Best IT Documents.com Blog


Sample Information Security Program

Posted in Security (1500) by Guest on the January 30th, 2010

A good Information Security Program should address all facets of IT security:

Policies, Procedures, and Processes

Network Security

Physical Security

Application Security

Identity Management

Business Continuity

Compliance

Information Sharing

Threat/Vulnerability Management

Comments Off on Sample Information Security Program

DoS Attack Details

Posted in Security (1500) by Guest on the January 25th, 2010

DoS Attack Detail

Maintaining a reliable and predictable network has become a strategic imperative for most businesses now dependent on the Internet. DoS attacks, which flood network links or Web sites with useless traffic, have become a serious threat to the reliability of critical business assets. 

In a DoS attack, the attacker installs specialized control tools to compromise computers distributed throughout the Internet. These compromised hosts, also called “zombies,” are commanded to attack a target using DoS attack tools. An attack can consist of hundreds or thousands of individual assaults that can produce enough bogus traffic to overwhelm even the biggest Web sites or the highest-capacity network links. 

The latest generation of zombies includes “Pulsing Zombies,” which send pulses of attack traffic at the intended target. The discontinuous nature of these attacks makes detection and location of these zombies far more difficult. In a recent attack attempt, the hackers conducted a dress rehearsal for their assault, during which attack traffic was directed at the target for a short period of time before a full-scale attack was launched. 

 

This detailed diagram reveals how attack traffic flows through your data center and cripples valuable networking resources. Because DoS attacks are a distributed problem, they require a distributed solution unlike firewalls and IDS products. More than 50 percent of attacks can overwhelm the standard capacity of such point solutions – in fact, flood-based attacks often overwhelm standard server capacity by as much as 1200 times. Furthermore, existing attempts to solve the DoS problem are unable to scale to Gigabit+ speeds, are unable to detect new types of DoS attacks and focus on stopping bad network traffic problems rather than preserving good customer traffic flow in the face of such an attack.

More about DoS attack trends

DoS Attack Tools
The popular tools for DoS attacks include: 

  • TFN2k: Coordinates hosts to attack a target using UDP Floods, SYN Floods, ICMP Floods, and Smurfing. 
  • Stacheldraht: Coordinates hosts to attack a target using UDP Floods, SYN Floods, ICMP Floods, and Smurfing.
  • Mstream: Coordinates hosts to attack a target using ACK floods (similar to SYN floods).
  •  trin00: Coordinates hosts to attack a target with UDP Floods. 

Ongoing Trends
DoS attacks remain a big challenge to network reliability as they become more sophisticated and prevalent. The barriers to prevent attacker activity have been steadily crumbling – available defense tools have little automation, response is expensive, and the availability of good security and network personnel is shrinking due to the demand for them. 

Degradation of Service
Known as the new DoS, a Degradation of Service attack causes a decrease in processing speed and may not initially be recognized as an attack. Businesses that pay for bandwidth on a per-usage basis will notice a increase in costs, but since the effects are not immediately and dramatically evident, the attacks may go undetected for long periods. 

Behind these new DoS attacks is the latest generation of DoS attack methods, the pulsing zombies. In a pulsing zombie DoS attack, several small, short-lived bursts of traffic from multiple sources are directed toward a single target over an extended period of time. Since the stream of traffic is transmitted intermittently by alternating zombies instead of as a long constant flow, attacks are more difficult to detect and trace. Pulsing zombie attacks have two forms:

Periodic attacks, during which an attacker launches an hour-long attack on the same target every 24 hours.  

Punctuated attacks, launched at one minute intervals. These types of attacks are not designed to cause damage and usually do not crash systems. Instead, they create a pattern of network unreliability that results in constant and consistent interruption and annoyance to legitimate traffic.

Reflector attacks
Another new trend in DoS attacks is the reflector attack. The attacker “launders” an attack by sending a packet spoofed with the victim’s source address to a third party. The third party responds by sending a response back towards the victim. If the third party is accessed using a broadcast address (as they are with the popular smurf or fraggle attacks) then third parties may amplify the attack further.

The key issue with reflector attacks is that the source address is specifically selected. Unless an IP address in the range monitored is used as a reflector, these types of attacks cannot be observed.

Ongoing Trends
DoS attacks remain a big challenge to network reliability as they become more sophisticated and prevalent. The barriers to prevent attacker activity have been steadily crumbling – available defense tools have little automation, response is expensive, and the availability of good security and network personnel is shrinking due to the demand for them. 

