This document discusses various topics related to information security including logical access exposures, network infrastructure security, auditing network security, environmental issues and controls, and encryption. It describes common security threats like viruses, worms, Trojan horses, and denial of service attacks. It also outlines controls and countermeasures for securing logical access such as access control software, passwords, biometrics, and firewalls. Network security topics covered include LAN security, client-server security, and intrusion detection systems.
Liam Randall of Critical Stack at S4x15 Operation Technology Day. Liam is a Bro guru and describes how it can be used to monitor communications, detect attacks and analyze data.
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
Kuniyasu Suzaki presented on using process whitelisting and resource access control on industrial control system (ICS) computers. He explained that as ICS systems have moved from specialized to commodity operating systems, whitelisting can be used to lock down the OS and limit vulnerabilities. He described how whitelisting restricts process creation and computing resource access to only approved processes and resources. Suzaki provided examples of whitelist rules and discussed implementing whitelisting on Windows. He concluded that whitelisting offers predictable delays suitable for ICS while limiting potential malware activities.
The document discusses Privileged Identity Management (PIM) solutions from CyberArk. It provides an overview of the Secure Digital Vault for securely storing credentials at rest and in motion. It also summarizes the Enterprise Password Vault for preventing threats and improving productivity by controlling privileged access. Finally, it briefly outlines the Application Identity Manager for securing and managing application identities and credentials.
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
The document discusses Ivanti Endpoint Security which provides multiple layers of defense to protect against cyber threats. It supports an endpoint defense-in-depth strategy using technologies like antivirus, device control, encryption, application control and patch management. Application control helps reduce risk from unauthorized applications while advanced malware detection provides protection and remediation from malware. The goal is to prevent, detect and remediate vulnerabilities and threats across endpoints through a single, integrated platform.
GRC 2013 Preventing Cyber Attacks for SAP - Onapsis Presentationrclark004
The document discusses 11 risks that could leave an SAP system vulnerable to cyber attacks. It begins by explaining why SAP systems are targets, such as storing sensitive business information. It then debunks common misconceptions about SAP security like believing systems are intrinsically secure. The risks covered include missing security notes, standard users with default passwords, and vulnerabilities in the SAP application layer which handles authentication and authorization. Addressing these 11 risks is important to protect an SAP platform from espionage, sabotage and financial fraud.
Tatsuaki Takebe of Yokogawa Electric Corporation provides the closing keynote with a focus on international standards activity and how it affects the Japanese ICS community.
The document summarizes Symantec's endpoint security solution. It discusses the key ingredients for endpoint protection including antivirus, antispyware, firewall, intrusion prevention, device/application control, and network access control. It describes how these components work together through a single agent and management console to provide comprehensive endpoint security, compliance, and management capabilities. The solution aims to reduce costs, complexity, and risks while increasing protection, control, and manageability for organizations.
This document discusses CyberArk's privileged account security solutions. It begins by noting CyberArk's growth and customer base. It then explains that organizations have many more privileged accounts than employees across various systems. The document outlines CyberArk's approach to delivering a new critical security layer of privileged account security. It describes CyberArk's privileged account security solution and components like the privileged password vault. Finally, it provides examples of how least privilege principles and application control can help prevent cyber attacks when combined.
Liam Randall of Critical Stack at S4x15 Operation Technology Day. Liam is a Bro guru and describes how it can be used to monitor communications, detect attacks and analyze data.
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
Kuniyasu Suzaki presented on using process whitelisting and resource access control on industrial control system (ICS) computers. He explained that as ICS systems have moved from specialized to commodity operating systems, whitelisting can be used to lock down the OS and limit vulnerabilities. He described how whitelisting restricts process creation and computing resource access to only approved processes and resources. Suzaki provided examples of whitelist rules and discussed implementing whitelisting on Windows. He concluded that whitelisting offers predictable delays suitable for ICS while limiting potential malware activities.
The document discusses Privileged Identity Management (PIM) solutions from CyberArk. It provides an overview of the Secure Digital Vault for securely storing credentials at rest and in motion. It also summarizes the Enterprise Password Vault for preventing threats and improving productivity by controlling privileged access. Finally, it briefly outlines the Application Identity Manager for securing and managing application identities and credentials.
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
The document discusses Ivanti Endpoint Security which provides multiple layers of defense to protect against cyber threats. It supports an endpoint defense-in-depth strategy using technologies like antivirus, device control, encryption, application control and patch management. Application control helps reduce risk from unauthorized applications while advanced malware detection provides protection and remediation from malware. The goal is to prevent, detect and remediate vulnerabilities and threats across endpoints through a single, integrated platform.
GRC 2013 Preventing Cyber Attacks for SAP - Onapsis Presentationrclark004
The document discusses 11 risks that could leave an SAP system vulnerable to cyber attacks. It begins by explaining why SAP systems are targets, such as storing sensitive business information. It then debunks common misconceptions about SAP security like believing systems are intrinsically secure. The risks covered include missing security notes, standard users with default passwords, and vulnerabilities in the SAP application layer which handles authentication and authorization. Addressing these 11 risks is important to protect an SAP platform from espionage, sabotage and financial fraud.
Tatsuaki Takebe of Yokogawa Electric Corporation provides the closing keynote with a focus on international standards activity and how it affects the Japanese ICS community.
The document summarizes Symantec's endpoint security solution. It discusses the key ingredients for endpoint protection including antivirus, antispyware, firewall, intrusion prevention, device/application control, and network access control. It describes how these components work together through a single agent and management console to provide comprehensive endpoint security, compliance, and management capabilities. The solution aims to reduce costs, complexity, and risks while increasing protection, control, and manageability for organizations.
This document discusses CyberArk's privileged account security solutions. It begins by noting CyberArk's growth and customer base. It then explains that organizations have many more privileged accounts than employees across various systems. The document outlines CyberArk's approach to delivering a new critical security layer of privileged account security. It describes CyberArk's privileged account security solution and components like the privileged password vault. Finally, it provides examples of how least privilege principles and application control can help prevent cyber attacks when combined.
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
The document discusses penetration testing of VoIP networks. It describes a VoIP security research lab that investigates attack vectors against VoIP systems. When conducting internal VoIP assessments, the objectives are to understand the call requirements, VLAN configuration, and gain access to the voice VLAN to test for vulnerabilities. Sniffing tools can reveal the voice VLAN ID and credentials. VLAN hopping poses a risk if an attacker can access the voice VLAN from their PC. A case study found an attacker was able to hop VLANs in a hotel network and potentially monitor other guests' phone calls due to poor network segmentation. Proper firewalling of voice networks and limiting remote access to voice VLANs are important lessons learned.
This document discusses intrusion detection and prevention systems. It defines intrusion detection as detecting inappropriate, incorrect, or anomalous activity. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be used to determine if a network or server has experienced an unauthorized intrusion. IDS and IPS systems work by using network sensors to detect intrusions or host agents to detect intrusions on individual systems. The document discusses different IDS and IPS products and how to implement them, including in network or host modes. It also covers signature tuning and different deployment models.
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
This document discusses security issues related to accessing and controlling vehicles via OBD-II ports, drawing comparisons to struggles securing industrial control systems. It notes that accessing these systems often means compromising them, as protocols were designed without security. While an analysis of a Progressive Snapshot dongle found no security precautions, lessons from securing critical infrastructure suggest restricting access and implementing least privilege. The document advocates learning from past ICS mistakes to develop secure vehicle protocols and modules.
The document discusses the OWASP Top 10 Proactive Controls for web application security. It summarizes 10 critical security areas that developers must address: 1) Verify security early and often, 2) Parameterize queries, 3) Encode data, 4) Validate all inputs, 5) Implement identity and authentication controls, 6) Implement access controls, 7) Protect data, 8) Implement logging and intrusion detection, 9) Leverage security frameworks and libraries, and 10) Handle errors and exceptions properly. For each area, it describes common vulnerabilities, example attacks, and recommended controls to implement for protection.
Jump Start Your Application Security KnowledgeDenim Group
How to Jump-Start Your Application Security Knowledge
For the Network Security Guy Who Knows Nothing about Web Applications
Most security officers are not software developers, and rarely do they have control over the security associated with internally developed software systems. However, CSO's are still frequently held accountable when externally-facing software is compromised and a breach occurs. Unless security professionals radically upgrade their knowledge of software and software development techniques, they will continue to inadequately manage the risk that custom software systems represents to the enterprise.
Presented by John Dickson of Denim Group and Jeremiah Grossman of WhiteHat Security, this webinar will help non-development security managers understand the salient aspects of the software development process and to upgrade their IQ on software. It will help them to identify risks with different assessment approaches, how to inject themselves into the development process at key "waypoints," and to understand ways to influence development peers to write more secure code.
This document discusses utilizing unidirectional security gateways to achieve cyber security. It introduces Waterfall Security Solutions, which provides unidirectional gateway technology. These gateways allow information to flow from protected industrial networks to external networks like business networks, preventing any return path for attacks. The document outlines the need to protect critical infrastructure from cyber threats and presents scenarios where gateways can help. It then reviews limitations of traditional IT security practices and how the Waterfall solution meets best practices. Real-world use cases and benefits like compliance, cost recovery and support for industrial applications/protocols are also covered.
Expand Your Control of Access to IBM i Systems and DataPrecisely
This document discusses expanding control of access to IBM i systems and data. It begins with some logistical information about the webcast. The presentation will discuss myths about IBM i security, exit points and access methods, examples of security issues, and how Syncsort can help with security. The agenda includes discussing the myth that IBM i is secure by nature, reviewing exit points and access methods, providing examples, and explaining how Syncsort can help manage security risks. Overall, the document aims to educate about security risks on IBM i and how third party solutions can help address vulnerabilities from various access methods and improve overall security.
Vulnerability Inheritance in ICS (English)Digital Bond
This document discusses vulnerability inheritance in programmable logic controllers (PLCs) from third-party libraries and software. It provides a specific example of vulnerabilities found in the CoDeSys runtime and engineering software used by hundreds of industrial control system vendors. The document outlines how two major Japanese PLC vendors were found to be affected by these vulnerabilities due to their use of CoDeSys, and concludes that vendors need to implement secure development practices like security testing to prevent inheriting vulnerabilities from third-party components.
This document summarizes a presentation given by Craig Heilmann of IBM Security Services at the S4 ICS Security Conference in January 2015. The presentation discussed accelerating cyber security for operational technology (OT) using a case study. The case study involved a large manufacturer that wanted to transform its security operations over 5 years but faced constraints. The solution was to focus first on operations using an "elastic and agile" model with processes, operations, and technology improvements to quickly detect, respond, and disrupt attacks. This included enterprise-wide password changes and a security program framework to continuously adapt and mature capabilities over time. Cost modeling was also introduced to better plan and rationalize security spending.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
The session will cover the security risks and issues around the management and usage of privileged/interactive user remote access and will cover the following topics:
- Management of generic and shared accounts (and their users)
- Remote interactive access to critical systems (e.g. vendor support)
- Current typical jump server implementations and its security weakness
- Isolation, Monitoring and Control over interactive/privileged sessions
- Recommended design and implementation of jump servers
The session will cover the security issues and the proposed solutions.
Skill Set Needed to work successfully in a SOCFuad Khan
This document discusses security operations centers (SOCs) and the roles within them. A SOC is an organization that defends a computer network against unauthorized activity through monitoring, detection, analysis, and response. The document outlines the responsibilities of tier 1, 2, and 3 SOC analysts, with tier 1 observing logs and putting in trouble tickets, tier 2 taking on more research, analysis, and automation, and tier 3 specializing in advanced security areas and serving as expert "hunters". It emphasizes that teamwork is essential for all SOC roles.
The document discusses various techniques for confining untrusted code, including running it at different levels of isolation such as in a separate hardware system, virtual machine, process, or thread. It describes approaches like system call interposition and software fault isolation that monitor applications and isolate their ability to access resources. The document also covers topics like rootkits, which can provide unauthorized access, and intrusion detection systems, which monitor networks for malicious activity.
The document outlines how to build an effective security program with limited resources as a one-person shop. It discusses establishing people and processes, designing a secure network architecture by dividing the network into zones and applying security controls at boundaries, securing system design through least privilege and centralized logging, performing continuous monitoring through vulnerability scanning and log analysis, obtaining external validation through auditing and penetration testing, and ensuring compliance through following security best practices and frameworks. The overall goal is to prioritize security based on risks through people-focused automation and standardization of processes.
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
La mayor parte de las brechas de datos son debidas al uso indebido de credenciales privilegiadas. Los invitamos a conocer el enfoque de CyberArk, en esta presentación de Carolina Bozza.
Carolina será una de los presentadores en nuestro evento "EL ATAQUE INTERNO", el próximo 6 de mayo. El link de inscripción es:
https://eventioz.com.ar/e/el-ataque-interno?utm_source=eventioz&utm_medium=emailtrans&utm_campaign=ez_invite_recipient&utm_content=button_cta&source=orevem
Los esperamos!!
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
This session will cover the pro's and con's of virtualization as well as lessons learned from real world virtualization of DCS environments. Chris has deployed virtualization in ICS with and without ICS vendor cooperation.
