Uploaded byricharddxd
PDF, PPTX421 views

5 howtomitigate

Patching and updating software is important to mitigate vulnerabilities. Regularly applying patches from vendors keeps systems secure by fixing known issues exploited by viruses, worms, and hackers. It is also important to monitor websites for the latest vulnerability information and use scanning tools to identify vulnerabilities on networks and hosts. Once found, vulnerabilities should be remediated by applying patches, changing configurations, or removing unauthorized access. Regular assessments help measure security controls and identify gaps.

Embed presentation

Download as PDF, PPTX
How to Mitigate Stay Safe
Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure Viruses and worms usually attack known vulnerabilities Hackers can easily attack systems that have not been patched
Patching For Windows systems and Microsoft applications Can be automatically downloaded and installed For Windows, configure Automatic Updates program Click Start -> Settings -> Control Panel -> Automatic Updates Use Windows Update to find latest patches Click Start -> All Programs -> Windows Update Install manually from www.Microsoft.com For specific applications, visit vendor websites to check for updates Utilize websites showing the latest patches http://www.softwarepatch.com/ Monitor websites with vulnerability alerts http://www.us-cert.gov/cas/alerts/index.html
Patching Linux Patches are also known as “packages” Package Managers GUI used to keep OS and applications up to date Used to install, uninstall, search for, or update packages Command Line interface (CLI) Download the source for every out of date program, then compile and install If a program had any dependencies, you have to hunt down the dependency Use the “apt-get” command or “yum” depending on distro Unix Solaris Command line (pkgadd, pkgrm, pkginfo) HP-UX Software Package Builder (SPB) – provides both GUI and CLI
Patching Keep in mind when patching in high availability environments Make sure patch is relevant Keep patch level consistent on all servers Test patches before applying to avoid the ‘fix’ breaking another business critical function Have a backup plan in place Back up your system prior to patching so you can restore if necessary
Anti-virus Software Anti-virus Software that can detect and block malware before it infects your computer Looks for patterns based on the signatures, or definitions, of known viruses Must be kept up to date New viruses appear daily therefore signature database must be updated on a regular basis Use to scan your system either manually or automatically Scan file system of the computer Scan email attachments, downloaded documents, cds, usb drives, etc. before opening or using them Anti-virus software packages are discussed in the ‘Threats and Vulnerabilities’ module
Spyware Spyware Malware installed on a system that collects information about users without their knowledge Tracks users’ Internet activity for marketing purposes May use cookies in your Internet browser to track May cause added CPU activity, disk usage and network traffic on a system Detect and remove Anti-spyware programs Stand alone or additions to anti-virus software Provide real time protection or detect and remove existing spyware Scans the windows registry and files and removes those that match signature files Keep signature database up to date http://en.wikipedia.org/wiki/TCP/IP_model
Auditing Audit regularly Setting up audit policies is critical to the security of an organization’s assets (Remember policies set up in Windows and Unix Modules) Helps you measure the adequacy and effectiveness of controls in place Auditable items Users Permissions, activities Files and Objects Accessibility Manipulation Integrity Logs Captures defined events and activity
Monitoring Monitor Systems can be monitored for all kinds of things provided logs are stored and accessible Logs will show activities in regards to the following (**Logs capture events based on the policies set up in Windows and Unix Modules) Users Violating security policies, attempting unauthorized access Files and Objects Monitor access by unauthorized users Monitoring on a regular basis ensures confidentiality, integrity, availability and authenticity http://en.wikipedia.org/wiki/IP_addressing
Vulnerability Assessment Vulnerability “A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy. “ - National Institute of Standards and Technology Vulnerability Assessment Identify potential vulnerabilities and evaluate the effectiveness of various security controls implemented within the infrastructure Regularly run a network scan to identify infrastructure gap and non hardened devices Run a vulnerability scanner on a regular basis
Tools Vulnerability Scanners A tool that scans devices for vulnerabilities such as allowing unauthorized access to sensitive data, misconfigurations, default passwords not changed, etc. Types Host based Tool scans an individual computer for vulnerabilities Network based Tool scans network for vulnerabilities Database Scans for vulnerabilities in the database server(s)
Tools Vulnerability Scanners Netstat This tool is used on the local host to identify its open ports Command within Unix and Windows Superscan (Port Scanner) A freeware tool for Windows which will perform a UDP and TCP port scan http://www.mcafee.com/us/downloads/free-tools/superscan.aspx Nessus Free for personal use in a limited “home” license http://www.tenable.com/products Internet Security Scanner (ISS) A network security scanner that can be used for Windows http://its.virginia.edu/network/issdoc.html
Tools Vulnerability Scanners (more) Microsoft Baseline Security Analyzer (MBSA) Evaluates a system’s configuration and provides a report with specific recommendations to improve security. Also recommends missing hotfixes and configuration changes. This should be run regularly to check for new vulnerabilities. http://www.microsoft.com/download/en/details.aspx?id=19892 RPCDump (rpcdump.exe) This tool helps determine which RPC services have which ports open Fport A great tool from www.foundstone.com used to scan the system to see what is open http://www.mcafee.com/us/downloads/free-tools/fport.aspx Security Auditor's Research Assistant (SARA) A tool derived from the infamous (at least in 1995) SATAN scanner Last release date was May 2009 (http://www-arc.com/sara/)
Perform a Scan First, be certain you have permission to scan network or hosts Choose a tool Discover your network devices (servers, firewalls, applications, etc.) Know the IP address range you want to scan Prioritize your assets Critical to non-critical Identify vulnerabilities Run a scan using the tool Analyze threats You may choose to accept the risk rather than remediate a vulnerability due to a valid business reason Remediate Apply patches, turn off services, etc. Eliminate your vulnerabilities Run your scan again to make sure your vulnerabilities no longer exist http://en.wikipedia.org/wiki/HTTP
Perform a Scan Examples and ‘how to’ Scans in Nessus: http://www.symantec.com/connect/articles/introduction-nessus http://netsecurity.about.com/od/stepbystep/ss/nessus_scan.htm Scan using Fport: http://www.mcafee.com/us/downloads/free-tools/fport.aspx Simple scan using Kaspersky: http://support.kaspersky.com/kav2012/settings/scan?qid=208284603 http://en.wikipedia.org/wiki/HTTP
Protective Measures Examples of Protective Security Measures per SANS Access controls User IDs and passwords, appropriate password and security policies, separation of duties User authentication, with appropriate use of controls, where possible (e.g. ,smart cards), biometrics, etc. Workstation lock screens Encryption Proper registry permissions Proper directory and file permissions Properly defined user rights Social engineering prevention Applying patches/updates Firewalls VPN tunneling Screening routers
Protective Measures More examples of Protective Security Measures per SANS Anti-virus software Prompt removal of terminated/transferred employee accounts, default passwords, and unnecessary services running on the system Implementing and enforcing change control policy to limit activity to authorized users only Review and management signoffs of user authorizations Use of checksums with attendant software to report file modifications Enable audit logging and perform log reviews Review of open ports and services Properly configured routers Searching for and disconnecting unauthorized or poorly configured modem services
List of References http://www.softwarepatch.com/ http://www.us-cert.gov/cas/alerts/index.html http://www.sans.org/reading_room/whitepapers/basics/vulnera bility-assessment_421 http://netsecurity.about.com/od/freesecuritytools/a/aafreevulns can.htm http://sectools.org/vuln-scanners.html http://www.vulnerabilityassessment.co.uk/Penetration%20Test.ht ml

