automatically locks upon failure highest security level 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
9 Hardening Reporting Hardening is elimination as many security risks as possible Techniques to harden systems protect accounts with passwords disabling unnecessary accounts disabling unnecessary services protecting management interfaces and applications Reporting is providing information regarding events that occur Alarms or alerts sound warning if specific situation is occurring e.g. alert if too many failed password attempts 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Reporting Reporting can important provide information on trends Can indicate a serious impending situation e.g. multiple user accounts experiencing multiple password attempts Intrusion Detection Alert! Alert! Alert! 6/18/2018 CSC Cook - Sacramento State - Summer Intrusion Detection Host Intrusion Detection System Passive and active security can be used in a network Active measures provide higher level of security Intrusion detection system (IDS) is an active security measure that can detect an attack as it occurs Host intrusion detection system (HIDS) is a software-based application that can detect attack as it occurs Installed on each host needing protection Monitors: system calls and file system access recognize unauthorized Registry modification all input and output communications 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
10 Disadvantages of Host IDS Network IDS Cannot monitor network traffic that does not reach local system All log data is stored locally Resource-intensive and can slow system Network intrusion detection system (NIDS) watches for attacks on the network NIDS sensors installed on firewalls and routers which gather information and report back to central device 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Network IDS Intrusion Prevention system Passive NIDS will simply sound an alarm Active NIDS will sound alarm and take action filtering out intruder s IP address terminate TCP session collect data on suspect Network intrusion prevention system (NIPS) is similar to active NIDS Attributes monitors network traffic to immediately block a malicious attack NIPS sensors located in line on firewall itself 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Monitoring Methodologies Monitoring Methodologies Anomaly-based monitoring compares current detected behavior with baseline any changes raise an alarm Signature-based monitoring looks for well-known attack signature evidence unknown signatures still a danger Behavior-based monitoring detects abnormal actions by processes or programs alerts admin who decides whether to allow or block Heuristic monitoring uses experience-based techniques can find attack-like behavior 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
11 Port Scanning Detection Methodology Detect Port Scan? Comments Anomaly-based Signature-based Depends Depends Only if app had tried to scan previously and baseline was established. Only if signature of scanning by this application was created Monitoring System Logs Behavior-based Depends Only if this action is different from other applications Heuristic-based Yes IDS is triggered if any app tries to scan multiple ports Software that Helps 6/18/2018 CSC Cook - Sacramento State - Summer Monitoring System Logs Monitoring System Logs A log is a record of events Log entries contain information related to a specific event e.g. IP address, dates, services Monitoring logs is useful determine how an attack occurred whether successfully resisted Audit log can track user authentication attempts Access log can provide details about requests for specific files 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer Important Logs Benefits of Monitoring System event logs record: client requests and server responses usage information account information operational information Security application logs: anti-virus software log automated patch update service log Identify security incidents, policy violations, fraudulent activity Provide information shortly after event occurs Provide information to help resolve problems Help identify operational trends and long-term problems Provide documentation of regulatory compliance 6/18/2018 CSC Cook - Sacramento State - Summer /18/2018 CSC Cook - Sacramento State - Summer
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and risk management Describe the components of risk management List
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 5 Host, Application, and Data Security Objectives List the steps for securing a host computer Define application security Explain
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationEthical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking
Ethical Hacking and Countermeasures: Attack Phases, Second Edition Chapter 1 Introduction to Ethical Hacking Objectives After completing this chapter, you should be able to: Understand the importance of
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationCIT 480: Securing Computer Systems. Putting It All Together
CIT 480: Securing Computer Systems Putting It All Together Assurance 1. Asset identification 1. Systems and information assets. 2. Infrastructure model and control 1. Network diagrams and inventory database.
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationCISNTWK-440. Chapter 5 Network Defenses
CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why
More informationVulnerability Management
Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationCompliance Audit Readiness. Bob Kral Tenable Network Security
Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support
More informationChoosing the Right Security Assessment
A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding
More informationSecuring Information Systems
Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationICT Security Policy. ~ 1 od 21 ~
ICT Security Policy ~ 1 od 21 ~ Index 1 INTRODUCTION... 3 2 ELEMENTS OF SECURITY CONTROL... 4 2.1 INFORMATION MEDIA MANAGEMENT... 4 2.2 PHYSICAL PROTECTION... 6 2.3 COMMUNICATION AND PRODUCTION MANAGEMENT...
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More information10 Hidden IT Risks That Might Threaten Your Business
(Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationInformation Security Management System
Information Security Management System Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationSecuring Access to Network Devices
Securing Access to Network s Data Track Technology October, 2003 A corporate information security strategy will not be effective unless IT administrative services are protected through processes that safeguard
More informationNERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks
NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationWHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS
WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS 1 INTRODUCTION Mergers & Acquisitions (M&A) are undertaken for a variety of strategic reasons that aim for greater synergy,
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationThe McGill University Health Centre (MUHC)
The McGill University Health Centre (MUHC) Strengthening its security posture with in- depth global intelligence Overview The need MUHC security staff wanted to more quickly identify and assess potential
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationChapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.
Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationGuide to Network Defense and Countermeasures Second Edition. Chapter 2 Security Policy Design: Risk Analysis
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis Objectives Explain the fundamental concepts of risk analysis Describe different approaches to
More informationInformation System Security. Nguyen Ho Minh Duc, M.Sc
Information System Security Nguyen Ho Minh Duc, M.Sc Contact 2 Nguyen Ho Minh Duc Phone: 0935 662211 E-mail: duc.nhm@gmail.com Web:http://nhmduc.wordpress.com 3 Lecture 01 INTRODUCTION Topics 4 What information
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 Copyright 2011 Pearson Education, Inc. STUDENT LEARNING OBJECTIVES Why are information systems vulnerable to destruction, error, and abuse? What is the business
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More information