07-05-2008
Security BasicsTeacher: Gael Reignier - gael.reigner@supinfo.com
Slides: Cyril Voisin
CISSP (Certified Information Systems Security Professional)
1.Introduction
2.Security basis
3.Introduction to cryptology
1.Introduction
Why Security ?
Definition:
make feel safe
stealing documents
encrypting
integrity
Expects:
learn how to set up a security policy
how to test & fix our security policy
Security depends on the context, so ti is all RELATIVE !
3 sides of security:
Human
Physical
Technologies (antivirus, directory, ipsec, pki ...)
People (enterprise admin, domain admin, users, soft engineer, service support)
Processes ( Risks, perf management, fixes, archives, incident response, backups ...)
2.Security Basis
C Confidentiality
I Integrity
A Availability
OSI
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Risk management
Where do you need to start?
defining rights for people
password
On what do we need to focus on?
users
How much we need to invest?
How would you do?
insurance testings: employ hackers to secure your network
ARO: Annualized Rate of Occurence
some infos on google: http://www.google.com/search?hl=en&client=safari&rls=en&q=SLE+ARO&btnG=Search∞
i add also this from : http://cissp.meetup.com/64/messages/boards/thread/2203587∞
SLE, ARO, ALE, residual risk
The quantitative assessment process involves the following steps: Estimate potential losses (SLE), conduct a threat analysis (ARO), determine annual loss expectancy (ALE), and determine the residual risk after a countermeasure has been applied.
whole risk = value of the assets x threats x vulnerabilities
Slide 63 Burfer Overflow Example
Worm for W2K: http://en.wikipedia.org/wiki/Nimda_(computer_worm∞)
SQL Injection: http://xkcd.com/327/∞
Stored Procedures: sql statements save on the server, that you can execute.
14-05-2008
RSA 512 < EAS 256
Symmetric cryptography : one key to encode and decode a message
- fast, increase easily the encoding key length
ETHEREAL : protocol analyser (man in the middle attack)
Asymmetric cryptography : one public key, one private key
- 1000 time slower than symmetric cryptography
On linux : /home/user/.ssh : folder using for ssh stuffs
public file : id_dsa.pub
private file: id_dsa
can be used to connect to an other host
Hash:
md5sum file to check the integrity of a file after a transfert (before and after)
-collisionless
spoofing : redirect on a private website
Certificates use PKI (Public Key Infrastructure)
Access Control:
Identification
Authorization
Permission
passwords:
/etc/passwd
/etc/shadows
Kerberos:
KDC : Key Distribution Center
AS : Authentication Service
TGT : Ticket Granding Ticket
TGS : Ticket Granting Service
ST : System Ticket
20/05/2008
Access control:
DAC : Discretionary Access
MAC : Mandatory Access Control
RADIUS:
-mainly used by ISP
-AAA protocol
-Remote Authentification
OS security:
TCB : Trusted Computing Base
has to bbe protected
if corrupted, all the security goes down
Biba concept:
deals with the integrity issue, based on integrity level
Threats:
hidden channel: way for an entity to receive informations in an unauthorize way
Trusted Solaris:
Using roles, running profiles, trusting path from keyboard to windows
Event Logger:
-windows: Event Viewer
-linux: Syslog /var/log/messages
=21/05/2008
Security ID (SID) is an ID for user, group
Tokens privilege :
-SeBackup
-SeDebug
-SeShutdown
-SeTakeOwnership
Physical security :
Threat are :
Sensible area and building
Be carreful of compromising signal (like screen, bluetooth ...) they could be spied !
We can use hardware solution for improve the software security (virtualization)
On database limit the privilege at a minimum
Give the good privilege to each group of user.
You can also encrypt the data on your hard disk
Authenticication and Identification are two level of security (password and login is enough for Authenticate but not for identify)
Malware :
Worm : infect your computer
Trojan : give the control off your machine to anyone else (opening port, change parameter)
Spyware : using tojan or worm
Phishing
Security Tools
Supervision Tools :
Nagios ( http://fr.wikipedia.org/wiki/Nagios∞ )
Cacti
munin-hardware
syslog-ng
Network
PABX (Private Automatic Branch Exchange)
3/06/08Security ID (SID) is an ID for user, group
Tokens privilege :
-SeBackup
-SeDebug
-SeShutdown
-SeTakeOwnership
Physical security :
Threat are :
Sensible area and building
Be carreful of compromising signal (like screen, bluetooth ...) they could be spied !
We can use hardware solution for improve the software security (virtualization)
On database limit the privilege at a minimum
Give the good privilege to each group of user.
You can also encrypt the data on your hard disk
Authenticication and Identification are two level of security (password and login is enough for Authenticate but not for identify)
Malware :
Worm : infect your computer
Trojan : give the control off your machine to anyone else (opening port, change parameter)
Spyware : using tojan or worm
Phishing
Security Tools
Supervision Tools :
Nagios ( http://fr.wikipedia.org/wiki/Nagios∞ )
Cacti
munin-hardware
syslog-ng
Network
PABX (Private Automatic Branch Exchange)
RAS = VPN server from microsoft
802.11i = WPA, WPA2
802.11a 802.11b 802.11g ] layer 1 - hardware
WPA personal : local credential system
WPA, WPA2 enterprise : Directory (AD, LDAP, OpenLDAP, ...)
nap : network access protocol from Microsoft
RAS = VPN server from microsoft
802.11i = WPA, WPA2
802.11a 802.11b 802.11g ] layer 1 - hardware
WPA personal : local credential system
WPA, WPA2 enterprise : Directory (AD, LDAP, OpenLDAP, ...)
nap : network access protocol from Microsoft
There are no comments on this page. [Add comment]