![Page 1: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/1.jpg)
Security Risk Management
Eduardo Rivadeneira
IT pro
Microsoft Mexico
![Page 2: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/2.jpg)
Session Prerequisites
Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003
Knowledge of Active Directory and Group Policy concepts
Level 200
![Page 3: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/3.jpg)
Agenda
Dia 1 Comunidades Technet Mexico Entrenamiento Comunidades Mexico Essentials of Security Parte 1
Dia 2 Essentials of Security Parte 2 Security Risk Management Parte 1
Dia 3 Security Risk Managemnt Parte 2 Peguntas y Respuestas
![Page 4: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/4.jpg)
Comunidades Technet Mexico
Dia 1
![Page 5: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/5.jpg)
Comunidades en Mexico
On Line
http://groups.msn.com/itpromexico
Presénciales
Comunidad DF
IT Pro Mexico
Aida [email protected]
Victor Guadarrama [email protected]
http://itpromexico.com.mx
![Page 6: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/6.jpg)
Comunidades
Comunidad Monterrey
Carlos Alberto Morales
Astrid Rodríguez Garza
http://groups.msn.com/itpromonterrey
Comunidad San Quintín Baja California
Genaro N. Lopez Norori [email protected]
http://groups.msn.com/ITproSanQuintin
![Page 7: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/7.jpg)
Comunidades
Comunidad Guadalajara
Oscar T. Aceves Dávalos
http://groups.msn.com/itprogdl
Comunidad Coatzacoalcos
Gabriel Castillo
http://groups.msn.com/ITcoatzacoalcos
![Page 8: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/8.jpg)
Comunidades
Tijuana
Andree Ochoa
http://groups.msn.com/itprotijuana
Puebla
Jorge Garcia
http://groups.msn.com/ITICOPuebla
![Page 9: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/9.jpg)
Procedimientos Comunidades
Evento presencial
1. Enviar la información de las reuniones del siguiente mes
Lugar, fecha, hora, descripción del evento, lugar del evento
2. Confirmar que el evento este dado de alta en http://wwww.microsoft.com/mexico/eventos
3. Todos los participantes deberán registrarse vía Web en el evento y entregar su registro con el código de barra el dia del evento
4. El instructor deberá recolectar las evaluaciones y hojas de registro para entregárselas al director del área
![Page 10: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/10.jpg)
Essentials of Security
Dia 1
![Page 11: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/11.jpg)
Business Case
Business Case
Security Risk Management Discipline
Defense in Depth
Security Incident Response
Best Practices
10 Immutable Laws of Security
![Page 12: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/12.jpg)
Impact of Security Breaches
Loss of RevenueLoss of Revenue Damage to ReputationDamage to Reputation
Loss or Compromise of Data
Loss or Compromise of Data
Damage to Investor Confidence
Damage to Investor Confidence
Legal ConsequencesLegal Consequences
Interruption of Business Processes
Interruption of Business Processes
Damage to Customer Confidence
Damage to Customer Confidence
![Page 13: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/13.jpg)
2003 CSI/FBI Survey
The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises
![Page 14: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/14.jpg)
Benefits of Investing in Security
Reduced downtime and costs associated with non-availability of systems and applicationsReduced downtime and costs associated with non-availability of systems and applications
Reduced labor costs associated with inefficient security update deploymentReduced labor costs associated with inefficient security update deployment
Reduced data loss due to viruses or information security breachesReduced data loss due to viruses or information security breaches
Increased protection of intellectual propertyIncreased protection of intellectual property
![Page 15: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/15.jpg)
Security Risk Management Discipline
Business Case
Security Risk Management Discipline
Defense in Depth
Security Incident Response
Best Practices
10 Immutable Laws of Security
![Page 16: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/16.jpg)
Security Risk Management Discipline (SRMD) Processes
Assessment Assess and valuate assets Identify security risks and threats Analyze and prioritize security risks Security risk tracking, planning, and scheduling
Development and Implementation Develop security remediation Test security remediation Capture security knowledge
Operation Reassess assets and security risks Stabilize and deploy new or changed countermeasures
![Page 17: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/17.jpg)
Assessment: Assess and Valuate Assets
Asset Priorities (Scale of 1 to 10) – Example
*
* For example purposes only – not prescriptive guidance
![Page 18: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/18.jpg)
Types of threats Examples
SpoofingForge e-mail messagesReplay authentication packets
TamperingAlter data during transmissionChange data in files
RepudiationDelete a critical file and deny itPurchase a product and later deny it
Information disclosureExpose information in error messagesExpose code on Web sites
Denial of serviceFlood a network with SYN packetsFlood a network with forged ICMP packets
Elevation of privilegeExploit buffer overruns to gain system privilegesObtain administrator privileges illegitimately
Assessment: Identify Security Risks and Threats – STRIDE
![Page 19: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/19.jpg)
Assessment: Analyze and Prioritize Security Risks – DREAD
DREAD
Damage
Reproducibility
Exploitability
Affected Users
Discoverability
Risk Exposure = Asset Priority x Threat Rank
Example Worksheet
![Page 20: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/20.jpg)
Assessment: Security Risk Tracking, Planning, and Scheduling
Types of threats Examples
SpoofingForge e-mail messagesReplay authentication packets
