Tuesday, July 16, 2013

Network Defence and Incident Response

In today’s ever expanding IT environment, ensuring the security of the entire IT infrastructure is a challenge to most of the IT Managers and administrators. Most of the security breaches in the network are either unknown to most of the administrators or gets detected after long time from the occurrence. This course can provide following immediate benefits to the IT professionals managing the IT infrastructure of their organizations.

Better monitoring of IT Infrastructure
Reduce risks of intrusions in the network
Effectively build and retain IT policies
Better Performance of IT resources
Expertise to handle IT security issues
Through understanding to incident response and mitigation strategies

Mandatory Pre-requisites

Basic Technical Background

Helpful Pre-requisites

Operating system and networking concepts

Information Security Goals

Five Principles to Remember

Networking Concepts

TCP/IP Vs OSI Model
Ports and Services
Port Scanning
Network Sniffing Tools
Understanding Man In The Middle Attack
Encrypted Vs Plain Text Protocols

Vulnerabilities

Introduction
Source
Types
Impact
Remediation

Malware

Introduction
Source
Types
Remediation

Corporate Network Architecture

Common Security Components

Firewalls

Firewall Rules Best Practices
Perimeter and Internal Firewalls
Commercial & FOSS firewalls
Demilitarized zones (DMZs)

IDS/IPS

Introduction
Commercial & FOSS IDS
HIPS/End-Point Security

Content Filtering

HTTP content filters
SMTP filters
Using Blacklist Databases
Anti-virus Policies
Spam filtering Techniques
Antivirus & Spam Test
Anti-relaying Configuration
Online Open-Relay Testing
Recommended policies and actions

System Analysis

Process Monitoring
File Analysis
Registry Analysis
Open Port Monitoring
Log Analysis

Utilizing Network Management Tools

Log Management

Centralized Logging
Correlation Engines

Operating System Hardening

Defense & Incident Response

Preparation
Detection
Containment
Eradication
Recovery & patching your network
Response and follow-Up
Best practices for incident handling

No comments:

Cyber Security

Cyber Security - Securing Your Business

View the latest
Copy of Advance

The official publication of ADS Group

Find out More

ADS Events

Less - + More

Cyber Security - Securing Your Business

/ Security / Cyber Security - Securing Your Business

Cyber threats to your Business
Where can you go for advice and support?
CPNI - The Full Picture

Cyber threats to your Business

Why does cyber security matter to you?

The government has classed cyber attacks as one of the four most significant risks to national security. Suppliers must recognise customer concerns and take steps to address them.
Cyber insecurity poses a real risk for companies’ reputations, bottom lines and share prices. Successful attacks can disrupt business operations and production cycles, cause products to fail, result in customers losing confidence in you as a supplier, and force you to redevelop to products.
Hostile states and competitors are interested in information on mergers and acquisitions activity, joint venture intentions, strategic direction and Intellectual Property.
Apart from the theft of sensitive business information, there is also the threat that cyber-based systems can be disrupted to prevent normal service. A denial-of-service (DoS) attack could, for example, prevent customers from accessing key websites, such as those for sales. Industrial controls systems can also be disrupted.
The cost of a cyber-security breach is estimated to be between £450,000 to £850,000 for large businesses and £35,000 to £65,000 for smaller ones.
The rise in cyber crime is most noticeable for small businesses; they’re now experiencing incident levels previously only seen in larger organisations.
As Primes take steps to improve their own cyber security, attackers are targeting companies in the broader supply chain. The supply chain is only as strong as its weakest link. All companies – and government – are in this together.

The government's '10 Steps to Cyber Security' notes that:

Information is critical to today's business

Information and the techologies that are used to store and process it are vital to the success of your business. Intellectual property, confidential or sensitive data provide a competitive advantage, one in which other less scrupulous organisations would be verk keen to get hold off. At the same time, the need to access and share information more widely, using a broad range of connecting technologies is increasing the risk to the corporate information base.

Compromise of information assets can damage companies

A single successful attack could destroy a company's financial standing or reputation. Information compromise can lead to material financial loss through loss of productivity, of intellectual property, reputational damage, recovery costs, investgative time, regulatory and legal costs.

Many players pose a risk to information

There are many types of people who pose a risk to business information assets:

Cyber Criminals - interested in making money from fraud or from the sale of valuable information
Industrial Competitors and Foreign Intelligence Services - interested in gaining an economic advantage for their own companies or countreis
Hackers - those who find interfering with computer systems an enjoyable challenge
Hacktivists - those who wish to attack companies for political or ideological motives
Employees - or those who have legitimate access, either by accident or deliberate misuse.

Examples of the impact on business

The attached PowerPoint file gives two examples which show the real impact successful cyber attacks can have on companies, including causing a loss of revenue (by forcing a company office to close for a period of time) and loss of reputation and products (by diverting items in transit). These examples are from companies in the defence sector.

Cyber attacks - examples of the impact (102.0 KB)

Where can you go for advice and support?

1. '1O Steps to Cyber Security' Guidance

The governmemt has published guidance for companies which is available here: www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility and www.gov.uk/government/publications/cyber-security-what-small-businesses-need-to-know.

2. CPNI's Cyber Risk Management Advice and Cyber Security Guidance

The Centre for the Protection of National Infrastructure (CPNI) protects national security by providing protective security advice (covering physical, personnel and cyber security) to the UK's Critical National Infrastructure (CNI). CPNI works to raise awareness at Board level as well as at a technical level across the CNI. Cyber security advice and guidance is available on the CPNI website at: www.cpni.gov.uk, for example:

Strategic and technical: 20 critical security controls for effectivecyber defence Technology-specific advice: examples include mobile devices, SCADA security and cloud computing
Personnel security advice: security culture and awareness; employee risk management and risk assessment guidance
Threat-based: examples include distributed denial of service, spear phishing, insider misuse of IT, online reconnaissance.

3. CPNI's Cyber Risk Advisory Service

The Cyber Risk Advisory Service delivers advice to senior executives and board members of the UK’s most economically important companies and academic institutions, to inform their understanding of the impact of cyber threats, and the effect on the long-term performance and competitiveness of the organisation.The in-depth support provided assists executives in reviewing their corporate risk management strategy, helping them to interpret the cyber threat and determine the organisation’s exposure (risk). This service is only available to organisations which meet specific eligibility requirements. For more information, please email enquiries@cpni.gsi.gov.uk.

4. Certified advice and providers

CESG, the information security arm of GCHQ, works closely with the cyber security industry to enable industry to provide certified cyber security services to government and to industry. These services are provided by a variety of companies including specialist SMEs, audit houses, major consultancies, and multinational companies. Services include:

Risk management consultancy through the CESG Listed Advisor scheme (CLAS): www.cesg.gov.uk/servicecatalogue/CLAS/Pages/CLAS.aspx
Penetration testing of networks and systems to assess their ulnerability to an attacker through the CHECK scheme: www.cesg.gov.uk/servicecatalogue/CHECK/Pages/index.aspx - and the industry body's equivalent run by the Council of Registered Ethical Security Testers, CREST: www.crest-approved.org
Cyber Incident Response through a twin track approach ncompassing a broadly based CREST (Council of Registered thical Security Testers) scheme endorsed by GCHQ and CPNI, and a small, focused GCHQ and CPNI scheme designed to respond to sophisticated, targeted attacks against networks of national significance. See: www.cesg.gov.uk/servicecatalogue/cir/Pages/Cyber-Incident-Response.aspx

5. Cyber Security Information Sharing Partnership (CISP)

The CISP facilitates the sharing of information and intelligence on cyber security threats in order to make UK businesses more secure in cyberspace. The CISP includes a secure online collaboration environment where government and industry (both large and SME) partners can exchange information on threats and vulnerabilities in real time. Companies can also ask for specific advice from the government's fusion cell through CISP, free of charge. www.cisp.org.uk

6. ActionFraud

Action Fraud is the UK’s single point for reporting all fraud and online financial crime. Crime can be reported online 24 hours a day, seven days a week, and the Action Fraud call centre can also be contacted to report crimes during working hours and at the weekend. When a serious threat or new type of fraud is identified, Action Fraud will place an alert on its website which contains advice for individuals and businesses to protect themselves from becoming victims of fraud. www.actionfraud.police.uk

CPNI - The Full Picture

Produced by the CPNI, the above video provides an example of the associated risks of a SME from a cyber attack.

Last modified : January 23, 2014

Way2Security

Blog Archive

Tuesday, July 16, 2013

Network Defence and Incident Response

Mandatory Pre-requisites

Helpful Pre-requisites

No comments: