CIT 480: Securing Computer Systems. Putting It All Together

Similar documents
Ethical Hacking & Information Security. Justin David G. Pineda Asia Pacific College

ANATOMY OF AN ATTACK!

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

CND Exam Blueprint v2.0

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

K12 Cybersecurity Roadmap

Building Secure Systems

Ingram Micro Cyber Security Portfolio

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

CCISO Blueprint v1. EC-Council

Security Issues and Best Practices for Water Facilities

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

Information Security in Corporation

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

CompTIA Cybersecurity Analyst+

Designing and Building a Cybersecurity Program

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Gujarat Forensic Sciences University

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

CS 356 Operating System Security. Fall 2013

CyberSecurity: Top 20 Controls

IC32E - Pre-Instructional Survey

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Security by Default: Enabling Transformation Through Cyber Resilience

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

CompTIA Security+(2008 Edition) Exam

SECURITY & PRIVACY DOCUMENTATION

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

CIT 480: Securing Computer Systems. Incident Response and Honeypots

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Security+ SY0-501 Study Guide Table of Contents

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Federal Virtual Training Environment (FedVTE) Pre-Approved for CompTIA CEUs

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

UPDATED: 10/17/16. Senior Level. Senior Specialty Threat, Consultant, Engineer, Manager. Mid Level Analyst

NEN The Education Network

Altius IT Policy Collection

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Will you be PCI DSS Compliant by September 2010?

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Checklist: Credit Union Information Security and Privacy Policies

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Certified Information Systems Auditor (CISA)

CompTIA CSA+ Cybersecurity Analyst

Unit 3 Cyber security

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

E-guide Getting your CISSP Certification

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Information Security Policy

Carbon Black PCI Compliance Mapping Checklist

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

Projectplace: A Secure Project Collaboration Solution

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

How Breaches Really Happen

Network Security and Cryptography. December Sample Exam Marking Scheme

CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]

Information Technology General Control Review

2. INTRUDER DETECTION SYSTEMS

Certified Ethical Hacker (CEH)

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

External Supplier Control Obligations. Cyber Security

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :

Out-of-Band Management

The Common Controls Framework BY ADOBE

Information Security Controls Policy

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Technology Security Failures Common security parameters neglected. Presented by: Tod Ferran

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Pluralsight CEU-Eligible Courses for CompTIA Network+ updated March 2018

University of Pittsburgh Security Assessment Questionnaire (v1.7)

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Advanced Security Tester Course Outline

TIPS FOR AUDITING CYBERSECURITY

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

CompTIA Security+ Certification

Cyber Protections: First Step, Risk Assessment

AUTHORITY FOR ELECTRICITY REGULATION

Service Provider View of Cyber Security. July 2017

QuickBooks Online Security White Paper July 2017

Symantec Ransomware Protection

Daxko s PCI DSS Responsibilities

Define information security Define security as process, not point product.

Mohammad Shahadat Hossain

Security Solutions. Overview. Business Needs

Transcription:

CIT 480: Securing Computer Systems Putting It All Together

Assurance 1. Asset identification 1. Systems and information assets. 2. Infrastructure model and control 1. Network diagrams and inventory database. 2. Change control. 3. Threat analysis and prediction 4. Response coordination 1. Attack identification. 2. Incident response team.

Asset Identification Information Assets Databases, files, backup tapes, paper files. Software Assets Application and system software. Physical Assets Computers, network gear, storage media, generators. Services Subscriptions to databases like Lexis-Nexis Utility services like power, AC, etc. Outsourced services like voice, vending, etc.

Asset Valuation 1. How important is the asset to organization success? 2. How much revenue does the asset generate? 3. How expensive would the asset be to replace? 4. What other costs (legal liability, reputation damage) could be incurred by attacks on asset?

Evaluating Risk 1. Which threats present danger to asset? 2. What components of security (CIA) are threatened in which states of information? 3. What vulnerabilities exist that could lead to exploitation of asset? 4. What security controls could mitigate those vulnerabilities?

Components of Security Integrity Confidentiality Availability

Other Security Components Authenticity Anonymity Assurance

States of Information 1. Storage: information in memory or disk that is not currently being accessed. 2. Processing: information currently being used by processor. 3. Transmission: information in transit between one node and another on a network. Is your information protected in all three states?

Security Controls Security controls are policies, technologies, or human factors that avoid, reduce, or counteract security risks. Controls act in three main ways: Prevention: prevent attackers from violating security policy. Ex: firewall. Detection: detect attackers violation of security policy. Ex: anti-virus. Recovery: stop attack, assess and repair damage. Ex: backups.

Prevention Firewalls Prevent unauthorized network connections. Authentication Prevent unauthorized users from using system. File Access Control Prevent unauthorized access to files. Cryptography Prevent confidentiality violation even if intruder has access to data.

Detection Change management process Require security approval of network changes. Intrusion detection Automated network and/or host based intrusion detection systems. Network scans Audit network for rogue/missing machines. Verify security status of each network device. Log monitoring Monitor sensitive logs (e.g. firewall) in real time.

