尊敬的 微信汇率:1円 ≈ 0.046078 元 支付宝汇率:1円 ≈ 0.046168元 [退出登录]
SlideShare a Scribd company logo

Information Security Lesson 4 - Baselines - Eric Vanderburg

Download as PPT, PDF
Eric Vanderburg
Eric Vanderburg

The document discusses security baselines and hardening systems and networks. It covers topics like disabling unused services, using security templates to configure Windows settings, implementing group policy for domain configurations, and applying patches and filters to harden applications, operating systems, databases, and network devices. The document also defines several common acronyms related to information security.

Technology
1 of 21
Information Security Chapter 4 Security Baselines Information Security © 2006 Eric Vanderburg
Basic Security • TSR (Terminate and Stay Resident) programs – Applications that are running even when you close them so that they can be loaded faster. • Process – program or program component that runs in the background. Information Security © 2006 Eric Vanderburg
Services • Perform a specific function for the OS. Each requires a process or processes to function. They run in these modes: – Automatic – Manual – Disabled • Services.msc Information Security © 2006 Eric Vanderburg
Services • Netstat - Displays active TCP connections, ports on which the computer is listening Information Security © 2006 Eric Vanderburg
Services • Disable unused services – Difficult because it is hard to find which ones are not used – Processes can be monitored but many services could use a process • Unused services are great for attackers because you do not see their activity and they are always running. • Malicious code could be added to the service to run with it. • Network services have an associated port that must be open for them to function. This is an entry point for an attacker. – Port numbers? Review Information Security © 2006 Eric Vanderburg
TCP/IP • Socket – Protocol, Address, Port – TCP 13.154.33.61:53 • IP Address review • 65,535 ports, 1000 and lower are most used Information Security © 2006 Eric Vanderburg
Securing the system • OS Hardening – securing the system against vulnerabilities. (see guides for each system) – Patch management is one component – Patch – fixes an issue and is tested – Hot fix – less tested than a patch – Service Pack – Group of patches together. The entire group is tested together for stability. Information Security © 2006 Eric Vanderburg
Patch Management • SUS (Software Update Services) or 3rd party tools • Define patches for groups of computers • Update computers on a schedule • Verify that patches have been installed (log) Information Security © 2006 Eric Vanderburg
MMC (Microsoft Management Console) • Custom MMCs – Saved as .msc in your documents and settings – Can work for local or remote computers – Taskpad – Snap-ins • Security Policy – Security Configuration and Analysis MMC snap-in – Command-line SECEDIT utility Information Security © 2006 Eric Vanderburg
Security Templates (Windows) • Security Templates – Setup Security - default security settings. – Compatible (compatws.inf) - members of the Users group can run applications that are not a part of the Designed for Windows Logo Program. – Secure (securedc.inf / securews.inf) - modifies security settings that impact the operating system and network protocols such as the password policy, account policy, and various Registry settings. It also removes all members from the Power Users group. – Highly Secure (hisecdc.inf / hisecws.inf) - This template increases the security of the parameters defined within the secure template. This template also removes all members from the Power Users group. – Internet Explorer (lesacls.inf) – locks down IE – Reset file permissions (rootsec.inf) – reset permissions starting from the root. Information Security © 2006 Eric Vanderburg
Group Policy • Make environmental changes to groups of clients or servers • Change policies such as password length or complexity for a domain • Enforce restrictions on users or computers • Restrict available software Information Security © 2006 Eric Vanderburg
Default GPOs • Default Domain Policy – Applied to domain – Password policy, account policy, & kerberos can only be set here • Default Domain Controllers Policy – Applied to DC container • Create others in the Group Policy Object Editor MMC or from AD Users & Computers Information Security © 2006 Eric Vanderburg
Hardening • Application Hardening – Patch – MBSA (Microsoft Baseline Security Analyzer) can check for patch compliance with Microsoft applications – Cisco Security Agent can restrict the abilities of certain applications • Web Server Hardening – – – – ACLs Patch Delete sample web pages Put the web server in a separate area of the network DMZ (Demilitarized Zone) – Delete scripts and applications that are not used – Enable encryption for sensitive data Information Security © 2006 Eric Vanderburg
Hardening • Mail Server Hardening – Use a single purpose machine – Require authentication for mail protocols to protect against open mail relay (bouncing messages from your mail server to another). – Set an ACL for those who can send messages – Enable logging for defense and legal purposes. • File Servers Hardening – Set appropriate permissions – Log access to sensitive files – Keep behind the firewall Information Security © 2006 Eric Vanderburg
Hardening • NNTP (Network News Transfer Protocol) Hardening – ACLs – Authentication – Patch • FTP Server Hardening – – – – Disable anonymous logon Use an ACL Set appropriate privileges Set account logon restrictions such as time-outs, lockouts for failed logon, and auditing. Information Security © 2006 Eric Vanderburg
Hardening Data Repositories • Directory Services – Windows • • • • • – – – – AD (Active Directory) SAM (Security Accounts Manager) – Local database DC (Domain Controller) PDC (Primary Domain Controller) BDC (Backup Domain Controller) Novell (eDirectory) LDAP (Lightweight Directory Access Protocol) Use ACLs Restrict the right to log on locally to domain controllers Information Security © 2006 Eric Vanderburg
Hardening Data Repositories • DBMS (Database Management System) – Oracle, SQL Server, Informix, Sybase, DB2 – Buffer Overflow – SQL (Structured Query Language) Injection – send a malformed SQL query • • • • • Utilize user views Segment the database Keep the database tables behind the firewall Utilize authentication Stored procedures and web forms should use proper coding techniques to protect against buffer overflow, SQL injection, and other attacks. Information Security © 2006 Eric Vanderburg
Hardening Networks • Update firmware on network devices – EEPROM (Electrically Erasable Programmable Read Only Memory) • Filter data at the edge of the network (Firewalls) • Filter by: – – – – – – Address (IP or MAC) Domain name Protocol Port Message content Session Information Security © 2006 Eric Vanderburg
Hardening Networks • ACLs and Rule bases are used in filtering – Keep rule bases small to increase efficiency in filtering (max: 40 rules) Information Security © 2006 Eric Vanderburg
Acronyms • • • • • • • • BDC, Backup Domain Controller DNS, Domain Name Service DHCP, Dynamic Host Configuration Protocol EEPROM, Electrically Erasable Programmable Read Only Memory EPROM, Erasable Programmable Read Only Memory FTP, File Transfer Protocol MMC, Microsoft Management Console NNTP, Network News Transfer Protocol Information Security © 2006 Eric Vanderburg
Acronyms • • • • • • • • NOS, Network Operating System PDC, Primary Domain Controller ROM, Read Only Memory SAM, Security Accounts Manager TSR, Terminate and Stay Resident DBMS, Database Management System AD, Active Directory LDAP, Lightweight Directory Access Protocol • SQL, Structured Query Language Information Security © 2006 Eric Vanderburg

Recommended

501 ch 4 securing your network
501 ch 4 securing your network501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
 
Chapter09
Chapter09Chapter09
Chapter09
Muhammad Ahad
 
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Eric Vanderburg
 
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataUniversity Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
Nasser Hassan
 
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case StudyCisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
nicholas njoroge
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
 
Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
EC-Council
 

Recommended

501 ch 4 securing your network
501 ch 4 securing your network501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
 
Chapter09
Chapter09Chapter09
Chapter09
Muhammad Ahad
 
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Eric Vanderburg
 
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataUniversity Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
Nasser Hassan
 
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case StudyCisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
nicholas njoroge
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
 
Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
EC-Council
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
Kevin Mayo
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
Network Management
Network ManagementNetwork Management
Network Management
Leo Thiha
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
EnergySec
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Precisely
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
Muhammad Ahad
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
Luigi Perrone
 
07. datacenters
07. datacenters07. datacenters
07. datacenters
Muhammad Ahad
 
10. compute-part-2
10. compute-part-210. compute-part-2
10. compute-part-2
Muhammad Ahad
 
A+ Chapter 5 Review
A+ Chapter 5 ReviewA+ Chapter 5 Review
A+ Chapter 5 Review
Amy McMullin
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
EnergySec
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
Final project
Final projectFinal project
Final project
rippea
 
Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.
Aakash Panchal
 
Security Framework for the IPv6 Era
Security Framework for the IPv6 EraSecurity Framework for the IPv6 Era
Security Framework for the IPv6 Era
Shinsuke SUZUKI
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
Jim Gilsinn
 
11. operating-systems-part-1
11. operating-systems-part-111. operating-systems-part-1
11. operating-systems-part-1
Muhammad Ahad
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
Sophos Benelux
 

More Related Content

What's hot

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
Kevin Mayo
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
Network Management
Network ManagementNetwork Management
Network Management
Leo Thiha
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
EnergySec
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Precisely
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
Muhammad Ahad
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
Luigi Perrone
 
07. datacenters
07. datacenters07. datacenters
07. datacenters
Muhammad Ahad
 
10. compute-part-2
10. compute-part-210. compute-part-2
10. compute-part-2
Muhammad Ahad
 
A+ Chapter 5 Review
A+ Chapter 5 ReviewA+ Chapter 5 Review
A+ Chapter 5 Review
Amy McMullin
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
EnergySec
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
 
Final project
Final projectFinal project
Final project
rippea
 
Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.
Aakash Panchal
 
Security Framework for the IPv6 Era
Security Framework for the IPv6 EraSecurity Framework for the IPv6 Era
Security Framework for the IPv6 Era
Shinsuke SUZUKI
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
Jim Gilsinn
 
11. operating-systems-part-1
11. operating-systems-part-111. operating-systems-part-1
11. operating-systems-part-1
Muhammad Ahad
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
 

What's hot (20)

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Network Management
Network ManagementNetwork Management
Network Management
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation AttacksUsing Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
 
07. datacenters
07. datacenters07. datacenters
07. datacenters
 
10. compute-part-2
10. compute-part-210. compute-part-2
10. compute-part-2
 
A+ Chapter 5 Review
A+ Chapter 5 ReviewA+ Chapter 5 Review
A+ Chapter 5 Review
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
 
Final project
Final projectFinal project
Final project
 
Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.
 
Security Framework for the IPv6 Era
Security Framework for the IPv6 EraSecurity Framework for the IPv6 Era
Security Framework for the IPv6 Era
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
11. operating-systems-part-1
11. operating-systems-part-111. operating-systems-part-1
11. operating-systems-part-1
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
 

Similar to Information Security Lesson 4 - Baselines - Eric Vanderburg

Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
Sophos Benelux
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
xKinAnx
 
Ensuring your plant is secure
Ensuring your plant is secureEnsuring your plant is secure
Ensuring your plant is secure
Schneider Electric
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
LF Events
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
Waqas Ahmed Nawaz
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
ThangDang53
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Eric Vanderburg
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgNetworking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Eric Vanderburg
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
Sumit Tambe
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 

Similar to Information Security Lesson 4 - Baselines - Eric Vanderburg (20)

Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric VanderburgCisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ensuring your plant is secure
Ensuring your plant is secureEnsuring your plant is secure
Ensuring your plant is secure
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden ThreatCh 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgNetworking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
Eric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
Eric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
 

More from Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Recently uploaded

Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024
Prasta Maha
 
Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0
Neeraj Kumar Singh
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
Cynthia Thomas
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
Kieran Kunhya
 
ScyllaDB Topology on Raft: An Inside Look
ScyllaDB Topology on Raft: An Inside LookScyllaDB Topology on Raft: An Inside Look
ScyllaDB Topology on Raft: An Inside Look
ScyllaDB
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
Move Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the PlatformMove Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the Platform
Christian Posta
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
ScyllaDB
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
Mydbops
 
Getting Started Using the National Research Platform
Getting Started Using the National Research PlatformGetting Started Using the National Research Platform
Getting Started Using the National Research Platform
Larry Smarr
 
Corporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade LaterCorporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade Later
ScyllaDB
 
Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0
Neeraj Kumar Singh
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
ThousandEyes
 
Database Management Myths for Developers
Database Management Myths for DevelopersDatabase Management Myths for Developers
Database Management Myths for Developers
John Sterrett
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
Databarracks
 

Recently uploaded (20)

Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024
 
Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0Chapter 6 - Test Tools Considerations V4.0
Chapter 6 - Test Tools Considerations V4.0
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
 
ScyllaDB Topology on Raft: An Inside Look
ScyllaDB Topology on Raft: An Inside LookScyllaDB Topology on Raft: An Inside Look
ScyllaDB Topology on Raft: An Inside Look
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
Move Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the PlatformMove Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the Platform
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
 
Getting Started Using the National Research Platform
Getting Started Using the National Research PlatformGetting Started Using the National Research Platform
Getting Started Using the National Research Platform
 
Corporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade LaterCorporate Open Source Anti-Patterns: A Decade Later
Corporate Open Source Anti-Patterns: A Decade Later
 
Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0Chapter 1 - Fundamentals of Testing V4.0
Chapter 1 - Fundamentals of Testing V4.0
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
 
Database Management Myths for Developers
Database Management Myths for DevelopersDatabase Management Myths for Developers
Database Management Myths for Developers
 
Cyber Recovery Wargame
Cyber Recovery WargameCyber Recovery Wargame
Cyber Recovery Wargame
 

Information Security Lesson 4 - Baselines - Eric Vanderburg

  • 1. Information Security Chapter 4 Security Baselines Information Security © 2006 Eric Vanderburg
  • 2. Basic Security • TSR (Terminate and Stay Resident) programs – Applications that are running even when you close them so that they can be loaded faster. • Process – program or program component that runs in the background. Information Security © 2006 Eric Vanderburg
  • 3. Services • Perform a specific function for the OS. Each requires a process or processes to function. They run in these modes: – Automatic – Manual – Disabled • Services.msc Information Security © 2006 Eric Vanderburg
  • 4. Services • Netstat - Displays active TCP connections, ports on which the computer is listening Information Security © 2006 Eric Vanderburg
  • 5. Services • Disable unused services – Difficult because it is hard to find which ones are not used – Processes can be monitored but many services could use a process • Unused services are great for attackers because you do not see their activity and they are always running. • Malicious code could be added to the service to run with it. • Network services have an associated port that must be open for them to function. This is an entry point for an attacker. – Port numbers? Review Information Security © 2006 Eric Vanderburg
  • 6. TCP/IP • Socket – Protocol, Address, Port – TCP 13.154.33.61:53 • IP Address review • 65,535 ports, 1000 and lower are most used Information Security © 2006 Eric Vanderburg
  • 7. Securing the system • OS Hardening – securing the system against vulnerabilities. (see guides for each system) – Patch management is one component – Patch – fixes an issue and is tested – Hot fix – less tested than a patch – Service Pack – Group of patches together. The entire group is tested together for stability. Information Security © 2006 Eric Vanderburg
  • 8. Patch Management • SUS (Software Update Services) or 3rd party tools • Define patches for groups of computers • Update computers on a schedule • Verify that patches have been installed (log) Information Security © 2006 Eric Vanderburg
  • 9. MMC (Microsoft Management Console) • Custom MMCs – Saved as .msc in your documents and settings – Can work for local or remote computers – Taskpad – Snap-ins • Security Policy – Security Configuration and Analysis MMC snap-in – Command-line SECEDIT utility Information Security © 2006 Eric Vanderburg
  • 10. Security Templates (Windows) • Security Templates – Setup Security - default security settings. – Compatible (compatws.inf) - members of the Users group can run applications that are not a part of the Designed for Windows Logo Program. – Secure (securedc.inf / securews.inf) - modifies security settings that impact the operating system and network protocols such as the password policy, account policy, and various Registry settings. It also removes all members from the Power Users group. – Highly Secure (hisecdc.inf / hisecws.inf) - This template increases the security of the parameters defined within the secure template. This template also removes all members from the Power Users group. – Internet Explorer (lesacls.inf) – locks down IE – Reset file permissions (rootsec.inf) – reset permissions starting from the root. Information Security © 2006 Eric Vanderburg
  • 11. Group Policy • Make environmental changes to groups of clients or servers • Change policies such as password length or complexity for a domain • Enforce restrictions on users or computers • Restrict available software Information Security © 2006 Eric Vanderburg
  • 12. Default GPOs • Default Domain Policy – Applied to domain – Password policy, account policy, & kerberos can only be set here • Default Domain Controllers Policy – Applied to DC container • Create others in the Group Policy Object Editor MMC or from AD Users & Computers Information Security © 2006 Eric Vanderburg
  • 13. Hardening • Application Hardening – Patch – MBSA (Microsoft Baseline Security Analyzer) can check for patch compliance with Microsoft applications – Cisco Security Agent can restrict the abilities of certain applications • Web Server Hardening – – – – ACLs Patch Delete sample web pages Put the web server in a separate area of the network DMZ (Demilitarized Zone) – Delete scripts and applications that are not used – Enable encryption for sensitive data Information Security © 2006 Eric Vanderburg
  • 14. Hardening • Mail Server Hardening – Use a single purpose machine – Require authentication for mail protocols to protect against open mail relay (bouncing messages from your mail server to another). – Set an ACL for those who can send messages – Enable logging for defense and legal purposes. • File Servers Hardening – Set appropriate permissions – Log access to sensitive files – Keep behind the firewall Information Security © 2006 Eric Vanderburg
  • 15. Hardening • NNTP (Network News Transfer Protocol) Hardening – ACLs – Authentication – Patch • FTP Server Hardening – – – – Disable anonymous logon Use an ACL Set appropriate privileges Set account logon restrictions such as time-outs, lockouts for failed logon, and auditing. Information Security © 2006 Eric Vanderburg
  • 16. Hardening Data Repositories • Directory Services – Windows • • • • • – – – – AD (Active Directory) SAM (Security Accounts Manager) – Local database DC (Domain Controller) PDC (Primary Domain Controller) BDC (Backup Domain Controller) Novell (eDirectory) LDAP (Lightweight Directory Access Protocol) Use ACLs Restrict the right to log on locally to domain controllers Information Security © 2006 Eric Vanderburg
  • 17. Hardening Data Repositories • DBMS (Database Management System) – Oracle, SQL Server, Informix, Sybase, DB2 – Buffer Overflow – SQL (Structured Query Language) Injection – send a malformed SQL query • • • • • Utilize user views Segment the database Keep the database tables behind the firewall Utilize authentication Stored procedures and web forms should use proper coding techniques to protect against buffer overflow, SQL injection, and other attacks. Information Security © 2006 Eric Vanderburg
  • 18. Hardening Networks • Update firmware on network devices – EEPROM (Electrically Erasable Programmable Read Only Memory) • Filter data at the edge of the network (Firewalls) • Filter by: – – – – – – Address (IP or MAC) Domain name Protocol Port Message content Session Information Security © 2006 Eric Vanderburg
  • 19. Hardening Networks • ACLs and Rule bases are used in filtering – Keep rule bases small to increase efficiency in filtering (max: 40 rules) Information Security © 2006 Eric Vanderburg
  • 20. Acronyms • • • • • • • • BDC, Backup Domain Controller DNS, Domain Name Service DHCP, Dynamic Host Configuration Protocol EEPROM, Electrically Erasable Programmable Read Only Memory EPROM, Erasable Programmable Read Only Memory FTP, File Transfer Protocol MMC, Microsoft Management Console NNTP, Network News Transfer Protocol Information Security © 2006 Eric Vanderburg
  • 21. Acronyms • • • • • • • • NOS, Network Operating System PDC, Primary Domain Controller ROM, Read Only Memory SAM, Security Accounts Manager TSR, Terminate and Stay Resident DBMS, Database Management System AD, Active Directory LDAP, Lightweight Directory Access Protocol • SQL, Structured Query Language Information Security © 2006 Eric Vanderburg
  翻译: