SlideShare a Scribd company logo

How to Secure a Company IT Network

James Jara
James Jara

James Jara Portfolio 2014 - InfoSec White Paper- Part 5

SoftwareTechnology
1 of 18
Download to read offline
James Jara Arroyo – White Paper – Portfolio 2014 Case Study for my portfolio InfoSecurity White Paper
INFOSECURITY WHITE PAPER / WWW.JAMESJARA.COM Contact name James Jara E-mail address Jamesjara@gmail.com Phone number (506) 87944598 Website Www.jamesjara.com Solution offering InfoSecurity White Paper Project name or title Security Company Anonymous Case Study Business situation I found the system vulnerable with high risk, full escalation privileges into the servers.. Solution Apply following document to each element of the network. WWW.JAMESJARA.COM CONFIDENTIAL PAGE 2
Security Methodology How to Secure a Company
Table of Contents Step by Step Guide..................................................................................................3 Create a network and system administration policy........................................3 Create a Map/Vision of the IT architecture of the company............................3 Execute and testing phase for each IT element of the company.....................3 Creating a Network and System Admin Policy.........................................................4 What is a network and system admin Policy?..................................................4 Creating a Map/Vision of the IT architecture of the company.................................5 Describe all IT elements , with all information possible...................................5 Secure each IT element....................................................................................5 Security through obscurity...............................................................................5 Hardening OS system.................................................................5 Hardening Services....................................................................6 Securing SSH:............................................................................6 Securing postifix........................................................................6 Securing NFS..............................................................................7 Securing apache .......................................................................7 Securing php .............................................................................7 Updates, patch and upgrades..........................................................................8 Monitoring and logging services.......................................................................8 IDS services.....................................................................................................8 Disaster recovery policy...................................................................................8 Backup policy...................................................................................................8
Step by Step Guide In this page will be only the steps and tasks with no information or definitions. This document has attached a printed version as a checklist forms, these steps must be repeated each 4-6 months. Create a network and system administration policy. Write a public wiki with policies for your employers. Create a legal version. Create a Map/Vision of the IT architecture of the company. 1. Describe all IT elements , all information possible. 1. Usage and objective of the IT element. 2. Services provided by the IT element. 3. Versions and flags. 4. Policy only for this IT element. 5. User access , credentials and privileges. 6. Mode production/development. 2. Secure each it element 1. Apply security through obscurity , this means hardening or blackboxing. 1. Hardening OS system. 2. Hardening services. 3. Hardening Apache. 4. Hardening mysql. 5. Hardening other services. 2. Apply Updates , patch and upgrades to all possible, try to use only stable versions. 3. Install Monitoring and logging services. 4. Install IDS Services. 5. Disaster recovery policy 6. Backup policy. Execute and testing phase for each IT element of the company. • Penetration testing focused on information gathering. • Penetration testing focused on common vulnerabilities. • Penetration testing focused on brute forces techniques.
Creating a Network and System Admin policy What is a network and system admin policy? The objective of this document includes protection of information and property from theft, hacking or corruption, while allowing the information and property to remain accessible and productive to its intended users. A state of computer "security" is the conceptual ideal, attained by the use of the three processes: 1. Prevention 2. Detection 3. Response To easy understanding i'm adding definition from wikipedia, A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. Security policy should keep the malicious users out and also exert control over potential risky users within your organization. The first step in creating a policy is to understand what information and services are available (and to which users), what the potential is for damage and whether any protection is already in place to prevent misuse. In addition, the security policy should dictate a hierarchy of access permissions; that is, grant users access only to what is necessary for the completion of their work. Here are some examples: http://www.sans.org/security-resources/policies/network.php The prevention stage is more about configuring and setting up walls against malicious users, on the detection stage we have already running up, and we are only monitoring and logging information, we have to setup a central server to control,monitoring,etc all the production servers from one place.
