Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Lec-4: Cyber Security
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanis...
Enterprise Cybersecurity Architecture
• There are 11 functional areas which needs to be organized and managed
enterprise c...
System administration Security
System administration
• Provides for securing administration of
• Enterprise infrastructure
• Security infrastructure
• Se...
Reasons for targeting system administration
• Consolidation in IT
• Now a days system administrator controls thousands of ...
System administration Goals and Objectives
• Goal
• To protect the enterprise's administrative channels from being used by...
SA: Threat Vectors
• Keeping attackers from conducting malicious systems administration
activities in the enterprise.
• Co...
SA: Capabilities
• SA capabilities help
• Isolate command and control networks and protocols
• Provide cryptographic prote...
SA capabilities
• Bastion hosts
• Out-of-Band (OOB) management
• Network isolation
• Integrated Lights-Out (ILO), Keyboard...
Network Security
Network Security
• Purpose
• To protect the enterprise network from unauthorized access
• Needs to be considered in terms ...
Containment capability
• Containment involves
• isolating attacker activity in one part of the enterprise (for example, en...
NS: Goals and Objectives
• Block malicious traffic
• Monitor and analyze network traffic
• Log information about network t...
NS: Threat Vectors
• Attackers enter the enterprise through outbound network connections from
servers or clients on the in...
NS: Capabilities
• Switches and routers
• Software Defined Networking (SDN)
• Domain Name System (DNS) and Dynamic Host Co...
Application Security
Application Security
• Application security involves security measures that are specific to
certain applications or protoc...
AS: Goal and objectives
• Goal
• to protect the enterprise applications from use or attack
• Objective
• The preventive ob...
AS: Threat Vectors
• Initial entry by leveraging email to send malicious
messages(attachment or links) to users.
• For gai...
AS: Capabilities
• E-mail security
• Web-shell detection
• Application firewalls
• Database firewalls
• Forward proxy and ...
Continued………. Next Lecture
• Endpoint, Server, and Device Security
• Identity, Authentication, and Access Management
• Dat...
Thank You
For Your Patience
Upcoming SlideShare
Loading in …5
×

Cyber Security # Lec 4

1,199 views

Published on

A series of Cyber Security notes........................