More Related Content

PDF
SANS Digital Forensics and Incident Response Poster 2012
byRian Yulian
 
PDF
Outpost Anti-Malware 7.5
byLubov Putsko
 
PDF
Sa No Scan Paper
bytafinley
 
PPTX
Malicious software
byCAS
 
PPTX
Operating system security
byRamesh Ogania
 
PPTX
Virus and its CounterMeasures -- Pruthvi Monarch
byPruthvi Monarch
 
PPTX
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
byOWASP Delhi
 
PPTX
Critical Controls Of Cyber Defense
byRishu Mehra
 
SANS Digital Forensics and Incident Response Poster 2012
byRian Yulian
 
Outpost Anti-Malware 7.5
byLubov Putsko
 
Sa No Scan Paper
bytafinley
 
Malicious software
byCAS
 
Operating system security
byRamesh Ogania
 
Virus and its CounterMeasures -- Pruthvi Monarch
byPruthvi Monarch
 
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
byOWASP Delhi
 
Critical Controls Of Cyber Defense
byRishu Mehra
 

What's hot

PPTX
Network Vulnerability Assessment: Key Decision Points
byPivotPointSecurity
 
PDF
AV Comparatives 2013 (Comparación de Antivirus)
byDoryan Mathos
 
PDF
Avc per 201304_en
byAnatoliy Tkachev
 
PPTX
Security threats explained
byAbhijeet Karve
 
PPTX
Operating system security
bySarmad Makhdoom
 
PPT
Prueba de Presentacion
byrubychavez
 
PPTX
How to Audit Firewall, what are the standard Practices for Firewall Audit
bykeyuradmin
 
