Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Security Awareness: Applying Practical Security in Your Practical Security in Your

WorldWorld

Chapter 6: Total SecurityChapter 6: Total Security

Security Awareness: Applying Practical Security in Your World 2

ObjectivesObjectives

List some of the challenges of making a computer secure

Explain how to be prepared for a security attack

List the steps that are important to keeping alert to attacks

Explain how an organization and a user can resist security attacks


Total Security Total Security

Computers around the world are vulnerable to threats New threats surface almost daily

The need for security will continue to be a key element of IT systems

Total security is a way of THINKING, PLANNING AND ACTING


The Security ChallengeThe Security Challenge

Trends expert cite Speed of attacks

Sophistication of attacks

Faster detection of weaknesses

Distributed attacks

Attacks on routers

Difficulties in patching (See Table 6-1)


The Security Challenge The Security Challenge (continued)(continued)


Prepare for AttacksPrepare for Attacks

Security begins with preparation:

Right philosophy about security

Create a framework for action

Putting it all into practice


Develop a PhilosophyDevelop a Philosophy

Information security philosophy Absolute security can never be achieved on any network or computer Positive side: Users’ and administrators’ awareness

of lack of 100% security = Be more alert!


Establish a FrameworkEstablish a Framework

Framework Establish how security should be approached

Microsoft’s framework SD3+C Secure by Design

Secure by Default

Secure by Deployment

Communications


Establish a Framework Establish a Framework (continued)(continued)

Cisco’s framework Protect against known and unknown attacks

Deploy security devices in layers

Integrate security throughout the network

Be sure decision making and reporting are accurate

Security solution must be scalable and operationally effective


Take ActionTake Action

Implementing security involves:

Patching software

Hardening systems

Blocking attacks

Testing defenses


Patch SoftwarePatch Software

Patch software Hackers exploit weaknesses resulting from unpatched software to gain the easiest route Organizations and individuals should have a process

for identifying vulnerabilities and responding by applying necessary patches immediately

Proactive patch management is the first step in maintaining a secure environment (See Table 6-2)


Patch Software (continued)Patch Software (continued)


Harden SystemsHarden Systems

Hardening Properly configuring and securing a system against attackers Default configurations are often left unsecured

Steps to systems hardening: Know what you are trying to protect

Know what you are trying to protect it from


Harden Systems (continued)Harden Systems (continued)

Systems hardening includes: Computer

Patch management

Install antivirus and antispyware and keep updated

Disable macros in Office applications

Internet connection Block cookies

Set browser security settings to highest level


Harden Systems (continued)Harden Systems (continued)

Systems hardening includes: (continued) Implement advanced security as necessary

Use WEP encryption

E-mail Filter out executables

Turn off Preview Pane

Wireless networks Turn off broadcast information

Filter MAC addresses


Block AttacksBlock Attacks

Prime defense in blocking attacks is a firewall Enterprise firewalls Installed at the network

perimeter

Individual users Internet Connection Firewall or other personal firewall software

Hiding IP address of devices from hackers NAT

Proxy servers


Test DefensesTest Defenses

Does it all work? Don’t wait for an attack to find out! TEST YOUR

OWN DEFENSES! Several products are available to probe defenses and

find weaknesses

Microsoft Baseline Security Analyzer (See Figure 6-1)

Testing should be a regular step in the security process


Keep AlertKeep Alert

Biggest mistake when dealing with security is letting guard down It is important to always keep alert to new threats

Know what hackers are doing

Use support provided by other security groups

Be familiar with tools used to secure systems


Know the EnemyKnow the Enemy

Attacks on data usually follow trends and create patterns Most hackers imitate other hackers

The Internet contains a wealth of information posted by hackers (See Figure 6-2)

Visit hacker Web sites regularly to keep up on what hackers are doing


Join with AlliesJoin with Allies

You are not alone in the fight for information security Learn from other groups

Many Web sites provide information on security: www.sans.org

isc.incidents.org

www.cert.org (See Figure 6-3)


Build a ToolboxBuild a Toolbox

There are many tools available for securing a computer or network

Search the Internet for information and tools to help with security efforts


Resist AttackResist Attack

No matter how good defenses are, attacks will happen

Organizations and individuals need to know how to react to an attack


Organizational ResponseOrganizational Response

Response must be orchestrated among users, managers, IT personnel, and others Response measured in:

How to prepare

How to know if an attack is occurring]

How to respond

How to preserve evidence


Organizational Response Organizational Response (continued)(continued)

Preparation Store a clean copy of the operating system on a CD

for quick clean-up and reinstallation Keep updates for all software on CD in the event the

Internet is unavailable during reinstallation Be sure users have adequate training Keep a prioritized list of key assets to be protected

first in an emergency Establish and maintain disaster recovery

information for all systems



Detection Early warning signs of an attack

Changes in network traffic

Slow running computer

Sudden appearance of a new user account

Maintain and review event logs

Visit security organizations for up-to-date information on latest attacks and trends



Response Identify the nature of the attack Identify the source Communicate information about attack to

appropriate persons All users may or may not need to know, based on

the nature of the attack

Isolate and contain the attack Determine additional steps necessary based on the

nature of the attack (change passwords, disconnect, etc.)


Organizational Response (continued)Organizational Response (continued)

Preserve Evidence Computer forensics Science of preserving and

analyzing evidence

Evidence may be used to prosecute

Many tools are available for forensics work General rules to follow:

Keep backup copies of logs Take detailed notes Don’t attempt to change or fix the affected computer

The more you do to it, the more likely you are to destroy evidence


User ResponseUser Response

Response for a user is usually not as extensive as that for an organization

Guidelines: Keep a current copy of your operating system’s

recovery disk and operating system software on CD

Be aware of news of impending attacks and/or check security sites regularly

Keep watch over your computer

If you are attacked, disconnect from the Internet


User Response (continued)User Response (continued)

User response guidelines: Use another computer to search the Internet for

cleanup tools. Copy to CD and run on affected computer

Inform contacts in e-mail address book that you were attacked and to be cautious of e-mail from you

Find virus removal tools

After clean up, determine why your computer was compromised and what you can do to prevent it in future


Summary Summary

Computer attacks are becoming more sophisticated and more frequent. Defending against attack requires a total secure

approach

Security begins by having the right mind set or philosophy and developing a framework for security.

We can never be totally secure BE ALERT!


Summary (continued)Summary (continued)

Four major steps to putting the framework and philosophy into practice:

Patch

Harden

Block unnecessary traffic

Test

It is important to keep alert to new security challenges Staying up-to-date on current threats and tools can

help keep a system secure


Summary (continued) Summary (continued)

Key steps in responding to an attack:

Preparation

Detection

Inform users

Preserve evidence

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Documents

security awareness

practical security

security attacks

attacks security

security devices

total security slide

systems total security

total security computers