security awareness: applying practical security in your world chapter 6: total security
Post on 21-Dec-2015
225 Views
Preview:
TRANSCRIPT
Security Awareness: Applying Security Awareness: Applying Practical Security in Your Practical Security in Your
WorldWorld
Chapter 6: Total SecurityChapter 6: Total Security
Security Awareness: Applying Practical Security in Your World 2
ObjectivesObjectives
List some of the challenges of making a computer secure
Explain how to be prepared for a security attack
List the steps that are important to keeping alert to attacks
Explain how an organization and a user can resist security attacks
Security Awareness: Applying Practical Security in Your World 3
Total Security Total Security
Computers around the world are vulnerable to threats New threats surface almost daily
The need for security will continue to be a key element of IT systems
Total security is a way of THINKING, PLANNING AND ACTING
Security Awareness: Applying Practical Security in Your World 4
The Security ChallengeThe Security Challenge
Trends expert cite Speed of attacks
Sophistication of attacks
Faster detection of weaknesses
Distributed attacks
Attacks on routers
Difficulties in patching (See Table 6-1)
Security Awareness: Applying Practical Security in Your World 5
The Security Challenge The Security Challenge (continued)(continued)
Security Awareness: Applying Practical Security in Your World 6
Prepare for AttacksPrepare for Attacks
Security begins with preparation:
Right philosophy about security
Create a framework for action
Putting it all into practice
Security Awareness: Applying Practical Security in Your World 7
Develop a PhilosophyDevelop a Philosophy
Information security philosophy Absolute security can never be achieved on any network or computer Positive side: Users’ and administrators’ awareness
of lack of 100% security = Be more alert!
Security Awareness: Applying Practical Security in Your World 8
Establish a FrameworkEstablish a Framework
Framework Establish how security should be approached
Microsoft’s framework SD3+C Secure by Design
Secure by Default
Secure by Deployment
Communications
Security Awareness: Applying Practical Security in Your World 9
Establish a Framework Establish a Framework (continued)(continued)
Cisco’s framework Protect against known and unknown attacks
Deploy security devices in layers
Integrate security throughout the network
Be sure decision making and reporting are accurate
Security solution must be scalable and operationally effective
Security Awareness: Applying Practical Security in Your World 10
Take ActionTake Action
Implementing security involves:
Patching software
Hardening systems
Blocking attacks
Testing defenses
Security Awareness: Applying Practical Security in Your World 11
Patch SoftwarePatch Software
Patch software Hackers exploit weaknesses resulting from unpatched software to gain the easiest route Organizations and individuals should have a process
for identifying vulnerabilities and responding by applying necessary patches immediately
Proactive patch management is the first step in maintaining a secure environment (See Table 6-2)
Security Awareness: Applying Practical Security in Your World 12
Patch Software (continued)Patch Software (continued)
Security Awareness: Applying Practical Security in Your World 13
Harden SystemsHarden Systems
Hardening Properly configuring and securing a system against attackers Default configurations are often left unsecured
Steps to systems hardening: Know what you are trying to protect
Know what you are trying to protect it from
Security Awareness: Applying Practical Security in Your World 14
Harden Systems (continued)Harden Systems (continued)
Systems hardening includes: Computer
Patch management
Install antivirus and antispyware and keep updated
Disable macros in Office applications
Internet connection Block cookies
Set browser security settings to highest level
Security Awareness: Applying Practical Security in Your World 15
Harden Systems (continued)Harden Systems (continued)
Systems hardening includes: (continued) Implement advanced security as necessary
Use WEP encryption
E-mail Filter out executables
Turn off Preview Pane
Wireless networks Turn off broadcast information
Filter MAC addresses
Security Awareness: Applying Practical Security in Your World 16
Block AttacksBlock Attacks
Prime defense in blocking attacks is a firewall Enterprise firewalls Installed at the network
perimeter
Individual users Internet Connection Firewall or other personal firewall software
Hiding IP address of devices from hackers NAT
Proxy servers
Security Awareness: Applying Practical Security in Your World 17
Test DefensesTest Defenses
Does it all work? Don’t wait for an attack to find out! TEST YOUR
OWN DEFENSES! Several products are available to probe defenses and
find weaknesses
Microsoft Baseline Security Analyzer (See Figure 6-1)
Testing should be a regular step in the security process
Security Awareness: Applying Practical Security in Your World 18
Keep AlertKeep Alert
Biggest mistake when dealing with security is letting guard down It is important to always keep alert to new threats
