Comptia alert for performance based questions on new Comptia tests.
http://certification.comptia.org/news/12-08-07/CompTIA_Exams_to_Include_Performance-Based_Questions.aspx
My take on Network IT Security issues and events.
Monday, August 20, 2012
Wednesday, May 16, 2012
Part II – Security Policy, SMB - Security Is At The Forefront
For a lot of SMB’s a good security policy is the basis for a
strong network defense. However for
those companies who have not designed and implemented a security policy within
their organizations, security issues are lying in wait.
A security policy is the backbone and foundation for
information security. However in this day
and age some SMB’s have ignored or not kept up with current security concerns
and their policy or lack of policy may allow for a severe security breach. This may in fact prove fatal for a SMB.
In Part II of my series for SMB, I am going to look at what makes a good security policy.
1. Executive Management Buy In
All security policies should begin with an executive management summary that includes the purpose, direction and approval of the policy. This informs IT as well as employees that security is supported in all aspects of the business. Security needs to be addressed from a top down approach when it pertains to support. By supporting security initiatives from this approach employees know that security is not only implemented but supported at all levels.
2. Policies
In Part II of my series for SMB, I am going to look at what makes a good security policy.
1. Executive Management Buy In
All security policies should begin with an executive management summary that includes the purpose, direction and approval of the policy. This informs IT as well as employees that security is supported in all aspects of the business. Security needs to be addressed from a top down approach when it pertains to support. By supporting security initiatives from this approach employees know that security is not only implemented but supported at all levels.
2. Policies
A security policy is actually a collection of
different types policies put together to create one policy. The other types of policies are created from
different areas that need to be secured, such as identification,
authentication, authorization and auditing.
Other types of policies would
include a user access policy, password policy, vpn policy, remote access
policy, wireless policy and acceptable use policy. Each one of these policies would address a certain
set of guidelines and procedures when implementing these technologies.
3) Standards
Each policy will have standards of how the technology can be implemented. Standards are important because they allow us to measure by a metric. For example, if the password policy has a minimum length of 8 characters, then when we set passwords we have a value to measure if we have met the standard.
4) Guidelines
As mentioned earlier, each policy may also have a set of guidelines. Guidelines are helpful because they allow us to implement technology with variables that may differ from one area to another area. Guidelines provide a range of values because if we set a standard it may not be appropriate for that technology. An example of a guideline would be the types of hardware purchased for laptops. No one laptop may fit all the needs so guidelines are put in place to ensure secure hardware is purchased.
5) Procedures
These are the details that go along with every policy that explains the how, who, what and when of how the technology is implemented. An example of a set of procedures would be how a Cisco wireless thin client would be installed and managed.
6) Acceptable Use Policy
This is part of the security policy that informs everyone on how company assets and resources are to be used inside and outside of the company. The acceptable use policy has guidelines, procedures and standards from how you can use a company laptop to where you can go on the internet. It is important that companies ensure this is updated and employees are made aware of changes.
3) Standards
Each policy will have standards of how the technology can be implemented. Standards are important because they allow us to measure by a metric. For example, if the password policy has a minimum length of 8 characters, then when we set passwords we have a value to measure if we have met the standard.
4) Guidelines
As mentioned earlier, each policy may also have a set of guidelines. Guidelines are helpful because they allow us to implement technology with variables that may differ from one area to another area. Guidelines provide a range of values because if we set a standard it may not be appropriate for that technology. An example of a guideline would be the types of hardware purchased for laptops. No one laptop may fit all the needs so guidelines are put in place to ensure secure hardware is purchased.
5) Procedures
These are the details that go along with every policy that explains the how, who, what and when of how the technology is implemented. An example of a set of procedures would be how a Cisco wireless thin client would be installed and managed.
6) Acceptable Use Policy
This is part of the security policy that informs everyone on how company assets and resources are to be used inside and outside of the company. The acceptable use policy has guidelines, procedures and standards from how you can use a company laptop to where you can go on the internet. It is important that companies ensure this is updated and employees are made aware of changes.
If you would like to get some more information of creating a security policy and download some templates for the creation of different types of policies try SANS: Information Security Policy Templates
Next month in part 3, I will be discussing how SMB’s can implement and improve security awareness.