Creating a Map/Vision of the IT architecture of the company Describe all IT elements , with all information possible. Create a document up to date with all elements of the IT architecture(you can use the attached excel document for this). 1. Net 2. Usage 3. Objective 4. Services 5. Version and flags 6. Policy for this it element 7. User access , credentials and privileges 8. Mode production/development
PREVENTION Secure each IT element. Now, we have a table with all IT elements, its time to perform security actions to each IT element. 1. Apply security through obscurity , this means hardening or black boxing. 2. Hardening OS system. 3. Hardening services. 4. Hardening Apache. 5. Hardening mysql. 6. Hardening other services. 7. Apply Updates , patch and upgrades to all possible, try to use only stable versions. 8. Install Monitoring and logging services. 9. Install IDS Services. 10. Disaster recovery policy 11. Backup policy. Security through obscurity Hardening is the action to hidden all flags , to avoid the possibility of the attacker can get versions and software used by the company. Notice: is not required to follow all items one by one , just the necessary. Hardening SO system • Encrypt Data Communication: scp, ssh, rsyn, sftp , ssl , etc. • Remove insecure services: > yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve. • Uninstall unnecessary programs: > yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve. • Keep Linux Kernel and Software Up to Date: yum update • Use of SELinux • Add user with lapse time usage: > chage -M 60 -m 7 -W 7 userName • Locking User Accounts After Login Failures: faillog • How Do I Verify No Accounts Have Empty Passwords? > awk -F: '($2 == "") {print}' /etc/shadow • Disable Unwanted Services: > chkconfig --list | grep '3:on' > chkconfig serviceName off • Find Listening Network Ports and associated programs: > netstat -tulpn > nmap -sT -i localhost • Configure Iptables. • Use of OpenLDAP or Kerberos • Removing Unnecessary Software Packages (RPMs) • Reviewing Inittab and Boot Scripts • Locking ip After Too Many Login Failures • Displaying Login Banners
PREVENTION • # cat /etc/motd This system is classified... Use of this system constitutes consent to official monitoring. For SSH you can edit the Banner parameter in the /etc/ssh/sshd_config For local console logins you can edit the /etc/issue Hardening Services Securing SSH: • Disable login root • PermitRootLogin no • Use ssh protocol version 2 • Protocol 2 • prevent SSH from setting up TCP port and X11 forwarding if you don't need it: • AllowTcpForwarding no • X11Forwarding no • StrictModes directive is enabled which checks file permissions and ownership of some important files in the user's home directory like ~/.ssh, ~/.ssh/authorized_keys etc. If any checks fail, the user won't be able to login. • StrictModes yes • host-based authentications are disabled. These methods should be avoided as primary authentication. • IgnoreRhosts yes • HostbasedAuthentication no • RhostsRSAAuthentication no • Disable sftp if is not needed: #Subsystem sftp /usr/lib/misc/sftp-server lSecuring postfix • Check if postfix is local # alternatives --set mta /usr/sbin/sendmail.postfix The following parameters in /etc/postfix/main.cf should be set to ensure that Postfix accepts only local emails for delivery: mydestination = $myhostname, localhost.$mydomain, localhost inet_interfaces = localhost • To verify whether Postfix is still listening for incoming network request, you can run one of the following commands from another node: # nmap -sT -p 25 <remode_node> # telnet <remote_node> 25 Securing NFS Securing Apache Mod security: yum install mod_security
PREVENTION /etc/init.d/httpd restart vi /etc/httpd/conf.d/mod_security.conf <IfModule mod_security.c> SecFilterEngine On SecAuditEngine RelevantOnly SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilterForceByteRange 1 255 SecFilterCheckCookieFormat On SecAuditLog logs/audit_log SecFilterScanPOST ON SecFilterDefaultAction "deny,log,status:406" # SecFilter 111 # Prevent path traversal (..) attacks SecFilter "../" # Weaker XSS protection but allows common HTML tags SecFilter "<( |n)*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|n)+>" # Very crude filters to prevent SQL injection attacks SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilter "select.+from" # Require HTTP_USER_AGENT and HTTP_HOST headers SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" # Only accept request encodings we know how to handle # we exclude GET requests from this because some (automated) # clients supply "text/html" as Content-Type SecFilterSelective REQUEST_METHOD "!^GET$" chain SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$| ^multipart/form-data)" # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^$" </IfModule> httpd.conf • hide servers flags ServerSignature Off • hide server flags on headers ServerTokens Prod • Handle errors ErrorDocument 404 errors/404.html ErrorDocument 500 errors/500.html • Secure the path <Directory /opt/apache2/htdocs">