PDF
Avc prot 2016a_en
byAndrey Apuhtin
 
PPT
Firewall audit
byVelliyangiri K.S
 
PDF
Antivirus Comparative junio 2014
byDoryan Mathos
 
PPT
Design for security in operating system
byBhagyashree Barde
 
PPTX
COMPUTER SECURITY AND OPERATING SYSTEM
byfaraz hussain
 
PPT
Firewall Penetration Testing
byChirag Jain
 
PPT
Automated Penetration Testing With Core Impact
byTom Eston
 
PPTX
Introduction to cyber security
byGeevarghese Titus
 
PDF
SANS Windows Artifact Analysis 2012
byRian Yulian
 
PPTX
Least privilege, access control, operating system security
byPrachi Gulihar
 
ODP
Incident response
byJarno Niemela
 
PPTX
Intrusion detection
byCAS
 
Network Vulnerability Assessment: Key Decision Points
byPivotPointSecurity
 
AV Comparatives 2013 (Comparación de Antivirus)
byDoryan Mathos
 
Avc per 201304_en
byAnatoliy Tkachev
 
Security threats explained
byAbhijeet Karve
 
Operating system security
bySarmad Makhdoom
 
Prueba de Presentacion
byrubychavez
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
bykeyuradmin
 
Avc prot 2016a_en
byAndrey Apuhtin
 
Firewall audit
byVelliyangiri K.S
 
Antivirus Comparative junio 2014
byDoryan Mathos
 
Design for security in operating system
byBhagyashree Barde
 
COMPUTER SECURITY AND OPERATING SYSTEM
byfaraz hussain
 
Firewall Penetration Testing
byChirag Jain
 
Automated Penetration Testing With Core Impact
byTom Eston
 
Introduction to cyber security
byGeevarghese Titus
 
SANS Windows Artifact Analysis 2012
byRian Yulian
 
Least privilege, access control, operating system security
byPrachi Gulihar
 
Incident response
byJarno Niemela
 
Intrusion detection
byCAS
 

Viewers also liked

PPS
胡小菁
bylyqing2000
 
PPTX
WordPress in the Enterprise II
byInterconnect IT
 
PPTX
Be light pointe noire
bycongobob
 
PPTX
Yeeling’S Personal Selling
bydinoyeeling
 
PPTX
Unlocking Enterprise with WordPress
byInterconnect IT
 
PPTX
Vtc2013 digital citizenship
byClint Hamada
 
胡小菁
bylyqing2000
 
WordPress in the Enterprise II
byInterconnect IT
 
Be light pointe noire
bycongobob
 
Yeeling’S Personal Selling
bydinoyeeling
 
Unlocking Enterprise with WordPress
byInterconnect IT
 
Vtc2013 digital citizenship
byClint Hamada
 

Similar to 5 howtomitigate

PPSX
Security measures for networking
byShyam Kumar Singh
 
PDF
CNIT 123 8: Desktop and Server OS Vulnerabilities
bySam Bowne
 
PDF
CNIT 123 Ch 8: OS Vulnerabilities
bySam Bowne
 
PPT
Microsoft OS Vulnerabilities
bySecurityTube.Net
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
PPT
Microsoft Operating System Vulnerabilities
byInformation Technology
 
PDF
Declaration of malWARe
byScott Sutherland
 
DOCX
Malware Protection Week5Part4-IS Revision Fall2013 .docx
byinfantsuk
 
DOCX
Network security
byShyam Kumar Singh
 
PPT
Safe Computing At Home And Work
byJohn Steensen, MBA/TM, CISA, CRISC
 
PDF
CNIT 123: 8: Desktop and Server OS Vulnerabilites
bySam Bowne
 
PPTX
Delivering Security with GFI MAX - Mark Petrie
byMAXfocus
 
PPTX
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
byMAXfocus
 
PPTX
IT Security Basics For Managers
byDaniel Owens
 
PDF
Ch 8: Desktop and Server OS Vulnerabilites
bySam Bowne
 
PPTX
9.0 security (2)
byFrank Victory
 
PPT
70-272 Chapter10
byGene Carboni
 
PDF
Vulnerability Management
byGFI Software
 
PPTX
DC612 Day - Hands on Penetration Testing 101
bydc612
 
PDF
Vulnerability Assessment Report
byHarshit Singh Bhatia
 
Security measures for networking
byShyam Kumar Singh
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
bySam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
bySam Bowne
 
Microsoft OS Vulnerabilities
bySecurityTube.Net
 
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
Microsoft Operating System Vulnerabilities
byInformation Technology
 
