Best IT Documents.com Blog


Sample Information Security Program

Posted in Security (1500) by Guest on the January 30th, 2010

A good Information Security Program should address all facets of IT security:

Policies, Procedures, and Processes

Network Security

Physical Security

Application Security

Identity Management

Business Continuity

Compliance

Information Sharing

Threat/Vulnerability Management

Comments Off on Sample Information Security Program

DoS Attack Details

Posted in Security (1500) by Guest on the January 25th, 2010

DoS Attack Detail

Maintaining a reliable and predictable network has become a strategic imperative for most businesses now dependent on the Internet. DoS attacks, which flood network links or Web sites with useless traffic, have become a serious threat to the reliability of critical business assets. 

In a DoS attack, the attacker installs specialized control tools to compromise computers distributed throughout the Internet. These compromised hosts, also called “zombies,” are commanded to attack a target using DoS attack tools. An attack can consist of hundreds or thousands of individual assaults that can produce enough bogus traffic to overwhelm even the biggest Web sites or the highest-capacity network links. 

The latest generation of zombies includes “Pulsing Zombies,” which send pulses of attack traffic at the intended target. The discontinuous nature of these attacks makes detection and location of these zombies far more difficult. In a recent attack attempt, the hackers conducted a dress rehearsal for their assault, during which attack traffic was directed at the target for a short period of time before a full-scale attack was launched. 

 

This detailed diagram reveals how attack traffic flows through your data center and cripples valuable networking resources. Because DoS attacks are a distributed problem, they require a distributed solution unlike firewalls and IDS products. More than 50 percent of attacks can overwhelm the standard capacity of such point solutions – in fact, flood-based attacks often overwhelm standard server capacity by as much as 1200 times. Furthermore, existing attempts to solve the DoS problem are unable to scale to Gigabit+ speeds, are unable to detect new types of DoS attacks and focus on stopping bad network traffic problems rather than preserving good customer traffic flow in the face of such an attack.

More about DoS attack trends

DoS Attack Tools
The popular tools for DoS attacks include: 

  • TFN2k: Coordinates hosts to attack a target using UDP Floods, SYN Floods, ICMP Floods, and Smurfing. 
  • Stacheldraht: Coordinates hosts to attack a target using UDP Floods, SYN Floods, ICMP Floods, and Smurfing.
  • Mstream: Coordinates hosts to attack a target using ACK floods (similar to SYN floods).
  •  trin00: Coordinates hosts to attack a target with UDP Floods. 

Ongoing Trends
DoS attacks remain a big challenge to network reliability as they become more sophisticated and prevalent. The barriers to prevent attacker activity have been steadily crumbling – available defense tools have little automation, response is expensive, and the availability of good security and network personnel is shrinking due to the demand for them. 

Degradation of Service
Known as the new DoS, a Degradation of Service attack causes a decrease in processing speed and may not initially be recognized as an attack. Businesses that pay for bandwidth on a per-usage basis will notice a increase in costs, but since the effects are not immediately and dramatically evident, the attacks may go undetected for long periods. 

Behind these new DoS attacks is the latest generation of DoS attack methods, the pulsing zombies. In a pulsing zombie DoS attack, several small, short-lived bursts of traffic from multiple sources are directed toward a single target over an extended period of time. Since the stream of traffic is transmitted intermittently by alternating zombies instead of as a long constant flow, attacks are more difficult to detect and trace. Pulsing zombie attacks have two forms:

Periodic attacks, during which an attacker launches an hour-long attack on the same target every 24 hours.  

Punctuated attacks, launched at one minute intervals. These types of attacks are not designed to cause damage and usually do not crash systems. Instead, they create a pattern of network unreliability that results in constant and consistent interruption and annoyance to legitimate traffic.

Reflector attacks
Another new trend in DoS attacks is the reflector attack. The attacker “launders” an attack by sending a packet spoofed with the victim’s source address to a third party. The third party responds by sending a response back towards the victim. If the third party is accessed using a broadcast address (as they are with the popular smurf or fraggle attacks) then third parties may amplify the attack further.

The key issue with reflector attacks is that the source address is specifically selected. Unless an IP address in the range monitored is used as a reflector, these types of attacks cannot be observed.

Ongoing Trends
DoS attacks remain a big challenge to network reliability as they become more sophisticated and prevalent. The barriers to prevent attacker activity have been steadily crumbling – available defense tools have little automation, response is expensive, and the availability of good security and network personnel is shrinking due to the demand for them. 

