Upload File

information system audit - sourceforgealphapeeler.sourceforge.net/uit/2016_spring/audit/week0… ·...

  • Home
  • Documents
  • Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system
12
Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) [email protected] [email protected] alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood http://alphapeeler.tumblr.com www.twitter.com/alphapeeler [email protected] www.facebook.com/alphapeeler [email protected] abdulmahmood-sss alphasecure mahmood_cubix 48660186 [email protected] [email protected] http://alphapeeler.sf.net/me http://alphapeeler.sf.net/acms/ VC++, VB, ASP Information System Audit

Upload: hanhi

Post on 12-Apr-2018

217 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

Engr. Abdul-Rahman MahmoodMS, PMP, MCP, QMR(ISO9001:2000)

[email protected] [email protected]

alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net

pk.linkedin.com/in/armahmood http://alphapeeler.tumblr.com

www.twitter.com/alphapeeler [email protected]

www.facebook.com/alphapeeler [email protected]

abdulmahmood-sss alphasecure mahmood_cubix 48660186

[email protected] [email protected]

http://alphapeeler.sf.net/me http://alphapeeler.sf.net/acms/

VC++, VB, ASP

Information System Audit

Page 2: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system
Page 3: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

• The history of Unix and Linux

• Basic commands for getting around in the *nix environment

• How to audit Unix and Linux systems, focusing on the following main areas:

• Account management and password controls

• File security and controls

• Network security and controls

• Audit logs

• Security monitoring and general controls

• Tools and resources for enhancing your *nix audits

Objectives

Page 4: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

Everything in Unix is a file. For example, if you type in a command and press ENTER, you are actually executing a file within the system that has the same name as the command you entered. And if you attach a device, such as a printer or storage, to your Unix system, it will be represented on the system as a file.

There is only one file system within any given Unix system, and the root of that file system is the directory called /. Every directory and every file branches off this root directory. Since everything in Unix is a file, if you do a recursive listing off of the / directory, you will see every component of the system.

Key Concepts

Page 5: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

The system administrator (or superuser) account in Unix is called “root.” This account has full control over the system.

If you can alter a file that someone is executing, you can easily capture his or her account.

Key Concepts

Page 6: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

File System Layout and Navigation

Page 7: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

Common Linux / Unix Navigation Commands

Page 8: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

File System Permissions

Page 9: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

Interaction between file and directory permissions

Page 10: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

/etc/passwd, /etc/shadow, and /etc/group.

Users and Authentication

Page 11: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

The /etc/passwd file (Table 7-3) contains account information for all users. Each account on the local system will have a single line in the /etc/passwd file. The system refers to this file when a user attempts to authenticate. Lines in /etc/password have this format:

account:password:UID:GID:GECOS:directory:shell

Unix Password File

Page 12: Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week0… ·  · 2016-03-21pk.linkedin.com/in/armahmood ... and the root of that file system

…news from Magnificat Housesmhihouston.org/wp-content/uploads/2018/05/2016_Spring... · 2018-05-07 · Magnificat Houses, Inc. Houston, Texas Spring Issue, 2016 150 YOUTHS RALLY

Visualizing Networks Caffe overview Slides are now onlinegraphics.cs.cmu.edu/courses/16-824/2016_spring/slides/edges.pdf · –Great question! Last paper today, paper for Monday

Software Engineering & Project Management - SourceForgealphapeeler.sourceforge.net/pafkiet/2016FallSEPM/week03a.pdf · Software Engineering & Project Management ... Technol ogy chang

Software Engineering - SourceForgealphapeeler.sourceforge.net/uit/2015_fall/SoftEng/week10a.pdf · Only exhaustive testing can show a program is free from defects. However, exhaustive

Data Communications and Networks - SourceForgealphapeeler.sourceforge.net/uit/comp_comm_cs312... · Data Communications and Networks ... Data Rate = 1 / (T/2) ... ydata yas entities

Biogeography. Lecture 5 - ashipunov.meashipunov.me/shipunov/school/biol_330/2016_spring/lec_330_05.pdf · Plate tectonics Most important eras and periods Cryogenian period (850–635

Fast Edge Detection Using Structured Forestsgraphics.cs.cmu.edu/courses/16-824/2016_spring/slides/... · 2016-02-11 · Fast Edge Detection Using Structured Forests Piotr Doll ar,

Ellery Steals the Show - Homesteadcustomhousenewlondon.homestead.com/2016_Spring... · Wednesday, April 20, 7 PM - Brilliant Beacons: A History of the American Lighthouse, Eric Jay

Operating Systems - SourceForgealphapeeler.sourceforge.net/uit/2016_fall/CE321/week12/week12.pdf · wav, mp3 Audio Clip Windows Media Player avi, wmv Video Clib Windows Media Player

Engr. Abdul-Rahman Mahmood - SourceForgealphapeeler.sourceforge.net/uit/2015_fall/ITC/week02.pdf · Engr. Abdul-Rahman Mahmood MS, PMP, ... Stepped Drum or Leibniz Wheel ... and had

