Upload
eric-greene
View
217
Download
0
Embed Size (px)
Citation preview
UNIT 9 SEMINAR – THE LAST ONE !
Unit 9Unit 9Chapter 9 in CompTIA Security Chapter 9 in CompTIA Security
++
1
Course Name – IT286-01 Introduction to Network Security
Instructor – Jan McDanolds, MS, Security+
Contact Information: AIM – JMcDanolds
Email – [email protected] Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
UNIT 8 REVIEW
Security Policies and Procedures
In Chapter 8 we covered: Understanding Business Continuity
Business Continuity Planning, Disaster Recovery Planning, Continuity of Operations (COOP) Plan Cyber Incident Response PlanOccupant Emergency Plan (OEP)The five nines…99.999Backups
Reinforcing Vendor SupportGenerating Policies and ProceduresEnforcing Privilege Management
2
UNIT 9
Security Administration
Unit 9:Understanding Security Management Drafting Best Practices and Documentation
Simplifying Security Administration Common Logical Access Control Methods/Topics
Understanding Security Awareness and EducationStaying on Top of Security OS Updates - WSUS (Windows Server Update Service) Security TechCenter, other websites
Regulating Privacy and Security Laws and Regulations, Federal and International
3
CHAPTER 9
Understanding Security Management
The management of security is EVERYTHING! Best Practices and Documentation
Using Policies and ProceduresAllocating ResourcesDefining ResponsibilityMinimizing MistakesEnforcing the Policies and Procedures
We need tools!!!
4
CHAPTER 9
Examples of FREE Administration Tools…Windows Baseline Security Analyzer (MBSA) – Free download for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2http://technet.microsoft.com/en-us/security/cc184924.aspx
Foglight from Quest – FREE Network Management System – VIEW Videos - Traffic Mgt, Configuration http://www.quest.com/landing/?ID=7483&s_kwcid=TC-24146-%7BOrderItemId%7D-%7BMatchType%7D-%7BAdId%7D
Solarwinds – IT monitoring and management software for SysAdmins Free Tools and Free Trials – http://www.solarwinds.com/downloads/
Spiceworks - FREE Network Management tool http://www.spiceworks.com/
5
CHAPTER 9
Example: Spiceworks Features
http://www.spiceworks.com/Inventory Your Network - Network Inventory - IT Asset Management - IT Audit Software - Warranty Tracking - Virtualization Management
Monitor Your Network - Network Monitoring - Power Management Software - SNMP Network Management - SQL Server Monitoring
Run an IT Help Desk - Help Desk Software - Active Directory Management - IT Purchasing Management - Help Desk iPhone App
Manage Configuration Changes - TFTP Server - Change Management
Map Your Network - Network Mapping
Troubleshoot Network Problems - Remote control of PCs & servers with RDP or VNC, ping from one console, compare configurations
6
CHAPTER 9
Examples of Administration ToolsThese tools are not free…HP – Network Management/Security Software E-Series http://h17007.www1.hp.com/us/en/products/network-management/index.aspx
IBM – Tivoli NetView distributed network management software http://www-01.ibm.com/software/tivoli/products/netview/
Others:SolarwindsCiscoAvaya Network Management SolutionsSysAidLanDeskMach5, Etc. Etc.
7
CHAPTER 9
Simplifying Security Administration
Common Logical Access Control Methods/Topics
Access Control Lists (ACLs)Account ExpirationDomain Password PolicyGroup PoliciesLogical TokensPassword PolicyTime-of-day restrictionsUsernames and passwords
8
CHAPTER 9
Understanding Security Awareness and Education
Using Communications and Awareness
Providing Education – explaining policies, procedures, and current threats to users and management
1 - Organization as a whole2 - Management3 - Technical staff
9
CHAPTER 9
Staying on Top of Security
Operating Systems UpdatesApplications UpdatesNetwork Device UpdatesPolicies and ProceduresPersonal Development
Web Sites – next slide…
Trade Publications
10
CHAPTER 9
Security websites
Ones we have discussed:CERT, SANS, McAfeeSymantec http://www.symantec.com/connect/ http://www.securityfocus.com/Computer Security Institute - http://gocsi.com/webinarshttp://www.databreaches.net/
Others:SC Magazine - http://www.scmagazine.com/http://www.itsecurity.com/http://hakin9.org/http://www.privacyrights.org/data-breach
11
CHAPTER 9
Regulating Privacy and SecurityHIPAA – Health Insurance Portability and Accountability Act
Gramm-Leach Bliley Act of 1999Computer Fraud and Abuse ActFERPA – Family Educational Rights & Privacy Act
Computer Security Act of 1987Cyberspace Electronic Security Act (CESA)Cyber Security Enhancement ActPatriot ActInternational Efforts
12
UNIT 9
UNIT 9 Reading
13
Web Resources
UNIT 9 ASSIGNMENT
UNIT 9 Assignment
Three separate questions – review the Rubric
14
CHAPTER 9
Unit 9 Assignment
Unit Nine Project 1. Table 9.1 on page 445 lists common logical access control methods/topics. Perform Internet research and examine past chapters of the text to describe critical aspects for 4 of the 8 topics listed. You must have at least 2 references besides our text book. 2. Describe what you feel is the most difficult aspect of education as it refers to end users in an organization.
3. Summarize one of the 8 Acts listed (between pages 454 thru 457) in terms of specific topics covered, need to know items and specifics as to how the ACT helps or hurts IT security efforts.
15
FINAL EXAM
Unit 10 Assignment
There is no Final Project
There IS a Final Exam: 50 multiple choice questions, one hour
One of the questions… Where might be the most up-to-date place to find out about security issues? Think about the quickest way to notify clients of a security breach.
16
FINAL SLIDE
I hope you have enjoyed this class! All the best to each of you! Stay secure!!
17
Questions ????
Comments !!!
Do you feel you have a good basis for security after taking this course?
Are you planning on taking the CompTIA Security+ certification?
What amazed you most about this information?