Thank you and if you have any questions during the series please feel free to email me at wpruett@centriq.com
Tom Pruett
Network Security Engineer/Senior Technical Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL
7 2000, 2005, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+,
Security+
Friday, March 30, 2012
Part I - Threats and Vulnerabilities, SMB - Security Is At The Forefront
SMB's share a lot of similarities with large enterprises when it comes to IT Security. Those similarities include confidentiality of data, preventing unauthorized access and ensuring availability of data. However, enterprises have the resources such as security personnel to ensure these objectives are achieved. SMB's have the same threats and vulnerabilities except they may or may not have the the personnel or knowledge that these threats and vulnerabilities may even exist or that they may even be effected by them.
In Part I of of my "SMB - Security Is At The Forefront" series I am going to explore the unique challenges presented by threats and vulnerabilities for SMB's.
I. Security Policies - The Key
Whenever I do a security audit for a SMB, the first thing I find is the lack of a specific security policy. I either find no policy or only a statement in the employee handbook about the AUP (Acceptable User Policy). This is not enough in this day and age to ensure a secure environment. First, the owner or owners need to understand that security is important and that their acceptance and support of a security policy is first and foremost. A written policy explaining the policies, baselines, standards, procedures and who is responsible for security should be created so everyone understands what is to be expected with regards to security.
II. Patching Control
Most SMB's do not have a managed patching system. By this I mean a centralized method of controlling when and what patches are applied to OS's and applications. Most SMB's rely on Windows Update to individually update the OS, however it is up to the individual to ensure the updates are applied. This can mean a workstation might not be updated and have a serious vulnerability. A major component to a secure system is ensuring that all systems are up to date with the latest patches. This includes a process that ensures that patches and updates are tested and rolled in a timely fashion. This can be done easily and effectively by WSUS (Windows Server Update Service). Also, ensuring a set of procedures to audit to ensure all systems are up to date is very important.
Weak Passwords
This is one of the biggest vulnerabilities for a SMB. A lot of SMB's have weak password policies or none at all. Employees are allowed to create passwords on their own for their workstations without any guidelines nor are they made to change them. Also, in some cases there is no password on the system at all. A strong password policy is crucial to securing a system. All employees should be required to have passwords that are at least 8 characters, have a number and a character and should be changed at least every 45 days.
Default Accounts
The use of default accounts is also sometimes an issue. By this I mean workstations have just a default account on them such as administrator or guest with no password. This allows anyone to use the system with minimal or no controls creating a vulnerability whereas a hacker or employee could exploit the machine.
Physical Controls
Since most SMB's only have a few offices, there may not be a great need for locks and door security since this is usually done. However security to the IT closet or where the servers are located needs to be addressed. Normally having only a few devices does not negate the fact that all servers, routers, switches and firewalls need to be in a secure place and have limited access.
Wireless - Rouge Access Points, Weak Wireless Security
Sometimes SMB's will employ wireless solutions just as they would as if they were installing one at home. This can be a serious concern because business wireless should not be treated like home wireless. Business wireless should be concerned with getting connectivity with secure protocols and most importantly controlling access to the wired network. Basic installation and lack of controls on the use of the wireless usually lead to a security breach.
Lack of Security Awareness
Owner and employees need to be aware of secure practices when doing their job. All employees should understand the impact on the company if they are working on a computer regardless if it is connected to a network. Having a good understanding of secure practices will help protect the company from most security breaches.
Next month in part 2, I will be discussing most specifics on how to create a SMB security policy.
Thank you and if you have any questions during the series please feel free to email me at wpruett@centriq.com
Tom Pruett
Network Security Engineer/Senior Technical Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
In Part I of of my "SMB - Security Is At The Forefront" series I am going to explore the unique challenges presented by threats and vulnerabilities for SMB's.
I. Security Policies - The Key
Whenever I do a security audit for a SMB, the first thing I find is the lack of a specific security policy. I either find no policy or only a statement in the employee handbook about the AUP (Acceptable User Policy). This is not enough in this day and age to ensure a secure environment. First, the owner or owners need to understand that security is important and that their acceptance and support of a security policy is first and foremost. A written policy explaining the policies, baselines, standards, procedures and who is responsible for security should be created so everyone understands what is to be expected with regards to security.