Operating Systems - SourceForgealphapeeler.sourceforge.net/uit/2016_fall/CS311/week02a.pdf · Operating Systems: Internals and Design Principles Operating systems are those programs

Week0 Differences (1)

Data Communications and Networks - SourceForgealphapeeler.sourceforge.net/uit/comp_comm_cs312... · ... mapping from data bits to signal elements. With other factors held constant,

Data Communications and Networks - SourceForgealphapeeler.sourceforge.net/uit/dc/Chapter_1_2.pdf · Mobile App Development Tools X-Code 3.2/4.0, Titanium. ADT, MS Silverlight 4, Expression

Software Engineering - SourceForgealphapeeler.sourceforge.net/uit/2015_fall/SoftEng/week4a.pdf · 2015-10-04 · Involves technical staff working with customers to find out about

Software Engineering - SourceForgealphapeeler.sourceforge.net/uit/2015_fall/SoftEng/week8b.pdf · Software Engineering Engr. Abdul-Rahman Mahmood MS, MCP, QMR(ISO9001:2000) Usman

Operating Systems - SourceForgealphapeeler.sourceforge.net/uit/2016_fall/CS311/week11.pdf · Inodes Aadministrative info for each object in the file system. Inodes reside on disk

Chapter 7 Applying Gamification to Problem Solvingksuweb.kennesaw.edu/~rguo/2016_Spring/CGDD4303/Slides/Chapter_7.pdfChapter 7 Applying Gamification to Problem Solving. Overview •

Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week01... · 2016-02-10 · Auditing An audit is an evaluation of an organization, system,

Data and Computer Communications - SourceForgealphapeeler.sourceforge.net/uit/2016_summer/NetProg/week...correct Database Driver (MySQL, Oracle etc.). The driver used has to match

Chicago Field Office - ODPSema.ohio.gov/.../2016_Spring/DiplomaticSecurityPresentation3.pdf · U.S. Department of State Diplomatic Security Service April 2016 Unclassified 1 Chicago

Information System Audit - SourceForgealphapeeler.sourceforge.net/uit/2016_spring/Audit/week07...loan of $100,000. Ally's balance sheet lists these items: Cash: $10,000, Cash Equivalents:

Covering Best PraCtiCes for the industry Sulfuric Acidh2so4today.com/wp-content/uploads/2017/12/2016_spring-summer.pdfToday.com Spring/Summer 2016 Covering Best PraCtiCes for the industry

Software Engineering - SourceForgealphapeeler.sourceforge.net/uit/2015_fall/SoftEng/week5a.pdf · 2015. 10. 4. · DFDs model the system from a functional perspective. Tracking and

Week0 Differences

Human-Computer Interaction Design - Philip Guocourses.pgbovine.net/cogs120-cse170/lectures/IntroHCI-f17-Week0.pdf · Human-Computer Interaction Design COGS120/CSE170. The goal of

Database Management System - SourceForgealphapeeler.sourceforge.net/uit/dbms_ce421_fall_2013/week06a.pdf · Recovering From a Crash There are 3 phases in the Aries recovery algorithm:

Homework 1. Due Thursday, January 21 - Texas A&M Universitypeople.physics.tamu.edu/abanov/courses/P601/2016_Spring/... · 2017-01-10 · Homework 1. Due Thursday, January 21 Problem1

PRISM & NEFT - SourceForgealphapeeler.sourceforge.net/ibp-cgb-2016/PRISM-NEFT.pdf · named as Pakistan Real-time Interbank Settlement Mechanism ... “Centralized Multilateral Netting”

Information System Audit - alphapeeler.sourceforge.netalphapeeler.sourceforge.net/uit/2016_spring/Audit/week06a.pdf · administration, network analysis, ... Configuration | Windows

Operating Systems - SourceForgealphapeeler.sourceforge.net/uit/2016_fall/CS311/week05a.pdf · 2016-10-31 · Disadvantages of ULTs In a typical OS many system calls are blocking as

Data Communications and Networks - SourceForgealphapeeler.sourceforge.net/uit/comp_comm_cs312_fall... · 2013-10-10 · Integrated Services Digital Network yIntegrated Services Digital

APPENDIX 6 SEISMIC REFRACTION METHOD › instruction › HSU › 2016_spring › ... · 2016-04-10 · APPENDIX 6 SEISMIC REFRACTION METHOD A6.1 Introduction The seismic refraction

Lab Title - Humboldt State Universitygis.humboldt.edu/.../2016_Spring/Pudlicki_Wright_2016… · Web viewHumboldt County is a coastal zone that experiences cool winters and dry summers,

Linux and Open Source - SourceForgealphapeeler.sourceforge.net/uit/2016_fall/CS311/week01a.pdf · Linux Timeline An open letter to ... The Cathedral and the Bazaar by Eric Raymond