This document provides an overview of the ForeScout product line. It summarizes their solutions for gaining visibility and control of all endpoints including corporate, BYOD, guest, and IoT devices across networks, clouds, and locations. It describes their appliance architecture and capabilities for device inspection, classification, inventory, and remediation. Integration with networking, security, and mobility solutions is also highlighted. Recent product enhancements are introduced, including a tactical map for global network visibility and mobile security modules.
IBM® QRadar® QFlow Collector integrates with IBM QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis to help you sense, detect and respond to activities throughout your network. This combined solution, powered by the advanced IBM Sense Analytics Engine™, gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
This chapter discusses hacking wireless networks. It explains wireless technology and standards such as 802.11. Authentication in wireless networks involves establishing that a user is authorized to use the network. Various wireless hacking tools and the process of "wardriving" are also described.
This document discusses different types of individuals involved with technology and crime, including geeks, hackers, and cybercriminals. It defines geeks as those focused on technical skills over social acceptance. Hackers are described as problem solvers and programmers, though the term is now often associated with criminal behavior. Different types of hackers are outlined such as white hats, black hats, and gray hats. The hacker subculture is examined, including hacker ethics, characteristics, slang ("1337" language), and influential movies. A typology of hackers is provided, differentiating between old school hackers, bedroom hackers, script kiddies, and hacktivists.
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
The document discusses penetration testing of VoIP networks. It describes a VoIP security research lab that investigates attack vectors against VoIP systems. When conducting internal VoIP assessments, the objectives are to understand the call requirements, VLAN configuration, and gain access to the voice VLAN to test for vulnerabilities. Sniffing tools can reveal the voice VLAN ID and credentials. VLAN hopping poses a risk if an attacker can access the voice VLAN from their PC. A case study found an attacker was able to hop VLANs in a hotel network and potentially monitor other guests' phone calls due to poor network segmentation. Proper firewalling of voice networks and limiting remote access to voice VLANs are important lessons learned.
This document discusses intrusion detection and prevention systems. It defines intrusion detection as detecting inappropriate, incorrect, or anomalous activity. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be used to determine if a network or server has experienced an unauthorized intrusion. IDS and IPS systems work by using network sensors to detect intrusions or host agents to detect intrusions on individual systems. The document discusses different IDS and IPS products and how to implement them, including in network or host modes. It also covers signature tuning and different deployment models.
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
This document discusses security issues related to accessing and controlling vehicles via OBD-II ports, drawing comparisons to struggles securing industrial control systems. It notes that accessing these systems often means compromising them, as protocols were designed without security. While an analysis of a Progressive Snapshot dongle found no security precautions, lessons from securing critical infrastructure suggest restricting access and implementing least privilege. The document advocates learning from past ICS mistakes to develop secure vehicle protocols and modules.
The document discusses the OWASP Top 10 Proactive Controls for web application security. It summarizes 10 critical security areas that developers must address: 1) Verify security early and often, 2) Parameterize queries, 3) Encode data, 4) Validate all inputs, 5) Implement identity and authentication controls, 6) Implement access controls, 7) Protect data, 8) Implement logging and intrusion detection, 9) Leverage security frameworks and libraries, and 10) Handle errors and exceptions properly. For each area, it describes common vulnerabilities, example attacks, and recommended controls to implement for protection.
Jump Start Your Application Security KnowledgeDenim Group
How to Jump-Start Your Application Security Knowledge
For the Network Security Guy Who Knows Nothing about Web Applications
Most security officers are not software developers, and rarely do they have control over the security associated with internally developed software systems. However, CSO's are still frequently held accountable when externally-facing software is compromised and a breach occurs. Unless security professionals radically upgrade their knowledge of software and software development techniques, they will continue to inadequately manage the risk that custom software systems represents to the enterprise.
Presented by John Dickson of Denim Group and Jeremiah Grossman of WhiteHat Security, this webinar will help non-development security managers understand the salient aspects of the software development process and to upgrade their IQ on software. It will help them to identify risks with different assessment approaches, how to inject themselves into the development process at key "waypoints," and to understand ways to influence development peers to write more secure code.
This document discusses utilizing unidirectional security gateways to achieve cyber security. It introduces Waterfall Security Solutions, which provides unidirectional gateway technology. These gateways allow information to flow from protected industrial networks to external networks like business networks, preventing any return path for attacks. The document outlines the need to protect critical infrastructure from cyber threats and presents scenarios where gateways can help. It then reviews limitations of traditional IT security practices and how the Waterfall solution meets best practices. Real-world use cases and benefits like compliance, cost recovery and support for industrial applications/protocols are also covered.
Expand Your Control of Access to IBM i Systems and DataPrecisely
This document discusses expanding control of access to IBM i systems and data. It begins with some logistical information about the webcast. The presentation will discuss myths about IBM i security, exit points and access methods, examples of security issues, and how Syncsort can help with security. The agenda includes discussing the myth that IBM i is secure by nature, reviewing exit points and access methods, providing examples, and explaining how Syncsort can help manage security risks. Overall, the document aims to educate about security risks on IBM i and how third party solutions can help address vulnerabilities from various access methods and improve overall security.
Vulnerability Inheritance in ICS (English)Digital Bond
This document discusses vulnerability inheritance in programmable logic controllers (PLCs) from third-party libraries and software. It provides a specific example of vulnerabilities found in the CoDeSys runtime and engineering software used by hundreds of industrial control system vendors. The document outlines how two major Japanese PLC vendors were found to be affected by these vulnerabilities due to their use of CoDeSys, and concludes that vendors need to implement secure development practices like security testing to prevent inheriting vulnerabilities from third-party components.
This document summarizes a presentation given by Craig Heilmann of IBM Security Services at the S4 ICS Security Conference in January 2015. The presentation discussed accelerating cyber security for operational technology (OT) using a case study. The case study involved a large manufacturer that wanted to transform its security operations over 5 years but faced constraints. The solution was to focus first on operations using an "elastic and agile" model with processes, operations, and technology improvements to quickly detect, respond, and disrupt attacks. This included enterprise-wide password changes and a security program framework to continuously adapt and mature capabilities over time. Cost modeling was also introduced to better plan and rationalize security spending.
Using Assessment Tools on ICS (English)Digital Bond
Dale Peterson of Digital Bond describes the methodology of using security assessment tools on an operational ICS. He also discusses how to best use the features and functions of these tools.
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
The session will cover the security risks and issues around the management and usage of privileged/interactive user remote access and will cover the following topics:
- Management of generic and shared accounts (and their users)
- Remote interactive access to critical systems (e.g. vendor support)
- Current typical jump server implementations and its security weakness
- Isolation, Monitoring and Control over interactive/privileged sessions
- Recommended design and implementation of jump servers
The session will cover the security issues and the proposed solutions.
