Your SlideShare is downloading. ×
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Information Security Lesson 13 - Advanced Security - Eric Vanderburg

150

Published on

Information Security Lesson 13 - Advanced Security - Eric Vanderburg

Information Security Lesson 13 - Advanced Security - Eric Vanderburg

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
150
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Security Chapter 13 Advanced Security & Beyond Information Security © 2006 Eric Vanderburg
  • 2. Computer Forensics • Retrieving information from computers for use in an investigation • The need for forensics knowledge will increase due to: – Increased digital information being stored – Higher criminal computer skill – Mistakes in the handling of evidence can make it inadmissable in court Information Security © 2006 Eric Vanderburg
  • 3. Forensics • Electronic data is harder to destroy – Search programs – RAM slack – data from RAM that is inserted to fill the rest of the sector – File or drive slack – previous data from the drive that is contained in any additional unused sectors in an allocated cluster. – Page file • Difficulties – – – – – Much data to look through 1 day of email is equal to a years worth of snail mail. Data may be stored in many places under different controls Dynamic content makes data different each time it is accessed Data can be changed simply by accessing it Information Security © 2006 Eric Vanderburg
  • 4. Forensics • Metadata – data about data – Can be useful to find information about a file. – Could be false because some metadata is not updated properly or is coded by the author • Steganography – hiding data in data – Use hashes to uncover data within system files and application files. – Other files must be scanned by steganography programs. Information Security © 2006 Eric Vanderburg
  • 5. Responding to the incident 1. Secure the crime scene a) 2. Collect the evidence a) b) c) 3. Data can be easily destroyed (take proper care of it) Before shutting the computer down, record some information (RAM contents, network connections, running programs, current user, open files or URLs, and current configurations) Before data is changed or scanned, hard disks are secured and mirrored using a bit-stream backup. Establish a chain of custody a) 4. Photograph the equipment placement with analog film before it is touched (protect against accusations of planting or tampering) Show that the equipment/evidence was secure at all times and show who had access to it at all times to protect against tampering. Examine and preserve the evidence Information Security © 2006 Eric Vanderburg
  • 6. Attacks • Attacks are quicker than ever • Attacks are more frequent Information Security © 2006 Eric Vanderburg
  • 7. Technology • Encryption extensions are being built into processors – TPM (Trusted Platform Model) – making a cryptographic coprocessor standard on each processor • Behavior blocking – rather than using a specific signature, we watch for behavior. (more false positives) • Antispam • Cap network connections (average is 2 per second) – could be much larger for those using file sharing or chat programs. • Sandboxing through virtual machines • Baselining (Internet traffic, ports, programs) • DRM (Digital Rights Management) – control access and use of information. Information Security © 2006 Eric Vanderburg
  • 8. Employment • The need for security workers is higher than any other IT need. (Programming comes in close second) • Security Certifications Information Security © 2006 Eric Vanderburg
  • 9. Certifications • • • • • Security+ CWSP (Certified Wireless Security Professional) CCSP (Cisco Certified Security Professional) MCSE: Security (Microsoft Certified Systems Engineer): Security (ISC)2 (International Information Systems Security Certification Consortium) – CISSP (Certified Information Systems Security Professional) – SSCP (Systems Security Certified Practitioner) • EC-Council – CEH (Certified Ethical Hacker) – CHFI (Computer Hacking Forensics Investigator) • Checkpoint – CCSA (Checkpoint Certified Security Administrator) – CCSE (Checkpoint Certified Security Expert) • RSA – RCSE (RSA Certified Systems Engineer) – RCSA (RSA Certified Systems Administrator) Information Security © 2006 Eric Vanderburg
  • 10. Skills • Networking knowledge – TCP/IP – Network equipment (routers, firewalls, VLANs, switching) – Intrusion detection systems • People skills – People are the largest threat so you must understand them. – Training • Legal – Understand your responsibilities and your limitations (privacy) – Operate under the guidance of your security policy (this will protect you against legal action) Information Security © 2006 Eric Vanderburg
  • 11. Acronyms • HIP, Host Intrusion Prevention • TPM, Trusted Platform Model Information Security © 2006 Eric Vanderburg

×