Diagnostic Perspectives

Similar documents
NMI End-to-End Diagnostic Advisory Group BoF. Spring 2004 Internet2 Member Meeting

ICS Security Monitoring

Security Standards for Information Systems

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

ISO27001 Preparing your business with Snare

Identity & Access Management

Cloud Computing Lectures. Cloud Security

Secure Access & SWIFT Customer Security Controls Framework

Security in the Privileged Remote Access Appliance

ISE North America Leadership Summit and Awards

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

Best practices with Snare Enterprise Agents

7.16 INFORMATION TECHNOLOGY SECURITY

CIS Controls Measures and Metrics for Version 7

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

CIS Controls Measures and Metrics for Version 7

Administering System Center 2012 Configuration Manager

Administering System Center 2012 Configuration Manager (10747D)

Structuring Security for Success

Security Readiness Assessment

Administering System Center 2012 Configuration Manager

Cybersecurity The Evolving Landscape

Security in Bomgar Remote Support

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

WORKSHARE SECURITY OVERVIEW

Campus Network Design

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

MEETING ISO STANDARDS

Identity Based Network Access

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

The Case for Comprehensive Diagnostics

IBM C Exam. Volume: 65 Questions

McAfee Security Connected Integrating epo and MFECC

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Layer Security White Paper

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

ISSP Network Security Plan

Table Of Contents INTRODUCTION... 6 USER GUIDE Software Installation Installing MSI-based Applications for Users...9

POLICY 8200 NETWORK SECURITY

Symantec Network Access Control Starter Edition

Endpoint web control overview guide

IBM SmartCloud Notes Security

Google Authenticator User Guide

Advanced Security Measures for Clients and Servers

Network Security Issues and New Challenges

Symantec Network Access Control Starter Edition

University of Pittsburgh Security Assessment Questionnaire (v1.7)

SoftLayer Security and Compliance:

HIPAA Case Study. Implementing a Security Program at a Mid-size Hospital. Lehigh Valley Hospital and Health Network. Brian Martin

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

IBM Case Manager on Cloud

Data Security and Privacy Principles IBM Cloud Services

Compare Security Analytics Solutions

RIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich

SIEM Overview with OSSIM Case Study. Mohammad Husain, PhD Cal Poly Pomona

Administering System Center Configuration Manager

What It Takes to be a CISO in 2017

Microsoft Security Management

Designing Windows Server 2008 Network and Applications Infrastructure

Securing Your Cloud Introduction Presentation

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Advanced Diploma on Information Security

Cyber Security Audit & Roadmap Business Process and

Pulseway Security White Paper

IT Services IT LOGGING POLICY

LOGmanager and PCI Data Security Standard v3.2 compliance

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Executive Summery. Siddharta Saha. Downloaded from

Symantec Network Access Control Starter Edition

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

DRAFT 2012 UC Davis Cyber-Safety Survey

Future-ready security for small and mid-size enterprises

WHITEPAPER. Top Reasons Why Enterprises Must Automat DNS, DHCP and IP Address Management

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

CompTIA SY CompTIA Security+

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

WHO AM I? Been working in IT Security since 1992

Protecting productivity with Industrial Security Services

Standard: Event Monitoring

Grid-CERT Services. Modification of traditional and additional new CERT Services for Grids

GFI Product Comparison. GFI EventsManager 2013 vs. WhatsUp EventLog Management Suite

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Course 831 Certified Ethical Hacker v9

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

IBM Internet Security Systems Proventia Management SiteProtector

Cyber Security. Our part of the journey

2008 Intel Core 2 Processor with vpro Technology Launch Keynote

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Virginia Tech IT Security Lab

Ken Agress, Senior Consultant PlanNet Consulting, LLC.