Skill Set Needed to work successfully in a SOCFuad Khan
This document discusses security operations centers (SOCs) and the roles within them. A SOC is an organization that defends a computer network against unauthorized activity through monitoring, detection, analysis, and response. The document outlines the responsibilities of tier 1, 2, and 3 SOC analysts, with tier 1 observing logs and putting in trouble tickets, tier 2 taking on more research, analysis, and automation, and tier 3 specializing in advanced security areas and serving as expert "hunters". It emphasizes that teamwork is essential for all SOC roles.
The document discusses various techniques for confining untrusted code, including running it at different levels of isolation such as in a separate hardware system, virtual machine, process, or thread. It describes approaches like system call interposition and software fault isolation that monitor applications and isolate their ability to access resources. The document also covers topics like rootkits, which can provide unauthorized access, and intrusion detection systems, which monitor networks for malicious activity.
The document outlines how to build an effective security program with limited resources as a one-person shop. It discusses establishing people and processes, designing a secure network architecture by dividing the network into zones and applying security controls at boundaries, securing system design through least privilege and centralized logging, performing continuous monitoring through vulnerability scanning and log analysis, obtaining external validation through auditing and penetration testing, and ensuring compliance through following security best practices and frameworks. The overall goal is to prioritize security based on risks through people-focused automation and standardization of processes.
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
La mayor parte de las brechas de datos son debidas al uso indebido de credenciales privilegiadas. Los invitamos a conocer el enfoque de CyberArk, en esta presentación de Carolina Bozza.
Carolina será una de los presentadores en nuestro evento "EL ATAQUE INTERNO", el próximo 6 de mayo. El link de inscripción es:
https://eventioz.com.ar/e/el-ataque-interno?utm_source=eventioz&utm_medium=emailtrans&utm_campaign=ez_invite_recipient&utm_content=button_cta&source=orevem
Los esperamos!!
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
This session will cover the pro's and con's of virtualization as well as lessons learned from real world virtualization of DCS environments. Chris has deployed virtualization in ICS with and without ICS vendor cooperation.
This document provides an overview of the ForeScout product line. It summarizes their solutions for gaining visibility and control of all endpoints including corporate, BYOD, guest, and IoT devices across networks, clouds, and locations. It describes their appliance architecture and capabilities for device inspection, classification, inventory, and remediation. Integration with networking, security, and mobility solutions is also highlighted. Recent product enhancements are introduced, including a tactical map for global network visibility and mobile security modules.
IBM® QRadar® QFlow Collector integrates with IBM QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis to help you sense, detect and respond to activities throughout your network. This combined solution, powered by the advanced IBM Sense Analytics Engine™, gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
This chapter discusses hacking wireless networks. It explains wireless technology and standards such as 802.11. Authentication in wireless networks involves establishing that a user is authorized to use the network. Various wireless hacking tools and the process of "wardriving" are also described.
This document discusses different types of individuals involved with technology and crime, including geeks, hackers, and cybercriminals. It defines geeks as those focused on technical skills over social acceptance. Hackers are described as problem solvers and programmers, though the term is now often associated with criminal behavior. Different types of hackers are outlined such as white hats, black hats, and gray hats. The hacker subculture is examined, including hacker ethics, characteristics, slang ("1337" language), and influential movies. A typology of hackers is provided, differentiating between old school hackers, bedroom hackers, script kiddies, and hacktivists.
My 2012 homerun in IT-security: For many years nothing happened in Web security - with respect to security-enabling the HTTP stack. This is not true anymore: game-changing innovations do emerge right now. Their impact will - likely - be pervasive. It is important to understand what exactly is being launched, why this is happening and which forces are driving this. This presentation establishes this context and elaborates on the implications.
This is a multi-faceted workshop that explores new concepts in web security. After a solid grounding in well-known exploits like cross-site scripting (XSS) and cross-site request forgeries (CSRF), I'll demonstrate how traditional exploits are being used together and with other technologies like Ajax to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms. I'll then discuss some ideas for the future, such as evaluating trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience.
This document provides an introduction to information security. It defines information security as the protection of information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document outlines some key threats to information security like destruction, disclosure and modification of data. It also discusses the goals of information security - confidentiality, integrity, availability and authenticity - and common threats that relate to each goal. Additionally, the document covers security aspects like data security, computer security and network security and provides basic measures to enhance security in each area.
- Introduction to Web Security
- Why Is Security So Important?
- Web Security Considerations
- Web Security Approaches
- Secure Socket Layer (SSL) and Transport Layer Security (TLS)
- Secure Electronic Transaction (SET)
- Recommended Reading
- Problems
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Basic overview, testing, mitigation plan for popular web application vulnerabilities such as: XSS, CSRF, SQLi etc.
Updated "Web Security - Introduction" presentation.
This document defines key concepts related to information security. It discusses what information and information security are, as well as the multilayered nature of security. The main threats to information security are described as inadvertent acts, deliberate acts, natural disasters, technical failures, and management failure. Specific types of malware like viruses, worms, trojans, and spyware are explained. The document also differentiates between hackers and crackers and emphasizes the importance of using antivirus software to protect against threats.
Internet of Things (IoT) will enable dramatic society transformation. This seminar presents an introduction to the IoT and explains why IoT Security is important.
Then it presents security issues in wireless sensor networks that constitute a main ingredient of IoT.
Seminar given at Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) on 28 January 2015.
The document summarizes a presentation on wireless security. It discusses wireless standards like 802.11b, 802.11a, and 802.11g and security standards like WEP, WPA, and WPA2. It describes vulnerabilities in WEP like weak IVs and keys. It also explains attacks like identity theft through MAC spoofing and defenses like strong encryption, authentication, and regular key changes.
This document provides an introduction to information security. It outlines the objectives of understanding information security concepts and terms. The document discusses the history of information security beginning with early mainframe computers. It defines information security and explains the critical characteristics of information, including availability, accuracy, authenticity, confidentiality and integrity. The document also outlines approaches to implementing information security and the phases of the security systems development life cycle.
Wireless networks allow devices to connect to a wired network without cables. An access point connected to the wired network allows devices like computers and phones to connect wirelessly at broadband speeds. However, wireless networks pose security risks if not configured properly, as unencrypted wireless traffic can be intercepted and users can gain unauthorized access. It is important to set up security measures like access restrictions, encryption, and isolating wireless networks when deploying wireless networks.
This document discusses security issues with wireless networks and protocols. It describes common wireless standards like 802.11b, g, and a. It then covers security protocols that aimed to improve on WEP like WPA and WPA2, discussing their encryption methods. The document also outlines various threats to wireless security like eavesdropping, unauthorized access, and denial of service attacks. It concludes by listing some common wireless hacking tools.
