note1 (admi1) overview of administering security
TRANSCRIPT
Note1 (Admi1)
Overview of administering security
Overview of Administering Security
2
Outline
Issues in administering security Security planning & policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security
Overview of Administering Security
3
Issues in administering security
Security planning & Policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security
Overview of Administering Security
4
Security Planning
A security plan is a document that describes how an organization will address its security needs.
When the organization’s security needs change, its security plan needs to be periodically reviewed and updated.
Overview of Administering Security
5
Security Planning- Issues
What the plan should contain? content
Who should write the plan? the security planning team
Support for the plan? securing commitment to the plan
Implementation of the plan? methods, tools, resources, …
Overview of Administering Security
6
Security Planning- Issues
What the plan should contain? – Security policy– Current security status– Requirements– Responsibility for implementation– Timetable– Reviews & updates
Overview of Administering Security
7
Security Planning- Issues
Members of the security planning team– CIO (chief information officer)– Hardware support personnel– Systems programmers– Application programmers– Data entry personnel– Physical security personnel– Representative users
Overview of Administering Security
8
Security Planning- Issues Securing support for the plan
1. The plan needs to be accepted by the users and the involved personnel.
– User education and publicity are needed to increase the users’ understanding of security.
– Training of personnel is needed for implementing the plan.
2. The plan must be carried out.– Management commitment– Managers are concerned with ROI, vulnerability, risks,
laws, etc.– Surveys and outside experts may be needed to
persuade the managers to commit.
Overview of Administering Security
9
Security Planning- Issues
Implementation of the plan– Policy versus mechanisms– A policy defines what are or are not
allowed.– A policy is enforced by various
mechanisms (tools, methods, procedures, etc.).
Overview of Administering Security
10
Risk analysis
The first step in security planning is risk analysis.
A process to determine the exposures and their potential harm
The result of the risk analysis is important in securing management commitment to the security plan.
It justifies expenditures for security.
Overview of Administering Security
11
Risk analysis
Three steps:
1. A list of all exposures of a computing system and the expected cost of the loss
2. For each exposure, possible controls and their costs
3. A cost-benefit analysis– Does it cost less to implement a control or to
accept the expected cost of the loss?
Overview of Administering Security
12
Auditing
Administrators should use audit facilities provided in the systems or 3rd party auditing tools to automate the audit analysis process.
Auditing tools provide snapshots of a system’s status.
Anomalies in the audit logs indicate potential attacks or problems.
Overview of Administering Security
13
Auditing
Automated tools should be used to detect inconsistencies in the audit logs Intrusion Detection Systems (IDS)
The audit logs should be protected, by being sent to separate machines or written immediately to a printer.
Overview of Administering Security
14
Disaster recovery
When attacks and/or problems cannot be prevented, how to recover from the damage and loss should be planned in advance.
A contingency plan An incident response plan and team User awareness User notification mechanisms
Overview of Administering Security
15
Types of Disasters
Natural disastersflood, falling water, fire, extreme temperature
change, … Power loss Human vandals Unauthorized access and use Viruses, worms
Overview of Administering Security
16
Management of resources and systems
Acceptable use Accounts, passwords Files and devices Access controls Network security
– Perimeter protection– Connectivity– Remote access– Securing the hosts
backups
Overview of Administering Security
17
Management of Network security Perimeter protection
– Firewalls, routers, wireless access points Connectivity
– The Internet– Local backbone– A map of physical connections
Remote access– VPN for telecommuters ?– telnet, ftp, rlogin ?
Securing the hosts in the network Insiders’ attacks vs attacks from outside
Overview of Administering Security
18
Summary Administering the security of an
organization’s computer systems involve many issues.
An up-to-date security plan is a must. Support for the plan is necessary. A disaster response/recovery plan is
important. Periodic review and update is needed.