II. Patching Control
Most SMB's do not have a managed patching system. By this I mean a centralized method of controlling when and what patches are applied to OS's and applications. Most SMB's rely on Windows Update to individually update the OS, however it is up to the individual to ensure the updates are applied. This can mean a workstation might not be updated and have a serious vulnerability. A major component to a secure system is ensuring that all systems are up to date with the latest patches. This includes a process that ensures that patches and updates are tested and rolled in a timely fashion. This can be done easily and effectively by WSUS (Windows Server Update Service). Also, ensuring a set of procedures to audit to ensure all systems are up to date is very important.
Weak Passwords
This is one of the biggest vulnerabilities for a SMB. A lot of SMB's have weak password policies or none at all. Employees are allowed to create passwords on their own for their workstations without any guidelines nor are they made to change them. Also, in some cases there is no password on the system at all. A strong password policy is crucial to securing a system. All employees should be required to have passwords that are at least 8 characters, have a number and a character and should be changed at least every 45 days.
Default Accounts
The use of default accounts is also sometimes an issue. By this I mean workstations have just a default account on them such as administrator or guest with no password. This allows anyone to use the system with minimal or no controls creating a vulnerability whereas a hacker or employee could exploit the machine.
Physical Controls
Since most SMB's only have a few offices, there may not be a great need for locks and door security since this is usually done. However security to the IT closet or where the servers are located needs to be addressed. Normally having only a few devices does not negate the fact that all servers, routers, switches and firewalls need to be in a secure place and have limited access.
Wireless - Rouge Access Points, Weak Wireless Security
Sometimes SMB's will employ wireless solutions just as they would as if they were installing one at home. This can be a serious concern because business wireless should not be treated like home wireless. Business wireless should be concerned with getting connectivity with secure protocols and most importantly controlling access to the wired network. Basic installation and lack of controls on the use of the wireless usually lead to a security breach.
Lack of Security Awareness
Owner and employees need to be aware of secure practices when doing their job. All employees should understand the impact on the company if they are working on a computer regardless if it is connected to a network. Having a good understanding of secure practices will help protect the company from most security breaches.
Next month in part 2, I will be discussing most specifics on how to create a SMB security policy.
Thank you and if you have any questions during the series please feel free to email me at wpruett@centriq.com
Tom Pruett
Network Security Engineer/Senior Technical Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Sunday, February 12, 2012
SMB - Security Is At The Forefront
As a IT consultant to several SMB's (Small Medium Business), I talk to owners everyday about their needs and concerns about their IT infrastructure. Most of the time the conversation is about increasing productivity through the use of technology. Right now the hot topic there is cloud technology. They feel they need to be more efficient with processes and avoid creating redundancy. The one thing that is not a big topic is security.
No offense to SMB's but I am not sure that these owners are fully aware of what is really going on with cyber-security. A lot of small and medium shops treat their IT security as if they have nothing to worry about. Now I am not here to say that all of them are not security aware, however they read something in the news about a security breach at a large company but think that will never happen to them. Hackers do not discriminate. If you have data and a internet presence you are a target.
The key to SMB security is to synergize business objectives and productivity with security. Just because you lock down your IT infrastructure does not mean you cannot do business. You just have to find a way that works best for your company. Its easy to be productive if you have no controls on the infrastructure, however its the lack of those controls that could produce a security breach or incident that will cause you not to be productive. I believe there is a way for all of these areas to coexist.
SMB security has some challenges that are different from enterprise security. Sometimes SMB IT personnel are great administrators but may be unaware of security threats that may exist. They are in charge of a lot of areas for the business and there is no security department like in enterprise companies to help them. Therefore while they are solving business needs and doing day to day brake it and fix there is just not the time to maintain up to date security.
So what is a SMB to do? Where do they start? Over the next month and a half I am going to be exploring 6 key areas for SMB security.
