Patching and updating software is important to mitigate vulnerabilities. Regularly applying patches from vendors keeps systems secure by fixing known issues exploited by viruses, worms, and hackers. It is also important to monitor websites for the latest vulnerability information and use scanning tools to identify vulnerabilities on networks and hosts. Once found, vulnerabilities should be remediated by applying patches, changing configurations, or removing unauthorized access. Regular assessments help measure security controls and identify gaps.
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
Firewalls continue to secure a countless number of organizations across the world and remain first line of defense against known cyber attacks and network risks. Avalanche of IT-led forces and evolution in threat landscape has brought increased onus on firewalls. On the other side, as enterprises extend their business leveraging internet driven business models and increasingly collaborative networks, embracing cloud and virtual environments, there's a need to understand how this ties with the changing role of security technologies such as a firewall. This webinar explains how a tectonic shift in enterprise networking requires rethinking firewall deployment and management for effective security management.
Security is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.
A firewall is a device that controls what gets in and comes out of our network. The firewall is placed between an organization network and the outside world.
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
Firewalls continue to secure a countless number of organizations across the world and remain first line of defense against known cyber attacks and network risks. Avalanche of IT-led forces and evolution in threat landscape has brought increased onus on firewalls. On the other side, as enterprises extend their business leveraging internet driven business models and increasingly collaborative networks, embracing cloud and virtual environments, there's a need to understand how this ties with the changing role of security technologies such as a firewall. This webinar explains how a tectonic shift in enterprise networking requires rethinking firewall deployment and management for effective security management.
Security is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.
A firewall is a device that controls what gets in and comes out of our network. The firewall is placed between an organization network and the outside world.
These are the slides and notes for the talk I gave at WordCamp Lancaster UK 2013 - please note that animations, fonts and so on aren't properly carried over with SlideShare so it's not an accurate representation of the talk or its content - I intend to give a similar talk at other WordCamps in the future so come and catch me if you can!
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
A vulnerability scanner is a software tool that discovers and inventories all networked systems, including servers, PCs, laptops, virtual machines, containers, firewalls, switches, and printers. It attempts to identify the operating system and software installed on each device it detects, as well as other characteristics such as open ports and user accounts.
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
This PowerPoint presentation offers a comprehensive guide to Nessus Essentials, a vulnerability scanning tool used by cybersecurity professionals. It covers the history and background of Nessus, the hardware requirements, and the installation procedure. The presentation showcases the features and functionalities available in Nessus, including its ability to identify vulnerabilities and malware infections. Best practices for using the tool effectively are also discussed. The presentation concludes by summarizing the key takeaways and offering insights on the future of Nessus Essentials. This presentation is suitable for cybersecurity professionals, IT administrators, and beginners seeking to learn about Nessus and its capabilities.
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
In order to help consumers get a better idea about the state of the market in cybersecurity, and in turn make the right decision when it comes to shielding their digital life, the independent laboratory AV-Comparatives regularly publishes the results of its “Real-World” Protection Test. Their latest edition, called the Whole Product Dynamic “Real-World” Protection Test, is especially relevant for having compiled results over a five-month span. In this edition, Panda Security received the maximum possible score, outperforming every one of the 20 other vendors that underwent testing.
In the words of AV-Comparatives: “In this test, all protection features of the product can be used to prevent infection” “This means that the test achieves the most realistic way of determining how well the security product protects the PC”. In fact, the methodology they used for this test has itself received numerous awards and recognitions.
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
See this side-by-side comparison of FortiClient vs. Kaspersky Endpoint Security for Business based on preference data from user reviews. FortiClient rates 4.4/5 stars with 200 reviews. By contrast, Kaspersky Endpoint Security for Business rates 4.3/5 stars with 183 reviews. Each product's score is calculated with real-time data from verified user reviews, to help you make the best choice between these two options, and decide which one is best for your business needs.
Transforming your Security Products at the EndpointIvanti
Are you thinking about extending the endpoint capabilities of your Security Solution? Join us for a dep dive into the value of embedding patch management capabilities into your security software. Learn how other security companies have chosen to add patching and remdiation. Why in 2018 patching is more important than ever as your customers confront ransomware, zero day attacks, and more.