Know what hackers are doing
Use support provided by other security groups
Be familiar with tools used to secure systems
Security Awareness: Applying Practical Security in Your World 19
Know the EnemyKnow the Enemy
Attacks on data usually follow trends and create patterns Most hackers imitate other hackers
The Internet contains a wealth of information posted by hackers (See Figure 6-2)
Visit hacker Web sites regularly to keep up on what hackers are doing
Security Awareness: Applying Practical Security in Your World 20
Join with AlliesJoin with Allies
You are not alone in the fight for information security Learn from other groups
Many Web sites provide information on security: www.sans.org
isc.incidents.org
www.cert.org (See Figure 6-3)
Security Awareness: Applying Practical Security in Your World 21
Build a ToolboxBuild a Toolbox
There are many tools available for securing a computer or network
Search the Internet for information and tools to help with security efforts
Security Awareness: Applying Practical Security in Your World 22
Resist AttackResist Attack
No matter how good defenses are, attacks will happen
Organizations and individuals need to know how to react to an attack
Security Awareness: Applying Practical Security in Your World 23
Organizational ResponseOrganizational Response
Response must be orchestrated among users, managers, IT personnel, and others Response measured in:
How to prepare
How to know if an attack is occurring]
How to respond
How to preserve evidence
Security Awareness: Applying Practical Security in Your World 24
Organizational Response Organizational Response (continued)(continued)
Preparation Store a clean copy of the operating system on a CD
for quick clean-up and reinstallation Keep updates for all software on CD in the event the
Internet is unavailable during reinstallation Be sure users have adequate training Keep a prioritized list of key assets to be protected
first in an emergency Establish and maintain disaster recovery
information for all systems
Security Awareness: Applying Practical Security in Your World 25
Organizational Response Organizational Response (continued)(continued)
Detection Early warning signs of an attack
Changes in network traffic
Slow running computer
Sudden appearance of a new user account
Maintain and review event logs
Visit security organizations for up-to-date information on latest attacks and trends
Security Awareness: Applying Practical Security in Your World 26
Organizational Response Organizational Response (continued)(continued)
Response Identify the nature of the attack Identify the source Communicate information about attack to
appropriate persons All users may or may not need to know, based on
the nature of the attack
Isolate and contain the attack Determine additional steps necessary based on the
nature of the attack (change passwords, disconnect, etc.)
Security Awareness: Applying Practical Security in Your World 27
Organizational Response (continued)Organizational Response (continued)
Preserve Evidence Computer forensics Science of preserving and
analyzing evidence
Evidence may be used to prosecute
Many tools are available for forensics work General rules to follow:
Keep backup copies of logs Take detailed notes Don’t attempt to change or fix the affected computer
The more you do to it, the more likely you are to destroy evidence
Security Awareness: Applying Practical Security in Your World 28
User ResponseUser Response
Response for a user is usually not as extensive as that for an organization
Guidelines: Keep a current copy of your operating system’s
recovery disk and operating system software on CD
Be aware of news of impending attacks and/or check security sites regularly
Keep watch over your computer
If you are attacked, disconnect from the Internet
Security Awareness: Applying Practical Security in Your World 29
User Response (continued)User Response (continued)
User response guidelines: Use another computer to search the Internet for
cleanup tools. Copy to CD and run on affected computer
Inform contacts in e-mail address book that you were attacked and to be cautious of e-mail from you
Find virus removal tools
After clean up, determine why your computer was compromised and what you can do to prevent it in future
Security Awareness: Applying Practical Security in Your World 30
Summary Summary
Computer attacks are becoming more sophisticated and more frequent. Defending against attack requires a total secure
approach
Security begins by having the right mind set or philosophy and developing a framework for security.
We can never be totally secure BE ALERT!
Security Awareness: Applying Practical Security in Your World 31
Summary (continued)Summary (continued)
Four major steps to putting the framework and philosophy into practice:
Patch
Harden
Block unnecessary traffic
Test
It is important to keep alert to new security challenges Staying up-to-date on current threats and tools can
help keep a system secure
Security Awareness: Applying Practical Security in Your World 32
Summary (continued) Summary (continued)
Key steps in responding to an attack:
Preparation
Detection
Inform users
Preserve evidence
top related