Embed Size (px)
Citation preview
Security Risk Management
Eduardo Rivadeneira
IT pro
Microsoft Mexico
Session Prerequisites
Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003
Knowledge of Active Directory and Group Policy concepts
Level 200
Agenda
Dia 1 Comunidades Technet Mexico Entrenamiento Comunidades Mexico Essentials of Security Parte 1
Dia 2 Essentials of Security Parte 2 Security Risk Management Parte 1
Dia 3 Security Risk Managemnt Parte 2 Peguntas y Respuestas
Comunidades Technet Mexico
Dia 1
Comunidades en Mexico
On Line
http://groups.msn.com/itpromexico
Presénciales
Comunidad DF
IT Pro Mexico
Aida [email protected]
Victor Guadarrama [email protected]
http://itpromexico.com.mx
Comunidades
Comunidad Monterrey
Carlos Alberto Morales
Astrid Rodríguez Garza
http://groups.msn.com/itpromonterrey
Comunidad San Quintín Baja California
Genaro N. Lopez Norori [email protected]
http://groups.msn.com/ITproSanQuintin
Comunidades
Comunidad Guadalajara
Oscar T. Aceves Dávalos
http://groups.msn.com/itprogdl
Comunidad Coatzacoalcos
Gabriel Castillo
http://groups.msn.com/ITcoatzacoalcos
Comunidades
Tijuana
Andree Ochoa
http://groups.msn.com/itprotijuana
Puebla
Jorge Garcia
http://groups.msn.com/ITICOPuebla
Procedimientos Comunidades
Evento presencial
1. Enviar la información de las reuniones del siguiente mes
Lugar, fecha, hora, descripción del evento, lugar del evento
2. Confirmar que el evento este dado de alta en http://wwww.microsoft.com/mexico/eventos
3. Todos los participantes deberán registrarse vía Web en el evento y entregar su registro con el código de barra el dia del evento
4. El instructor deberá recolectar las evaluaciones y hojas de registro para entregárselas al director del área
Essentials of Security
Dia 1
Business Case
Business Case
Security Risk Management Discipline
Defense in Depth
Security Incident Response
Best Practices
10 Immutable Laws of Security
Impact of Security Breaches
Loss of RevenueLoss of Revenue Damage to ReputationDamage to Reputation
Loss or Compromise of Data
Loss or Compromise of Data
Damage to Investor Confidence
Damage to Investor Confidence
Legal ConsequencesLegal Consequences
Interruption of Business Processes
Interruption of Business Processes
Damage to Customer Confidence
Damage to Customer Confidence
2003 CSI/FBI Survey
The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises
Benefits of Investing in Security
Reduced downtime and costs associated with non-availability of systems and applicationsReduced downtime and costs associated with non-availability of systems and applications
Reduced labor costs associated with inefficient security update deploymentReduced labor costs associated with inefficient security update deployment
Reduced data loss due to viruses or information security breachesReduced data loss due to viruses or information security breaches
Increased protection of intellectual propertyIncreased protection of intellectual property
Security Risk Management Discipline
Business Case
Security Risk Management Discipline
Defense in Depth
Security Incident Response
Best Practices
10 Immutable Laws of Security
Security Risk Management Discipline (SRMD) Processes
Assessment Assess and valuate assets Identify security risks and threats Analyze and prioritize security risks Security risk tracking, planning, and scheduling
Development and Implementation Develop security remediation Test security remediation Capture security knowledge
Operation Reassess assets and security risks Stabilize and deploy new or changed countermeasures
Assessment: Assess and Valuate Assets
Asset Priorities (Scale of 1 to 10) – Example
*
* For example purposes only – not prescriptive guidance
Types of threats Examples
