pace-it, security+3.6: security enhancement techniques

Security enhancement techniques.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Network security enhancement techniques.

– Detection controls vs. prevention controls.

PACE-IT.

Network security enhancement techniques.Security enhancement techniques.

Network security enhancement techniques.

If properly set up and reviewed, log files are an effective tool in helping to ensure the security of any networked system.

Log files tend to generate a lot of information. Unfortunately, all to often, they are not reviewed until after a security incident has occurred. By carefully establishing the parameters that will be logged, and properly training personnel on how to review the logs, security can be enhanced.Even if an incident occurs, there is a greater possibility of it being discovered earlier if log files are reviewed on a regular basis. The earlier an incident is discovered, the easier it will be for the response team to contain the damage.



– Monitoring system logs.» Event log: records system events that usually require

user interaction.» Audit log: a summary log file of other log files that has

been configured by an administrator to record and report significant events.

» Security log: records security events that have occurred on the system.

» Access log: most network devices can log who has accessed the system and when the access occurred.

– Hardening individual systems.» Security personnel should strive to harden all systems

against attacks.• Disable unnecessary services.• Disable unnecessary user accounts.• Protect management interfaces and applications.• Use password protection on all critical systems.



– Employ network security measures.» Security personnel should strive to harden all networks

against attacks.• Implement MAC limitations and filtering on switch and

router interfaces.• Disable all unused switch and router interfaces.• Whenever possible, use strong authentication

protocols (e.g., 802.1x).• Conduct periodic site surveys, both wireless and

wired, to detect and remove rogue (non-authorized) systems.

– Establish a security posture.» An initial baseline of the security configuration must be

created and reviewed on a periodic basis. All systems brought online must meet or exceed the initial security baseline.

» Continuous security monitoring should be conducted to ensure that all systems continue to meet or exceed the baselines that have been established.

» As new vulnerabilities become known, they must be removed (remediated) and the security baseline updated.


Detection controls vs. prevention controls.Security enhancement techniques.

Detection controls vs. prevention controls.

Along with log files, there are other reporting methods that can be used to enhance the security of both a network and a facility.

Alarms should be placed on all access points to critical areas of the facility, including unmanned fire exits, server rooms, and network equipment rooms.Alerts should be enabled on all networking equipment and applications that report access, both authorized and unauthorized, to the appropriate administrator(s).When reviewing monitoring logs, security personnel should create graphs that show activity. These graphs can be used to establish current trends in use, access, security events, etc. These trend graphs make it easier to spot anomalies in activities.



– IDS (intrusion detection system) vs. IPS (intrusion prevention system).

» An IDS is a passive system that is designed to detect unauthorized system intrusions or attacks on a system.

• It is configured to only notify administrators when an event occurs.

» An IPS is an active system that is designed to detect unauthorized system intrusions or attacks on a system.

• It is configured to take specific actions upon detection of an event and to notify administrators when an event occurs.

– Camera vs. guard.» Cameras are a passive system that can be used to

detect when an intrusion or security incident has occurred at a facility.

» Guards are an active system that can be used to detect and respond to an intrusion or security incident at a facility.


What was covered.Security enhancement techniques.

If properly set up and reviewed, log files can be used to enhance the security of any networked system. Additional enhancements that can be used include: monitoring log files, hardening individual systems, employing network security measures, and establishing a security posture.

Topic


Summary

Reporting methods can be used to enhance the security of a network system or facility. Reporting methods can include: alarms, alerts, and trend reports. An IDS is a passive system used to report on security incidents within a network. An IPS is an active system used to report and act on security incidents within a network. Cameras are a passive detection system, while guards represent an active detection system within a facility.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.