Degradation of Service
Known as the new DoS, a Degradation of Service attack causes a decrease in processing speed and may not initially be recognized as an attack. Businesses that pay for bandwidth on a per-usage basis will notice a increase in costs, but since the effects are not immediately and dramatically evident, the attacks may go undetected for long periods. 

Behind these new DoS attacks is the latest generation of DoS attack methods, the pulsing zombies. In a pulsing zombie DoS attack, several small, short-lived bursts of traffic from multiple sources are directed toward a single target over an extended period of time. Since the stream of traffic is transmitted intermittently by alternating zombies instead of as a long constant flow, attacks are more difficult to detect and trace. Pulsing zombie attacks have two forms: 

Periodic attacks, during which an attacker launches an hour-long attack on the same target every 24 hours.  

Punctuated attacks, launched at one minute intervals. These types of attacks are not designed to cause damage and usually do not crash systems. Instead, they create a pattern of network unreliability that results in constant and consistent interruption and annoyance to legitimate traffic. 

Reflector attacks
Another new trend in DoS attacks is the reflector attack. The attacker “launders” an attack by sending a packet spoofed with the victim’s source address to a third party. The third party responds by sending a response back towards the victim. If the third party is accessed using a broadcast address (as they are with the popular smurf or fraggle attacks) then third parties may amplify the attack further.

The key issue with reflector attacks is that the source address is specifically selected. Unless an IP address in the range monitored is used as a reflector, these types of attacks cannot be observed.

 http://www.bestitdocuments.com/Assessments.html

 

Comments Off on DoS Attack Details

ISO-17799:2000 Overview

Posted in Compliances (1300),Information Rights Management (100),Security (1500) by Guest on the January 22nd, 2010

127 controls distributed within 10 categories

    1. Information security policy
    2. Organizational security
    3. Asset classification and control
    4. Personnel security
    5. Physical & environmental security
    6. Communication & operations management
    7. Access control
    8. System development & maintenance
    9. Business continuity management
    10. Compliance

Uses a Plan/Do/Check/Act implementation and operation model that starts with a risk assessment to established the required security controls needed to adequately manage information security risks within the business processes

Used in conjunction with BS7799, it also establish documentation, revision, communication, training, auditing and continuous improvement requirements

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on ISO-17799:2000 Overview

What’s new in ISO-17799:2005

Posted in Compliances (1300),Security (1500) by Guest on the January 21st, 2010

Risk management where addressed only in part 2 document, the part 1 now includes a new chapter on ‘Risk Assessment and Treatment’ requirements

  1. ‘Asset classification and control’ evolve into a more holistic ‘Asset management’ approach
  2. ‘Personnel Security’ evolve into ‘Human resources security’ which now emphasis on what’s needed before, during and on termination of employment
  3. ‘Communication and operations management’ now includes service delivery management of 3rd parties (i.e.: outsourcer performance and security obligation monitoring)

Introduction of ‘Technical Vulnerability Management’

Incident management controls that where spread all around the previous version of the standard are now consolidated within a new chapter titled ‘Information Security Incident Management’

  • In short: 2 new control families, a new total of 135 controls, over 80 changes within the existing controls (deletion/addition/modification)
Comments Off on What’s new in ISO-17799:2005

ISO-17799 Overview

Posted in Compliances (1300),Security (1500) by Guest on the January 20th, 2010

BS7799 was created in 1999 as a two part document (standard + certification scheme) by the British Standards Institution (BSI) 

The standard portion was adopted and converted into an ISO standard in 2000 

The certification scheme portions is still a BSI only standard and it’s latest revision is dated 2002 

Many worldwide governments policies, standards, guidelines and best practices are based, inspired or in compliance with ISO17799:2000 & BS7799-2:2002 and some of them don’t even know it. 

There is a general misconception that it is not a complete standard because it lacks implementation guidelines 

Since it was built by a standard organization (BSI), the implementation guidelines where intentionally left out of the document and regroup into other specific standards and “security techniques” (i.e.: ISO13335, PAS56…)

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on ISO-17799 Overview

IT Service Management

Posted in Compliances (1300) by Guest on the January 19th, 2010

Components of an IT Service Management service

  1. HelpDesk
  2. Service Level Management
  3. Service Catalog
  4. Metering
  5. Billing
  6. Chargeback

http://www.bestitdocuments.com/Assessments.html

Comments Off on IT Service Management

Threat Modeling

Posted in Information Rights Management (100),Security (1500) by Guest on the January 18th, 2010

Threats must be understood to build secure systems 

Every spec/design goes through threat analysis 

Model of component is created 

Threats categorized based on STRIDE 

Severity ranked based on DREAD 

Stride: 

S—Spoofing 

T—Tampering of Data 

R—Repudiation  

I—information Disclosure 

D—Denial of Service  

E—Escalation of Privileges 

Dread: 

D—Damage potential 

R—Reproducibility 

E—Exploitability 

A—Affected Users 

D—Discoverability 

Comments Off on Threat Modeling

PCI Report on Compliance and Visa

Posted in Compliances (1300),Security (1500) by Guest on the January 17th, 2010

PCI Compliance Validation. European Payment Council (EPC).

