Upload
hester-stephens
View
212
Download
0
Embed Size (px)
Citation preview
Web Security for Network and System Administrators 1
Chapter 2
Security Processes
Web Security for Network and System Administrators 2
Objectives
In this chapter, you will:
• Review the basic components of a security education program
• Use security advisories to understand and correct software vulnerabilities
• Understand the need for security issue management
• Assess security risks
• Respond to security incidents
Web Security for Network and System Administrators 3
Security Education
• An education plan answers four central questions for members of an organization:– Who can assist in fighting malicious computer
activity?
– Where are security policies located?
– What are my responsibilities in relation to the security policies?
– What security controls must I use?
Web Security for Network and System Administrators 4
Security Education
Web Security for Network and System Administrators 5
Security Advisory
• Software bugs can create vulnerabilities that can be exploited by abusers
• The software vulnerability lifecycle consists of four phases
Web Security for Network and System Administrators 6
Security Advisory
Steps to address a vulnerability:
1. Receive the advisory
2. Assess the advisory and determine applicability
3. Determine deadlines for fixes
4. Assign work and track progress
5. Periodically check systems for compliance
Web Security for Network and System Administrators 7
Security Issue Management
Web Security for Network and System Administrators 8
Security Issue Management
• Issues must be rated with objective criteria in order to determine deadlines for compliance or correction:– Low – Low risk security exposure problem or
exposure on low value systems
– Medium – Medium risk security exposure problem or exposure on medium value systems
– High – High risk security exposure problem or exposure on high value systems
Web Security for Network and System Administrators 9
Security Issue Management
• There are three general outcomes to the issue management process:– Fix the problem
– Mitigate the exposure (e.g., install a firewall in front of a system with a lingering exposure)
– Accept the risk of the exposure
Web Security for Network and System Administrators 10
Security Risk Management
Web Security for Network and System Administrators 11
Security Risk Management
• Risks should be:– Evaluated using qualitative and/or quantitative
methods– Approved by the appropriate management chain– Reviewed regularly
Web Security for Network and System Administrators 12
Security Incident Management
• Incident management is the overall system in place to respond to computer attacks. It consists of three major phases:– Preparation– Reaction– Assessment
Web Security for Network and System Administrators 13
Security Incident Management
• To prepare:– Learn applicable laws
– Build a computer incidence response team (CIRT)
– Develop communication plan
– Develop a response plan
– Conduct training
– Post no trespassing signs
– Detect malicious activity
Web Security for Network and System Administrators 14
Security Incident Management
• To respond in a timely and efficient manner:– Stay calm
– Start a detailed log
– Conduct thorough interviews
– Coordinate communications
– Determine the extent of the intrusion
– Protect evidence
– Contain the problem
– Determine the root of the problem
– Restore business operations
Web Security for Network and System Administrators 15
Summary
• Education is an effective tool in mobilizing the organization to both understand the importance of security and to incorporate it into daily responsibilities.
• Vulnerability management process involves: receiving advisories, applying the necessary patches, and periodically assessing the environment to ensure fixes are installed.
• Security issue management is vital in ensuring that security exposures are addressed.
Web Security for Network and System Administrators 16
Summary
• Security risk management provides the on-going methodology to compare the cost of security measures against the possible financial loss caused by malicious activity.
• The security incident management process must be meticulous and effective, and it must protect both the environment and evidence collected.