note1 (admi1) overview of administering security

Note1 (Admi1)

Overview of administering security

Overview of Administering Security

2

Outline

Issues in administering security Security planning & policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security


3

Issues in administering security

Security planning & Policy Risk analysis Auditing Disaster recovery Management of resources and systems Management of Network security


4

Security Planning

A security plan is a document that describes how an organization will address its security needs.

When the organization’s security needs change, its security plan needs to be periodically reviewed and updated.


5

Security Planning- Issues

What the plan should contain? content

Who should write the plan? the security planning team

Support for the plan? securing commitment to the plan

Implementation of the plan? methods, tools, resources, …


6


What the plan should contain? – Security policy– Current security status– Requirements– Responsibility for implementation– Timetable– Reviews & updates


7


Members of the security planning team– CIO (chief information officer)– Hardware support personnel– Systems programmers– Application programmers– Data entry personnel– Physical security personnel– Representative users


8

Security Planning- Issues Securing support for the plan

1. The plan needs to be accepted by the users and the involved personnel.

– User education and publicity are needed to increase the users’ understanding of security.

– Training of personnel is needed for implementing the plan.

2. The plan must be carried out.– Management commitment– Managers are concerned with ROI, vulnerability, risks,

laws, etc.– Surveys and outside experts may be needed to

persuade the managers to commit.


9


Implementation of the plan– Policy versus mechanisms– A policy defines what are or are not

allowed.– A policy is enforced by various

mechanisms (tools, methods, procedures, etc.).


10

Risk analysis

The first step in security planning is risk analysis.

A process to determine the exposures and their potential harm

The result of the risk analysis is important in securing management commitment to the security plan.

It justifies expenditures for security.


11

Risk analysis

Three steps:

1. A list of all exposures of a computing system and the expected cost of the loss

2. For each exposure, possible controls and their costs

3. A cost-benefit analysis– Does it cost less to implement a control or to

accept the expected cost of the loss?


12

Auditing

Administrators should use audit facilities provided in the systems or 3rd party auditing tools to automate the audit analysis process.

Auditing tools provide snapshots of a system’s status.

Anomalies in the audit logs indicate potential attacks or problems.


13

Auditing

Automated tools should be used to detect inconsistencies in the audit logs Intrusion Detection Systems (IDS)

The audit logs should be protected, by being sent to separate machines or written immediately to a printer.


14

Disaster recovery

When attacks and/or problems cannot be prevented, how to recover from the damage and loss should be planned in advance.

A contingency plan An incident response plan and team User awareness User notification mechanisms


15

Types of Disasters

Natural disastersflood, falling water, fire, extreme temperature

change, … Power loss Human vandals Unauthorized access and use Viruses, worms


16

Management of resources and systems

Acceptable use Accounts, passwords Files and devices Access controls Network security

– Perimeter protection– Connectivity– Remote access– Securing the hosts

backups


17

Management of Network security Perimeter protection

– Firewalls, routers, wireless access points Connectivity

– The Internet– Local backbone– A map of physical connections

Remote access– VPN for telecommuters ?– telnet, ftp, rlogin ?

Securing the hosts in the network Insiders’ attacks vs attacks from outside


18

Summary Administering the security of an

organization’s computer systems involve many issues.

An up-to-date security plan is a must. Support for the plan is necessary. A disaster response/recovery plan is

important. Periodic review and update is needed.

note1 (admi1) overview of administering security

Documents