Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Welcome to Session Title

VIEWS: 8 PAGES: 49

									                                                                                              Edmodo code:
                                                                                                   1181799

                                                                                  http://es-es.net/3.html


   Got a Network / Security Check List?
  I Do (You can too! Lots of Resources and Best Practices )
MS Information Assurance, CISSP, CWNA, CEH, MCSE, Security+, I-Net+, Network+, Server+, CNA, A+
erstaats@es-es.net http://es-es.net
I AM NOT A LAWYER!

 For legal advice contact legal
 counsel on your campus or
 your General Counsel’s Office.
 The information presented
 here is accurate to the best of
 my knowledge!
Cloud Vendor Security

  • On-premises Security Systems /Controls?
     – Outside Testing of Security systems
     – Backup verification / test in production
  • Authentication and Authorization
     –   Password strength (Length matters more than complexity)
     –   IP range blacklists/whitelists (IP Spoofing)
     –   Login hours /Timeouts
     –   Account Lockouts
     –   Access Control
           • By Vendor
           • By you
  • Encrypt ALL Communications between remote and corporate
    infrastructures

         http://www.csoonline.com/article/print/658279
         http://www.redbooks.ibm.com/redpapers/pdfs/redp4614.pdf
Cloud Vendor Security 2
   • Encryption Internal/External
       –   HTTPS
       –   SSL/TLS for ODBC
       –   SSN and Passwords PII stored in a hashed format


   • Data Leak/Loss Prevention (DLP) @ your site
   • Information Leak/Loss Prevention (ILP)– @ Cloud vendors site
   • Both (DLP/ILP) Should be a part of your SLA with specific controls in place

   • Audit trails who did what when
   • Denial-of-service (DOS) protection
   • Never send unencrypted PII or confidential information by e-
     mail
   • Render PII Information unreadable whenever stored
            http://www.csoonline.com/article/print/658279
            http://www.redbooks.ibm.com/redpapers/pdfs/redp4614.pdf
Cloud Vendor Password

 • Should block known bad
   passwords
    –   http://techcrunch.com/2009/12/27/twitter-
        banned-passwords/
    –    http://www.businessinsider.com/twitte
        rs-list-of-370-banned-passwords-2009-
        12
 • Top ten bad passwords and
   abc123 & 123456 is in the top
   ten!
    –   http://www.youtube.com/watch?v=_7RP6UiNSWA

 • Passwords should be at least
   10 Characters long




             http://blogs.wsj.com/digits/2010/12/13/the-top-50-gawker-media-passwords/
Best Practices with SSN’s


  • Assign Another Primary Identifier
  • Comply with State Regulations
      – (More Info es-es.net & edmodo)
  • Inform Students
  • Remove Social Security Numbers
  • Updating the Computer System
  • Hash / Encrypt SSNs
  • Make sure all transmission of SSN’s is Secure (Use SSL or
    other form of encryption)
  • Some states classify academic records as Private and the PII
    laws protect that information


              http://www.ssa.gov/kc/id_practices_best.htm
10 Common Security Flaws

 1.  Set it and forget it
 2.  Opening more firewall ports than necessary
 3.  Pulling double duty
 4.  Ignoring networks workstations
 5.  Failing to use SSL encryption where it counts
 6.  Using self-signed certificates
 7.  Excessive security logging
 8.  Randomly grouping virtual servers (Don’t put FW and
     Production on same physical hosts)
 9. Placing member servers in the DMZ
 10. Depending on users to install updates
Where we are Today
Network Security Shift

     • SaaS: Security as-a Service instead
       of appliances or Layer 7 Filtering
     • The changing face of NAC’s, URL
       filtering, gateway appliances,
Daily Security Checklist

  • Verify the current connections
  • Look at network traffic statistics
  • Look at your antivirus logs
  • Read the security logs on your domain
    servers
  • Check for new security patches
  • Meet and brief
  • Check more logs – Backup FW(outgoing)
      – I would set them to automatically go to your
        phone (Think Spiceworks free Helpdesk
        software)
  • Turn knowledge into action
Security Breach Now What