Information security involves protecting information systems, hardware, and data from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The primary goals of information security, known as the CIA triad, are confidentiality, integrity and availability. Information is classified into different types like public, private, confidential and secret depending on who can access it and the potential damage of unauthorized access. Security also involves protecting physical items, individuals, operations, communications, networks and information assets.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.
This vulnerability stems from the world-wide access to computer systems via the Internet.
Computer and network security comes in many forms, including encryption algorithms, access to facilities, digital signatures, and using fingerprints and face scans as passwords.
This slide provide various details regarding Information security. The Database its Advantage, Regarding DBMS, RDBMS, IS Design conderations. Various Cyber crime Techniques. Element of Information i.e Integrity, Availability , Classification of Threats. Information Security Risk Assessment. Four Stages of Risk Management. NIST Definition. Risk Assessment Methodologies. Security Risk Assessment Approach. Risk Mitigation Options. Categories of controls. Technical Controls etc.
Ethical hacking & Information SecurityAjay Dhamija
The document provides an overview of ethical hacking and information security. It discusses computer security principles of confidentiality, integrity, and authentication as well as network and information security. The document notes that security, hacking, and information are oxymorons. It also discusses common passwords that are hacked, types of hackers including white hat and black hat hackers, and the hacker hierarchy ranging from script kiddies to elite hackers. The document aims to introduce topics around ethical hacking techniques and countermeasures.
Web security involves protecting information transmitted over the internet from attacks like viruses, worms, trojans, ransomware, and keyloggers. Users can help secure themselves by using antivirus software, avoiding phishing scams, and reporting spam. Larger attacks often involve botnets, which are networks of infected computers that can overwhelm websites and services with traffic through distributed denial of service attacks.
Preventing The Next Data Breach Through Log ManagementNovell
The document discusses how log management can be used for prevention, detection, and investigation of security incidents and data breaches. It explains that log management provides transparency by collecting logs from across an organization's IT infrastructure in a central location. This allows security teams to discover misconfigurations, unauthorized access attempts, and other anomalies that could indicate potential threats or actual security breaches. The document advocates for taking a preventative approach to security by using log data to monitor user activity and identity risks. It also promotes investing in security intelligence capabilities like security monitoring, analytics, and automated remediation.
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
The document summarizes the top 10 mobile security risks according to the OWASP Mobile Security Project. It introduces the mobile threat model and discusses each of the top 10 risks, including weak server-side controls, insecure data storage, insufficient transport layer protection, unintentional data leakage, poor authorization and authentication, broken cryptography, client-side injection, security decisions via untrusted inputs, improper session handling, and lack of binary protections. Best practices for addressing these risks are also provided.
This document summarizes the top 10 mobile security risks according to the OWASP Mobile Security Project. It introduces the mobile threat model and discusses each of the top 10 risks, including weak server-side controls, insecure data storage, insufficient transport layer protection, unintentional data leakage, poor authentication and authorization, broken cryptography, client-side injection, security decisions via untrusted inputs, improper session handling, and lack of binary protections. Best practices for addressing these risks are also provided.
The interest in SAP security has been growing exponentially, and not only among whitehats. SAP invests money and resources in security, provides guidelines, and arranges conferences, but, unfortunately, SAP users still pay little attention to SAP security
There are most important takeaways for CISOs to provide SAP Security for Enterprises. The presentation destroys the SAP Security myths, includes statistics obtained by ERPScan Research Group, and future trends in SAP Security.
Crush Common Cybersecurity Threats with Privilege Access ManagementBeyondTrust
In this presentation from his webinar, IoT Security Expert Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, discusses the common thread of many of today's cyberattacks. Key themes covered include:
- Post-mortem analysis of recent cybersecurity attacks and how you could mitigate against similar threats
- Evaluation of password breakdowns in protecting your organization
- Review of a high level threat model of privileged accounts
- How Privilege Access Management can significantly reduce your attack surface and improve your cybersecurity posture
IBM i is securable BUT not secured by default. To help protect your organization from the increasing security threats, you must take control of all access points to your IBM i server. You can limit IBM i security threats by routinely assessing your risks and taking control of logon security, powerful authorities, and system access.
With the right tools and process, you can assure comprehensive control of unauthorized access and can trace any activity, suspicious or otherwise, on your IBM i systems.
Watch this on-demand webcast to learn:
• How to secure network access and communication ports
• How to implement different authentication options and tradeoffs
• How to limit the number of privileged user accounts
• How Precisely’s Assure Security can help
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
This document discusses the ongoing challenges of securing systems and networks. It notes that while cybersecurity basics like asset discovery, vulnerability management, and hardening are important, they are also very difficult tasks given the complexity of modern IT environments. The constant evolution of threats, emerging technologies, and lack of standardized frameworks add to these challenges. However, taking a perspective focused on resilience over perfection, prioritizing the highest risks, and learning from breaches can help tackle security issues in a pragmatic way. The presentation provides strategies for discovery assets, managing vulnerabilities, and hardening systems effectively.
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
Cerdant’s Director of Engineering, Joshua Skeens, presented the best ‘bets’ to increase your security odds. Josh warned customers to stop gambling with their data, and cautioned against weak, guessable passwords stating, “Use 2-Factor Authentication everywhere!” The first step in creating the best security posture possible for your business will always be just getting started, and to keep momentum Josh suggests implementing 1 new security practice each week.
The presentation describes 5 steps you should take to secure your SAP. There are:
1. Pentesting and Audit
2. Compliance
3. Internal security and SOD
4. ABAP Source code review
5. Forensics
The document discusses advanced persistent threats and privileged identity challenges. It provides background on the speaker, including their qualifications and experience. It then covers topics like what privileged accounts are, how system administrators operate, insider threats, case studies of security breaches involving privileged accounts, and compliance and regulatory issues around privileged identity management. Solutions discussed include implementing policies, processes, and technology to better control and monitor privileged access.
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
The document discusses the shortcomings of traditional GRC (Governance, Risk management, and Compliance) approaches and proposes an alternative "Tao of GRC". It argues that traditional GRC 1.0 focuses too much on fixed processes and past threats. The Tao of GRC proposes adopting a standard threat analysis language to provide a common framework for understanding threats. It also advocates learning this language on the job to better understand regulatory and business priorities. Finally, it suggests taking a green approach by measuring risk reduction in monetary terms, focusing on root causes, and recycling controls and policies to reduce costs.