Transcription:

Diagnostic Perspectives

From the end-user s view??? Workstation Centric: The performance of my workstation seems slow The network is down The network is slow? Application centric: I can t open or launch the application I can t authenticate with the application The application says I m not authorized to use it The application is behaving inconsistently The application is giving errors I can t use all the features of the application The application s performance is poor V 1.06 2

From the help desk s view Workstation Centric: Does the user have the correct version and configuration? Can the user connect to the network and if so, what is their performance????? Security problem? E.g. Botnet, virus, worm, other compromise? Is the user having a hardware problem? Infrastructure centric enterprise based: Can the user get to key local services? E.g. DHCP, DNS, SMTP, POP/IMAP, NTP, Authn, etc Can the user get to key external services?. Are these services operating properly? Application centric: Vital Signs Is the applications basic functionality working? Authn: can the user log in? Authz: what are the user s privileges? Highly focused Is a specific feature of the app working? V 1.06 3

From the diagnostician s view??? Network Centric: Is there an connectivity problem between the user and the application? Could there be a routing or firewall problem? Is the performance or loss of the network at an acceptable level? Service Centric: Are the lower, upper, and middleware services that the end user is dependent upon functioning within an acceptable level and can they get to them? E.g. DHCP, Authn, Authz, DNS, NTP, Email, VPN, Web, etc. Application Centric: Does the application have enough critical resources? Is the application reporting any internal or external errors? Are the lower, upper middleware and services that the application is dependent on functioning an expectable level? What about any external services that the application needs? V 1.06 4

From the CIO s view??? Business centric: Are my customers being serviced properly? How is the infrastructure operating? Finance centric: What do and will I need to spend resources on? Is my staff s time being used effectively? What is the growth in specific areas? Compliance centric: Are our diagnostic procedures consistent with our security and privacy policies? Are we in compliance boundaries for Processes and procedures Legal issues V 1.06 5

The end-user s needs Workstation centric tool that: Verifies basic hardware operation Reports on software versions and any internal errors Reports on network connectivity and performance Verifies that key network services are available Scans system for security external and internal security vulnerabilities Publishes results to diagnostic backplane Application centric tools that: Verifies that the user has the correct resources Conforms a baseline of functions to the user. E.g. what can the user do and a test to prove to them that they can Provides ways for users to tag errors at any phase of the applications operation and publish them to the diagnostic backplane V 1.06 6

The help desk s needs Workstation centric tool that verifies the users: Baseline software and hardware configuration Network connectivity and performance Key network services are available (DHCP, DNS, NTP, Authn/Authz etc.) Service centric enterprise based tools: Testing enterprise base services (DNS, SMTP, POP/IMAP, NTP, Authn, Authz, etc.) from the perspective of the user Querying the infrastructure about internal and external problems The ability to share diagnostic information with internal groups Application centric tools: Real-time views into the application as the user is operating Medium depth tools verifies the operation of the application and its supporting services The ability to share diagnostic information with external groups V 1.06 7

The diagnostician s needs Network Centric Tools: Forensic tools that query the infrastructure about internal and external connectivity problems Active testing tools that perform network tracers at specific intervals and report anomalies into a reporting infrastructure Service Centric Tools: Highly focused passive and active lower, upper, and middleware diagnostic tools that report anomalies Forensic tools that query detailed events of key services using their logs and other means Application Centric Tools: Verification that the application has the correct resources Highly focused tests into specific features and modules The ability to share detailed diagnostic information to the developer in near real-time V 1.06 8

The CIO s needs Business centric: Reporting on help desk problems and resolution Reporting on infrastructure health Finance centric: Anomaly and problem event reporting Reporting infrastructure growth Compliance centric: Security event reporting Reporting that specific processes are being done V 1.06 9

Enabling other Efforts and Tools Diagnostic assistance is provided through the system in several ways: Existing diagnostic tools have been or can be fitted with EDDY normalizers and translators to join into the backplane and make their data available to other applications or to specific help desk/service personnel. Applications can be fitted with similar EDDY normalizers to inject their error logs and diagnostic information into the Backplane. Existing diagnostic tools can be enriched though access to additional diagnostic data through tapping into other sources of information within the backplane. New diagnostic consoles can be developed and assembled from components that access and analyze the rich resources on the backplane. Applications can utilize diagnostic data at lower levels of the protocol stack and present better information to users about problems in access or performance. The diagnostic capabilities can be positioned to provide audit mechanisms as well. This material is based upon work supported by the National Science Foundation under Grant No. 0330626, Carnegie Mellon University, and Internet2. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. V 1.06 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback