safe and sound. introduction elements of security auditing elements of security auditing...
TRANSCRIPT
![Page 1: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/1.jpg)
SAFE AND SOUNDSAFE AND SOUND
![Page 2: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/2.jpg)
INTRODUCTIONINTRODUCTION
Elements of Security AuditingElements of Security Auditing
Applications to Customers NetworkApplications to Customers Network
![Page 3: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/3.jpg)
Modular ApproachModular Approach
User layer…….Server User layer…….Server layer……..Network layerlayer……..Network layer
……………………..interconnects (cabling)..interconnects (cabling)…………………………
![Page 4: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/4.jpg)
User LayerUser Layer
Thin-clients, or physically-secure Thin-clients, or physically-secure workstationsworkstations
Login + passworded accessLogin + passworded access
Access only to relevant services, Access only to relevant services, applicationsapplications
Run background malware prevention Run background malware prevention softwaresoftware
![Page 5: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/5.jpg)
Server LayerServer Layer
Remove unnecessary servicesRemove unnecessary services
User groups to match physical User groups to match physical topologytopology
Don’t run services as root / adminDon’t run services as root / admin
Run OS as read-onlyRun OS as read-only
![Page 6: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/6.jpg)
Network LayerNetwork Layer
Backup IOS, OS, data
Distribute & centralise topology (failover, and ordered & documented design & layout)
Use firewalls & logging
Use IDS, IPS, traffic monitoring
![Page 7: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/7.jpg)
CablingCabling
Use more secure cable typesUse more secure cable types
Use patch-panels and colour-Use patch-panels and colour-codingcoding
Layouts that make testing, fault-Layouts that make testing, fault-finding easyfinding easy
![Page 8: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/8.jpg)
Security ConsiderationsSecurity Considerations
![Page 9: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/9.jpg)
Network ThreatsNetwork Threats
VirusesViruses
Tend to be inadvertently Tend to be inadvertently activatedactivated
…….or may be installed .or may be installed deliberatelydeliberately
![Page 10: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/10.jpg)
Network ThreatsNetwork Threats
WormsWorms
Travel the internet, scanning for Travel the internet, scanning for vulnerabilitiesvulnerabilities
Often disrupt networks by Often disrupt networks by flooding, forkingflooding, forking
![Page 11: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/11.jpg)
Network ThreatsNetwork Threats
Spiders and webbotsSpiders and webbots
Can be used maliciously –Can be used maliciously – Automated signups, website Automated signups, website
duplication, spamduplication, spam
![Page 12: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/12.jpg)
Network ThreatsNetwork Threats
TrojansTrojans
Masquerade as Masquerade as regular softwareregular software
Tend to allow Tend to allow attacker to attacker to control infected control infected machinemachine
![Page 13: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/13.jpg)
Network ThreatsNetwork Threats
Spyware and PhishingSpyware and Phishing
Information stealing, user Information stealing, user profilingprofiling
Used in advert targeting, spam, Used in advert targeting, spam, ID theftID theft
![Page 14: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/14.jpg)
Network ThreatsNetwork Threats
SpamSpam
Can contain other malwareCan contain other malware Congests networksCongests networks
![Page 15: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/15.jpg)
Network ThreatsNetwork Threats
Delete traces of Delete traces of intrusionsintrusions
Alter logsAlter logs
Forensics get-Forensics get-aroundaround
BombsBombs
![Page 16: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/16.jpg)
Solutions for CustomerSolutions for Customer
Separate physical network for Separate physical network for WAN accessWAN access
Honeypot to track & ID intrusionsHoneypot to track & ID intrusions
Monitoring station for internal Monitoring station for internal LANsLANs
![Page 17: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/17.jpg)
Solutions for CustomerSolutions for Customer
HoneypotHoneypot
Mimics internal network or DMZ Mimics internal network or DMZ Allows profiling of network Allows profiling of network
threatsthreats
![Page 18: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/18.jpg)
Solutions for CustomerSolutions for Customer
SAN - storage area networkSAN - storage area network
RAID 40 : RAID level 4 & RAID RAID 40 : RAID level 4 & RAID level 0level 0
4 – block striping with parity: 4 – block striping with parity:
failure tolerant & faster rebuildsfailure tolerant & faster rebuilds
0 – striping: faster writes0 – striping: faster writes
![Page 19: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/19.jpg)
Solutions for CustomerSolutions for Customer
RAID 40RAID 40
![Page 20: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/20.jpg)
Tenable’s Security CenterTenable’s Security Center
Each node is a router, hosts Each node is a router, hosts behind routerbehind router
![Page 21: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/21.jpg)
AdvisorAdvisor
Parallel co-ordinate plot of firewall Parallel co-ordinate plot of firewall logslogs
![Page 22: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/22.jpg)
FlamingoFlamingo
Port scanPort scan
1 source1 source
manymany
targetstargets
![Page 23: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/23.jpg)
RumintRumintVisualisation Jamming Attack Visualisation Jamming Attack
![Page 24: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/24.jpg)
PsadPsad
Nachi worm Nachi worm
network network behaviourbehaviour
Red nodes Red nodes are ICMP are ICMP packetspackets
![Page 25: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/25.jpg)
Web server log, Raju Web server log, Raju VargheseVarghese
Spider attack on web server from Spider attack on web server from single IPsingle IP
Red colouration indicates 5xx status Red colouration indicates 5xx status codescodes
![Page 26: SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network](https://reader033.vdocuments.mx/reader033/viewer/2022051401/56649de35503460f94ada8a1/html5/thumbnails/26.jpg)
f i nf i n
Network monitoring visualisations Network monitoring visualisations from:from:
http://www.secviz.org/category/http://www.secviz.org/category/image-galleries/graph-exchangeimage-galleries/graph-exchange