Information Security Lesson 13 - Advanced Security - Eric Vanderburg


Published on

Information Security Lesson 13 - Advanced Security - Eric Vanderburg

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information Security Lesson 13 - Advanced Security - Eric Vanderburg

  1. 1. Information Security Chapter 13 Advanced Security & Beyond Information Security © 2006 Eric Vanderburg
  2. 2. Computer Forensics • Retrieving information from computers for use in an investigation • The need for forensics knowledge will increase due to: – Increased digital information being stored – Higher criminal computer skill – Mistakes in the handling of evidence can make it inadmissable in court Information Security © 2006 Eric Vanderburg
  3. 3. Forensics • Electronic data is harder to destroy – Search programs – RAM slack – data from RAM that is inserted to fill the rest of the sector – File or drive slack – previous data from the drive that is contained in any additional unused sectors in an allocated cluster. – Page file • Difficulties – – – – – Much data to look through 1 day of email is equal to a years worth of snail mail. Data may be stored in many places under different controls Dynamic content makes data different each time it is accessed Data can be changed simply by accessing it Information Security © 2006 Eric Vanderburg
  4. 4. Forensics • Metadata – data about data – Can be useful to find information about a file. – Could be false because some metadata is not updated properly or is coded by the author • Steganography – hiding data in data – Use hashes to uncover data within system files and application files. – Other files must be scanned by steganography programs. Information Security © 2006 Eric Vanderburg
  5. 5. Responding to the incident 1. Secure the crime scene a) 2. Collect the evidence a) b) c) 3. Data can be easily destroyed (take proper care of it) Before shutting the computer down, record some information (RAM contents, network connections, running programs, current user, open files or URLs, and current configurations) Before data is changed or scanned, hard disks are secured and mirrored using a bit-stream backup. Establish a chain of custody a) 4. Photograph the equipment placement with analog film before it is touched (protect against accusations of planting or tampering) Show that the equipment/evidence was secure at all times and show who had access to it at all times to protect against tampering. Examine and preserve the evidence Information Security © 2006 Eric Vanderburg
  6. 6. Attacks • Attacks are quicker than ever • Attacks are more frequent Information Security © 2006 Eric Vanderburg
  7. 7. Technology • Encryption extensions are being built into processors – TPM (Trusted Platform Model) – making a cryptographic coprocessor standard on each processor • Behavior blocking – rather than using a specific signature, we watch for behavior. (more false positives) • Antispam • Cap network connections (average is 2 per second) – could be much larger for those using file sharing or chat programs. • Sandboxing through virtual machines • Baselining (Internet traffic, ports, programs) • DRM (Digital Rights Management) – control access and use of information. Information Security © 2006 Eric Vanderburg
  8. 8. Employment • The need for security workers is higher than any other IT need. (Programming comes in close second) • Security Certifications Information Security © 2006 Eric Vanderburg
  9. 9. Certifications • • • • • Security+ CWSP (Certified Wireless Security Professional) CCSP (Cisco Certified Security Professional) MCSE: Security (Microsoft Certified Systems Engineer): Security (ISC)2 (International Information Systems Security Certification Consortium) – CISSP (Certified Information Systems Security Professional) – SSCP (Systems Security Certified Practitioner) • EC-Council – CEH (Certified Ethical Hacker) – CHFI (Computer Hacking Forensics Investigator) • Checkpoint – CCSA (Checkpoint Certified Security Administrator) – CCSE (Checkpoint Certified Security Expert) • RSA – RCSE (RSA Certified Systems Engineer) – RCSA (RSA Certified Systems Administrator) Information Security © 2006 Eric Vanderburg
  10. 10. Skills • Networking knowledge – TCP/IP – Network equipment (routers, firewalls, VLANs, switching) – Intrusion detection systems • People skills – People are the largest threat so you must understand them. – Training • Legal – Understand your responsibilities and your limitations (privacy) – Operate under the guidance of your security policy (this will protect you against legal action) Information Security © 2006 Eric Vanderburg
  11. 11. Acronyms • HIP, Host Intrusion Prevention • TPM, Trusted Platform Model Information Security © 2006 Eric Vanderburg