Key Areas of SMB Security
1) SMB Threats and Vulnerabilities
2) Security Policy
3) Security Awareness
4) Internet Access
5) BOD (bring your own device) Security
6) Auditing Administrative, Technical, and Physical controls
Hopefully if you are a SMB this series may get you to re-evaluate your security needs and have a better understanding of your security needs.
Thank you and if you have any questions during the series please feel free to email me at wpruett@centriq.com
Tom Pruett
Network Security Engineer/Senior Technical Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
No offense to SMB's but I am not sure that these owners are fully aware of what is really going on with cyber-security. A lot of small and medium shops treat their IT security as if they have nothing to worry about. Now I am not here to say that all of them are not security aware, however they read something in the news about a security breach at a large company but think that will never happen to them. Hackers do not discriminate. If you have data and a internet presence you are a target.
The key to SMB security is to synergize business objectives and productivity with security. Just because you lock down your IT infrastructure does not mean you cannot do business. You just have to find a way that works best for your company. Its easy to be productive if you have no controls on the infrastructure, however its the lack of those controls that could produce a security breach or incident that will cause you not to be productive. I believe there is a way for all of these areas to coexist.
SMB security has some challenges that are different from enterprise security. Sometimes SMB IT personnel are great administrators but may be unaware of security threats that may exist. They are in charge of a lot of areas for the business and there is no security department like in enterprise companies to help them. Therefore while they are solving business needs and doing day to day brake it and fix there is just not the time to maintain up to date security.
So what is a SMB to do? Where do they start? Over the next month and a half I am going to be exploring 6 key areas for SMB security.
Key Areas of SMB Security
1) SMB Threats and Vulnerabilities
2) Security Policy
3) Security Awareness
4) Internet Access
5) BOD (bring your own device) Security
6) Auditing Administrative, Technical, and Physical controls
Hopefully if you are a SMB this series may get you to re-evaluate your security needs and have a better understanding of your security needs.
Thank you and if you have any questions during the series please feel free to email me at wpruett@centriq.com
Tom Pruett
Network Security Engineer/Senior Technical Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Thursday, February 9, 2012
The Need For Forensics - Finding The Why and The How In Security
Computer forensics has been around ever since crimes were first committed by using computers. People have stolen money, information and disabled businesses all while thinking they are the smarter criminal since they are using an electronic device. So what happens when law enforcement is notified of a cyber crime or IT security is notified of a security breach? Every crime or security breach is investigated and goes through a computer forensic process. Law enforcement and IT security are trained as computer forensic specialists to try and find out not only the why a crime or breach was committed but also how it was done.
Forensics is the first part of a good incident response plan. It is the first action item that is performed during the IRP when a crime or breach is detected. It is also the most crucial. In the last 10 years computer forensics has come along way. New tools and techniques have been developed to help not only law enforcement but also security professionals in the private sector. Computer forensics is more than just using your troubleshooting skills or break it and fix skills. Its about using that knowledge in a methodical way to prepare a hypothesis about an event. Maybe its finding out how someone got a password for accessing files that they were not authorized to see or even how they developed a script to change a time sheet remotely. Regardless of the event, there is always a need for a computer forensic professional.
There are two main areas of forensics we deal with in IT security. One is the network and the other is the host. Each area has different methodologies and tools we use to dissect the why and the how. Also each area has its different areas of expertise and knowledge. To understand how a security event happened in forensics you have to first understand how the network or host is suppose to work. This is where training and experience play a crucial role in becoming a computer forensic investigator.
For over 7 years I have taught Eccouncil's Certified Hacking Forensic Investigator (ChFI) course. In March of 2012 Eccouncil will be bringing out a new version 8 of ChFI. This course will be bringing a fresh perspective for those interested in getting into computer forensics. The course will have plenty of hands on learning as well as an introduction into a wealth of forensic tools. The major premise behind using the tools in the labs is to get a base understanding of the forensic process which includes:
Hope to see you there.
Tom Pruett
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Forensics is the first part of a good incident response plan. It is the first action item that is performed during the IRP when a crime or breach is detected. It is also the most crucial. In the last 10 years computer forensics has come along way. New tools and techniques have been developed to help not only law enforcement but also security professionals in the private sector. Computer forensics is more than just using your troubleshooting skills or break it and fix skills. Its about using that knowledge in a methodical way to prepare a hypothesis about an event. Maybe its finding out how someone got a password for accessing files that they were not authorized to see or even how they developed a script to change a time sheet remotely. Regardless of the event, there is always a need for a computer forensic professional.