Declaration of malWARe
byScott Sutherland
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
byinfantsuk
 
Network security
byShyam Kumar Singh
 
Safe Computing At Home And Work
byJohn Steensen, MBA/TM, CISA, CRISC
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
bySam Bowne
 
Delivering Security with GFI MAX - Mark Petrie
byMAXfocus
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
byMAXfocus
 
IT Security Basics For Managers
byDaniel Owens
 
Ch 8: Desktop and Server OS Vulnerabilites
bySam Bowne
 
9.0 security (2)
byFrank Victory
 
70-272 Chapter10
byGene Carboni
 
Vulnerability Management
byGFI Software
 
DC612 Day - Hands on Penetration Testing 101
bydc612
 
Vulnerability Assessment Report
byHarshit Singh Bhatia
 

More from richarddxd

PDF
Step6 troubleshooting
byricharddxd
 
PDF
Step5 unzipping and installing a competition image
byricharddxd
 
PDF
Step4 downloading and installing vm ware target image
byricharddxd
 
PDF
Step3 downloading and installing v mware player software
byricharddxd
 
PDF
Step2 download and load 7-zip and win mds applications
byricharddxd
 
PDF
Step1 validation system configuration
byricharddxd
 
PDF
8 passwordsecurity
byricharddxd
 
PDF
7 unixsecurity
byricharddxd
 
PDF
6 networking
byricharddxd
 
PDF
4 threatsandvulnerabilities
byricharddxd
 
PDF
3 windowssecurity
byricharddxd
 
PDF
2 v mware
byricharddxd
 
PDF
1 introit security
byricharddxd
 
Step6 troubleshooting
byricharddxd
 
Step5 unzipping and installing a competition image
byricharddxd
 
Step4 downloading and installing vm ware target image
byricharddxd
 
Step3 downloading and installing v mware player software
byricharddxd
 
Step2 download and load 7-zip and win mds applications
byricharddxd
 
Step1 validation system configuration
byricharddxd
 
8 passwordsecurity
byricharddxd
 
7 unixsecurity
byricharddxd
 
6 networking
byricharddxd
 
4 threatsandvulnerabilities
byricharddxd
 
3 windowssecurity
byricharddxd
 
2 v mware
byricharddxd
 
1 introit security
byricharddxd
 

5 howtomitigate

  • 1.
  • 2.
    Patching Patches Software‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure Viruses and worms usually attack known vulnerabilities Hackers can easily attack systems that have not been patched
  • 3.
    Patching For Windows systemsand Microsoft applications Can be automatically downloaded and installed For Windows, configure Automatic Updates program Click Start -> Settings -> Control Panel -> Automatic Updates Use Windows Update to find latest patches Click Start -> All Programs -> Windows Update Install manually from www.Microsoft.com For specific applications, visit vendor websites to check for updates Utilize websites showing the latest patches http://www.softwarepatch.com/ Monitor websites with vulnerability alerts http://www.us-cert.gov/cas/alerts/index.html
  • 4.
    Patching Linux Patches are also known as “packages” Package Managers GUI used to keep OS and applications up to date Used to install, uninstall, search for, or update packages Command Line interface (CLI) Download the source for every out of date program, then compile and install If a program had any dependencies, you have to hunt down the dependency Use the “apt-get” command or “yum” depending on distro Unix Solaris Command line (pkgadd, pkgrm, pkginfo) HP-UX Software Package Builder (SPB) – provides both GUI and CLI
  • 5.
    Patching Keep in mindwhen patching in high availability environments Make sure patch is relevant Keep patch level consistent on all servers Test patches before applying to avoid the ‘fix’ breaking another business critical function Have a backup plan in place Back up your system prior to patching so you can restore if necessary
  • 6.
    Anti-virus Software Anti-virus Software that can detect and block malware before it infects your computer Looks for patterns based on the signatures, or definitions, of known viruses Must be kept up to date New viruses appear daily therefore signature database must be updated on a regular basis Use to scan your system either manually or automatically Scan file system of the computer Scan email attachments, downloaded documents, cds, usb drives, etc. before opening or using them Anti-virus software packages are discussed in the ‘Threats and Vulnerabilities’ module
  • 7.
    Spyware Spyware Malwareinstalled on a system that collects information about users without their knowledge Tracks users’ Internet activity for marketing purposes May use cookies in your Internet browser to track May cause added CPU activity, disk usage and network traffic on a system Detect and remove Anti-spyware programs Stand alone or additions to anti-virus software Provide real time protection or detect and remove existing spyware Scans the windows registry and files and removes those that match signature files Keep signature database up to date http://en.wikipedia.org/wiki/TCP/IP_model
  • 8.
