Crypto Attacks

Birthday Attacks – statistical reality that out of 23 people the odds that 2 or more people have the same birthday is 50%. The goal is to find 2 messages that produce the same message digest to crack the cryptography Brute Force – tries every combination Man in the Middle…

Auditing a Workstation

Things to log and audit on an end-user workstation: Logins/Logouts Using privileged commands Starting apps/sessions Successful Export to removable media Unauthorized access attempts (security logs in event viewer) Attempts to access secure objects Changes to rights and permissions System startup and shutdown

Performing a Security Review

Should be done 1X per year but preferably 1x per quarter Planning – Need written security policy, a team and a budget to drive this. What will be audited and are there already logs? Choosing the Tools – Sniffers, Vulnerability Scanners, Secure Operating System, PM Software, Network Mappers, Port Scanners…

Auditing a Database Server

Things to log and audit on Application and DB Servers: Creation modification and deletion Enabling or disabling of auditing Changes in rights and roles on the system DB Startup, shutdown, backup, archiving Collection of performance stats

Auditing a FW

Things to log and Audit regularly: All Internal Network Traffic allowed outbound All External Network Traffic allowed inbound Inbound Email traffic Outbound Web and FTP Traffic Inbound VPN Tunnels and other Remote Access Sessions All inbound traffic that is blocked PAT and NAT if implemented

Access Control Methods

MAC – Mandatory Access Control Used in envornments requiring high levels of security (Government, Military) Need to Know Each access control subject (users & programs) are assigned clearance labels and access control system objects are assigned sensitivity labels. No read up – No write down applied to each subjects sensitivity…

Monitoring Security

Types of Monitoring Real Time – Someone sitting and watching live Active – Syslog type monitoring/alerting (additional layer of traffic) Passive – SNMP and HW devices with software that watched traffic like packet sniffers or probes. Components to Monitor: Network Security Keystroke *Intrusion Detection Systems are major security monitoring mechanisms.

Reasons to Perform Security Auditing

Find out who, what, when, where of transactions Identify potential breaches and/or incidents To fulfill goals and assessment of security policy To reconstruct events and activities For forensic proof of actions To facilitate a security review To generate reports Things To Audit External Boundary/DMZ – (Internet Routers and Firewall) Internal…

Security Operation Modes

Modes for authorizing processing and/or tranport Dedicated Mode – each user of service that has indirect or direct access to system including periphals has valid sec clearance/ formal approval and need to know for all aspects of the system. Very high level of access. Exclusive use by one particular type…

Systems Security Architecture

RAM – Random Access Memory ROM – Read Only Memory PROM – Programmable ROM ( Non volatile) EPROM – Erasable PROM (erased via ultra-violet light) EEPROM – Electrically Erasable PROM (erased by electrical charge instead of light) PLD – Programmable Logic Device (Electronic device used to build digital circuits. Combination…