SpoofingForge e-mail messagesReplay authentication packets
TamperingAlter data during transmissionChange data in files
RepudiationDelete a critical file and deny itPurchase a product and later deny it
Information disclosureExpose information in error messagesExpose code on Web sites
Denial of serviceFlood a network with SYN packetsFlood a network with forged ICMP packets
Elevation of privilegeExploit buffer overruns to gain system privilegesObtain administrator privileges illegitimately
Assessment: Identify Security Risks and Threats – STRIDE
Assessment: Analyze and Prioritize Security Risks – DREAD
DREAD
Damage
Reproducibility
Exploitability
Affected Users
Discoverability
Risk Exposure = Asset Priority x Threat Rank
Example Worksheet
Assessment: Security Risk Tracking, Planning, and Scheduling
Types of threats Examples
SpoofingForge e-mail messagesReplay authentication packets
TamperingAlter data during transmissionChange data in files
RepudiationDelete a critical file and deny itPurchase a product and later deny it
Information disclosure
Expose information in error messagesExpose code on Web sites
Denial of serviceFlood a network with SYN packetsFlood a network with forged ICMP packets
Elevation of privilegeExploit buffer overruns to gain system privilegesObtain administrator privileges illegitimately
Detailed Security Action Plans
Example Worksheets
Development and Implementation
Configuration managementConfiguration management
Patch managementPatch management
System monitoringSystem monitoring
System auditingSystem auditing
Operational policiesOperational policies
Operational proceduresOperational procedures
Detailed Security Action Plans
Testing LabTesting Lab
Knowledge Documented for Future UseKnowledge Documented for Future Use
Security Remediation StrategySecurity Remediation Strategy
Production EnvironmentProduction
Environment
Operation: Reassess Assets and Security Risks
New Web Site
New Web Site Internet Services
Reassess risks when there is a significant change in assets, operation, or structure
Assess risks continually
Testing LabTesting Lab
Documented KnowledgeDocumented Knowledge
Production EnvironmentProduction Environment
Operation: Stabilize and Deploy New or Changed Countermeasures
System Administration
Team
System Administration
TeamNew or
ChangedCountermeasures
New orChanged
Countermeasures
Network Administration
Team
Network Administration
Team
Security Administration
Team
Security Administration
Team Production EnvironmentProduction
Environment
Defense in Depth
Business Case
Security Risk Management Discipline
Defense in Depth
Security Incident Response
Best Practices
10 Immutable Laws of Security
The Defense-in-Depth Model
Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success
OS hardening, authentication, patch management, HIDS
Firewalls, Network Access Quarantine Control
Guards, locks, tracking devices
Network segments, IPSec, NIDS
Application hardening, antivirus
ACLs, encryption, EFS
Security documents, user educationPolicies, Procedures, & AwarenessPolicies, Procedures, & Awareness
Physical SecurityPhysical Security
Perimeter
Internal Network
Host
Application
Data
Description of the Policies, Procedures, and Awareness Layer
I think I will use my first name as
a password.
Hey, I need to configure a firewall. Which ports should I
block?
I think I will wedge the computer room door open. Much
easier.
They have blocked my favorite Web
site. Lucky I have a modem.
Policies, Procedures, and Awareness Layer Compromise
Say, I run a network too. How do you configure your
firewalls?
I can never think of a good
password. What do you use?
Hi, do you know where the
computer room is?
Hey, nice modem. What's the number
of that line?