    Auditing Audit regularly Setting up audit policies is critical to the security of an organization’s assets (Remember policies set up in Windows and Unix Modules) Helps you measure the adequacy and effectiveness of controls in place Auditable items Users Permissions, activities Files and Objects Accessibility Manipulation Integrity Logs Captures defined events and activity
  • 9.
    Monitoring Monitor Systems can be monitored for all kinds of things provided logs are stored and accessible Logs will show activities in regards to the following (**Logs capture events based on the policies set up in Windows and Unix Modules) Users Violating security policies, attempting unauthorized access Files and Objects Monitor access by unauthorized users Monitoring on a regular basis ensures confidentiality, integrity, availability and authenticity http://en.wikipedia.org/wiki/IP_addressing
  • 10.
    Vulnerability Assessment Vulnerability “A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy. “ - National Institute of Standards and Technology Vulnerability Assessment Identify potential vulnerabilities and evaluate the effectiveness of various security controls implemented within the infrastructure Regularly run a network scan to identify infrastructure gap and non hardened devices Run a vulnerability scanner on a regular basis
  • 11.
    Tools Vulnerability Scanners A tool that scans devices for vulnerabilities such as allowing unauthorized access to sensitive data, misconfigurations, default passwords not changed, etc. Types Host based Tool scans an individual computer for vulnerabilities Network based Tool scans network for vulnerabilities Database Scans for vulnerabilities in the database server(s)
  • 12.
    Tools Vulnerability Scanners Netstat This tool is used on the local host to identify its open ports Command within Unix and Windows Superscan (Port Scanner) A freeware tool for Windows which will perform a UDP and TCP port scan http://www.mcafee.com/us/downloads/free-tools/superscan.aspx Nessus Free for personal use in a limited “home” license http://www.tenable.com/products Internet Security Scanner (ISS) A network security scanner that can be used for Windows http://its.virginia.edu/network/issdoc.html
  • 13.
    Tools Vulnerability Scanners (more) Microsoft Baseline Security Analyzer (MBSA) Evaluates a system’s configuration and provides a report with specific recommendations to improve security. Also recommends missing hotfixes and configuration changes. This should be run regularly to check for new vulnerabilities. http://www.microsoft.com/download/en/details.aspx?id=19892 RPCDump (rpcdump.exe) This tool helps determine which RPC services have which ports open Fport A great tool from www.foundstone.com used to scan the system to see what is open http://www.mcafee.com/us/downloads/free-tools/fport.aspx Security Auditor's Research Assistant (SARA) A tool derived from the infamous (at least in 1995) SATAN scanner Last release date was May 2009 (http://www-arc.com/sara/)
  • 14.
    Perform a Scan First,be certain you have permission to scan network or hosts Choose a tool Discover your network devices (servers, firewalls, applications, etc.) Know the IP address range you want to scan Prioritize your assets Critical to non-critical Identify vulnerabilities Run a scan using the tool Analyze threats You may choose to accept the risk rather than remediate a vulnerability due to a valid business reason Remediate Apply patches, turn off services, etc. Eliminate your vulnerabilities Run your scan again to make sure your vulnerabilities no longer exist http://en.wikipedia.org/wiki/HTTP
  • 15.
    Perform a Scan Examplesand ‘how to’ Scans in Nessus: http://www.symantec.com/connect/articles/introduction-nessus http://netsecurity.about.com/od/stepbystep/ss/nessus_scan.htm Scan using Fport: http://www.mcafee.com/us/downloads/free-tools/fport.aspx Simple scan using Kaspersky: http://support.kaspersky.com/kav2012/settings/scan?qid=208284603 http://en.wikipedia.org/wiki/HTTP
  • 16.
    Protective Measures Examples ofProtective Security Measures per SANS Access controls User IDs and passwords, appropriate password and security policies, separation of duties User authentication, with appropriate use of controls, where possible (e.g. ,smart cards), biometrics, etc. Workstation lock screens Encryption Proper registry permissions Proper directory and file permissions Properly defined user rights Social engineering prevention Applying patches/updates Firewalls VPN tunneling Screening routers
  • 17.
    Protective Measures More examplesof Protective Security Measures per SANS Anti-virus software Prompt removal of terminated/transferred employee accounts, default passwords, and unnecessary services running on the system Implementing and enforcing change control policy to limit activity to authorized users only Review and management signoffs of user authorizations Use of checksums with attendant software to report file modifications Enable audit logging and perform log reviews Review of open ports and services Properly configured routers Searching for and disconnecting unauthorized or poorly configured modem services
  • 18.