Degradation of Service
Known as the new DoS, a Degradation of Service attack causes a decrease in processing speed and may not initially be recognized as an attack. Businesses that pay for bandwidth on a per-usage basis will notice a increase in costs, but since the effects are not immediately and dramatically evident, the attacks may go undetected for long periods. 

Behind these new DoS attacks is the latest generation of DoS attack methods, the pulsing zombies. In a pulsing zombie DoS attack, several small, short-lived bursts of traffic from multiple sources are directed toward a single target over an extended period of time. Since the stream of traffic is transmitted intermittently by alternating zombies instead of as a long constant flow, attacks are more difficult to detect and trace. Pulsing zombie attacks have two forms: 

Periodic attacks, during which an attacker launches an hour-long attack on the same target every 24 hours.  

Punctuated attacks, launched at one minute intervals. These types of attacks are not designed to cause damage and usually do not crash systems. Instead, they create a pattern of network unreliability that results in constant and consistent interruption and annoyance to legitimate traffic. 

Reflector attacks
Another new trend in DoS attacks is the reflector attack. The attacker “launders” an attack by sending a packet spoofed with the victim’s source address to a third party. The third party responds by sending a response back towards the victim. If the third party is accessed using a broadcast address (as they are with the popular smurf or fraggle attacks) then third parties may amplify the attack further.

The key issue with reflector attacks is that the source address is specifically selected. Unless an IP address in the range monitored is used as a reflector, these types of attacks cannot be observed.

 http://www.bestitdocuments.com/Assessments.html

 

Comments Off on DoS Attack Details

ISO-17799:2000 Overview

Posted in Compliances (1300),Information Rights Management (100),Security (1500) by Guest on the January 22nd, 2010

127 controls distributed within 10 categories

    1. Information security policy
    2. Organizational security
    3. Asset classification and control
    4. Personnel security
    5. Physical & environmental security
    6. Communication & operations management
    7. Access control
    8. System development & maintenance
    9. Business continuity management
    10. Compliance

Uses a Plan/Do/Check/Act implementation and operation model that starts with a risk assessment to established the required security controls needed to adequately manage information security risks within the business processes

Used in conjunction with BS7799, it also establish documentation, revision, communication, training, auditing and continuous improvement requirements

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on ISO-17799:2000 Overview

What’s new in ISO-17799:2005

Posted in Compliances (1300),Security (1500) by Guest on the January 21st, 2010

Risk management where addressed only in part 2 document, the part 1 now includes a new chapter on ‘Risk Assessment and Treatment’ requirements

  1. ‘Asset classification and control’ evolve into a more holistic ‘Asset management’ approach
  2. ‘Personnel Security’ evolve into ‘Human resources security’ which now emphasis on what’s needed before, during and on termination of employment
  3. ‘Communication and operations management’ now includes service delivery management of 3rd parties (i.e.: outsourcer performance and security obligation monitoring)

Introduction of ‘Technical Vulnerability Management’

Incident management controls that where spread all around the previous version of the standard are now consolidated within a new chapter titled ‘Information Security Incident Management’

  • In short: 2 new control families, a new total of 135 controls, over 80 changes within the existing controls (deletion/addition/modification)
Comments Off on What’s new in ISO-17799:2005

ISO-17799 Overview

Posted in Compliances (1300),Security (1500) by Guest on the January 20th, 2010

BS7799 was created in 1999 as a two part document (standard + certification scheme) by the British Standards Institution (BSI) 

The standard portion was adopted and converted into an ISO standard in 2000 

The certification scheme portions is still a BSI only standard and it’s latest revision is dated 2002 

Many worldwide governments policies, standards, guidelines and best practices are based, inspired or in compliance with ISO17799:2000 & BS7799-2:2002 and some of them don’t even know it. 

There is a general misconception that it is not a complete standard because it lacks implementation guidelines 

Since it was built by a standard organization (BSI), the implementation guidelines where intentionally left out of the document and regroup into other specific standards and “security techniques” (i.e.: ISO13335, PAS56…)

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on ISO-17799 Overview

IT Service Management

Posted in Compliances (1300) by Guest on the January 19th, 2010

Components of an IT Service Management service

  1. HelpDesk
  2. Service Level Management
  3. Service Catalog
  4. Metering
  5. Billing
  6. Chargeback

http://www.bestitdocuments.com/Assessments.html

Comments Off on IT Service Management
Next Page »