Upload File

thesecurityvulnerabilityassessmentprocessbestpractices-121018071118-phpapp01

  • Home
  • Documents
  • thesecurityvulnerabilityassessmentprocessbestpractices-121018071118-phpapp01
32
 Kellep A. Charles, CISA, CISSP The Security Vulnerability  Assessment Proc ess, Best Practices & Challenges 1  www.Securityrb.com

Upload: saravanan-purushothaman

Post on 02-Nov-2015

212 views

Category:

Documents


0 download

Report

DESCRIPTION

na

TRANSCRIPT

  • Kellep A. Charles, CISA, CISSP

    The Security Vulnerability Assessment Process, Best Practices & Challenges*www.SecurityOrb.com

    www.SecurityOrb.com

  • AgendaAbout MeTopic IntroductionThe ProcessThe Best Practices/Challenges Conclusion

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • About MeKellep Charles but you can call me K.C.Government contractor in the DC areaServed as an adjunct professor Doctoral Student Research area: Human Computer Interaction-Security HCI-SecHoneypot & Artificial Neural NetworksOperate SecurityOrb.com

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • IntroductionSecurity vulnerability assessments have become an imperative part of any organizations computer and network security posture.

    Many organizations consist of:Heterogeneous computing environmentsWindows, Mac OS X, Linux/UnixMultiple ApplicationsDistributed computingInternet-enabled information access systems. The need to understand the state of an organizations overall information system is ever more important now.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • IntroductionBest practices in information security acknowledgea defensive only approach to securing an enterprise does not sufficeat times is considered inadequate.

    Frequently these defensive security devices such as firewalls and intrusion detection systems (IDS)often not configured properly not capable of locating all the vulnerabilities and threats on the network, especially at the node level.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • IntroductionPerforming regular security vulnerability assessment helps bridge that gap

    Allows an organization to take a proactive stance towards protecting their information computing environment.

    The bottom line objective is to safeguard the core intellectual and electronic assets of the organization, and to ensure compliance with appropriate regulations

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Why Is It So Vital?*Most Systems are unpatchedLazy, overworked or misinformed system administratorsMost compromises are from unpatched systems with patches or work around availableSome systems cannot be patched (allow for alternate defense)Proactive and offensive posture towards securityCompliance

    www.SecurityOrb.com

    www.SecurityOrb.com

  • Assessment LevelsBasic Security Assessment - The objective for this assessment is to give the responsible party a basic understanding of the security of the business as a whole in three key areas: Administrative, Physical and Technical Safeguards. It is meant to point out possible areas of weakness with a walk through of the facility and a Q&A session. It is not an in-depth study, rather, a basic first step in protecting information.

    In-depth Security Assessment - This is a comprehensive study of the security of your business. We will analyze all policies and procedures, router access lists, Firewall configurations and policies, PC and server configurations, complete Website review, complete mail server review. We will then present the client with a written report of our findings. This type of assessment will give you a thorough understanding of how your company measures up to "Industry Best Practices".

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Assessment Levels

    External Vulnerability Testing - We will test your network from the outside from a "hacker's point-of-view". We will use the same tools criminals use to try and compromise your network and servers.

    Internal Vulnerability Testing - These are the same tools used in the External test. This type of assessment is essential in understanding how and why hackers, viruses and worms spread so quickly through an organization.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Assessment ProcessTo effectively conduct a security assessment so it is beneficial to an organizationa proven methodology must be followed so the assessors and assesses are on the same page.

    Using a proven security assessment methodology supplies a blueprint of events from start-to-finish that can be examined, tracked and replicated.

    Reports that are constructed from the security assessments are used to provide a snap shot view of information system deficiencies for short-term analysis as well as trending data for long-term evaluation

    Allowing the organization to understand their vulnerabilities so they can better protect themselves from current and future threats. *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessThe process includes the following 6 phasesPre Security Assessment ProcessSecurity Assessment In-BriefSecurity Assessment Field WorkSecurity Assessment Report Analysis & PreparationSecurity Assessment Out-Brief Post Security Assessment Process

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessPre-Security Assessment Process

    The pre-security assessment process entails one of the most important aspects of conducting a security assessment. Obtaining an engagement letter grants the assessment team the authority to commence with the formal processes of creating documentation to support the security assessment, permission for the onsite visit and the overall authority to conduct the security assessment.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment In-Brief

    Once the team has arrived at the assessment location, a security assessment in-brief is required. In the in-brief, both the security assessment team and the organizational staff members will introduce themselves and the roles they will have during the security assessment process.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment Field Work (Scanning, Interview, Walk-Thru and Doc Review)

    Once the in brief has been review, discussed, completed and agreed upon, the security assessment fieldwork can commence. The security assessment field-work process consist of conducting vulnerability scans, facility walkthrough, manual system checks, staff interview and various document reviews.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment Report Analysis & Preparation

    Towards the end of the security assessment, once all of the security assessment fieldwork has been completed, the security assessment team will review and process the information in preparation of the final report. During this phase, the security assessment team will address any false positive, document any variances and findings that will be included in the final report.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment Report Analysis & Preparation

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment Report Analysis & Preparation

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment Out-Brief The security assessment team will provide recommendations as well. Contact information will be on the out-brief.

    This process should be interactive were questions are taken through out the security assessment out-brief.

    At the end of the security assessment out-brief, both parties will have to sign the pages of the out-brief and discuss what will be occurring in the post security assessment process.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessSecurity Assessment Out-Brief The security assessment team will provide recommendations as well. Contact information will be on the out-brief.

    This process should be interactive were questions are taken through out the security assessment out-brief.

    At the end of the security assessment out-brief, both parties will have to sign the pages of the out-brief and discuss what will be occurring in the post security assessment process.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Security Assessment ProcessPost Security Assessment Process

    The post security assessment process is where the security assessment team securely files all documentation and electronic data pertaining to the organization in which the security assessment was conducted on. In addition, a team meeting with all members of the assessment team should be conducted to review and lessons learned to add any improvements or deficiencies to the process.

    *www.SecurityOrb.com

    www.SecurityOrb.com

  • Vulnerability Assessment, Penetration Test & Security AuditA vulnerability assessment is a practice used to identify all potential vulnerabilities that could be exploited in an environment. The assessment can be used to evaluate physical security, personnel (testing through social engineering and such), or system and network security.

    While a vulnerability assessment's goal is to identify all vulnerabilities in an environment, a penetration test has the goal of "breaking into the network." only needs to exploit one or two vulnerabilities to actually penetrate the environment. Penetration testing is also referred to as ethical hacking

    A security audit is basically someone going around with a criteria checklist of things that should be done or in place to ensure that the company is in compliance with its security policy, regulations and legal responsibilities. www.SecurityOrb.com*

    www.SecurityOrb.com

  • Credential Scans vs Un-credential ScansCredentialed scanning allows for a much more accurate and thorough picture of the system. Mechanic and doctor example

    Part of vulnerability scanning is to identify missing patches that leave a machine open to compromise.

    Test of a Windows 7 system The results speak for themselves: first scan without credentials, then with credentials What do you think you will see?www.SecurityOrb.com*

    www.SecurityOrb.com

  • Credential Scans vs Un-credential Scans Test of a Windows 7 system The results speak for themselves: without credentials, the scan identified highs=0; meds=0; lows=1. With credentials: highs=7; meds=8; lows=5 Guess which one is more accurate.www.SecurityOrb.com*

    www.SecurityOrb.com

  • Credential Scans vs Un-credential Scanswww.SecurityOrb.com*

    www.SecurityOrb.com

  • Credential Scans vs. Un-credential Scanswww.SecurityOrb.com*

    www.SecurityOrb.com

  • System HardeningCenter for Internet Security (CIS) Benchmarksprovides standards and metrics that dramatically raise the level of security to ensure the integrity of the public and private Internet-based functions on which society increasingly depends. Federal Desktop Core Configuration (FDCC)A list of security settings recommended by the National Institute of Standards and Technology for general-purpose microcomputers that are connected directly to the network of a United States government agency.Security Technical Implementation Guide (STIG) DISAs methodology for standardized secure installation and maintenance of computer software and hardware. Security Content Automation Protocol (SCAP)a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP.Some items may have to be changed to obtain credential scans www.SecurityOrb.com*

    www.SecurityOrb.com

  • Vulnerability ManagementThe repeated practice of identifying, classifying, remediating, and mitigatingPrioritizeMitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed. This is often done via patching vulnerable services, changing vulnerable configurations or making application updates to remove vulnerable code.Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, vulnerability management is an ongoing process rather than a point-in-time event.

