Security Essentials - Day 2 Defense-In-Depth
Well, another day, another 500+ book to go through in Security Training.
Today was Defense-In-Depth day at Security Essentials Bootcamp. I really enjoyed today a lot. We finished the fundamental stuff yesterday and started hitting the ground cracking (literally).
We started with a discussion of what Defense-In-Depth entailed. We hit on multiple layers of protection, the CIA Triad, risk management and the differences between threat and vulnerabilities. Then we began a rather lengthy talk about the differences between viruses, worms and trojans, and hit on some of the big hitters from years past…Melissa, Sasser, Slammer…ahhh, the good ole days. After a brief overview of malware and it effects, we moved on to the next section.
Our next topic was Security Policies. This is a topic that I am particularly interested in because I am a 1-man shop, and our policies are not very strong, nor effective. They are about 5 years old and are in desperate need of updating. We started by ask “why does an organization need a security policy?” After figuring out that YES! we all need security policies, we moved into a discussion of how they should be used in an organization. They should start at the Mission Statement and accurately reflect the needs of the business in support your mission. We then learned the differences between policies, standards, and guidelines, and learned of the importance of documenting everything (well, duh!) This led nicely into a discussion of business continuity plans and disaster recovery plans (both of which, we don’t have…yet).
Next item up for discussion: Access controls and password management. This is another topic pretty close to me. I am in the midst of trying to mitigate the use of the administrators group and weak passwords that is rampant throughout the City. We hit on a little of Least Privilege talk, strong password talk, and password policies. Then we got to play with some password cracking software! We used Cain and Abel and John the Ripper to run some exercises in password cracking. Neither were able to crack my Administrator account password, so I was pleased (well, I did not brute force it since those take a LOOOOOONG time to run.)
After that we moved to a topic that I knew nothing about…incident handling. Being a 1-man shop, I have never really thought about a formalized process for handling different kind of incidents. But know, I have a much better handle of a framework for handling different things that might happen on a network. It even peaked my interest in forensics as a possible information security specialty down the road.
Closely related the incident handing, we talked about information warfare and how cyber attacks are becoming more and more prevalent in our world, and how we need to be prepared to defend against them.
We moved to website security for our last topic of the day. Since I don’t run any web servers, I tuned out of this talk a little. I did finally learn how cross site scripting (XSS) and SQL injections are used. I had heard a lot about both of them, but never really delved past that since I was not in charge of any web servers.
Overall, I enjoyed and learned a lot more today than Day 1. Our group is starting to come together and become friends. Tomorrow I am going to introduce them all to the Security Catalyst forums, and see if they want to join up. It is open to anyone who has an interest in information security, so if that is you…stop by and drop us a line!
Tomorrow: Internet Security Technologies
Michael
Blogged with Flock
Popularity: 100% [?]
No Comments Yet