Orange Team Overview System Admin Duties Employee Documents and Security Controls Security Threats Threat Mitigation Incident Response System Admin Duties Perform backup and restore data Add and remove users ID: 503360
Download Presentation The PPT/PDF document "System Admin Security Training" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
System Admin Security Training
Orange TeamSlide2
Overview
System Admin Duties
Employee Documents and Security Controls
Security Threats
Threat Mitigation
Incident ResponseSlide3
System Admin Duties
Perform backup and restore data
Add and remove users
Add and remove hardware and software
Configure and maintain hardware and software
General user support
Maintain documentation and licenses
Negotiate with vendors
System planning
Security managementSlide4
System Admin Duties
Monitor system resource usage and performance
Detect and correct problems
Optimize performance
Manage resources
Automate tasks
Determine and enforce usage policy
Educate users
Corporate priority liaisonSlide5
A Lot Of Things To Do…
… and it’s better to do them securely!
“Bake in” security
Can’t anticipate all problems
Can limit the problems you haveSlide6
Perform Backup and Restore Data
Encrypt backups
Secure storage
Physical access control
Environmental protections
Controlled restorations
No network connections
Clean destination (no malware)
Verified assistanceSlide7
Add and Remove Hardware and Software
Old accounts can be used as backdoor
Completely remove old access rights
Add users while adhering to…
Need-to-know
Minimum privilegeSlide8
Add and Remove Hardware and Software
Inform users of potential outages
Secure install
Configure first
Attach to network as late as possible
Secure removal
Install replacements first
Avoid loss of functionality
Dispose securely (data retrieval)Slide9
Configure and Maintain Hardware and Software
Keep copies of configurations
Configure new elements
before
attaching to network
Use standard maintenance routines
Document
Update
Verified assistanceSlide10
General User Support
Beware of social engineering
Callers provide credentials
Educate users to safeguard credentials
Do not prompt
Safeguard credentials
Do not reveal unnecessarily
Protect methods for credential creationSlide11
Maintain Documentation and Licenses
Document procedures
New SA education
Consistency
Audit Assurance
Do not use illegitimate software
Cheaper
Unethical
Illegal
InsecureSlide12
Negotiate With Vendors
Licensed products can get expensive
Minimize the cost of secure behavior
Vendor relationships are important
Inform them of security concerns
Request new products/solutions
Receive updated hard/firm/software
Continued business is valued and will be rewardedSlide13
System Planning
Scaling
Security problems and solutions scale differently
New node = new possible failure
New AV != more secure
Assessing new technology
Anticipate problems
“Shinier” does not mean “safer”
Anticipating and avoiding problems
Malware/attack trends
Follow day-to-day guidelines strictlySlide14
Security Management
“An ounce of prevention is worth a pound of cure.”
Prioritize security
Ideal management solution
Simple
Reproducible
Covers security needs
Your job,
not
the usersSlide15
Monitor System Resource Usage and Performance
Do not invade privacy
Use data to…
Identify future purchases
Notice potential threats
Excessive or unusual usage
Antivirus logs
Ensure expectations are met (SLA)Slide16
Detect and Correct Problems
Use system monitoring devices
Preemptive corrections
Patching
Updating
Upgrading
Reactive corrections
See incident responseSlide17
Optimize Performance
Users get frustrated with poor system performance
Users will optimize for themselves
Non-compliance
Installing adware/freeware
Working around slow or ineffective processes
Don’t optimize by removing/compromising securitySlide18
Manage Resources
Know what you have and use
Bad situations
Unaccounted-for router on network
Unconfigured workstation
Ordering unneeded license keys
Wasting resources leads to budget cuts and layoffs
Misplacing resources leads to vulnerabilitiesSlide19
Automate Tasks
Script day-to-day tasks
Focus extra time on harder tasks
Don’t
introduce security holes
Unauthorized use of privileged scripts/programs
Scripts disabling security features
Testing/Debugging/Configuration programs used on ‘live’ networkSlide20
Determine and Enforce Usage Policy
Correct usage is essential
Meaningless without enforcementSlide21
Educate Users
A smart user is a safe user
Eliminate “low hanging fruit”
Social engineering
Bad links
Phishing emails
Removal mediaSlide22
Corporate Priority Liaison
Competing goals
Management’s budget
Your security
Customer’s service needs
Employee convenience
Security needs to win
Sell to management
Educate usersSlide23
Employee Documents
Acceptable Use Policy (AUP)
Service Level Agreement (SLA)
Non-Disclosure Agreement (NDA)
Employee Contract
Your
responsibility to enact if there are no documents.Slide24
Security Controls
Need-to-know
Security awareness training
Separation of duties
Job rotation
Vacations
Auditing/reviewsSlide25
Security Threats
External
Hacking
E-mail attacks
Internal
Malware
Ignorance
InsiderSlide26
Security Threats: Hacking
Exploitation of web services
Poorly configured gateways
Use of backdoors
Social engineering
Previous intrusion
Internal corroboratorSlide27
Security Threats: E-mail
Phishing
Spam
Trojans
VirusesSlide28
Security Threats: Malware
Many sources
Hacking
Insider
Ignorance
Spreads quickly
Use up resourcesSlide29
Security Threats: Ignorance
Clicking bad links
Poor e-mail discretion
Downloading malware
USB attacksSlide30
Security Threats: Insider
Usually hardest to detect
They know the system
Sometimes privileged user
Disgruntled employee
Abuse of trustSlide31
Threat Mitigation
Preparation
Security practices
Education
Incident Response Plan
If none, create one
Form a Computer Security Incident Response Team
Individuals capable of correct response
Include members of managementSlide32
Incident Response
Identify
Initial Response
Record basic details
Assemble CSIRT
Notify important individuals
Formulate strategy
Investigate
Thorough data collection
Determine what/who/how
Report
ResolveSlide33
Rules T
o Work By
A smart user is a safe user
Policy enforcement is the first step to a secure system
Put security first in everything you doSlide34
Bibliography
Mandia
, Kevin, Chris
Prosise
, and Matt
Pepe
.
Incident Response & Computer Forensics
. Second ed.
N.p
.: Brandon A.
Nordin
,
n.d.
11-32. Print.