There are two main areas of forensics we deal with in IT security. One is the network and the other is the host. Each area has different methodologies and tools we use to dissect the why and the how. Also each area has its different areas of expertise and knowledge. To understand how a security event happened in forensics you have to first understand how the network or host is suppose to work. This is where training and experience play a crucial role in becoming a computer forensic investigator.
For over 7 years I have taught Eccouncil's Certified Hacking Forensic Investigator (ChFI) course. In March of 2012 Eccouncil will be bringing out a new version 8 of ChFI. This course will be bringing a fresh perspective for those interested in getting into computer forensics. The course will have plenty of hands on learning as well as an introduction into a wealth of forensic tools. The major premise behind using the tools in the labs is to get a base understanding of the forensic process which includes:
- Search and seizure
- Secure a crime scene
- Documenting the chain of custody
- Acquiring electronic evidence and secure transportation of evidence
- Examine and analyze forensic images using sound methodology
- Design your review strategy of the e-evidence and interpret and draw inferences based on facts gathered from the e-evidence.
- Prepare a report on your analysis and findings
- Expert witness
Hope to see you there.
Tom Pruett
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Sunday, January 8, 2012
Where is security training going in 2012?
As the new year comes upon us, vendors are rolling out some new or updated courses for the beggining of 2012, but what type of training is right for you or what new courses are woth the time and money? The answer depends on what area of security you want to pursue. I always recommend having a very sound understanding of the basics in networking and operating systems if you are getting into security for 2012. As for those of you who already work in security, there are some new and updated courses coming out for 2012 that are very exciting.
One of the things you need to look at is does the course help me understand the security concepts and does the course provide a hands on example for reference. Some courses discuss a concept but then nothing to really help solidify the concept such as an example. Also, if you are looking for the latest and greatest in concepts and examples, most vendor classes are about 6 months to a year behind. It is up to the instructor to provide up to date examples for current concepts. The instructors background and experience play a major role in filling in the gaps.
So what are the up to date and new courses for 2012?
Updated Courses
Network+ -
CompTIA has update the Network+ for 2012 with a more of an emphasis on technologies and how they relate to the OSI model. I like the fact that they have made more of an emphasis on the areas of SANS and WANS. However I would say that the course still covers 85% of the previous objectives. It is not really a huge upgrade, more of an incremental update.
CEH version 7.1
Eccouncil has brought out new revision from their version 7.0 of this class. This is a major update with even more update labs and content than the previous version 7.
New Courses
CSAP
This is a new course from Comptia intended to focus on the 10 year security veteran. It focuses a lot on Enterprise LAN and WAN security. As of this writing not to much is known about the CSAP and it may be a while before we know anything more definitive.
One of the things you need to look at is does the course help me understand the security concepts and does the course provide a hands on example for reference. Some courses discuss a concept but then nothing to really help solidify the concept such as an example. Also, if you are looking for the latest and greatest in concepts and examples, most vendor classes are about 6 months to a year behind. It is up to the instructor to provide up to date examples for current concepts. The instructors background and experience play a major role in filling in the gaps.
So what are the up to date and new courses for 2012?
Updated Courses
Network+ -
CompTIA has update the Network+ for 2012 with a more of an emphasis on technologies and how they relate to the OSI model. I like the fact that they have made more of an emphasis on the areas of SANS and WANS. However I would say that the course still covers 85% of the previous objectives. It is not really a huge upgrade, more of an incremental update.
CEH version 7.1
Eccouncil has brought out new revision from their version 7.0 of this class. This is a major update with even more update labs and content than the previous version 7.
New Courses
CSAP
This is a new course from Comptia intended to focus on the 10 year security veteran. It focuses a lot on Enterprise LAN and WAN security. As of this writing not to much is known about the CSAP and it may be a while before we know anything more definitive.
Good luck in 2012 and hope you have a great year.
Tom
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Subscribe to:
Posts (Atom)