Policies, Procedures, and Awareness Layer Protection
Firewall Configuration Procedure Physical Access Security Policy
User Information Secrecy Policy
Device Request Procedure
Employee security training helps users support thesecurity policy
Description of the Physical Security Layer
All of the assets within an organization’s IT infrastructure must be physically secured
Physical Security Layer Compromise
Install Malicious CodeInstall Malicious Code
Damage HardwareDamage HardwareView, Change, or Remove Files
View, Change, or Remove Files
Remove HardwareRemove Hardware
Physical Security Layer Protection
Lock doors and install alarmsLock doors and install alarms
Employ security personnelEmploy security personnel
Enforce access proceduresEnforce access procedures
Monitor accessMonitor access
Limit data input devicesLimit data input devices
Use remote access tools to enhance securityUse remote access tools to enhance security
Description of the Perimeter Layer
Business PartnerBusiness Partner
Internet Services
LAN
Main OfficeMain Office
LAN
Internet Services
Branch OfficeBranch Office
Wireless Network
LAN
Network perimeters can include connections to:Network perimeters can include connections to:
The InternetBranch officesBusiness partnersRemote usersWireless networksInternet applications
The InternetBranch officesBusiness partnersRemote usersWireless networksInternet applications
Remote UserRemote User
Internet
Perimeter Layer Compromise
Business PartnerBusiness Partner
Internet Services
LAN
Main OfficeMain Office
LAN
Internet Services
Remote UserRemote User
Internet
Branch OfficeBranch Office
Wireless Network
LAN
Network perimeter compromise may result in a successful:Network perimeter compromise may result in a successful:
Attack on corporate networkAttack on remote users Attack from business partnersAttack from a branch officeAttack on Internet servicesAttack from the Internet
Attack on corporate networkAttack on remote users Attack from business partnersAttack from a branch officeAttack on Internet servicesAttack from the Internet
Perimeter Layer Protection
Business PartnerBusiness Partner
Internet Services
LAN
Main OfficeMain Office
LAN
Internet Services
Branch OfficeBranch Office
Wireless Network
LAN
Remote UserRemote User
Internet
Network perimeter protection includes:Network perimeter protection includes:
FirewallsBlocking communication portsPort and IP address translationVirtual private networks (VPNs)Tunneling protocolsVPN quarantine
FirewallsBlocking communication portsPort and IP address translationVirtual private networks (VPNs)Tunneling protocolsVPN quarantine
Description of the Internal Network Layer
SalesSales
Wireless NetworkWireless Network
MarketingMarketing
FinanceFinanceHuman ResourcesHuman Resources
Internal Network Layer Compromise
Unauthorized Access to Systems
Unauthorized Access to Systems
Access All Network Traffic
Access All Network Traffic
Unauthorized Access to Wireless Networks
Unauthorized Access to Wireless Networks
Unexpected Communication Ports
Unexpected Communication Ports
Sniff Packets from the Network
Sniff Packets from the Network
Internal Network Layer Protection
Require mutual authenticationRequire mutual authentication
Segment the networkSegment the network
Encrypt network communicationsEncrypt network communications
Restrict traffic even when it is segmentedRestrict traffic even when it is segmented
Sign network packetsSign network packets
Implement IPSec port filters to restrict traffic to serversImplement IPSec port filters to restrict traffic to servers
Demonstration 1: Configuring IPSec Port Filtering
Your instructor will demonstrate how to:
Create and configure an IP Security policy that contains IPSec port filters that will be used to lock down unnecessary ports on an IIS server
View IPSec port filter properties
Description of the Host Layer
Contains individual computer systems on the network
Often have specific roles or functions
The term “host” is used to refer to both clients and servers
Host Layer Compromise
Exploit Unsecured Operating System
Configuration
Exploit Operating System
Weakness
Unmonitored Access
Distribute Viruses
Host Layer Protection
Harden client and server operating systemsHarden client and server operating systems
Disable unnecessary servicesDisable unnecessary services
Keep security patches and service packs up to dateKeep security patches and service packs up to date
Monitor and audit access and attempted accessMonitor and audit access and attempted access
Install and maintain antivirus softwareInstall and maintain antivirus software
Use firewallsUse firewalls
Windows XP SP2 Advanced Security Technologies
Network protection
Memory protection
Safer e-mail handling
More secure browsing
Improved computer maintenance
Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview
Network protection
Memory protection
Safer e-mail handling
More secure browsing
Improved computer maintenance
Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview
Demonstration 2: Overview of Windows XP SP2
Your instructor will demonstrate the new and enhanced security features in Windows XP SP2:
Security Center
Windows Firewall
Internet Explorer
Preguntas
http://groups.msn.com/itpromexico
Sección de webcast
