Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Null meets ppt

179 views

Published on

This is for the beginner to learn the core components of security testing.

  • Be the first to comment

  • Be the first to like this

Null meets ppt

  1. 1. BREAKING INTO INFOSEC AS CAREER Sanjeeva Kumar Sanjeeva85.m@gmail.com
  2. 2. CONTENTS • Introduction • Web based 3 tier Architecture • CIS Benchmark • Operating Systems • Web Servers • Database Servers • Nessus • Fundamentals of AWS Security
  3. 3. WEB BASED 3-TIER ARCHITECTURE  Front-end libraries (HTML, JavaScript, AngularJS etc.)  API (REST & SOAP)  Webserver’s (IIS, Tomcat, HTTP etc.)  Database Server’s (MySQL, MSSQL,DB2 etc.)
  4. 4. CIS BENCHMARK • CIS - Center for Internet Security • https://www.cisecurity.org/cis-benchmarks/ • Open source • Sign-up
  5. 5. OPERATING SYSTEMS Apple OSX Linux Microsoft Windows
  6. 6. APPLE OSX Install Updates, Patches and Additional Security Software System Preferences Logging and Auditing Network Configurations System Access, Authentication and Authorisation User Accounts Environment Additional Consideration
  7. 7. UBUNTU LINUX Initial Setup Services Network Configuration Logging and Auditing Access, Authentication and Authorization System Maintenance
  8. 8. MICROSOFT WINDOWS - OS Account Policies Local Policies Event log Restricted Groups System Services Registry File System Wired Network Policies Windows Firewall with Advance Security Network List Manager Policies Wireless Network Policies Software Restriction Policies Application Control Policies IP Security Policies Advance Audit Policy Configuration Administrative Templates (Computers) Administrative Templates (User’s)
  9. 9. APACHE TOMCAT Remove Extraneous Resources Limit Server Platform Information Leaks Protect the Shutdown port Protect the Tomcat Configuration Configure Realms Connector Security Establish and Protect Logging Facilities Configure Catalina Policy Application Deployment Miscellaneous Configuration Settings
  10. 10. ORACLE MYSQL DATABASE SERVER Operating System Level Configuration Install and Planning File System Permissions General MySQL Permissions Auditing and Logging Authentication Network Replication
  11. 11. NESSUS FOR AUDITING CIS New Scan and select Policy Compliance Auditing Fill the scan details under settings tab Credentials Tab – Provide the credentials Compliance tab – search for CIS and select appropriate Plugins Tab – Selected the required plugins Save Scan
  12. 12. FUNDAMENTALS OF AWS SECURITY • https://aws.amazon.com/training/course-descriptions/security-fundamentals/ • Register • 3 hours of video • Exam of every topic • Free of cost
  13. 13. THANK YOU Questions? Comments and opinions would be appreciated.

×