Tecnologie a supporto dei controlli di sicurezza fondamentaliJürgen Ambrosi
Implementare i controlli di sicurezza non può prescindere dallo sviluppo di una cultura sulla sicurezza ma necessita anche della adozione di opportune tecnologie a supporto dei controlli stessi. Viaggio nel sistema immunitario che rappresenta i vari controlli che se opportunamente correlati, possono sensibilmente mitigare e spesso annullare la possibilità di essere vittima di un attacco
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending Decisions
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
Decrypting the security mystery with SIEM (Part 1) Zoho Corporation
Decrypting the security mystery with SIEM - Part I
1. EventLog Analyzer, your complete security arsenal
2. Sealing securityloopholes: Getting to know vulnerable ports, devices, and more.
3. Combating attacks with EventLog Analyzer
a. Mitigating brute force attacks
b. Stopping the rise of ransomware
c. Containing SQL injection attacks
4. Proactively preventing insider attacks
a. Monitoring privileged user activities
5. Securing physical, virtual, and cloud environments
6. Adhering to stringent compliance rules with the integrated compliance management
The document outlines key points about improving cyber security maturity through effective privileged access management (PAM). It discusses how most cyber attacks involve compromised privileged credentials. A PAM maturity model is presented with 4 levels - from analog/basic up to advanced/intelligent - measuring an organization's PAM practices and risk level. The goal is for organizations to progress through the levels by implementing stronger PAM strategies like automated discovery of privileged accounts, password vaulting, multi-factor authentication, privileged session monitoring and restricting use of local administrators. This helps reduce the attack surface and risk of breaches involving privileged credentials.
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
The document provides an overview of Micro Focus' security, risk, and governance portfolio including products for data governance, application security, identity and access management, endpoint security, security operations, information archiving, and analytics. It discusses specific Micro Focus products that can help with various regulatory requirements. ArcSight is presented as a next-generation security operations platform that utilizes threat intelligence, machine learning, and crowdsourced defenses. Fortify is described as enabling application security throughout the development lifecycle. NetIQ is highlighted as providing zero-trust identity and access management solutions based on principles of least privilege, identity assurance, and leveraging context without assuming trust.
3G and 4G are generations of wireless technology that enable higher data transmission rates and capabilities compared to previous generations. 3G networks launched in 2001 and allow data speeds up to 2 Mbps, while 4G was introduced in 2008 and provides speeds up to 100 Mbps. Key differences include 4G using only packet switching versus 3G using both packet and circuit switching, as well as 4G offering significantly faster speeds, wider bandwidth, and new applications like mobile TV and video calling. While providing benefits, both 3G and 4G networks also present challenges and costs such as building infrastructure and pricing plans.
Windows NT is a family of operating systems produced by Microsoft. It was the first version of Windows to be a fully 32-bit operating system and utilize 32-bit virtual memory addressing. It employs advanced principles like virtual memory, multitasking, and structured exception handling. Windows NT supports running multiple operating system environments like Win32, 16-bit Windows, MS-DOS, POSIX, and OS/2 programs.
This document discusses why firewalls are needed and provides an overview of firewall basics. It notes that while internet connectivity is convenient, it also invites intruders, so firewalls allow for a controlled link to balance convenience and security. It then defines what a firewall is, describes common firewall techniques like packet filtering, proxy servers, and dual-homed configurations, and discusses the role of firewalls in protecting networks from external threats.
Remote desktop allows a user to access and control a personal computer's desktop environment remotely from a separate device. It involves enabling remote desktop connections through the target computer's firewall settings, finding the target computer's IP address, and using a remote desktop connection application to connect by entering the IP address and login credentials. A print server is a device that connects printers to client computers over a network, accepting print jobs and queuing them locally to send to printers, accommodating differences in work arrival and printing speeds. Google Cloud Print is a technology that allows printing over the web from any device to any printer.
This document discusses several social and ethical issues in e-commerce, including web spoofing, cyber-squatting, privacy invasion, email spamming, online piracy, web tracking, and copyright infringement. It also addresses the threats posed to e-commerce servers, such as financial loss, and social issues like security, privacy, and shipping problems. The conclusion recommends increasing security and privacy protections, enacting new laws, providing a friendly online environment, being careful about sharing personal data, and regularly updating security tools.
The document discusses the need for information security and the threats organizations face. It describes how security performs four important functions: protecting the organization's ability to function, enabling safe application operation, protecting data, and safeguarding assets. It then outlines various threats such as viruses, worms, hacking, human error, natural disasters, and more. It emphasizes that security is a management responsibility and missing or inadequate policies and controls can increase organizations' vulnerability to threats.
VoIP and video conferencing allow communication over the internet using voice and video. VOIP converts voice into digital data packets that can be transmitted over broadband. It offers lower costs than traditional phone service and mobility since calls can be made from anywhere with an internet connection. Challenges include potential call quality issues if bandwidth is insufficient. Popular VOIP services like Skype allow free video and voice calls but don't provide local phone numbers, while Oovoo supports up to 12 simultaneous callers with features like desktop sharing and file transfer. In conclusion, VOIP, Skype and Oovoo are software alternatives that enable global communication, though their specific features differ.
Public Speaking Tips to Help You Be A Strong Leader.pdfPinta Partners
In the realm of effective leadership, a multitude of skills come into play, but one stands out as both crucial and challenging: public speaking.
Public speaking transcends mere eloquence; it serves as the medium through which leaders articulate their vision, inspire action, and foster engagement. For leaders, refining public speaking skills is essential, elevating their ability to influence, persuade, and lead with resolute conviction. Here are some key tips to consider: https://joellandau.com/the-public-speaking-tips-to-help-you-be-a-stronger-leader/
Specific ServPoints should be tailored for restaurants in all food service segments. Your ServPoints should be the centerpiece of brand delivery training (guest service) and align with your brand position and marketing initiatives, especially in high-labor-cost conditions.
408-784-7371
Foodservice Consulting + Design
Originally presented at XP2024 Bolzano
While agile has entered the post-mainstream age, possibly losing its mojo along the way, the rise of remote working is dealing a more severe blow than its industrialization.
In this talk we'll have a look to the cumulative effect of the constraints of a remote working environment and of the common countermeasures.
Integrity in leadership builds trust by ensuring consistency between words an...Ram V Chary
Integrity in leadership builds trust by ensuring consistency between words and actions, making leaders reliable and credible. It also ensures ethical decision-making, which fosters a positive organizational culture and promotes long-term success. #RamVChary
Org Design is a core skill to be mastered by management for any successful org change.
Org Topologies™ in its essence is a two-dimensional space with 16 distinctive boxes - atomic organizational archetypes. That space helps you to plot your current operating model by positioning individuals, departments, and teams on the map. This will give a profound understanding of the performance of your value-creating organizational ecosystem.
Enriching engagement with ethical review processesstrikingabalance
New ethics review processes at the University of Bath. Presented at the 8th World Conference on Research Integrity by Filipa Vance, Head of Research Governance and Compliance at the University of Bath. June 2024, Athens
A presentation on mastering key management concepts across projects, products, programs, and portfolios. Whether you're an aspiring manager or looking to enhance your skills, this session will provide you with the knowledge and tools to succeed in various management roles. Learn about the distinct lifecycles, methodologies, and essential skillsets needed to thrive in today's dynamic business environment.
12 steps to transform your organization into the agile org you deservePierre E. NEIS
During an organizational transformation, the shift is from the previous state to an improved one. In the realm of agility, I emphasize the significance of identifying polarities. This approach helps establish a clear understanding of your objectives. I have outlined 12 incremental actions to delineate your organizational strategy.
Ganpati Kumar Choudhary Indian Ethos PPT.pptx, The Dilemma of Green Energy Corporation
Green Energy Corporation, a leading renewable energy company, faces a dilemma: balancing profitability and sustainability. Pressure to scale rapidly has led to ethical concerns, as the company's commitment to sustainable practices is tested by the need to satisfy shareholders and maintain a competitive edge.
3. Chapter # : 05 - CISAChapter # : 05 - CISA 33
• Logical Access Control Software :Logical Access Control Software :
To prevent unauthorized access and modificationTo prevent unauthorized access and modification
to sensitive data and critical functions. It shouldto sensitive data and critical functions. It should
be applied to networks, operating systems,be applied to networks, operating systems,
databases and application systemsdatabases and application systems
• General OS Access Control Functions:General OS Access Control Functions:
• Apply user ID and authenticationApply user ID and authentication
• Logon on specific terminalLogon on specific terminal
• Multi-level accessMulti-level access
• Individual accountability and auditabilityIndividual accountability and auditability
• Create or change user profilesCreate or change user profiles
• Log EventsLog Events
• Log User ActivitiesLog User Activities
• Report capabilitiesReport capabilities
LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES ::
4. Chapter # : 05 - CISAChapter # : 05 - CISA 44
• Identification and Authentications :Identification and Authentications :
Based on, somethingBased on, something You KnowYou Know, something, something
You haveYou have and somethingand something You AreYou Are
– Logon-IDs and PasswordsLogon-IDs and Passwords
Something you knowSomething you know
– Token Devices, One Time Access ControlToken Devices, One Time Access Control
Something you haveSomething you have
– Biometrics Security Access Control (through FingerBiometrics Security Access Control (through Finger
Prints, Eye Retina)Prints, Eye Retina)
Something you areSomething you are
LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES ::
5. Chapter # : 05 - CISAChapter # : 05 - CISA 55
• Features of Passwords :Features of Passwords :
• It should be easy to remember for user butIt should be easy to remember for user but
• Difficult for perpetrator to guessDifficult for perpetrator to guess
• Initial Password should be changed on first time log-onInitial Password should be changed on first time log-on
• In result of entering wrong password ID should be heldIn result of entering wrong password ID should be held
• Re-activation of ID should be on writtenRe-activation of ID should be on written
request/approval by security administrator.request/approval by security administrator.
• Password encryption and should be shadowedPassword encryption and should be shadowed
• Changed periodicallyChanged periodically
• Must be unique to each user ID.Must be unique to each user ID.
• Unused IDs should be deactivated and logged offUnused IDs should be deactivated and logged off
• Ideally length of Password is 5 to 8 charactersIdeally length of Password is 5 to 8 characters
• Usage of Alphabets, Numeric, Lower case and specialUsage of Alphabets, Numeric, Lower case and special
LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES : I&A: I&A
7. Chapter # : 05 - CISAChapter # : 05 - CISA 77
• Single Sign-on (SSO)Single Sign-on (SSO)
• Advantages :Advantages :
• No need to remember multiple PWDsNo need to remember multiple PWDs
• Improves administrators ability to manage user profilesImproves administrators ability to manage user profiles
• Reduces Administrative overheadsReduces Administrative overheads
• Reduces the time taken by userReduces the time taken by user
• Disadvantages :Disadvantages :
• Support for all major OS is difficultSupport for all major OS is difficult
• Significant cost associated with SSO developmentSignificant cost associated with SSO development
• Single point of failure and total compromise of anSingle point of failure and total compromise of an
organization’s IS assetsorganization’s IS assets
LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES : I&A: I&A
8. Chapter # : 05 - CISAChapter # : 05 - CISA 88
• ControlsControls
• Technical Qualified Operators,Technical Qualified Operators,
• Job rotation (wherever possible)Job rotation (wherever possible)
• Restricted operation of operators over operatorRestricted operation of operators over operator
activity logs etc.activity logs etc.
• Audit trail of all operator activities and itsAudit trail of all operator activities and its
periodical review by operations management.periodical review by operations management.
• Availability of documented Network operationsAvailability of documented Network operations
standards and protocols to operators andstandards and protocols to operators and
periodical review to ensure compliance.periodical review to ensure compliance.
• Analysis for workload balance, fast responseAnalysis for workload balance, fast response
time and system efficiencytime and system efficiency
• Encryption should be used wherever requiredEncryption should be used wherever required
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
9. Chapter # : 05 - CISAChapter # : 05 - CISA 99
• LAN SecurityLAN Security
– Threats :Threats : Loss of Data & Programs, less versionLoss of Data & Programs, less version
control, Exposure to external Activities, viruses,control, Exposure to external Activities, viruses,
Improper disclosure of data, Violating SoftwareImproper disclosure of data, Violating Software
License, Illegal access by impersonating orLicense, Illegal access by impersonating or
masquerading, Internal user's Spoofingmasquerading, Internal user's Spoofing
– Remedies :Remedies : Declaring ownership of programs,Declaring ownership of programs,
files and storage, Limiting access to read only,files and storage, Limiting access to read only,
Record and File locking, enforcingRecord and File locking, enforcing
ID/Passwords procedures.ID/Passwords procedures.
– Dial Up ControlDial Up Control : Encrypted Passwords, Dial-: Encrypted Passwords, Dial-
back modems for verificationback modems for verification
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
10. Chapter # : 05 - CISAChapter # : 05 - CISA 1010
• Client Server Security :Client Server Security :
– Disabling the floppy drivesDisabling the floppy drives
– Network Monitoring devices to inspect activitiesNetwork Monitoring devices to inspect activities
– Data EncryptionData Encryption
– Application level Access control programsApplication level Access control programs
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
11. Chapter # : 05 - CISAChapter # : 05 - CISA 1111
• Internet Threats :Internet Threats :
– DisclosureDisclosure
– Masquerade or Spoofing (Disguise IP address etc)Masquerade or Spoofing (Disguise IP address etc)
– Unauthorized accessUnauthorized access
– Loss of IntegrityLoss of Integrity
– Denial of service (Sys Flooding of messages / requests and keepDenial of service (Sys Flooding of messages / requests and keep
machines busy)machines busy)
– Theft of service and resourcesTheft of service and resources
• Internet Security Controls:Internet Security Controls:
– Risk assessment of web based application.Risk assessment of web based application.
