Crypto Attacks

BHS
Birthday Attacks – statistical reality that out of 23 people the odds that 2 or more people have the same birthday is 50%. The goal is to find 2 messages that produce the same message digest to crack the cryptography Brute Force – tries every combination Man in the Middle…
Continue Reading

Auditing a Workstation

BHS
Things to log and audit on an end-user workstation: Logins/Logouts Using privileged commands Starting apps/sessions Successful Export to removable media Unauthorized access attempts (security logs in event viewer) Attempts to access secure objects Changes to rights and permissions System startup and shutdown
Continue Reading

Performing a Security Review

BHS
Should be done 1X per year but preferably 1x per quarter Planning – Need written security policy, a team and a budget to drive this. What will be audited and are there already logs? Choosing the Tools – Sniffers, Vulnerability Scanners, Secure Operating System, PM Software, Network Mappers, Port Scanners…
Continue Reading

Auditing a Database Server

BHS
Things to log and audit on Application and DB Servers: Creation modification and deletion Enabling or disabling of auditing Changes in rights and roles on the system DB Startup, shutdown, backup, archiving Collection of performance stats
Continue Reading

Auditing a FW

BHS
Things to log and Audit regularly: All Internal Network Traffic allowed outbound All External Network Traffic allowed inbound Inbound Email traffic Outbound Web and FTP Traffic Inbound VPN Tunnels and other Remote Access Sessions All inbound traffic that is blocked PAT and NAT if implemented
Continue Reading

Access Control Methods

BHS
MAC – Mandatory Access Control Used in envornments requiring high levels of security (Government, Military) Need to Know Each access control subject (users & programs) are assigned clearance labels and access control system objects are assigned sensitivity labels. No read up – No write down applied to each subjects sensitivity…
Continue Reading

Monitoring Security

BHS
Types of Monitoring Real Time – Someone sitting and watching live Active – Syslog type monitoring/alerting (additional layer of traffic) Passive – SNMP and HW devices with software that watched traffic like packet sniffers or probes. Components to Monitor: Network Security Keystroke *Intrusion Detection Systems are major security monitoring mechanisms.
Continue Reading

Reasons to Perform Security Auditing

BHS
Find out who, what, when, where of transactions Identify potential breaches and/or incidents To fulfill goals and assessment of security policy To reconstruct events and activities For forensic proof of actions To facilitate a security review To generate reports Things To Audit External Boundary/DMZ – (Internet Routers and Firewall) Internal…
Continue Reading

Security Operation Modes

BHS
Modes for authorizing processing and/or tranport Dedicated Mode – each user of service that has indirect or direct access to system including periphals has valid sec clearance/ formal approval and need to know for all aspects of the system. Very high level of access. Exclusive use by one particular type…
Continue Reading

Systems Security Architecture

BHS
RAM – Random Access Memory ROM – Read Only Memory PROM – Programmable ROM ( Non volatile) EPROM – Erasable PROM (erased via ultra-violet light) EEPROM – Electrically Erasable PROM (erased by electrical charge instead of light) PLD – Programmable Logic Device (Electronic device used to build digital circuits. Combination…
Continue Reading