What is ARBIL?
Asset and Risk Based INFOSEC lifecycle.
To implement a comprehensive security plan in I.T. and
strategies for risk management.
What is CIA?
Confidentiality, Integrity, and Availability
Confidentiality- making sure your data is available to only
those allowed.
Integrity- making sure your data has not been altered in any
way. Think bank transactions or chemical formulas.
Availability- making sure your data is available. Hackers often
use denial of services attacks to bring down your servers or
networks by overloading them with packets.
Hackers use attack trees to determine every possible entrance
into your networks. This can be through modems connected to your
network, routers, switches, and application vulnerabilities,
almost anything connected to your internet.
Make it difficult to determine your OS, which hackers use for
Banner Grabbing. This is a simple fix that many systems
administrators leave.
Change your banner to display a security warning.
Many people have difficulty understanding security processes
alone implementing solutions.
What is SMIRA? Simple methodology for INFOSEC based risk
assessment.
Risk management is the practice and process of identifying
threats and vulnerabilities to assets. This helps making the
correct decisions to implement the necessary safeguards to help
your organization carry out its mission.
Organizations should look at threats, vulnerabilities, assets
and safeguards.
Risk Assessment
The goal is to have a list of your critical assets. Critical in
understanding mission, objectives and operations and what if
scenarios.
Then to implement safeguards to protect those assets.
Vulnerability Assessment
This is when you look for vulnerabilities in existing
applications and determine there severity. The vulnerabilities
will be rated. This includes physical security, web application
reviews, policy and procedure reviews, host assessments and OS
reviews, and vulnerability scans.
Threat Assessment
This is the process, of identifying existing and potential
threats to assets and environments. This will also be based on
severity.Where can threats come from? Disgruntled employees,
script kiddies, hackers, crackers, foreign governments, and your
competition. You can look for threat indicators in your server,
logs, CCTV, intrusion detection systems like SNORT.
http://www.snort.org
What can threats cause?
Loss of business Death Financial loss Corruption of data.
Inability to work, servers down or running slowly.
Confidentiality issues.
What are assets?
User IT Operations Staff Connectivity Documentation Security
Systems Third parties Paper Files Media, like disk, CD’s and USB
drives. File, Web, EMAIL, Storage, Application servers Anything
of value to the company.
Hackers like to get there hands on all information no matter how
unimportant it may seem it can be used to filter out more
information.
How do you protect yourself against threats and protect your
assets?
Have policies and procedures in place.
Employee awareness of security issues.
Software security in place
Hardware security in place.
Physical security.
Environmental Security. I.e. water level sensors.
Communication security- to protect your phone lines, and PBX
systems.
Personnel security.
There is a lot of software on the internet that allows even
technically challenged people to run scans on your systems to
try to crack them. Anybody that knows how to search Google can
easily find such tools. The way the Internet is evolving and
more and more people joining the Internet the security risks
increase.
Attackers gain information on your systems by doing Domain
Lookups with Whois. Port scans using many available tools to
find out what you’re running and then do internet searches to
find exploit code to crack your systems. Once they find out what
applications you’re running it’s only a matter of time before
they can crack your systems if you are not protected.
Attackers like to get information on your Domain Names, IP
addresses, then they will scan your network looking for live
hosts. This can be accomplished with tools like NMAP by Fyodor
http://www.nmap.com . By using a tool like NMAP you can send
UDP, ICMP, and TCP packets. This is done to identify host by
looking at responses.
At this point attackers find out what applications are being
used, or any information the host is willing to give out. The
more services you have running the more opportunities for
someone to remotely exploit your hosts. This can be very time
consuming for the attacker. The goal is to find out what OS
platforms are being run. Are they Unix, Microsoft Windows or
Apple Mac OS? From here it easy much easier for someone to look
for shellcode to use against your system.
Benjamin Hargis CEO
Phuture Networks
http://www.phuturenetworks.com
Free Computer Security Tips !! www.computersecurityadvice.com
About the author:
None