MS Information Assurance, CISSP, CWNA, CEH, MCSE, Security+, I-Net+, Network+, Server+, CNA, A+ [email protected]http://es-es.net Edmodo code: 1181799 http://es-es.net/ 3.html Got a Network / Security Check List? I Do (You can too! Lots of Resources and Best Practices )
49
Embed
MS Information Assurance, CISSP, CWNA, CEH, MCSE, Security+, I-Net+, Network+, Server+, CNA, A+ [email protected]@es-es.net ://es-es.net.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
MS Information Assurance, CISSP, CWNA, CEH, MCSE, Security+, I-Net+, Network+, Server+, CNA, A+
For legal advice contact legal counsel on your campus or your General Counsel’s Office. The information presented here is accurate to the best of my knowledge!
Cloud Vendor Security
• On-premises Security Systems /Controls?– Outside Testing of Security systems– Backup verification / test in production
• Authentication and Authorization– Password strength (Length matters more than complexity) – IP range blacklists/whitelists (IP Spoofing) – Login hours /Timeouts – Account Lockouts – Access Control
• By Vendor• By you
• Encrypt ALL Communications between remote and corporate infrastructures
• Assign Another Primary Identifier• Comply with State Regulations
– (More Info es-es.net & edmodo)
• Inform Students• Remove Social Security Numbers• Updating the Computer System • Hash / Encrypt SSNs • Make sure all transmission of SSN’s is Secure (Use SSL or
other form of encryption) • Some states classify academic records as Private and the PII
8. Randomly grouping virtual servers (Don’t put FW and Production on same physical hosts)
9. Placing member servers in the DMZ
10. Depending on users to install updates
Where we are Today
Network Security Shift
• SaaS: Security as-a Service instead of appliances or Layer 7 Filtering
• The changing face of NAC’s, URL filtering, gateway appliances,
Daily Security Checklist
• Verify the current connections• Look at network traffic statistics• Look at your antivirus logs• Read the security logs on your domain
servers• Check for new security patches• Meet and brief• Check more logs – Backup FW(outgoing)
– I would set them to automatically go to your phone (Think Spiceworks free Helpdesk software)
• Turn knowledge into action
Security Breach Now What
• Carefully plan a layered defense (Before) • Consider hiring a computer forensic specialists• Assess the damages done and remove services• Alert your legal department (what legal requirements)
• Document what you do• Begin locking down your system• Get bank involved if Credit Card info compromised • Contact any families, employers, and suppliers affected by
the breach• Have a set of recovery plans in case a breach occurs again
Keeping Data Thieves Out: Best practices in Data Security &
• 10 Things HP (Best Printer Trouble shooting Checklist)
• Computer and MAINT SECUIRTY CHECKLISTS• Computer Account Access Form (Tech Republic)
• Server Deployment Migration Checklist (Tech Republic)
• Tune-Up Checklist (Tech Republic)
• Malware Removal Checklist (Tech Republic)
• NATO Codes• Laptop Checkout Form• Imaging Check Sheet
Server Maint. Daily
Daily Checklist• Check the following things each day:• Server health status of all the servers• Backup results - normal• E-mail queue and throughput - • Virus scan results• Time synchronization on the servers (Very Important on
VMs)
Server Maint. Weekly
Weekly maintenance checklist we include the following routines:– check event logs;
– check server performance;
– check security logs for possible attacks;
– check antivirus alerts;
– install software updates;
– install system/kernel updates (reboot scheduled with Customer).
– Backup up “Important” data over SSL encrypted session stored on a remote location server
– Security issues - for example, use the weekly reports from secunia
Server Maint. Monthly
• Monthly maintenance checklist we include the following routines:– check hdd fragmentation and health;
– check RAID health;
– verify RPM database integrity;
– perform full security audit
– Full Backup of ALL VM’s and take them offsite
– Delete all old VM Snapshots
Switches/Routers Weekly
• Weekly maintenance checklist we include the following routines:
• check event logs;• check device performance;• check security logs for possible attacks;• check links throughput;• interface errors (collisions, input errors, etc.);• install security updates;• install system/kernel updates (reboot scheduled with the
customer).
