Download Security+ Guide to Network Security Fundamentals, Third Edition

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Multilevel security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Information security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Unix security wikipedia , lookup

Hacker wikipedia , lookup

Wireless security wikipedia , lookup

Security printing wikipedia , lookup

Airport security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 10
Conducting Security Audits
Objectives




Define privilege audits
Describe how usage audits can protect
security
List the methodologies used for monitoring to
detect security-related anomalies
Describe the different monitoring tools
Security+ Guide to Network Security Fundamentals, Third Edition
2
Privilege Auditing



_________ methodical ________ and ________ of
something that ___________________ of findings
A _________ can be considered a _____________
__________________________
____________________________ (PoLP)


Users should be given only the _____________________
necessary to perform his or her job function
____________________________


Reviewing a _____________________________________
Requires knowledge of privilege management, how
privileges are assigned, and how to audit these security
settings
More to come on each of these….
Security+ Guide to Network Security Fundamentals, Third Edition
3
Privilege Management

___________________________


Roles of owners and custodians are generally
well-established


The process of ___________________________
to objects
Where those roles fit into the organization often
depends upon how the organization is structured
The ______________ for privilege
management can be either ______________
______________________________
Security+ Guide to Network Security Fundamentals, Third Edition
4
Privilege Management (continued)

In a _______________ structure



____________ is _____________________ of
assigning or revoking privileges
All custodians are part of that unit
A _____________ organizational structure for
privilege management

Delegates the authority for assigning or revoking
privileges _____________________________
__________________________
Security+ Guide to Network Security Fundamentals, Third Edition
5
Assigning Privileges


The foundation for assigning privileges is
dictated by the existing access control model
Recall that there are four major access
control models:




Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role Based Access Control (RBAC)
Rule Based Access Control (RBAC)
Security+ Guide to Network Security Fundamentals, Third Edition
6
Auditing System Security Settings

Auditing system security settings for user
privileges involves:



A regular _______________________
Using ______________________
Implementing ______________________
More to come on each of these
Security+ Guide to Network Security Fundamentals, Third Edition
7
Auditing System Security Settings
(continued)- User access and rights review:




It is important to periodically review user
access ______________________
Most organizations have a _____________
that mandates regular reviews
Reviewing user access rights for logging into
the network can be performed on the
_____________________
Reviewing user permissions over objects can
be viewed on the _______________
Security+ Guide to Network Security Fundamentals, Third Edition
8
Security+ Guide to Network Security Fundamentals, Third Edition
9
Auditing System Security Settings
(continued)-Group Policies


Instead of setting the same configuration baseline on
each computer, a ______________ can be created
Security template


A method to ___________________________________
On a Microsoft Windows computer, one method to
deploy security templates is to use ___________

A feature that provides __________________________
____________________ of computers and remote users
who are using Active Directory (AD)
Security+ Guide to Network Security Fundamentals, Third Edition
10
Auditing System Security Settings
(continued)-Group Policies

The ____________________________ within
group policies are known as Group Policy
Objects (______).


GPOs are a ______________________________
that can be applied to user objects or AD
computers
Settings are manipulated using administrative
template files that are included within the
GPO
Security+ Guide to Network Security Fundamentals, Third Edition
11
Auditing System Security Settings
(continued)- Storage and retention policies

Information lifecycle management (______)


ILM strategies are typically recorded in storage and
retention ___________________


A set of strategies for ____________________________
________ computer storage systems in order to _________
Outline the requirements for data storage
_____________________ 1st step in developing
storage and retention policies

Assigns a ____________________________________
___________ and regulation requirements to __________

Example on next slide…
Security+ Guide to Network Security Fundamentals, Third Edition
12
Auditing System Security Settings
(continued)- Storage and retention policies
Security+ Guide to Network Security Fundamentals, Third Edition
13
Auditing System Security Settings
(continued)- Storage and retention policies



Grouping data into _________ often requires
the assistance of the users who save and
retrieve the data on a regular basis
The 2nd step is to ______________________
__________________________________
Occasional _____________ of storage and
retention policies is important
Security+ Guide to Network Security Fundamentals, Third Edition
14
Usage Auditing