Recovery Snapshots Filesystem and VM snapshots allow reversion to a previous correct state of the system. Version Control Systems Version control systems like git allow sets of files to be reverted to a previous correct state. Configuration Management Systems like puppet automatically deploy servers based on configuration stored in a version control system. Backups Off-system/site backups permit recovery when all is lost.

Evaluating Security Controls 1. What assets are you trying to protect? 2. What are the risks to those assets? 3. How well does the security control mitigate those risks? 4. What additional risks does the security control cause? 5. What costs and trade-offs does the security control impose?

Authentication Authentication is the act of verifying than an entity is who or what they claim they are. Authentication can be based on 1. What the entity knows (e.g., passwords) 2. What the entity has (e.g., access card) 3. What the entity is (e.g., fingerprints) Or a combination of two or more of 1..3, which is known as Multi Factor Authentication (MFA).

Access Control

Cryptography The message M is called the plaintext. Alice will convert plaintext M to an encrypted form using an encryption algorithm E that outputs a ciphertext C for M. Sender Communication channel Recipient encrypt decrypt ciphertext plaintext plaintext shared secret key Attacker (eavesdropping) shared secret key

Detection Outcomes Actual Result Good Bad Measured Result Good Bad True Positive False Positive False Negative True Negative

Security Principles Compromise recording Economy of mechanism Fail-safe defaults Work factor Complete mediation Security Principles Psychological acceptability Open design Least common mechanism Least privilege Separation of privilege

Defense in Depth Data Application Host Internal network Perimeter Physical security Policies and procedures Authentication, ACLs, encryption, backups Secure programming, input validation, black and white box testing OS hardening, authentication, security patch management, AV, HIDS, nmap, and vulnerability scans Network segments (VLANs), NIDS, firewall, Nmap, and vulnerability scans Firewalls, border routers, VPNs, wireless security (802.11i) Guards, locks, cameras, RFIDs Security policies, procedures, and education

Threat Model A threat model describes which threats exist to a system, their capabilities, resources, motivations, and risk tolerance. Also known as an adversary model. Are you worried about broad or targeted threats? Are your threats able to develop their own tools or just use off the shelf tools? Do you keep enough data about historical incidents to know capabilities and motivations?

Who are the threats? IBM X-Force 2012 Trend and Risk Report

Incident Response 1. Preparation for attack (before attack detected) 2. Identification of attack 3. Containment of attack (confinement) 4. Damage assessment 5. Preserve evidence (if necessary) 6. Eradication of attack (stop attack) 7. Recovery from attack (restore to secure state) 8. Follow-up to attack (analysis and other actions)

Learning More at NKU Minors and Certificates Minors: Information Security, Computer Forensics Certificate in Cybersecurity (BS/IT cybersecurity track) Classes BIS 382: Principles of Information Security CIT 430: Computer Forensics CIT 484: Network Security CIT 481: Cybersecurity Capstone CSC 482: Computer Security CSC 483: Cryptology http://informatics.nku.edu/center-for-information-security/education.html

Local Security Groups NKU Cyber Defense Team https://norserage.com/ Cincinnati 2600 http://cinci2600.org/ Digital Forensics Working Group http://dfwg.co/ Infragard https://www.infragard.org/ Ohio Information Security Forum http://www.ohioinfosec.org/ OWASP Cincinnati https://www.owasp.org/index.php/cincinnati

Local Security Events Bsides Cincy (May) http://bsidescincy.org/ Ohio Infosec Forum (July @ Dayton, OH) http://www.ohioinfosec.org/anniversary.htm DerbyCon (September @ Louisville, KY) https://www.derbycon.com/ NKU Annual Security Symposium (October) http://informatics.nku.edu/center-for-information-security/events.html

Certifications General CISSP and related certifications from (ISC) 2 CISM from ISACA Security+ from CompTIA Technical GIAC certificate family from SANS Certified Ethical Hacker (CEH) from EC-Council Government CNSS 4011, 4012, and 4013 CAE (Cybersecurity Certificate) Vendor Specific CCNA Security, CCNP Security, CCIE Security

Security Careers Threat analysis and intelligence gathering Digital Forensics System and Data Administration Network Administration and Defense Systems Security Analysis Vulnerability Assessment and Management Incident Response Penetration Testing Information Systems Security Management http://www.cybersecurity-careers.com/

Job Titles Security Analyst Security Auditor Security Engineer Security Architect Security Administrator Security Specialist Forensic Analyst Incident Responder Malware Analyst Penetration Tester Vulnerability Researcher Job Prefixes Application Data Computer Information Mobile Network Software System Web

Released under CC BY-SA 3.0 This presentation is released under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free: to Share to copy and redistribute the material in any medium to Adapt to remix, build, and transform upon the material to use part or all of this presentation in your own classes Under the following conditions: Attribution You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. Share Alike If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback