Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis Match the technologies used with the security...
-
Upload
evan-collins -
Category
Documents
-
view
226 -
download
0
description
Transcript of Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis Match the technologies used with the security...
Joe BudzynJeff Goeke-Smith
Jeff Utter
Risk Analysis Match the technologies used with the security
need Spend time and resources covering the most
likely and most expensive risks
Firewalls What is a firewall?
A technology for the selective allowance of network traffic.
Types of firewallsStateful or StatelessSoftware or Hardware
Border or Intranet
Firewalls Rule Set Methodology
Mostly OpenMostly Closed
ZonesUntrustTrustDMZ
IDS / IPS Network Device that identifies and
optionally stops hostile network traffic Signature based detection
Signatures can match on packet contentSignatures can match on behavior
Deployed at network choke points Generally in conjunction with a firewallBorder of an office, a workgroup, a building,
or a campus
Encryption Encryption is the process of transforming
information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
Public Key / Private Key Pre-shared Key Example Uses
Disk Encryption, File EncryptionSecure Email (i.e. PGP)
VPN Network tunnel over a more general
network Implies channel encryption,
authentication, authorization May be used to avoid firewalls and
IPS/IDS systems on the path of the tunnel Deployed next to firewalls for remote
access or administrative access.
Secure Remote Access Remote Desktop Client SSH Network Tunnels Two Factor Authentication Key Based Authentication
Tripwire Tripwire watches for changes to files for
monitored systems. Enterprise Tripwire runs with a server and
clients. Remote monitoring of changes, with alerts.Ability to approve or roll back some changes.
Useful in the detection of intentional and unintentional changes.
Network Flow Analysis Look for ‘odd’ behavior rather than ‘odd’
content. Traffic sent to an analysis engine via a
mirror, or summarized by the routers Multiple products exist with differing
emphasisArbor NetworksQ1 labs
Anti-Malware Malware is any piece of malicious code
or a program that embeds itself onto a computer without the user’s knowledge.
Examples
VirusSpamTrojanRoot kit
SpywareAdwareKey Logger
Anti-Malware What to do about it?
DON’T OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING.○ ESPECIALLY IF YOU DON’T TRUST THE
SOURCEKeep an up to date Anti-Malware application
(or suite) installed and running.○ Many different vendors and some free apps
do this.
Security Practices - Servers Patch Management
All systems are vulnerable, patching makes them less so
Log AnalysisLearn what is normal, then watch for the
abnormal Secure Configuration
Pick a standard and follow it
Security Practices - Users All users on the network are integral to
overall securityUser Education Campaigns
User Policy ToolsGroup Policy, reviewing logs
Denial of Service Protection Types of DoS
UDP flood, SYN flood, ICMP flood, backscatter, distributed, packet of death, BGP route injection
Type of protectionRouting infrastructureFirewallsSpecial adaptive devices
Advanced Network Tricks Honey Pots – a weakened computer
meant to attract attackers Tar Pits – a series of fake computers
meant to slow attackers down Dark Nets – a network of fake
computers meant to determine what attackers are doing
Managing Your Identities Common complaint: I have too many
passwords to remember!This may lead to sticky notes under
keyboards Password Wallet or Password Safe Public key / private key encryption Password generation algorithms