Audits and Self-Assessments 

Network Scans 

Report on Compliance 

PCI Report on Compliance and Visa 

Level 1–3 Merchants 

Level 1 Merchants (via Acquirer) 

On-site PCI data security assessment completed by QSA 

Letter signed by a merchant officer 

Confirmation of report accuracy form completed by QSA 

Acquirer accepts ROC and submits confirmation ROC form and acceptance letter to Visa 

Level 1, 2, and 3 Merchants 

Acquirers responsible for ensuring quarterly network security scans for Level 1, 2, and 3 Merchants 

Quarterly network security scans may be required of Level 4 Merchants as specified by their acquirers 

Level 2 and Level 3 Merchants  

Must complete the annual PCI self-assessment questionnaire 

Level 4 Merchants may be required by their acquirers to complete the PCI self-assessment questionnaire 

Service Providers 

Level 1 and Level 2 Service Providers 

Annual self-assessment questionnaire 

Annual on-site PCI data security assessment 

Supply to the acquirer, serving as a template for the ROC 

Employ a QSA to complete the Report on Compliance 

Level 1, 2, and 3 Service Providers 

ASV performs a quarterly network scan on the Internet-facing network perimeter systems 

 Level 3 Service Providers 

Complete the annual PCI self-assessment questionnaire

 http://www.bestitdocuments.com/Assessments.html

 

Comments Off on PCI Report on Compliance and Visa

Sort IP Addresses in Microsoft Excel

Posted in Networking (340) by Guest on the January 15th, 2010
Comments Off on Sort IP Addresses in Microsoft Excel

IT Security Management

Posted in Compliances (1300),Security (1500) by Guest on the January 12th, 2010

What is Security Management. A proactively discover and detect intrusive activities/vulnerabilities 

  1. Provide real-time prevention
     
  2. Provide a multi-layered approach to intrusion defense (Host/Network)
     
  3. Integrate any event from the enterprise
     
  4. Collect, consolidate, and normalize events  across the enterprise
     
  5. Filter events, alert and notify personnel,  execute countermeasures
     
  6. Suppress meaningless data
     
  7. Correlate events to accurately identify critical security incidents
     
  8. Provide visual management – dashboard
     
  9. Provide structured incident response
     
  10. Prioritize and measure detection and resolution capabilities
     
  11. Identify and analyze important security trends and preserve data for forensics

http://www.bestitdocuments.com/Assessments.html

 

Comments Off on IT Security Management

Next Generation Real-time Network Defense

Posted in Networking (340),Security (1500) by Guest on the January 11th, 2010

Requirements: 

  1. Near Continuous Scanning 
  2. System Change Alerts 
  3. Identify “unmanaged” nodes on network 
  4. Receive frequent vulnerability updates 
  5. Ongoing monitoring for baseline compliance, vulnerabilities, and threats 
  6. Standards-based interface to firewall, anti-virus and intrusion prevention systems to support rapid shielding

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

 

Comments Off on Next Generation Real-time Network Defense

Sample RSA Server Architecture

Posted in Networking (340),Security (1500) by Guest on the January 10th, 2010

 Free – Document download

Sample RSA Server Architecture

 

Comments Off on Sample RSA Server Architecture

Leak Prevention Technology white paper

Posted in Compliances (1300),Security (1500) by Guest on the January 7th, 2010

Excellent reference:

Leak Prevention Technology white paper

http://www.percept.com/wp/Leak%20Prevention%20Technology_White%20Paper_FINAL_UPDATES%20v2.pdf

Comments Off on Leak Prevention Technology white paper

Sample Excel – CA – Spectrum Polling spreadsheet

Comments Off on Sample Excel – CA – Spectrum Polling spreadsheet

Sample Excel – Gartner Web Evaluation Tool

Comments Off on Sample Excel – Gartner Web Evaluation Tool