PREVENTION <LimitExcept GET POST> deny from all </LimitExcept> Options -FollowSymLinks -Includes -Indexes -MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Securing php • Disable allow_url_fopen in php.ini for security reasons allow_url_fopen = Off • Disable allow_url_include in php.ini for security reasons allow_url_include = Off • Disable Functions: curl_exec - perform a cURL session curl_multi_exec - run the sub-connections of the current cURL handle dl - loads a PHP extensat runtime exec - execute an external command fsockopen - open internet or unix domain socket connection parse_ini_file - parse a configuration file passthru - execute an external program and display raw output popen - opens process file pointer proc_open - execute a command and open file pointers for Input/Output proc_close - close a process opened by proc_open and return the exit code process shell_exec - execute command via shell and return the complete output as a string show_source - show the source of a file symlink - creates a symbolic link system - execute an external program and display the output • Disable display_errors in php.ini for security reasons display_errors = Off log_errors = On • Disable expose_php in php.ini for security reasons expose_php = Off • Disable Magic Quotes in php.ini for security reasons magic_quotes_gpc = Off • Set open_basedir in php.ini for security reasons open_basedir = "/var/www/html/:/usr/local/php/" • Lower post_max_size ini php.ini for security reasons post_max_size = 256K • Disable register globals in php.ini for security reasons register_globals = Off • Enable save_mode in php.ini for security reasons safe_mode = On
PREVENTION Backup policy • System administrators should establish and follow a procedure to carry out regular system backups. • Backups must be verified at least monthly, either through automated verification, through customer restores, or through trial restores. • Systems administrators must maintain documented restoration procedures for systems and the data on those systems.
RESPONSE Disaster recovery policy To Do.
DETECTION Monitoring and logging services • Logging: LogAnalizer + rsyslog : log analysis software, sends the logs from each server to a central log server machine, has a useful administration web panel, the logs used the datamining(apache) should not be used by this software, is more intended to server logs. • Monitoring: icinga : https://www.icinga.org/nagios/feature-comparison/ : monitoring all the company servers from one place. To begin, Icinga offers two interfaces - “Icinga Classic” and “Icinga New Web“. For a fair comparison, we have put Icinga in both its variants against the open source ‘Nagios Core’. See the many differences between Icinga and Nagios in not only the core and web interfaces, but also in their reporting capabilities, support and development style below. I'm preferring Icinga based on the facilities to the web users. Icinga Classic Icinga New Web Nagios Core GENERAL License GPLv2 GPLv2 GPLv2 Monitor unlimited hosts Distributed monitoring Distributed systems Agent based & agentless monitoring INSTALLATION / CONFIGURATION Web based configuration Via addon Via addon Via addon Virtual appliance CORE Databases supported MySQL PostgreSQL Oracle MySQL PostgreSQL Oracle MySQL SNMP & Syslog monitoring Via addon Via addon Via addon Triggers & multi-channel alerts IPv6 capabilities WEB USER INTERFACE Dynamic, shareable dashboards Dynamic table / data grid view (sort, filter monitoring data) Underlying infrastructure CGI/C HTML/CSS/JS AJAX/ExtJs PHP5/Agavi HTML/CSS CGI/C HTML/CSS Live search
Log file search & Logging (eg. Commands) Compound commands (Send one command to multiple hosts/services simultaneously) Acknowledgements with expiry time Dynamic drill down maps Internal authentication by HTTP Basic LDAP Active Directory HTTP Basic HTTP Basic Control access to objects by Contact group Contact group Host group Service group Custom variable Contact group HTTP / REST interface Mobile version for iPhone & Android Via 3rd party apps HTML 5 in-house version (Icinga Mobile) Via 3rd party apps Via 3rd party apps Multilingual interface 20+ languages Support "Display Name" use Configurable REPORTING SLA reports Via addon Via addon Scheduled report distribution Via addon Via addon Multi-format reports Via addon Via addon Export data CSV, JSON, XML XML via REST API - Performance graphing Via addon Via addon Via addon Business process monitoring Via addon Via addon Via addon DOCS / SUPPORT Multilingual documentation Community support channels Mailing lists Forums IRC Mailing lists Forums IRC Mailing lists Forums DEVELOPMENT Global authentication & authorization architecture Public and detailed roadmap GIT repository GIT development tracker integration Extensions coding simplified by - Doctrine JSON -
REST API IDS services • Snort + snorby: network intrusion prevention and detection system (IDS/IPS).
Executing and testing phase • Manual Mode • OpenVAS If we found a security hole in manual mode, the proper way to report this is: Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.) • Product and version that contains the bug • version, security updates, or other updates for the product you have installed • Any special configuration required to reproduce the issue • Step-by-step instructions to reproduce the issue on a fresh install • Proof-of-concept or exploit code • Impact of the issue, including how an attacker could exploit the issue
IT ELEMENT INFO Date: ____________________ Pentester: ________________ Element: _________________ 1. Net 2. Usage 3. Objective 4. Services 5. Version and flags 6. Policy for this it element 7. User access , credentials and privileges 8. Mode production/development

