Web Security for Network and System Administrators1 Chapter 2 Security Processes

Web Security for Network and System Administrators 1

Chapter 2

Security Processes


Objectives

In this chapter, you will:

• Review the basic components of a security education program

• Use security advisories to understand and correct software vulnerabilities

• Understand the need for security issue management

• Assess security risks

• Respond to security incidents


Security Education

• An education plan answers four central questions for members of an organization:– Who can assist in fighting malicious computer

activity?

– Where are security policies located?

– What are my responsibilities in relation to the security policies?

– What security controls must I use?


Security Education


Security Advisory

• Software bugs can create vulnerabilities that can be exploited by abusers

• The software vulnerability lifecycle consists of four phases


Security Advisory

Steps to address a vulnerability:

1. Receive the advisory

2. Assess the advisory and determine applicability

3. Determine deadlines for fixes

4. Assign work and track progress

5. Periodically check systems for compliance


Security Issue Management



• Issues must be rated with objective criteria in order to determine deadlines for compliance or correction:– Low – Low risk security exposure problem or

exposure on low value systems

– Medium – Medium risk security exposure problem or exposure on medium value systems

– High – High risk security exposure problem or exposure on high value systems



• There are three general outcomes to the issue management process:– Fix the problem

– Mitigate the exposure (e.g., install a firewall in front of a system with a lingering exposure)

– Accept the risk of the exposure


Security Risk Management


Security Risk Management

• Risks should be:– Evaluated using qualitative and/or quantitative

methods– Approved by the appropriate management chain– Reviewed regularly


Security Incident Management

• Incident management is the overall system in place to respond to computer attacks. It consists of three major phases:– Preparation– Reaction– Assessment



• To prepare:– Learn applicable laws

– Build a computer incidence response team (CIRT)

– Develop communication plan

– Develop a response plan

– Conduct training

– Post no trespassing signs

– Detect malicious activity



• To respond in a timely and efficient manner:– Stay calm

– Start a detailed log

– Conduct thorough interviews

– Coordinate communications

– Determine the extent of the intrusion

– Protect evidence

– Contain the problem

– Determine the root of the problem

– Restore business operations


Summary

• Education is an effective tool in mobilizing the organization to both understand the importance of security and to incorporate it into daily responsibilities.

• Vulnerability management process involves: receiving advisories, applying the necessary patches, and periodically assessing the environment to ensure fixes are installed.

• Security issue management is vital in ensuring that security exposures are addressed.


Summary

• Security risk management provides the on-going methodology to compare the cost of security measures against the possible financial loss caused by malicious activity.

• The security incident management process must be meticulous and effective, and it must protect both the environment and evidence collected.

Documents

Web Security for Network and System Administrators1 Chapter 2 Security Processes