Orange County Computer Consultant

My photo
Orange County Computer Consultant helps small businesses with networking, installations and small business software.

Thursday, November 17, 2005

Security Process

What is ARBIL?
Asset and Risk Based INFOSEC lifecycle.
To implement a comprehensive security plan in I.T. and strategies for risk management.

What is CIA?
Confidentiality, Integrity, and Availability
Confidentiality- making sure your data is available to only those allowed.
Integrity- making sure your data has not been altered in any way. Think bank transactions or chemical formulas.

Availability- making sure your data is available. Hackers often use denial of services attacks to bring down your servers or networks by overloading them with packets.
Hackers use attack trees to determine every possible entrance into your networks. This can be through modems connected to your network, routers, switches, and application vulnerabilities, almost anything connected to your internet.

Make it difficult to determine your OS, which hackers use for Banner Grabbing. This is a simple fix that many systems administrators leave.
Change your banner to display a security warning.

Many people have difficulty understanding security processes alone implementing solutions.

What is SMIRA? Simple methodology for INFOSEC based risk assessment.
Risk management is the practice and process of identifying threats and vulnerabilities to assets. This helps making the correct decisions to implement the necessary safeguards to help your organization carry out its mission.
Organizations should look at threats, vulnerabilities, assets and safeguards.
Risk Assessment

The goal is to have a list of your critical assets. Critical in understanding mission, objectives and operations and what if scenarios.
Then to implement safeguards to protect those assets.

Vulnerability Assessment

This is when you look for vulnerabilities in existing applications and determine there severity. The vulnerabilities will be rated. This includes physical security, web application reviews, policy and procedure reviews, host assessments and OS reviews, and vulnerability scans.

Threat Assessment

This is the process, of identifying existing and potential threats to assets and environments. This will also be based on severity.Where can threats come from? Disgruntled employees, script kiddies, hackers, crackers, foreign governments, and your competition. You can look for threat indicators in your server, logs, CCTV, intrusion detection systems like SNORT. http://www.snort.org

What can threats cause?
Loss of businessDeathFinancial lossCorruption of data.Inability to work, servers down or running slowly.Confidentiality issues.

What are assets?
User IT OperationsStaff Connectivity DocumentationSecurity SystemsThird partiesPaperFilesMedia, like disk, CD’s and USB drives.File, Web, EMAIL, Storage, Application serversAnything of value to the company.
Hackers like to get there hands on all information no matter how unimportant it may seem it can be used to filter out more information.

How do you protect yourself against threats and protect your assets?

Have policies and procedures in place.
Employee awareness of security issues.
Software security in place
Hardware security in place.
Physical security.
Environmental Security. I.e. water level sensors.
Communication security- to protect your phone lines, and PBX systems.
Personnel security.

There is a lot of software on the internet that allows even technically challenged people to run scans on your systems to try to crack them. Anybody that knows how to search Google can easily find such tools. The way the Internet is evolving and more and more people joining the Internet the security risks increase.

Attackers gain information on your systems by doing Domain Lookups with Whois. Port scans using many available tools to find out what you’re running and then do internet searches to find exploit code to crack your systems. Once they find out what applications you’re running it’s only a matter of time before they can crack your systems if you are not protected.
Attackers like to get information on your Domain Names, IP addresses, then they will scan your network looking for live hosts. This can be accomplished with tools like NMAP by Fyodor http://www.nmap.com . By using a tool like NMAP you can send UDP, ICMP, and TCP packets.
This is done to identify host by looking at responses. At this point attackers find out what applications are being used, or any information the host is willing to give out. The more services you have running the more opportunities for someone to remotely exploit your hosts. This can be very time consuming for the attacker. The goal is to find out what OS platforms are being run. Are they Unix, Microsoft Windows or Apple Mac OS? From here it easy much easier for someone to look for shellcode to use against your system.