____________________





Audits what objects a user has ____________________
Involves an examination of _____________________
______________________ and how frequently
Sometimes access privileges can be very ________
Usage auditing can help _____________________
____________________



Permissions given to a higher level “parent” will also be
___________________________
Adds to the complexity of access privileges
See example on next slide
Security+ Guide to Network Security Fundamentals, Third Edition
15
Usage Auditing (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
16
Usage Auditing (continued)


Inheritance becomes more complicated with ______
GPO inheritance


Other administrators can apply more specific
policies at a lower level


Allows administrators to set a ____________________
______________________ in the Microsoft AD
That apply only to subsets of users or computers
GPOs that are _________________________ are
processed _______________

Followed by the order that policies were linked to a
container object
Security+ Guide to Network Security Fundamentals, Third Edition
17
Usage Auditing involves Log Management


A ______ is a record of events that occur
Logs are composed of ____________________



Each entry contains _____________________________
that has occurred
Logs – from both hardware and software systemshave been used primarily for _______________
problems
__________________________

The process for ________________________________
___________________ of computer security log data
Security+ Guide to Network Security Fundamentals, Third Edition
18
Usage Auditing involves Log Management
(continued)

Security _____________________




Antivirus software
Remote Access Software
Automated patch update service
Security __________________________





Network intrusion detection systems (NIDS) and host and
network intrusion prevention systems (HIPS/NIPS)
Domain Name System (DNS)
Authentication servers
Proxy servers
Firewalls- more info a few slides down…
Security+ Guide to Network Security Fundamentals
19
Security+ Guide to Network Security Fundamentals, Third Edition
20
Usage Auditing involves Log Management
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition
21
Usage Auditing involves Log Management
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition
22
Usage Auditing involves Log Management
(continued)

Types of items that should be examined in a
_________________ include:





IP addresses that are being rejected and dropped
Probes to ports that have no application services
running on them
Source-routed packets
Suspicious outbound connections
Unsuccessful logins
Security+ Guide to Network Security Fundamentals, Third Edition
23
Usage Auditing involves Log Management
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition
24
Usage Auditing involves Log Management
(continued)
Operating System (OS) logs


1.
2.
Two common types of security related OS logs:
_____________________________
____________________________
___________________


An occurrence within a software system that is
communicated to users or other programs ___________
_______________________
1. System events

_____________________ that are performed by the
________________________
Security+ Guide to Network Security Fundamentals, Third Edition
25
Usage Auditing involves Log Management
(continued)

System events that are commonly recorded include:


_________________________________
____________________ information
2. Logs based on audit records


The second common type of security-related operating
system logs
Audit records that are commonly recorded include:


_____________________________
______________________________
Security+ Guide to Network Security Fundamentals, Third Edition
26
Security+ Guide to Network Security Fundamentals, Third Edition
27
Usage Auditing involves Log Management
(continued)

Log management _______________:



A routine review and analysis of logs helps to
__________________, policy violations,
fraudulent activity, and _________________
shortly after they have occurred
Logs can also be used in providing information for
___________________________
Logs may be useful for ___________________
__________, supporting the organization’s
internal investigations, and identifying operational
trends and long-term problems
Security+ Guide to Network Security Fundamentals, Third Edition
28
Security+ Guide to Network Security Fundamentals, Third Edition
29
Usage Auditing involves Log Management
(continued)

It is recommended that organizations enact
the following log management solutions:






Enact ______________________
Establish __________________ and procedures
for log management
Maintain a ____________________ infrastructure
Prioritize log management throughout the
organization
Use __________________________
Provide adequate support
Security+ Guide to Network Security Fundamentals, Third Edition
30
Usage Auditing involves Change Management

___________________________



Refers to a methodology for ____________ and
___________________________, often manually
Seeks to approach changes _____________ and
provide the necessary __________________ of
the changes
Two major types of changes regarding
security that are routinely documented


Any change in _______________________
_______________ classification
Security+ Guide to Network Security Fundamentals, Third Edition
31
Usage Auditing involves Change Management
(continued)

Change management team (CMT)



Created to ________________________
Any proposed change must first be approved by
the CMT
The team might be typically composed of:



Representatives from all areas of IT (servers,
network, enterprise server, etc.)
Network security
Upper-level management
Security+ Guide to Network Security Fundamentals, Third Edition
32
Usage Auditing involves Change Management
(continued)

The duties of the CMT include:




Review proposed changes
Ensure that the risk and impact of the planned
change is clearly understood
Recommend approval, disapproval, deferral, or
withdrawal of a requested change
Communicate proposed and approved changes to
co-workers
Security+ Guide to Network Security Fundamentals, Third Edition
33
Monitoring Methodologies and Tools



There are several types of instruments that
can be used on systems and networks to
_______________________________
Monitoring involves ___________________,
________________________________
Monitoring methodologies include _________
____________________ and
______________________ monitoring
More to come on each of these…
Security+ Guide to Network Security Fundamentals, Third Edition
34
Methodologies for Monitoring

Anomaly-based monitoring


Designed for detecting ________________
_______________________



A ___________________ – considered “normal” for
that network- against which ______________________
__________________
Whenever there is a ____________________
from this baseline, an alarm is raised
Advantage

___________ the anomalies ______________
Security+ Guide to Network Security Fundamentals, Third Edition
35
Methodologies for Monitoring (continued)


Anomaly-based monitoring (continued)
________________________


Alarms that are raised when there is _________
_______________________
Normal behavior can change easily and even
quickly

Anomaly-based monitoring is _____________
__________________________
Security+ Guide to Network Security Fundamentals, Third Edition
36
Methodologies for Monitoring (continued)

Signature-based monitoring


Compares activities against a _________________
Requires access to an ____________________________


Current behavior must then be compared against a collection
of signatures
Weaknesses


The signature databases must be __________________
As the number of signatures grows the behaviors must be
___________________________________________ of
signatures
Security+ Guide to Network Security Fundamentals, Third Edition
37
Methodologies for Monitoring (continued)

Behavior-based monitoring



Designed to be ______________________
instead of reactive
Uses the “normal” ____________________ as
the standard
Continuously analyzes the behavior of processes
and programs on a system


Alerts the user if it detects any _________________
Advantage

_________________ to update signature files or
compile a baseline of statistical behavior
Security+ Guide to Network Security Fundamentals, Third Edition
38
Methodologies for Monitoring (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
39
Three Monitoring Tools
1. Performance baselines and monitors

__________________________



A reference set of data established to _____________
_____________________ for a system or systems
Data is accumulated through the ___________
_________________ and networks through
_____________________________
_____________ is compared with the baseline
data to determine how closely the norm is being
met and if any adjustments need to be made
Security+ Guide to Network Security Fundamentals, Third Edition
40
Three Monitoring Tools (continued)
2.______________________



A low-level system program that uses a
__________________ designed to monitor and
______________________ on a desktop system,
server, or even a PDA or cell phone
Some system monitors have a Web-based
interface
System monitors generally have a fully
customizable notification system
Security+ Guide to Network Security Fundamentals, Third Edition
41
Three Monitoring Tools (continued)
3. ___________________________




Also called a ____________________
____________________________________ its
contents
Can fully decode application-layer network
protocols
The different parts of the protocol can be analyzed
for any suspicious behavior
Security+ Guide to Network Security Fundamentals, Third Edition
42
Summary




A “privilege” can be considered a subject’s access
level over an object
Auditing system security settings for user privileges
involves a regular review of user access and rights
Information lifecycle management (ILM) is a set of
strategies for administering, maintaining, and
managing computer storage systems in order to
retain data
Usage auditing involves an examination of which
subjects are accessing specific objects and how
frequently
Security+ Guide to Network Security Fundamentals, Third Edition
43
Summary (continued)



Logs related to computer security have
become particularly important
Change management refers to a methodology
for making changes and keeping track of
those changes, often manually
Monitoring involves examining network traffic,
activity, transactions, or behavior in order to
detect security-related anomalies
Security+ Guide to Network Security Fundamentals, Third Edition
44