Recommended

Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 

Recommended

Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3Muhammad Denis Iqbal
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
 
Qh 2010 Presentation
Qh 2010 PresentationQh 2010 Presentation
Qh 2010 Presentationmak_hiro
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Protect724manoj
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
 
Solaris servers sec
Solaris servers secSolaris servers sec
Solaris servers secRaja Waseem Akhtar
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx seriesMuhammad Denis Iqbal
 
Antihackingblogspotcom
AntihackingblogspotcomAntihackingblogspotcom
AntihackingblogspotcomJames Jara
 
James Jara Portfolio 2014 Part 1
James Jara Portfolio 2014 Part 1James Jara Portfolio 2014 Part 1
James Jara Portfolio 2014 Part 1James Jara
 

More Related Content

What's hot

Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security PuzzleVic Hargrave
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3Muhammad Denis Iqbal
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAlienVault
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
 
Qh 2010 Presentation
Qh 2010 PresentationQh 2010 Presentation
Qh 2010 Presentationmak_hiro
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagementMarjo'isme Yoyok
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Protect724manoj
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx seriesMuhammad Denis Iqbal
 

What's hot (20)

Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
Solving the Open Source Security Puzzle
Solving the Open Source Security PuzzleSolving the Open Source Security Puzzle
Solving the Open Source Security Puzzle
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3
 
How to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEM
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
Advanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source SecurityAdvanced OSSEC Training: Integration Strategies for Open Source Security
Advanced OSSEC Training: Integration Strategies for Open Source Security
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
 
Qh 2010 Presentation
Qh 2010 PresentationQh 2010 Presentation
Qh 2010 Presentation
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Alien vault _policymanagement
Alien vault _policymanagementAlien vault _policymanagement
Alien vault _policymanagement
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
 
Solaris servers sec
Solaris servers secSolaris servers sec
Solaris servers sec
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx series
 

Viewers also liked

Antihackingblogspotcom
AntihackingblogspotcomAntihackingblogspotcom
AntihackingblogspotcomJames Jara
 
James Jara Portfolio 2014 Part 1
James Jara Portfolio 2014 Part 1James Jara Portfolio 2014 Part 1
James Jara Portfolio 2014 Part 1James Jara
 
James Jara Portfolio 2014 - Enterprise datagrid - Part 3
James Jara Portfolio 2014 - Enterprise datagrid - Part 3James Jara Portfolio 2014 - Enterprise datagrid - Part 3
James Jara Portfolio 2014 - Enterprise datagrid - Part 3James Jara
 
James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2
James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2
James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2James Jara
 
materia de estadistica
materia de estadisticamateria de estadistica
materia de estadisticaAlex Escobar
 
Antihackingblogspotcom
AntihackingblogspotcomAntihackingblogspotcom
AntihackingblogspotcomJames Jara
 
Unlimited marine clean energy
Unlimited marine clean energyUnlimited marine clean energy
Unlimited marine clean energyJames Jara
 
Examen de matematica costa rica mep
Examen de matematica costa rica mepExamen de matematica costa rica mep
Examen de matematica costa rica mepJames Jara
 
Examen mate 00 2014 diversificada
Examen mate 00 2014 diversificadaExamen mate 00 2014 diversificada
Examen mate 00 2014 diversificadaMCMurray
 
Probabilidad estadistica ii guia
Probabilidad estadistica ii guiaProbabilidad estadistica ii guia
Probabilidad estadistica ii guiaiosef kara
 
Contenidos de Estadística en el Bachillerato
Contenidos de Estadística en el BachilleratoContenidos de Estadística en el Bachillerato
Contenidos de Estadística en el BachilleratoJoan Fernando Chipia Lobo
 
Examen bachillerato diurno la nación 2015
Examen bachillerato diurno la nación 2015Examen bachillerato diurno la nación 2015
Examen bachillerato diurno la nación 2015MCMurray
 
Examen mate 01 2013 unificado
Examen mate 01 2013 unificadoExamen mate 01 2013 unificado
Examen mate 01 2013 unificadoMCMurray
 
Examen de matematica costa rica
Examen de matematica costa ricaExamen de matematica costa rica
Examen de matematica costa ricaJames Jara
 
Examen de matematica costa rica mep
Examen de matematica costa rica mepExamen de matematica costa rica mep
Examen de matematica costa rica mepJames Jara
 
Problemas resueltos de geometria analitica plana
Problemas resueltos de geometria analitica planaProblemas resueltos de geometria analitica plana
Problemas resueltos de geometria analitica planaCarlos Chaparro
 
Practicas de geometria analitica
Practicas de geometria analiticaPracticas de geometria analitica
Practicas de geometria analiticaSaul Duque
 

Viewers also liked (17)

Antihackingblogspotcom
AntihackingblogspotcomAntihackingblogspotcom
Antihackingblogspotcom
 
James Jara Portfolio 2014 Part 1
James Jara Portfolio 2014 Part 1James Jara Portfolio 2014 Part 1
James Jara Portfolio 2014 Part 1
 
James Jara Portfolio 2014 - Enterprise datagrid - Part 3
James Jara Portfolio 2014 - Enterprise datagrid - Part 3James Jara Portfolio 2014 - Enterprise datagrid - Part 3
James Jara Portfolio 2014 - Enterprise datagrid - Part 3
 
James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2
James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2
James Jara Portfolio 2014 - Cloud Operating System Voip -Part 2
 
materia de estadistica
materia de estadisticamateria de estadistica
materia de estadistica
 
Antihackingblogspotcom
AntihackingblogspotcomAntihackingblogspotcom
Antihackingblogspotcom
 
Unlimited marine clean energy
Unlimited marine clean energyUnlimited marine clean energy
Unlimited marine clean energy
 
Examen de matematica costa rica mep
Examen de matematica costa rica mepExamen de matematica costa rica mep
Examen de matematica costa rica mep
 
Examen mate 00 2014 diversificada
Examen mate 00 2014 diversificadaExamen mate 00 2014 diversificada
Examen mate 00 2014 diversificada
 