 • Carefully plan a layered defense (Before)
 • Consider hiring a computer forensic specialists
 • Assess the damages done and remove services
 • Alert your legal department (what legal requirements)
 • Document what you do
 • Begin locking down your system
 • Get bank involved if Credit Card info compromised
 • Contact any families, employers, and suppliers affected by
   the breach
 • Have a set of recovery plans in case a breach occurs again


             Keeping Data Thieves Out: Best practices in Data Security &
                 http://www.itworld.com/print/134572
Staff Security Forms

 • 10 Things You Should Know about FERPA
 • Confidentiality: What Is Our Responsibility Power
   Point
     – GCA Privacy Training for Staff and Student workers quiz
 •   Confidentiality Pledge for Contractors
 •   Cyber Bullying Policy
 •   Fax Cover Sheet for Medical info
 •   Colorado Department of Education FERPA Checklist
 •   Cloud Security Guidance by IBM
 •   VCloud Security for VMware
Internal Audit Checklists

  • Internal Audit Review update ( A high level overview designed
    to help administration understand what should be done)
  • Self Audit General Controls Rev Jan 2011 (The backup for
    documentation for the Internal Audit Review)
  • MS Security Compliance Management Toolkit
  • HRP-330 - WORKSHEET - FERPA Compliance
     – http://www.huronconsultinggroup.com/SOP
  • HRP-331 - WORKSHEET - HIPAA Authorization
     – http://www.huronconsultinggroup.com/SOP
  • Auditor’s Data Systems Checklist
Computer Help Desk Lists


 •   10 Things HP (Best Printer Trouble shooting Checklist)
 •   Computer and MAINT SECUIRTY CHECKLISTS
 •   Computer Account Access Form (Tech Republic)
 •   Server Deployment Migration Checklist (Tech
     Republic)
 •   Tune-Up Checklist (Tech Republic)
 •   Malware Removal Checklist (Tech Republic)
 •   NATO Codes
 •   Laptop Checkout Form
 •   Imaging Check Sheet
Server Maint. Daily


    Daily Checklist
    • Check the following things each day:
    • Server health status of all the servers
    • Backup results - normal
    • E-mail queue and throughput -
    • Virus scan results
    • Time synchronization on the servers (Very Important on
      VMs)
Server Maint. Weekly


   Weekly maintenance checklist we include the following
     routines:
      – check event logs;
      – check server performance;
      – check security logs for possible attacks;
      – check antivirus alerts;
      – install software updates;
      – install system/kernel updates (reboot scheduled with
          Customer).
      – Backup up “Important” data over SSL encrypted session
        stored on a remote location server
      – Security issues - for example, use the weekly reports from
        secunia
Server Maint. Monthly


   • Monthly maintenance checklist we include the following
     routines:
      –   check hdd fragmentation and health;
      –   check RAID health;
      –   verify RPM database integrity;
      –   perform full security audit
      –   Full Backup of ALL VM’s and take them offsite
      –   Delete all old VM Snapshots
Switches/Routers Weekly


   • Weekly maintenance checklist we include the following
     routines:
   • check event logs;
   • check device performance;
   • check security logs for possible attacks;
   • check links throughput;
   • interface errors (collisions, input errors, etc.);
   • install security updates;
   • install system/kernel updates (reboot scheduled with the
     customer).
Switches/Routers Monthly


   • Monthly maintenance checklist we include the
     following routines:
      – perform configuration backup;
      – perform configuration consistency audit;
      – perform full security audit.
Network Checklists


 • Checklist Deploying a Windows Server 2008
   Forest Root Domain
 • Employee Separation Checklist (Tech Republic)
 • Network Documentation Checklist a good
   baseline or starting point (Tech Republic)
 • Maintenance Checklist ( A more comprehensive
   checklist)
 • Secure Mac OS X and beyond Server and workstation
 • Apple iOS hardening Checklist
Network Checklists II


 • Network Maint Checklist ( a brief checklist by a
   typical vendor)
 • New User Form Checklist (Tech Republic ?)
 • Windows Security Survival Guide 2008 (Tons of
   links and resources from Microsoft)
 • Server Change Control Form
 • Cloud Security Guidance by IBM
Know Your System

   • What is the hardware?
   • What software is installed?
       – What versions?
       –   What is the licensing?
   • What services are running and why? * Each service
     takes up system resources.
       – What services are exposed to the Internet and why?
   •   Document systems, as well as any maintenance tasks.
   •   What antivirus is installed, is it up to date
   •   Perform updates of software
   •   Apply patches to servers
   •   Check system resources (CPU, Memory)
Know Your System II

  •   What firewalls?
      – What version of firmware?
      –   How are they configured?
      –   What are they allowing into the network and why?
  • What switches?
  • What Printers
      – What Firmware
      – Web interface disabled
  • SNMP? V3
  • Kill all Telnet options (Phones can sniff and connect to Telnet)
  •   Understand and Document Physical to Virtual – Understand both
Trouble Shooting VPNs

 •   Find out who is affected
 •   Determine whether users can establish a VPN connection
 •   Look for policies that may be preventing connectivity
 •   Don’t rule out the client
 •   Check to see if the user can log in locally
 •   Check to see if the users are behind NAT firewalls
 •   Check for Network Access Protection
 •   Try accessing various resources on the network
 •   Try accessing resources by IP name rather than server name
 •   Is the connection not working, or just painfully slow?
Fix These Security Leaks
                     TODAY!
 •   Unauthorized smart phones on your WIFI network
 •   Open ports on a network printers
 •   Custom web applications with bad code
 •   Social network spoofing
 •   Employees downloading illegal movies and music
 •   SMS spoofs and malware infections
 •   Disable Telnet SNMP v1




                 http://www.computerworld.com/s/article/353317/Six_Leaks_to_Plug_Righ
                 t_Now?source=CTWNLE_nlt_thisweek_2011-01-24
Top Web Hacks of 2010


 • The ASP. Net cookie has been changed, leaving a
   vulnerability
 • Evercookie - can enable a Java script to hide 8 different
   cookies in your browser
 • Hacking Auto complete - A script that forces auto complete to
   hand over personal information stored on your computer
 • Attacking HTTPS with Cache Injection
 • Bypassing CSRF protections with Click Jacking and HTTP
   Parameter Pollution
 • Universal XSS in IE8



              http://www.itworld.com/print/134554
Web Hacks cont.


 • HTTP POST DoS -- HTTP POST
 • JavaSnoop - A Java agent that communicates with the Java
   Snoop tool to test applications for security weaknesses
 • CSS History Hack in Firefox without JavaScript for Intranet
   Port Scanning
 • Java Applet DNS Rebinding




              http://www.itworld.com/print/134554
Help Desk Systems

1.    Know your budget
2.    Prioritize the features you need
3.    Check email compatibility
4.    Think Database
5.    Don’t forget security
6.    Personalize your email templates
7.    Consider the need for a Web interface
8.    Evaluate ticket management features
9.    Be sure you’re branded
10.   Make it easy
11.   Spiceworks (FREE) Network Inventory, Help Desk, Mapping,
          Reporting, Monitoring and Troubleshooting and more
                           http://www.spiceworks.com/product/
Top 12 VMware Tweaks

     • Use Veeam FastSCP
     • Use Unsupported console for SSH/SCP access
     • Use VMware Tools
     • Defrag Your Virtual Disks
     • Disable Windows Visual Effects
     • Run VMware in Full Screen Mode (Ctrl-Alt-Enter)
     • Disable the CDROM in VMware
     • Separate Out Virtual Swap Files Onto Separate
       Virtual Disks
     • Split Virtual Disks Among Multiple Hard Disks (Count
         Spindles) Unless SSD Delete up old snapshots
     • Upgrade Your Hard Disk
     • Upgrade Your CPU
     • Upgrade Your RAM
Debunk Internet Hoaxes

   1.    Snopes -- http://www.snopes.com/
   2.    About Urban Legends -- http://urbanlegends.about.com/
   3.    Break The Chain -- http://www.breakthechain.org/
   4.    Truth Or Fiction -- http://truthorfiction.com/
   5.    Sophos -- http://www.sophos.com/security/hoaxes/
   6.    Hoax-Slayer -- http://www.hoax-slayer.com/
   7.    Vmyths -- http://vmyths.com/
   8.    Symantec -- http://us.norton.com/security_response/index.jsp
   9.    Hoax Busters -- http://www.hoaxbusters.org/
   10.   Virus Busters -- http://virusbusters.itcs.umich.edu/
Using remote access to hack


 • BackTrack4 -
    – Owning Vista with Backtrack http://www.offensive-
      security.com/backtrack-tutorials.php
    – How to put BT4 on a USB
    – http://www.offensive-security.com/backtrack-tutorials.php
 • Mobile devices
    – Iphone I-Touch http://www.leebaird.com/Me/iPhone.html
    – Droid PS2 others
 • Metasploit
Troubleshooting Slow PC’s

    1.    Processor overheating
    2.    Bad RAM
    3.    Hard disk issues
    4.    Disk type and interface
    5.    BIOS settings
    6.    Windows services
    7.    Runaway processes
    8.    Disk fragmentation
    9.    Background applications
    10.   File system issues and display options
Avoid Viruses & Spyware

 1.    Train Your Users STAFF & Students
 2.    Install quality antivirus (not always $$)
 3.    Install real-time anti-spyware protection
 4.    Keep anti-malware applications current
 5.    Perform daily scans
 6.    Disable auto run
 7.    Disable image previews in Outlook
 8.    Don’t click on email links or attachments
 9.    Surf smart
 10.   Use a hardware-based Firewall and Software on local system
 11.   Deploy DNS protection
Windows 7 Shortcuts

  1.   WinKey + Home
       •   Minimizes all but the current   6.   WinKey + Alt + 1 to 0
           window                               •   Accesses the Jump List of
  2.   WinKey + Space                               programs on the taskbar that
                                                    correspond to the number
       •   Preview Desktop (makes all
           open windows transparent)       7.   WinKey + T
  3.   WinKey + Up or Down Arrow                •   Cycles through the items on
                                                    the Taskbar
       •   Maximizes or
           minimizes/restores the          8.   WinKey + 1 to 0
           current window                       •   Launches or accesses a
  4.   WinKey + Left or Right Arrow                 program on the Taskbar
       •   Tiles the window on the left    9.   WinKey + Shift + 1 to 0
           or right of the screen               •   Launches new instance of a
                                                    program on the taskbar
  5.   WinKey + P
                                           10. WinKey + Ctrl + 1 to 0
       •   Chooses a Network Projector
                                                •   Accesses the last active instance
           presentation display mode                of a program pinned on the
                                                    Taskbar
Help PC’s Run Better


 • Auto runs shows every program that runs at system boot
    – http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
 • Ccleaner - registry cleaner (use portable version)
    – http://www.piriform.com/ccleaner/builds
 • Recuva (save your behind or someone else's)
    – http://www.piriform.com/recuva/builds
 • PC Decrapifier   (Lists all third party software makes a restore point)
    – http://www.pcdecrapifier.com/features
 • WinPatrol   (Large database of apps lists)
    – http://www.winpatrol.com/download.html
Useful utilities

  • Auslogics Registry Cleaner -
    http://www.auslogics.com/en/software/registry-
    cleaner/download/

  • PuTTY: Telnet and SSH for Windows and
  • FileZilla: Open source FTP client and server.
  • VMware: Virtualization technology products.
      – Veamm Fast SCP


  •   Paint.NET: Image and photo editing software.
  •   ColorPic: "Superb" pop-up color picker control
  •   FireBug: Web debugging
  •   KeePass: Password manager
Easy Website Testing


  • Netsparker delivers detection, confirmation and
    exploitation of vulnerabilities
  • Exploitation of SQL Injection Vulnerabilities
  • Getting a reverse shell from SQL Injection vulnerabilities
  • Exploitation of LFI (Local File Inclusion) Vulnerabilities
  • Downloading the source code of all the crawled pages via
    LFI (Local File Inclusion)
  • Downloading known OS files via LFI (Local File Inclusion)
Live CDs and VMs


• Backtrack (Security OS of Choice)
  http://www.remote-
  exploit.org/backtrack_download.html

• Samurai WTF (web pen-testing )
  http://samurai.inguardians.com/

• DEFT Linux (Computer Forensics)
  http://www.deftlinux.net/
Staying up to date on trends
and exploits

    • Milw0rm
      http://www.milw0rm.com/
    • SANS Internet Storm Center
      http://isc.sans.org/
    • PacketStorm
      http://www.packetstormsecurity.org/
    • BugTraq
      http://www.securityfocus.com/archive/1
    • RootSecure
      http://www.rootsecure.net/
Security Checklists,
Certifications and Requirements



  • National Security Checklists
  • Sarbanes Oxley (SOX) compliance (see 103, 302, 404)
  • PCI Security Standards Council
  • Common Criteria for Information Technology Security Evaluation
  • Common Methodology for Information Technology Security
    Evaluation
  • Cardholder Information Security Program
Operating System Hardening


    •   Red Hat Linux Security Guide
    •   Debian Linux Security
    •   Securing SuSe Linux
    •   Gentoo Linux security handbook
    •   SANS Linux Security Checklist
    •   Windows Server 2003 Security Guide
Known vulnerabilities ongoing
updates


 • http://www.cert.org/
 • http://www.securityfocus.com/bid
 • http://www.sans.org/newsletters/newsbites/
Password Security


   • Don’t tell anyone your password.
   • Don’t write your password down
     anywhere.
   • Make sure your password cannot be
     easily guessed.
   • If you think there is even a slight chance
     someone knows your password, change
     it.
   • Don’t let someone see what you are
     entering as your password.
Passwords: Length Matters


•    The secret: If you password is long enough, it doesn’t need to be
     complex. Long passwords defeat common password crackers

•    How long should your passwords be?
      – Passwords should be a minimum of 10- 15 characters to be considered
        non-trivial.

•    A password of 15 characters or longer is considered secure for most
     general-purpose business applications. i.e. a “pass phrase”

• Disable the storage of weak cached LM password hashes in
  Windows, they are simple to break

    Fun example: Denver1broncosrulethenhl
Don’t Use a Weak One:

  • With fewer than eight characters.
  • That could be found in a dictionary.
  • That uses public information about you or
    your family or friends (Soc Sec #; birth
    date; credit card number; telephone
    number, etc.).
  • That you have used before.
  • That is a variation of your user ID.
  • That is something significant about you.
Use a Strong Password:

 • That is at least 12 characters long.
 • That contains uppercase and lowercase letters.
 • That contains at least one number or special
   character.
 • That is not a dictionary word in any language,
   slang, or jargon.
 • That cannot be easily guessed and is easy to
   remember.
 Remember to change your password every 180 days.
Weak Passwords (examples):

 •   abc123 dog diego querty hart heat heart mary
 •   1dennis2 hartelephone lintelco hartwell
 •   eednyw ydnew kayak palindrome
 •   september superman mickeymouse r2d2
 •   aaaabbbccd 12345678 a1b2c3d4 zxcvbnm
 •   bonvoyage mercibeaucoup volkswagen
 •   mircrosoft colorprinter
     nowisthetimeforallgoodmen
          http://www.businessinsider.com/twitters-list-of-370-
          banned-passwords-2009-12
Mnemonics Made Easy


  • Take a phrase that is easy for you to remember
    and convert it into characters.
  • It could be the first line of a poem or a song
    lyric.
  • “Water, water everywhere and not a drop to
    drink” (Rhyme of the Ancient Mariner) converts
    to Wwe&nadtdGL
  • “We Three Kings from Orient Are “date "Birth
    Year” converts to w3KfOr3691BY.
      (3691 is the year 1963 spelled backward to
         extend beyond six characters.)
          Evaluations
   Step 1: Go to http://edmodo.com/fetcevals
Step 2: Select session number, session title, and
                    evaluate.

								
To top