Published in: Technology
  • Login to see the comments

Cyber Security # Lec 4

  1. 1. Lec-4: Cyber Security Mr. Islahuddin Jalal MS (Cyber Security) – UKM Malaysia Research Title – 3C-CSIRT Model for Afghanistan BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬
  2. 2. Enterprise Cybersecurity Architecture • There are 11 functional areas which needs to be organized and managed enterprise cybersecurity 1. System administration 2. Network Security 3. Application Security 4. Endpoint, Server, and Device Security 5. Identity, Authentication, and Access Management 6. Data Protection and Cryptography 7. Monitoring, vulnerability and patch management 8. High availability, Disaster recovery, and Physical Protection 9. Incident Response 10. Asset Management and supply chain 11. Policy, Audit, E-Discovery and Training
  3. 3. System administration Security
  4. 4. System administration • Provides for securing administration of • Enterprise infrastructure • Security infrastructure • Secure system administration is the foundation for enterprise security measures
  5. 5. Reasons for targeting system administration • Consolidation in IT • Now a days system administrator controls thousands of computers, often from a single console • System administration security is poor • Systems administration technology is relatively immature with few built-in checks and balances to detect malicious activity or prevent in the first place
  6. 6. System administration Goals and Objectives • Goal • To protect the enterprise's administrative channels from being used by adversary • Objectives • Preventive (make it harder for the attackers to get system control) • Detective (detect attacks on system administration channels or malicious systems administration activity when it occurs) • Forensics (focus on creating detailed audit logs of all privileged systems administration activities)
  7. 7. SA: Threat Vectors • Keeping attackers from conducting malicious systems administration activities in the enterprise. • Compromise credentials of system administrator • Compromise the computer of system administrator • Compromise the computing infrastructure (virtualization, storage etc) and use the computing capabilities to take control of systems • Compromise systems administration infrastructure (computer mangt. Patch magt. Or other systems to take control of the enterprise • Compromise monitoring systems that have administrative access • Use local computer administrative accounts to move from one personal computer to another with administrative rights
  8. 8. SA: Capabilities • SA capabilities help • Isolate command and control networks and protocols • Provide cryptographic protection for systems administration • Allow for auditing of systems administration activities to detect attacks • In this functional area, it is good to have redundancy in protection. • For example, using network isolation along with strong authentication helps ensure that the breach of one protection mechanism alone will not be disastrous.
  9. 9. SA capabilities • Bastion hosts • Out-of-Band (OOB) management • Network isolation • Integrated Lights-Out (ILO), Keyboard Video Mouse (KVM), and power controls • Virtualization and Storage Area Network (SAN) management • Segregation of administration from services • Multi-factor authentication for Systems Administrators (SAs) • Administrator audit trail(s) • Command logging and analytics
  10. 10. Network Security
  11. 11. Network Security • Purpose • To protect the enterprise network from unauthorized access • Needs to be considered in terms of the following security controls • Preventive control (firewall and separate sections of the network from each other) • Detective control (IDS: detect attacker activity that cannot be blocked) • Monitoring control (capture activity that is input to correlation engines that support forensics.)
  12. 12. Containment capability • Containment involves • isolating attacker activity in one part of the enterprise (for example, end-user workstations or Internet-facing web servers) from other IT functions such as financial systems in order to provide for a layered defense
  13. 13. NS: Goals and Objectives • Block malicious traffic • Monitor and analyze network traffic • Log information about network traffic
  14. 14. NS: Threat Vectors • Attackers enter the enterprise through outbound network connections from servers or clients on the internal network. • Attackers enter the enterprise through the network connections of Internet- facing servers. • Attackers use internal networks to move laterally between computers inside the enterprise. • Attackers use enterprise networks to extract data and remove it from the enterprise. • Attackers take control of network infrastructure components and then leverage them to gain entry to the enterprise or to bypass other security measures.
  15. 15. NS: Capabilities • Switches and routers • Software Defined Networking (SDN) • Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) • Network Time Protocol (NTP) • Network service management • Firewall and virtual machine firewall • Network Intrusion Detection/Network Intrusion Prevention System (IDS/IPS) • Wireless networking (Wi-Fi) • Packet intercept and capture • Secure Sockets Layer (SSL) intercept • Network Access Control (NAC) • Virtual Private Networking (VPN) and Internet Protocol Security (IPSec) • Network Traffic Analysis (NTA) • Network Data Analytics (NDA)
  16. 16. Application Security
  17. 17. Application Security • Application security involves security measures that are specific to certain applications or protocols running over the network. • By this simple definition, application security technologies and capabilities include • e-mail security • application-aware firewall features • database gateways • forward web proxies. • Application security operates alongside network security.
  18. 18. AS: Goal and objectives • Goal • to protect the enterprise applications from use or attack • Objective • The preventive objective is to block exploitation of applications and application communications protocols for malicious use. • The detective objective is to detect compromises of applications and attempts to exploit them for malicious purposes. • The forensic objective is to log data about application activity that can be used for audits and investigations of incidents. • The audit objective is for auditors to be able to collect evidence and artifacts that suggest that applications are safe and not being used or manipulated by attackers.
  19. 19. AS: Threat Vectors • Initial entry by leveraging email to send malicious messages(attachment or links) to users. • For gaining control of end user, servers, mobile device • Leverage vulnerabilities in web browsers and web-plugins • For gaining control • Exploiting vulnerabilities in enterprise server applications. • For gaining control • During the development of an application the attacker may find and then exploit the flaw of software for gaining control
  20. 20. AS: Capabilities • E-mail security • Web-shell detection • Application firewalls • Database firewalls • Forward proxy and web filters • Reverse proxy • Data Leakage Protection (DLP) • Secure application and database software development • Software code vulnerability analysis (including source code verification and bug tracking)
  21. 21. Continued………. Next Lecture • Endpoint, Server, and Device Security • Identity, Authentication, and Access Management • Data Protection and Cryptography
  22. 22. Thank You For Your Patience

×