Probabilidad estadistica ii guia
Probabilidad estadistica ii guiaProbabilidad estadistica ii guia
Probabilidad estadistica ii guia
 
Contenidos de Estadística en el Bachillerato
Contenidos de Estadística en el BachilleratoContenidos de Estadística en el Bachillerato
Contenidos de Estadística en el Bachillerato
 
Examen bachillerato diurno la nación 2015
Examen bachillerato diurno la nación 2015Examen bachillerato diurno la nación 2015
Examen bachillerato diurno la nación 2015
 
Examen mate 01 2013 unificado
Examen mate 01 2013 unificadoExamen mate 01 2013 unificado
Examen mate 01 2013 unificado
 
Examen de matematica costa rica
Examen de matematica costa ricaExamen de matematica costa rica
Examen de matematica costa rica
 
Examen de matematica costa rica mep
Examen de matematica costa rica mepExamen de matematica costa rica mep
Examen de matematica costa rica mep
 
Problemas resueltos de geometria analitica plana
Problemas resueltos de geometria analitica planaProblemas resueltos de geometria analitica plana
Problemas resueltos de geometria analitica plana
 
Practicas de geometria analitica
Practicas de geometria analiticaPracticas de geometria analitica
Practicas de geometria analitica
 

Similar to How to Secure a Company IT Network

IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...NoNameCon
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathanaminpathan11
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 

Similar to How to Secure a Company IT Network (20)

IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
 
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathan
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptx
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guide
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 

More from James Jara

Ver rmbv en_linux_centos
Ver rmbv en_linux_centosVer rmbv en_linux_centos
Ver rmbv en_linux_centosJames Jara
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linuxJames Jara
 
Unzip un archivo
Unzip un archivoUnzip un archivo
Unzip un archivoJames Jara
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxJames Jara
 
Tar file linux
Tar file linuxTar file linux
Tar file linuxJames Jara
 
Which configuration file_is_used_by_your_php
Which configuration file_is_used_by_your_phpWhich configuration file_is_used_by_your_php
Which configuration file_is_used_by_your_phpJames Jara
 
Which configuration file is used by your php
Which configuration file is used by your phpWhich configuration file is used by your php
Which configuration file is used by your phpJames Jara
 
Ver rmbv en_linux_centos
Ver rmbv en_linux_centosVer rmbv en_linux_centos
Ver rmbv en_linux_centosJames Jara
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linuxJames Jara
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxJames Jara
 
Permisos archivo chmod linux
Permisos archivo chmod linuxPermisos archivo chmod linux
Permisos archivo chmod linuxJames Jara
 
Matar un proceso_linux__kill_linux_process
Matar un proceso_linux__kill_linux_processMatar un proceso_linux__kill_linux_process
Matar un proceso_linux__kill_linux_processJames Jara
 
Listar servicios conectado_a_la_red
Listar servicios conectado_a_la_redListar servicios conectado_a_la_red
Listar servicios conectado_a_la_redJames Jara
 
Listar rpm installados_linux
Listar rpm installados_linuxListar rpm installados_linux
Listar rpm installados_linuxJames Jara
 
Listar archivo con_detalle_linux
Listar archivo con_detalle_linuxListar archivo con_detalle_linux
Listar archivo con_detalle_linuxJames Jara
 
Installing hadoophivederby on_centos
Installing hadoophivederby on_centosInstalling hadoophivederby on_centos
Installing hadoophivederby on_centosJames Jara
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linuxJames Jara
 
Installar rpm consola__install_rpm_consola
Installar rpm consola__install_rpm_consolaInstallar rpm consola__install_rpm_consola
Installar rpm consola__install_rpm_consolaJames Jara
 

More from James Jara (20)

Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016
 
Portafolio
PortafolioPortafolio
Portafolio
 
Ver rmbv en_linux_centos
Ver rmbv en_linux_centosVer rmbv en_linux_centos
Ver rmbv en_linux_centos
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linux
 
Unzip un archivo
Unzip un archivoUnzip un archivo
Unzip un archivo
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linux
 
Tar file linux
Tar file linuxTar file linux
Tar file linux
 
Which configuration file_is_used_by_your_php
Which configuration file_is_used_by_your_phpWhich configuration file_is_used_by_your_php
Which configuration file_is_used_by_your_php
 
Which configuration file is used by your php
Which configuration file is used by your phpWhich configuration file is used by your php
Which configuration file is used by your php
 
Ver rmbv en_linux_centos
Ver rmbv en_linux_centosVer rmbv en_linux_centos
Ver rmbv en_linux_centos
 
Ver logs de_apache_en_linux
Ver logs de_apache_en_linuxVer logs de_apache_en_linux
Ver logs de_apache_en_linux
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linux
 
Permisos archivo chmod linux
Permisos archivo chmod linuxPermisos archivo chmod linux
Permisos archivo chmod linux
 
