1 From isaca-tulsa.org/meetings.h tml Topic: OSI Model from the IT Auditor Perspective Speaker: Mr. Ben Davies Date: Thursday, October 23rd, 11:15 to 1:00 Venue: Flemings Prime Steak House - Utica Square Bio: Ben Davies has been working with computers since 1985 and has been 'doing the Internet' since 1996 when he registered My Little Corner of the Universe (mlcu.com) as the very first commercial customer of the very first Montana based internet connection company. He has been an independent consultant, has run internet support operations, managed internet security at a Fortune 200 corporation and other technical and managerial responsibilities. He became a Certified Information Systems Security Professional (CISSP) in 2004 and Certified Information Systems Auditor (CISA) in 2007 and holds several other certifications.
21
Embed
1 From isaca-tulsa.org/meetings.html Topic: OSI Model from the IT Auditor Perspective Speaker: Mr. Ben Davies Date: Thursday, October 23rd, 11:15 to 1:00.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
From isaca-tulsa.org/meetings.htmlTopic: OSI Model from the IT Auditor Perspective
Speaker: Mr. Ben Davies
Date: Thursday, October 23rd, 11:15 to 1:00
Venue: Flemings Prime Steak House - Utica Square
Bio: Ben Davies has been working with computers since 1985 and has been 'doing the Internet' since 1996 when he registered My Little Corner of the Universe (mlcu.com) as the very first commercial customer of the very first Montana based internet connection company. He has been an independent consultant, has run internet support operations, managed internet security at a Fortune 200 corporation and other technical and managerial responsibilities. He became a Certified Information Systems Security Professional (CISSP) in 2004 and Certified Information Systems Auditor (CISA) in 2007 and holds several other certifications.
The computer and associated parts including the pretty applications live above layer 7 of the OSI model
7
8
With every item in every layer there are vulnerabilities.
With every layer there is an opportunity to apply “defense in depth”.
Establishing controls around each layer and limiting the options within each layer allows audit to reasonably assess the effectiveness of those controls
9
10
11
Seed Questions -1
1. If there is stuff above layer 7 is there anything below layer 1?
2. I don’t see how this helps audit/enforce a policy that says no FTP on the network.
3. You implied that services can run under other ports, how do I audit for that?
12
Seed Questions -2
1. So where does a ‘network sniffer’ fit in to the OSI model?
2. The sniffer shows the entire packet but how do you read it?
3. So what controls do you use to protect against a sniffer?
13
14
Seed Questions - 3
1. How does the OSI model help me audit access control devices and network devices?
2. How can I tell where a given device has inserted itself in the OSI model?
3. So how can I audit how they enforce access control policy on the network with access control devices like firewalls, routers and such?
15
Seed Questions – 4
1. If the logs are so important why are they not used more effectively?
2. Do IDS and IPS resolve many of the access control issues?
3. You just showed us how to use the OSI model to audit our way into thinking the network is completely unsecure. Is it really that insecure? . . . Drat.
16
10.123.15.0/24
Patch Pannel
Smart Switch
Firewall
Firewall
Router
RouterUsers
Hub or wall plug
UsersHub or
wall plug
Patch Pannel
10.50.60.0/24Utility Network
10.20.98.0/24Server Network
sys log Service
Intern
et Cl
oud T
he
entire
Plan
et co
nnec
ts to
this!
Home User
Home User Router\hub\firewall\cable modem
WAN Link
Appli
catio
n serv
ers,
Datab
ase e
tc
Serve
r Farm
17
18
19
20
The FUN Stuff; for some
The command prompt is your friend!netstat, ipconfig, arp, ifconfig
21
OSI Layer data point Unix / MacOS X Windows Cisco
2 ARP Cache arp -a arp -a show arp
2 Lan Information netstat -i netstat -e show interfaces
2 Show MAC address getmac
3 IP configuration ifconfig -a ipconfig /all show ip config
3 IP Routing table netstat -nr netstat -nr show ip route
4 show connections netstat -a netstat -a (n) show tcp
4 TCP/IP statistics netstat -s netstat -sshow interfacesshow ip traffic
4 trace hop by hop tracetoure w.x.y.z tracert w.x.y.z trace (will be asked for IP)