2. Patching
Patches
Software ‘fixes’ for vulnerabilities in operating systems and
applications
Why Patch
Keep your system secure
Viruses and worms usually attack known vulnerabilities
Hackers can easily attack systems that have not been patched
3. Patching
For Windows systems and Microsoft applications
Can be automatically downloaded and installed
For Windows, configure Automatic Updates program
Click Start -> Settings -> Control Panel -> Automatic Updates
Use Windows Update to find latest patches
Click Start -> All Programs -> Windows Update
Install manually from www.Microsoft.com
For specific applications, visit vendor websites to check for
updates
Utilize websites showing the latest patches
http://www.softwarepatch.com/
Monitor websites with vulnerability alerts
http://www.us-cert.gov/cas/alerts/index.html
4. Patching
Linux
Patches are also known as “packages”
Package Managers
GUI used to keep OS and applications up to date
Used to install, uninstall, search for, or update packages
Command Line interface (CLI)
Download the source for every out of date program, then compile and install
If a program had any dependencies, you have to hunt down the dependency
Use the “apt-get” command or “yum” depending on distro
Unix
Solaris
Command line (pkgadd, pkgrm, pkginfo)
HP-UX
Software Package Builder (SPB) – provides both GUI and CLI
5. Patching
Keep in mind when patching in high availability environments
Make sure patch is relevant
Keep patch level consistent on all servers
Test patches before applying to avoid the ‘fix’ breaking another business
critical function
Have a backup plan in place
Back up your system prior to patching so you can restore if necessary
6. Anti-virus Software
Anti-virus
Software that can detect and block malware before it infects your
computer
Looks for patterns based on the signatures, or definitions, of known viruses
Must be kept up to date
New viruses appear daily therefore signature database must be updated on a
regular basis
Use to scan your system either manually or automatically
Scan file system of the computer
Scan email attachments, downloaded documents, cds, usb drives, etc. before
opening or using them
Anti-virus software packages are discussed in the ‘Threats and
Vulnerabilities’ module
7. Spyware
Spyware
Malware installed on a system that collects information about users without
their knowledge
Tracks users’ Internet activity for marketing purposes
May use cookies in your Internet browser to track
May cause added CPU activity, disk usage and network traffic on a system
Detect and remove
Anti-spyware programs
Stand alone or additions to anti-virus software
Provide real time protection or detect and remove existing spyware
Scans the windows registry and files and removes those that match signature
files
Keep signature database up to date
http://en.wikipedia.org/wiki/TCP/IP_model
8. Auditing
Audit regularly
Setting up audit policies is critical to the security of an organization’s assets
(Remember policies set up in Windows and Unix Modules)
Helps you measure the adequacy and effectiveness of controls in place
Auditable items
Users
Permissions, activities
Files and Objects
Accessibility
Manipulation
Integrity
Logs
Captures defined events and activity
9. Monitoring
Monitor
Systems can be monitored for all kinds of things provided logs are stored
and accessible
Logs will show activities in regards to the following (**Logs capture events
based on the policies set up in Windows and Unix Modules)
Users
Violating security policies, attempting unauthorized access
Files and Objects
Monitor access by unauthorized users
Monitoring on a regular basis ensures confidentiality, integrity,
availability and authenticity
http://en.wikipedia.org/wiki/IP_addressing
10. Vulnerability Assessment
Vulnerability
“A flaw or weakness in system security procedures, design,
implementation, or internal controls that could be exercised
(accidentally triggered or intentionally exploited) and result in a
security breach or a violation of the system's security policy. “
- National Institute of Standards and Technology
Vulnerability Assessment
Identify potential vulnerabilities and evaluate the effectiveness of various
security controls implemented within the infrastructure
Regularly run a network scan to identify infrastructure gap and non
hardened devices
Run a vulnerability scanner on a regular basis
11. Tools
Vulnerability Scanners
A tool that scans devices for vulnerabilities such as allowing unauthorized
access to sensitive data, misconfigurations, default passwords not changed,
etc.
Types
Host based
Tool scans an individual computer for vulnerabilities
Network based
Tool scans network for vulnerabilities
Database
Scans for vulnerabilities in the database server(s)
12. Tools
Vulnerability Scanners
Netstat
This tool is used on the local host to identify its open ports
Command within Unix and Windows
Superscan (Port Scanner)
A freeware tool for Windows which will perform a UDP and TCP port scan
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx
Nessus
Free for personal use in a limited “home” license
http://www.tenable.com/products
Internet Security Scanner (ISS)
A network security scanner that can be used for Windows
http://its.virginia.edu/network/issdoc.html
13. Tools
Vulnerability Scanners (more)
Microsoft Baseline Security Analyzer (MBSA)
Evaluates a system’s configuration and provides a report with specific
recommendations to improve security. Also recommends missing hotfixes and
configuration changes. This should be run regularly to check for new
vulnerabilities.
http://www.microsoft.com/download/en/details.aspx?id=19892
RPCDump (rpcdump.exe)
This tool helps determine which RPC services have which ports open
Fport
A great tool from www.foundstone.com used to scan the system to see what is
open
http://www.mcafee.com/us/downloads/free-tools/fport.aspx
Security Auditor's Research Assistant (SARA)
A tool derived from the infamous (at least in 1995) SATAN scanner
Last release date was May 2009 (http://www-arc.com/sara/)
14. Perform a Scan
First, be certain you have permission to scan network or hosts
Choose a tool
Discover your network devices (servers, firewalls, applications, etc.)
Know the IP address range you want to scan
Prioritize your assets
Critical to non-critical
Identify vulnerabilities
Run a scan using the tool
Analyze threats
You may choose to accept the risk rather than remediate a vulnerability due to a
valid business reason
Remediate
Apply patches, turn off services, etc.
Eliminate your vulnerabilities
Run your scan again to make sure your vulnerabilities no longer exist
http://en.wikipedia.org/wiki/HTTP
15. Perform a Scan
Examples and ‘how to’
Scans in Nessus:
http://www.symantec.com/connect/articles/introduction-nessus
http://netsecurity.about.com/od/stepbystep/ss/nessus_scan.htm
Scan using Fport:
http://www.mcafee.com/us/downloads/free-tools/fport.aspx
Simple scan using Kaspersky:
http://support.kaspersky.com/kav2012/settings/scan?qid=208284603
http://en.wikipedia.org/wiki/HTTP
16. Protective Measures
Examples of Protective Security Measures per SANS
Access controls
User IDs and passwords, appropriate password and security policies, separation of
duties
User authentication, with appropriate use of controls, where possible (e.g. ,smart
cards), biometrics, etc.
Workstation lock screens
Encryption
Proper registry permissions
Proper directory and file permissions
Properly defined user rights
Social engineering prevention
Applying patches/updates
Firewalls
VPN tunneling
Screening routers
17. Protective Measures
More examples of Protective Security Measures per SANS
Anti-virus software
Prompt removal of terminated/transferred employee accounts, default passwords,
and unnecessary services running on the system
Implementing and enforcing change control policy to limit activity to authorized
users only
Review and management signoffs of user authorizations
Use of checksums with attendant software to report file modifications
Enable audit logging and perform log reviews
Review of open ports and services
Properly configured routers
Searching for and disconnecting unauthorized or poorly configured modem services