Matar un proceso_linux__kill_linux_process
Matar un proceso_linux__kill_linux_processMatar un proceso_linux__kill_linux_process
Matar un proceso_linux__kill_linux_process
 
Listar servicios conectado_a_la_red
Listar servicios conectado_a_la_redListar servicios conectado_a_la_red
Listar servicios conectado_a_la_red
 
Listar rpm installados_linux
Listar rpm installados_linuxListar rpm installados_linux
Listar rpm installados_linux
 
Listar archivo con_detalle_linux
Listar archivo con_detalle_linuxListar archivo con_detalle_linux
Listar archivo con_detalle_linux
 
Installing hadoophivederby on_centos
Installing hadoophivederby on_centosInstalling hadoophivederby on_centos
Installing hadoophivederby on_centos
 
Installar un paquete_rpm_linux
Installar un paquete_rpm_linuxInstallar un paquete_rpm_linux
Installar un paquete_rpm_linux
 
Installar rpm consola__install_rpm_consola
Installar rpm consola__install_rpm_consolaInstallar rpm consola__install_rpm_consola
Installar rpm consola__install_rpm_consola
 

Recently uploaded

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

How to Secure a Company IT Network

  • 1. James Jara Arroyo – White Paper – Portfolio 2014 Case Study for my portfolio InfoSecurity White Paper
  • 2. INFOSECURITY WHITE PAPER / WWW.JAMESJARA.COM Contact name James Jara E-mail address Jamesjara@gmail.com Phone number (506) 87944598 Website Www.jamesjara.com Solution offering InfoSecurity White Paper Project name or title Security Company Anonymous Case Study Business situation I found the system vulnerable with high risk, full escalation privileges into the servers.. Solution Apply following document to each element of the network. WWW.JAMESJARA.COM CONFIDENTIAL PAGE 2
  • 3. Security Methodology How to Secure a Company
  • 4. Table of Contents Step by Step Guide..................................................................................................3 Create a network and system administration policy........................................3 Create a Map/Vision of the IT architecture of the company............................3 Execute and testing phase for each IT element of the company.....................3 Creating a Network and System Admin Policy.........................................................4 What is a network and system admin Policy?..................................................4 Creating a Map/Vision of the IT architecture of the company.................................5 Describe all IT elements , with all information possible...................................5 Secure each IT element....................................................................................5 Security through obscurity...............................................................................5 Hardening OS system.................................................................5 Hardening Services....................................................................6 Securing SSH:............................................................................6 Securing postifix........................................................................6 Securing NFS..............................................................................7 Securing apache .......................................................................7 Securing php .............................................................................7 Updates, patch and upgrades..........................................................................8 Monitoring and logging services.......................................................................8 IDS services.....................................................................................................8 Disaster recovery policy...................................................................................8 Backup policy...................................................................................................8
  • 5. Step by Step Guide In this page will be only the steps and tasks with no information or definitions. This document has attached a printed version as a checklist forms, these steps must be repeated each 4-6 months. Create a network and system administration policy. Write a public wiki with policies for your employers. Create a legal version. Create a Map/Vision of the IT architecture of the company. 1. Describe all IT elements , all information possible. 1. Usage and objective of the IT element. 2. Services provided by the IT element. 3. Versions and flags. 4. Policy only for this IT element. 5. User access , credentials and privileges. 6. Mode production/development. 2. Secure each it element 1. Apply security through obscurity , this means hardening or blackboxing. 1. Hardening OS system. 2. Hardening services. 3. Hardening Apache. 4. Hardening mysql. 5. Hardening other services. 2. Apply Updates , patch and upgrades to all possible, try to use only stable versions. 3. Install Monitoring and logging services. 4. Install IDS Services. 5. Disaster recovery policy 6. Backup policy. Execute and testing phase for each IT element of the company. • Penetration testing focused on information gathering. • Penetration testing focused on common vulnerabilities. • Penetration testing focused on brute forces techniques.
