Security Awareness: Applying Practical Security in Your World

1
Security Awareness Applying Practical Security
in Your World

• Chapter 6 Total Security

2
Objectives

• List some of the challenges of making a computer
  secure
• Explain how to be prepared for a security attack
• List the steps that are important to keeping
  alert to attacks
• Explain how an organization and a user can resist
  security attacks

3
Total Security

• Computers around the world are vulnerable to
  threats
• New threats surface almost daily
• The need for security will continue to be a key
  element of IT systems
• Total security is a way of THINKING, PLANNING AND
  ACTING

4
The Security Challenge

• Trends expert cite ?
• Speed of attacks
• Sophistication of attacks
• Faster detection of weaknesses
• Distributed attacks
• Attacks on routers
• Difficulties in patching (See Table 6-1)

5
The Security Challenge (continued)
6
Prepare for Attacks

• Security begins with preparation
• Right philosophy about security
• Create a framework for action
• Putting it all into practice

7
Develop a Philosophy

• Information security philosophy ? Absolute
  security can never be achieved on any network or
  computer
• Positive side Users and administrators
  awareness of lack of 100 security Be more
  alert!

8
Establish a Framework

• Framework ? Establish how security should be
  approached
• Microsofts framework ? SD3C
• Secure by Design
• Secure by Default
• Secure by Deployment
• Communications

9
Establish a Framework (continued)

• Ciscos framework
• Protect against known and unknown attacks
• Deploy security devices in layers
• Integrate security throughout the network
• Be sure decision making and reporting are
  accurate
• Security solution must be scalable and
  operationally effective

10
Take Action

• Implementing security involves Patching
  software Hardening systems Blocking
  attacks Testing defenses

11
Patch Software

• Patch software ? Hackers exploit weaknesses
  resulting from unpatched software to gain the
  easiest route
• Organizations and individuals should have a
  process for identifying vulnerabilities and
  responding by applying necessary patches
  immediately
• Proactive patch management is the first step in
  maintaining a secure environment (See Table 6-2)

12
Patch Software (continued)
13
Harden Systems

• Hardening ? Properly configuring and securing a
  system against attackers
• Default configurations are often left unsecured
• Steps to systems hardening
• Know what you are trying to protect
• Know what you are trying to protect it from

14
Harden Systems (continued)

• Systems hardening includes
• Computer
• Patch management
• Install antivirus and antispyware and keep
  updated
• Disable macros in Office applications
• Internet connection
• Block cookies
• Set browser security settings to highest level

15
Harden Systems (continued)

• Systems hardening includes (continued)
• Implement advanced security as necessary
• Use WEP encryption
• E-mail
• Filter out executables
• Turn off Preview Pane
• Wireless networks
• Turn off broadcast information
• Filter MAC addresses

16
Block Attacks

• Prime defense in blocking attacks is a firewall
• Enterprise firewalls ? Installed at the network
  perimeter
• Individual users ? Internet Connection Firewall
  or other personal firewall software
• Hiding IP address of devices from hackers
• NAT
• Proxy servers

17
Test Defenses

• Does it all work?
• Dont wait for an attack to find out! TEST YOUR
  OWN DEFENSES!
• Several products are available to probe defenses
  and find weaknesses
• Microsoft Baseline Security Analyzer (See Figure
  6-1)
• Testing should be a regular step in the security
  process

18
Keep Alert

• Biggest mistake when dealing with security is
  letting guard down
• It is important to always keep alert to new
  threats
• Know what hackers are doing
• Use support provided by other security groups
• Be familiar with tools used to secure systems

19
Know the Enemy

• Attacks on data usually follow trends and create
  patterns
• Most hackers imitate other hackers
• The Internet contains a wealth of information
  posted by hackers (See Figure 6-2)
• Visit hacker Web sites regularly to keep up on
  what hackers are doing

20
Join with Allies

• You are not alone in the fight for information
  security
• Learn from other groups
• Many Web sites provide information on security
• www.sans.org
• isc.incidents.org
• www.cert.org (See Figure 6-3)

21
Build a Toolbox

• There are many tools available for securing a
  computer or network
• Search the Internet for information and tools to
  help with security efforts

22
Resist Attack

• No matter how good defenses are, attacks will
  happen
• Organizations and individuals need to know how to
  react to an attack

23
Organizational Response

• Response must be orchestrated among users,
  managers, IT personnel, and others
• Response measured in
• How to prepare
• How to know if an attack is occurring
• How to respond
• How to preserve evidence

24
Organizational Response (continued)

• Preparation
• Store a clean copy of the operating system on a
  CD for quick clean-up and reinstallation
• Keep updates for all software on CD in the event
  the Internet is unavailable during reinstallation
• Be sure users have adequate training
• Keep a prioritized list of key assets to be
  protected first in an emergency
• Establish and maintain disaster recovery
  information for all systems

25
Organizational Response (continued)

• Detection
• Early warning signs of an attack
• Changes in network traffic
• Slow running computer
• Sudden appearance of a new user account
• Maintain and review event logs
• Visit security organizations for up-to-date
  information on latest attacks and trends

26
Organizational Response (continued)

• Response
• Identify the nature of the attack
• Identify the source
• Communicate information about attack to
  appropriate persons
• All users may or may not need to know, based on
  the nature of the attack
• Isolate and contain the attack
• Determine additional steps necessary based on the
  nature of the attack (change passwords,
  disconnect, etc.)

27
Organizational Response (continued)

• Preserve Evidence
• Computer forensics ? Science of preserving and
  analyzing evidence
• Evidence may be used to prosecute
• Many tools are available for forensics work
• General rules to follow
• Keep backup copies of logs
• Take detailed notes
• Dont attempt to change or fix the affected
  computer
• The more you do to it, the more likely you are to
  destroy evidence

28
User Response

• Response for a user is usually not as extensive
  as that for an organization
• Guidelines
• Keep a current copy of your operating systems
  recovery disk and operating system software on CD
• Be aware of news of impending attacks and/or
  check security sites regularly
• Keep watch over your computer
• If you are attacked, disconnect from the Internet

29
User Response (continued)

• User response guidelines
• Use another computer to search the Internet for
  cleanup tools. Copy to CD and run on affected
  computer
• Inform contacts in e-mail address book that you
  were attacked and to be cautious of e-mail from
  you
• Find virus removal tools
• After clean up, determine why your computer was
  compromised and what you can do to prevent it in
  future

30
Summary

• Computer attacks are becoming more sophisticated
  and more frequent.
• Defending against attack requires a total secure
  approach
• Security begins by having the right mind set or
  philosophy and developing a framework for
  security.
• We can never be totally secure ? BE ALERT!

31
Summary (continued)

• Four major steps to putting the framework and
  philosophy into practice
• Patch
• Harden
• Block unnecessary traffic
• Test
• It is important to keep alert to new security
  challenges
• Staying up-to-date on current threats and tools
  can help keep a system secure

32
Summary (continued)

• Key steps in responding to an attack
• Preparation
• Detection
• Inform users
• Preserve evidence