Switches/Routers Monthly
• Monthly maintenance checklist we include the following routines:– perform configuration backup;
– perform configuration consistency audit;
– perform full security audit.
Network Checklists
• Checklist Deploying a Windows Server 2008 Forest Root Domain
• Employee Separation Checklist (Tech Republic)
• Network Documentation Checklist a good baseline or starting point (Tech Republic)
• Maintenance Checklist ( A more comprehensive checklist)
• Secure Mac OS X and beyond Server and workstation • Apple iOS hardening Checklist
Network Checklists II
• Network Maint Checklist ( a brief checklist by a typical vendor)
• New User Form Checklist (Tech Republic ?)
• Windows Security Survival Guide 2008 (Tons of links and resources from Microsoft)
• Server Change Control Form
• Cloud Security Guidance by IBM
Know Your System
• What is the hardware? • What software is installed?
– What versions?
– What is the licensing?
• What services are running and why? * Each service takes up system resources.– What services are exposed to the Internet and why?
• Document systems, as well as any maintenance tasks. • What antivirus is installed, is it up to date• Perform updates of software• Apply patches to servers• Check system resources (CPU, Memory)
Know Your System II
• What firewalls?
– What version of firmware?
– How are they configured?
– What are they allowing into the network and why?
• What switches? • What Printers
– What Firmware
– Web interface disabled
• SNMP? V3 • Kill all Telnet options (Phones can sniff and connect to Telnet)
• Understand and Document Physical to Virtual – Understand both
Trouble Shooting VPNs
• Find out who is affected • Determine whether users can establish a VPN connection• Look for policies that may be preventing connectivity• Don’t rule out the client• Check to see if the user can log in locally• Check to see if the users are behind NAT firewalls• Check for Network Access Protection• Try accessing various resources on the network• Try accessing resources by IP name rather than server name• Is the connection not working, or just painfully slow?
Fix These Security Leaks
• Unauthorized smart phones on your WIFI network• Open ports on a network printers• Custom web applications with bad code• Social network spoofing• Employees downloading illegal movies and music• SMS spoofs and malware infections• Disable Telnet SNMP v1
• Use Veeam FastSCP• Use Unsupported console for SSH/SCP access • Use VMware Tools• Defrag Your Virtual Disks• Disable Windows Visual Effects• Run VMware in Full Screen Mode (Ctrl-Alt-Enter)• Disable the CDROM in VMware• Separate Out Virtual Swap Files Onto Separate
Virtual Disks• Split Virtual Disks Among Multiple Hard Disks (Count
Spindles) Unless SSD Delete up old snapshots
• Upgrade Your Hard Disk• Upgrade Your CPU• Upgrade Your RAM
Debunk Internet Hoaxes
1. Snopes -- http://www.snopes.com/
2. About Urban Legends -- http://urbanlegends.about.com/
3. Break The Chain -- http://www.breakthechain.org/
• Netsparker delivers detection, confirmation and exploitation of vulnerabilities
• Exploitation of SQL Injection Vulnerabilities • Getting a reverse shell from SQL Injection vulnerabilities • Exploitation of LFI (Local File Inclusion) Vulnerabilities • Downloading the source code of all the crawled pages via
LFI (Local File Inclusion) • Downloading known OS files via LFI (Local File Inclusion)
Security Checklists, Certifications and Requirements
• National Security Checklists• Sarbanes Oxley (SOX) compliance (see 103, 302, 404)• PCI Security Standards Council• Common Criteria for Information Technology Security Evaluation• Common Methodology for Information Technology Security
Evaluation• Cardholder Information Security Program
• Red Hat Linux Security Guide• Debian Linux Security• Securing SuSe Linux• Gentoo Linux security handbook• SANS Linux Security Checklist• Windows Server 2003 Security Guide