  • 6. Creating a Network and System Admin policy What is a network and system admin policy? The objective of this document includes protection of information and property from theft, hacking or corruption, while allowing the information and property to remain accessible and productive to its intended users. A state of computer "security" is the conceptual ideal, attained by the use of the three processes: 1. Prevention 2. Detection 3. Response To easy understanding i'm adding definition from wikipedia, A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. Security policy should keep the malicious users out and also exert control over potential risky users within your organization. The first step in creating a policy is to understand what information and services are available (and to which users), what the potential is for damage and whether any protection is already in place to prevent misuse. In addition, the security policy should dictate a hierarchy of access permissions; that is, grant users access only to what is necessary for the completion of their work. Here are some examples: http://www.sans.org/security-resources/policies/network.php The prevention stage is more about configuring and setting up walls against malicious users, on the detection stage we have already running up, and we are only monitoring and logging information, we have to setup a central server to control,monitoring,etc all the production servers from one place.
  • 7. Creating a Map/Vision of the IT architecture of the company Describe all IT elements , with all information possible. Create a document up to date with all elements of the IT architecture(you can use the attached excel document for this). 1. Net 2. Usage 3. Objective 4. Services 5. Version and flags 6. Policy for this it element 7. User access , credentials and privileges 8. Mode production/development
  • 8. PREVENTION Secure each IT element. Now, we have a table with all IT elements, its time to perform security actions to each IT element. 1. Apply security through obscurity , this means hardening or black boxing. 2. Hardening OS system. 3. Hardening services. 4. Hardening Apache. 5. Hardening mysql. 6. Hardening other services. 7. Apply Updates , patch and upgrades to all possible, try to use only stable versions. 8. Install Monitoring and logging services. 9. Install IDS Services. 10. Disaster recovery policy 11. Backup policy. Security through obscurity Hardening is the action to hidden all flags , to avoid the possibility of the attacker can get versions and software used by the company. Notice: is not required to follow all items one by one , just the necessary. Hardening SO system • Encrypt Data Communication: scp, ssh, rsyn, sftp , ssl , etc. • Remove insecure services: > yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve. • Uninstall unnecessary programs: > yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve. • Keep Linux Kernel and Software Up to Date: yum update • Use of SELinux • Add user with lapse time usage: > chage -M 60 -m 7 -W 7 userName • Locking User Accounts After Login Failures: faillog • How Do I Verify No Accounts Have Empty Passwords? > awk -F: '($2 == "") {print}' /etc/shadow • Disable Unwanted Services: > chkconfig --list | grep '3:on' > chkconfig serviceName off • Find Listening Network Ports and associated programs: > netstat -tulpn > nmap -sT -i localhost • Configure Iptables. • Use of OpenLDAP or Kerberos • Removing Unnecessary Software Packages (RPMs) • Reviewing Inittab and Boot Scripts • Locking ip After Too Many Login Failures • Displaying Login Banners
  • 9. PREVENTION • # cat /etc/motd This system is classified... Use of this system constitutes consent to official monitoring. For SSH you can edit the Banner parameter in the /etc/ssh/sshd_config For local console logins you can edit the /etc/issue Hardening Services Securing SSH: • Disable login root • PermitRootLogin no • Use ssh protocol version 2 • Protocol 2 • prevent SSH from setting up TCP port and X11 forwarding if you don't need it: • AllowTcpForwarding no • X11Forwarding no • StrictModes directive is enabled which checks file permissions and ownership of some important files in the user's home directory like ~/.ssh, ~/.ssh/authorized_keys etc. If any checks fail, the user won't be able to login. • StrictModes yes • host-based authentications are disabled. These methods should be avoided as primary authentication. • IgnoreRhosts yes • HostbasedAuthentication no • RhostsRSAAuthentication no • Disable sftp if is not needed: #Subsystem sftp /usr/lib/misc/sftp-server lSecuring postfix • Check if postfix is local # alternatives --set mta /usr/sbin/sendmail.postfix The following parameters in /etc/postfix/main.cf should be set to ensure that Postfix accepts only local emails for delivery: mydestination = $myhostname, localhost.$mydomain, localhost inet_interfaces = localhost • To verify whether Postfix is still listening for incoming network request, you can run one of the following commands from another node: # nmap -sT -p 25 <remode_node> # telnet <remote_node> 25 Securing NFS Securing Apache Mod security: yum install mod_security
  • 10. PREVENTION /etc/init.d/httpd restart vi /etc/httpd/conf.d/mod_security.conf <IfModule mod_security.c> SecFilterEngine On SecAuditEngine RelevantOnly SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilterForceByteRange 1 255 SecFilterCheckCookieFormat On SecAuditLog logs/audit_log SecFilterScanPOST ON SecFilterDefaultAction "deny,log,status:406" # SecFilter 111 # Prevent path traversal (..) attacks SecFilter "../" # Weaker XSS protection but allows common HTML tags SecFilter "<( |n)*script" # Prevent XSS atacks (HTML/Javascript injection) SecFilter "<(.|n)+>" # Very crude filters to prevent SQL injection attacks SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilter "select.+from" # Require HTTP_USER_AGENT and HTTP_HOST headers SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" # Only accept request encodings we know how to handle # we exclude GET requests from this because some (automated) # clients supply "text/html" as Content-Type SecFilterSelective REQUEST_METHOD "!^GET$" chain SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$| ^multipart/form-data)" # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^$" </IfModule> httpd.conf • hide servers flags ServerSignature Off • hide server flags on headers ServerTokens Prod • Handle errors ErrorDocument 404 errors/404.html ErrorDocument 500 errors/500.html • Secure the path <Directory /opt/apache2/htdocs">
  • 11. PREVENTION <LimitExcept GET POST> deny from all </LimitExcept> Options -FollowSymLinks -Includes -Indexes -MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Securing php • Disable allow_url_fopen in php.ini for security reasons allow_url_fopen = Off • Disable allow_url_include in php.ini for security reasons allow_url_include = Off • Disable Functions: curl_exec - perform a cURL session curl_multi_exec - run the sub-connections of the current cURL handle dl - loads a PHP extensat runtime exec - execute an external command fsockopen - open internet or unix domain socket connection parse_ini_file - parse a configuration file passthru - execute an external program and display raw output popen - opens process file pointer proc_open - execute a command and open file pointers for Input/Output proc_close - close a process opened by proc_open and return the exit code process shell_exec - execute command via shell and return the complete output as a string show_source - show the source of a file symlink - creates a symbolic link system - execute an external program and display the output • Disable display_errors in php.ini for security reasons display_errors = Off log_errors = On • Disable expose_php in php.ini for security reasons expose_php = Off • Disable Magic Quotes in php.ini for security reasons magic_quotes_gpc = Off • Set open_basedir in php.ini for security reasons open_basedir = "/var/www/html/:/usr/local/php/" • Lower post_max_size ini php.ini for security reasons post_max_size = 256K • Disable register globals in php.ini for security reasons register_globals = Off • Enable save_mode in php.ini for security reasons safe_mode = On
  • 12. PREVENTION Backup policy • System administrators should establish and follow a procedure to carry out regular system backups. • Backups must be verified at least monthly, either through automated verification, through customer restores, or through trial restores. • Systems administrators must maintain documented restoration procedures for systems and the data on those systems.
  • 14. DETECTION Monitoring and logging services • Logging: LogAnalizer + rsyslog : log analysis software, sends the logs from each server to a central log server machine, has a useful administration web panel, the logs used the datamining(apache) should not be used by this software, is more intended to server logs. • Monitoring: icinga : https://www.icinga.org/nagios/feature-comparison/ : monitoring all the company servers from one place. To begin, Icinga offers two interfaces - “Icinga Classic” and “Icinga New Web“. For a fair comparison, we have put Icinga in both its variants against the open source ‘Nagios Core’. See the many differences between Icinga and Nagios in not only the core and web interfaces, but also in their reporting capabilities, support and development style below. I'm preferring Icinga based on the facilities to the web users. Icinga Classic Icinga New Web Nagios Core GENERAL License GPLv2 GPLv2 GPLv2 Monitor unlimited hosts Distributed monitoring Distributed systems Agent based & agentless monitoring INSTALLATION / CONFIGURATION Web based configuration Via addon Via addon Via addon Virtual appliance CORE Databases supported MySQL PostgreSQL Oracle MySQL PostgreSQL Oracle MySQL SNMP & Syslog monitoring Via addon Via addon Via addon Triggers & multi-channel alerts IPv6 capabilities WEB USER INTERFACE Dynamic, shareable dashboards Dynamic table / data grid view (sort, filter monitoring data) Underlying infrastructure CGI/C HTML/CSS/JS AJAX/ExtJs PHP5/Agavi HTML/CSS CGI/C HTML/CSS Live search
  • 15. Log file search & Logging (eg. Commands) Compound commands (Send one command to multiple hosts/services simultaneously) Acknowledgements with expiry time Dynamic drill down maps Internal authentication by HTTP Basic LDAP Active Directory HTTP Basic HTTP Basic Control access to objects by Contact group Contact group Host group Service group Custom variable Contact group HTTP / REST interface Mobile version for iPhone & Android Via 3rd party apps HTML 5 in-house version (Icinga Mobile) Via 3rd party apps Via 3rd party apps Multilingual interface 20+ languages Support "Display Name" use Configurable REPORTING SLA reports Via addon Via addon Scheduled report distribution Via addon Via addon Multi-format reports Via addon Via addon Export data CSV, JSON, XML XML via REST API - Performance graphing Via addon Via addon Via addon Business process monitoring Via addon Via addon Via addon DOCS / SUPPORT Multilingual documentation Community support channels Mailing lists Forums IRC Mailing lists Forums IRC Mailing lists Forums DEVELOPMENT Global authentication & authorization architecture Public and detailed roadmap GIT repository GIT development tracker integration Extensions coding simplified by - Doctrine JSON -
  • 16. REST API IDS services • Snort + snorby: network intrusion prevention and detection system (IDS/IPS).
  • 17. Executing and testing phase • Manual Mode • OpenVAS If we found a security hole in manual mode, the proper way to report this is: Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.) • Product and version that contains the bug • version, security updates, or other updates for the product you have installed • Any special configuration required to reproduce the issue • Step-by-step instructions to reproduce the issue on a fresh install • Proof-of-concept or exploit code • Impact of the issue, including how an attacker could exploit the issue
  • 18. IT ELEMENT INFO Date: ____________________ Pentester: ________________ Element: _________________ 1. Net 2. Usage 3. Objective 4. Services 5. Version and flags 6. Policy for this it element 7. User access , credentials and privileges 8. Mode production/development