– Security awarenessSecurity awareness
– Firewall standardsFirewall standards
– Intrusion Detection standards securityIntrusion Detection standards security
– Remote Access for coordinating and controlling centrallyRemote Access for coordinating and controlling centrally
– Encryption techniquesEncryption techniques
– Monitoring usage of unauthorized usage and notification to them.Monitoring usage of unauthorized usage and notification to them.
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
12. Chapter # : 05 - CISAChapter # : 05 - CISA 1212
• Firewall Security SystemsFirewall Security Systems ::
• General FeaturesGeneral Features
• Firewall TypesFirewall Types
Router Packet FilteringRouter Packet Filtering
Application firewallApplication firewall
Stateful inspectionStateful inspection
• Firewall IssuesFirewall Issues
• Creates false sense of securityCreates false sense of security
• Other entry points, connections direct though ModemsOther entry points, connections direct though Modems
• Mis-configurationMis-configuration
• Firewall without screening router is uselessFirewall without screening router is useless
• Irregular monitoring of activitiesIrregular monitoring of activities
• Irregular maintenance of Firewall policiesIrregular maintenance of Firewall policies
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
13. Chapter # : 05 - CISAChapter # : 05 - CISA 1313
• Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS) ::
• Components of IDSComponents of IDS
Sensor, Analyzer, An administrator ConsoleSensor, Analyzer, An administrator Console
A user interfaceA user interface
• FeaturesFeatures
Intrusion DetectionIntrusion Detection
Gathering EvidenceGathering Evidence
Automated responseAutomated response
Security PolicySecurity Policy
Interface with system toolsInterface with system tools
Security Policy managementSecurity Policy management
• LimitationsLimitations
Weaknesses in the policy definitionWeaknesses in the policy definition
Application level vulnerabilitiesApplication level vulnerabilities
Backdoors into applicationBackdoors into application
Weakness in identification and authentication schemesWeakness in identification and authentication schemes
• Honeypots and HoneynetsHoneypots and Honeynets
Software application pretend to be unfortunately hackedSoftware application pretend to be unfortunately hacked
Network of honeypots making a false network for hackers to hack andNetwork of honeypots making a false network for hackers to hack and
caughtcaught
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
14. Chapter # : 05 - CISAChapter # : 05 - CISA 1414
• EncryptionEncryption::
• Is a process of converting a plaintext into a secureIs a process of converting a plaintext into a secure
coded form of text (Cipher General Features)coded form of text (Cipher General Features)
• Key Elements of Encryption SystemsKey Elements of Encryption Systems
Encryption AlgorithmEncryption Algorithm
Encryption KeysEncryption Keys
Key LengthKey Length
• Private Key Cryptographic systemPrivate Key Cryptographic system
• Public Key Cryptographic SystemPublic Key Cryptographic System
• Digital SignaturesDigital Signatures
• Digital EnvalopDigital Envalop
• Is used to send encrypted information and relevantIs used to send encrypted information and relevant
keys along with it.keys along with it.
NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
15. Chapter # : 05 - CISAChapter # : 05 - CISA 1515
Review network DiagramReview network Diagram
Identify Network DesignIdentify Network Design
Dissemination of policies and standardsDissemination of policies and standards
Experience/knowledge of security operators for internetExperience/knowledge of security operators for internet
legislative issues are considered against usage of internetlegislative issues are considered against usage of internet
based applicationbased application
Review of service level contract in case of outsourcing.Review of service level contract in case of outsourcing.
Hardware and software are well upgraded to counter newHardware and software are well upgraded to counter new
vulnerabilitiesvulnerabilities
– Auditing Remote AccessAuditing Remote Access
– Auditing internet “point of presence”Auditing internet “point of presence”
– Network penetration testsNetwork penetration tests
– Full network assessment reviewsFull network assessment reviews
– LAN network assessmentLAN network assessment
– Development and Authorization of network changeDevelopment and Authorization of network change
– Unauthorized changesUnauthorized changes
– Computer forensicsComputer forensics
AUDITING NETWORK INFRASTRUCTURE SECURITYAUDITING NETWORK INFRASTRUCTURE SECURITY ::
16. Chapter # : 05 - CISAChapter # : 05 - CISA 1616
• Environmental Issues and ExposuresEnvironmental Issues and Exposures ::
– Fire, Natural Disasters,Fire, Natural Disasters,
– Power FailurePower Failure
Total FailureTotal Failure
Severely reduced voltageSeverely reduced voltage
Sages, spikes and surgesSages, spikes and surges
Electromagnetic interferenceElectromagnetic interference
– Power SpikePower Spike
– Air conditioning FailureAir conditioning Failure
– Electric ShockElectric Shock
– Equipment FailureEquipment Failure
– Water Damage / FloodingWater Damage / Flooding
– Bomb Threat/attackBomb Threat/attack
ENVIRONMENTAL EXPOSURES AND CONTORLS:ENVIRONMENTAL EXPOSURES AND CONTORLS:
17. Chapter # : 05 - CISAChapter # : 05 - CISA 1717
ENVIRONMENTAL EXPOSURES AND CONTORLS:ENVIRONMENTAL EXPOSURES AND CONTORLS:
Controls for Environmental exposuresControls for Environmental exposures ::
– Alarm Control PanelAlarm Control Panel
– Water DetectorsWater Detectors
– Handheld Fire ExtinguishersHandheld Fire Extinguishers
– Manual Fire alarmsManual Fire alarms
– Smoke detectorsSmoke detectors
– Fire Suppression SystemFire Suppression System
Water-based, Halon system, FM-200, COWater-based, Halon system, FM-200, CO22 systemsystem
– Logically Locating the Computer RoomLogically Locating the Computer Room
– Regular Inspection by Fire DepartmentRegular Inspection by Fire Department
– Fire Proof Walls Floors and Ceilings surrounding the computer roomFire Proof Walls Floors and Ceilings surrounding the computer room
– Electrical surge ProtectorElectrical surge Protector
– UPS / GeneratorsUPS / Generators
– Emergency Power Off SwitchEmergency Power Off Switch
– Power leads from two substationsPower leads from two substations
– Wiring in electrical panels and conduitWiring in electrical panels and conduit
– Prohibiting against eating, drinking and smoking within theProhibiting against eating, drinking and smoking within the
information processing facilityinformation processing facility
– Fire resistant office materialFire resistant office material
– Documented and tested emergency Evacuation Plans.Documented and tested emergency Evacuation Plans.