    www.SecurityOrb.com*

    www.SecurityOrb.com

  • ComplianceRegulatory Bodies

    www.SecurityOrb.com*

    www.SecurityOrb.com

  • Other Things to ConsiderVirtualizationCloud ComputingPoliticsReoccurring ScansDistributed ScanningPatch ManagementPenetration Testing

    www.SecurityOrb.com*

    www.SecurityOrb.com

  • What Vulnerability Scanning Cant DoFind Zero-Days and malwareEliminates the most obvious and known security threats.Cant PatchDetermine the difference between False Positive/Negativewww.SecurityOrb.com*

    www.SecurityOrb.com

  • ConclusionThe art of defending an organizational network takes many approaches to be done successfully. No one control can assure that the network is safe. Firewalls are great for prevention, IDS offer the ability for detection, Security Awareness briefing provides for user knowledge and Security Assessments assist with a proactive posture towards security.It also helps prove you've done "due diligence" in performing basic system patches and fixing the well-known problems in case a security breach causes financial, legal or regulatory problems.

    www.SecurityOrb.com

  • Thank You@kellepc @securityorb*www.SecurityOrb.com

    www.SecurityOrb.com

    **


Pokayokefinalppt 1334856991612-phpapp01-120419123833-phpapp01

Erpsalespowerpoint8slide1 13137903710224-phpapp01-110819164840-phpapp01

Conceptlastgenerationbooks 13190706635123-phpapp01-111019193558-phpapp01

Borregoaustralianospanishrecipecards 1321197403-phpapp01-111113091854-phpapp01

Clientretentionadilemma19junewebinarfinal 13468883786428-phpapp01-120905184107-phpapp01

Michefall2013catalog 130719170659-phpapp01-130722110728-phpapp01

Congress 091005124402 Phpapp01 091014131158 Phpapp01

Presentacindefinitivachileslideshare 13351962737836-phpapp01-120423105244-phpapp01

Presentationgeneral 13105775258558 Phpapp01 110713122344 Phpapp01

Sternautobedrijfspresentatie2012 13299273125283 Phpapp01 120222101715 Phpapp01

Owtv 13336434806874 Phpapp01 120405113501 Phpapp01

Conferencesolvabilit2ia2011 13106513506574-phpapp01-110714085354-phpapp01

Basicenglishgrammarbook2 110523085530-phpapp01-111203215246-phpapp01

Soalprediksiunipasmptahun2014paket3 140317073721 Phpapp01 140406055153 Phpapp01

Socialmediaisalotlikesex 121029133330-phpapp01-121109010625-phpapp01

Briefrml 13196537590544-phpapp01-111026133451-phpapp01

Hrpresentation1 13311528807469-phpapp01-120307144646-phpapp01

Slidesharepresentation 090706130936 Phpapp01 090910115036 Phpapp01

Uspsocialmediaseriespharma4 1330710013868 Phpapp01 120302114453 Phpapp01

1 140502061903-phpapp01-140502160314-phpapp01

Creativeproblemsolvingpracticaltoolsfinal 131903461701-phpapp01-111019093051-phpapp01

Treinamentodesqlbsicoigoralves 13046863112845 Phpapp01 110506075413 Phpapp01

Varelrollerconedrillbits 13261086839331-phpapp01-120109053222-phpapp01

Ilcrowdfunding 111115082154-phpapp01-120104164459-phpapp01

Practicadeword 111017205627-phpapp01-111019095249-phpapp01

Blog 120715043550-phpapp01-140630042635-phpapp01-140630102643-phpapp01

Nguoinamchamlinho 130313000327-phpapp01-130513050024-phpapp01

12mendiagnosispermasalahanpengoperasianpcygtersambungjar 1317229815-phpapp01-110928121055-phpapp01

Qumicaorgnica 130731235558-phpapp01-131119103244-phpapp01-131122091004-phpapp01

Experienciaexitosadeliciaschihuahua 121130131456-phpapp01-130218203746-phpapp01

Preparaoparaacrisefinal 120124083836 Phpapp01 140827185151 Phpapp01

Apfcpresentation 13069084504617-phpapp01-110601011021-phpapp01

Governmentassignmentkennychrisaustin 091005142914 Phpapp01 091007142214 Phpapp01

Totaldefenseproductinformation 1327447773974 Phpapp01 120124173019 Phpapp01

Apostilaadaptadadudu2 130720215443-phpapp01-140128062149-phpapp01