TamperingAlter data during transmissionChange data in files
RepudiationDelete a critical file and deny itPurchase a product and later deny it
Information disclosure
Expose information in error messagesExpose code on Web sites
Denial of serviceFlood a network with SYN packetsFlood a network with forged ICMP packets
Elevation of privilegeExploit buffer overruns to gain system privilegesObtain administrator privileges illegitimately
Detailed Security Action Plans
Example Worksheets
![Page 21: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/21.jpg)
Development and Implementation
Configuration managementConfiguration management
Patch managementPatch management
System monitoringSystem monitoring
System auditingSystem auditing
Operational policiesOperational policies
Operational proceduresOperational procedures
Detailed Security Action Plans
Testing LabTesting Lab
Knowledge Documented for Future UseKnowledge Documented for Future Use
Security Remediation StrategySecurity Remediation Strategy
Production EnvironmentProduction
Environment
![Page 22: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/22.jpg)
Operation: Reassess Assets and Security Risks
New Web Site
New Web Site Internet Services
Reassess risks when there is a significant change in assets, operation, or structure
Assess risks continually
Testing LabTesting Lab
Documented KnowledgeDocumented Knowledge
Production EnvironmentProduction Environment
![Page 23: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/23.jpg)
Operation: Stabilize and Deploy New or Changed Countermeasures
System Administration
Team
System Administration
TeamNew or
ChangedCountermeasures
New orChanged
Countermeasures
Network Administration
Team
Network Administration
Team
Security Administration
Team
Security Administration
Team Production EnvironmentProduction
Environment
![Page 24: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/24.jpg)
Defense in Depth
Business Case
Security Risk Management Discipline
Defense in Depth
Security Incident Response
Best Practices
10 Immutable Laws of Security
![Page 25: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/25.jpg)
The Defense-in-Depth Model
Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success
OS hardening, authentication, patch management, HIDS
Firewalls, Network Access Quarantine Control
Guards, locks, tracking devices
Network segments, IPSec, NIDS
Application hardening, antivirus
ACLs, encryption, EFS
Security documents, user educationPolicies, Procedures, & AwarenessPolicies, Procedures, & Awareness
Physical SecurityPhysical Security
Perimeter
Internal Network
Host
Application
Data
![Page 26: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/26.jpg)
Description of the Policies, Procedures, and Awareness Layer
I think I will use my first name as
a password.
Hey, I need to configure a firewall. Which ports should I
block?
I think I will wedge the computer room door open. Much
easier.
They have blocked my favorite Web
site. Lucky I have a modem.
![Page 27: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/27.jpg)
Policies, Procedures, and Awareness Layer Compromise
Say, I run a network too. How do you configure your
firewalls?
I can never think of a good
password. What do you use?
Hi, do you know where the
computer room is?
Hey, nice modem. What's the number
of that line?
![Page 28: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/28.jpg)
Policies, Procedures, and Awareness Layer Protection
Firewall Configuration Procedure Physical Access Security Policy
User Information Secrecy Policy
Device Request Procedure
Employee security training helps users support thesecurity policy
![Page 29: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/29.jpg)
Description of the Physical Security Layer
All of the assets within an organization’s IT infrastructure must be physically secured
![Page 30: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/30.jpg)
Physical Security Layer Compromise
Install Malicious CodeInstall Malicious Code
Damage HardwareDamage HardwareView, Change, or Remove Files
View, Change, or Remove Files
Remove HardwareRemove Hardware
![Page 31: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/31.jpg)
Physical Security Layer Protection
Lock doors and install alarmsLock doors and install alarms
Employ security personnelEmploy security personnel
Enforce access proceduresEnforce access procedures
Monitor accessMonitor access
Limit data input devicesLimit data input devices
Use remote access tools to enhance securityUse remote access tools to enhance security
![Page 32: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/32.jpg)
Description of the Perimeter Layer
Business PartnerBusiness Partner
Internet Services
LAN
Main OfficeMain Office
LAN
Internet Services
Branch OfficeBranch Office
Wireless Network
LAN
Network perimeters can include connections to:Network perimeters can include connections to:
The InternetBranch officesBusiness partnersRemote usersWireless networksInternet applications
The InternetBranch officesBusiness partnersRemote usersWireless networksInternet applications
Remote UserRemote User
Internet
![Page 33: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/33.jpg)
Perimeter Layer Compromise
Business PartnerBusiness Partner
Internet Services
LAN
Main OfficeMain Office
LAN
Internet Services
Remote UserRemote User
Internet
Branch OfficeBranch Office
Wireless Network
LAN
Network perimeter compromise may result in a successful:Network perimeter compromise may result in a successful:
Attack on corporate networkAttack on remote users Attack from business partnersAttack from a branch officeAttack on Internet servicesAttack from the Internet
Attack on corporate networkAttack on remote users Attack from business partnersAttack from a branch officeAttack on Internet servicesAttack from the Internet
![Page 34: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/34.jpg)
Perimeter Layer Protection
Business PartnerBusiness Partner
Internet Services
LAN
Main OfficeMain Office
LAN
Internet Services
Branch OfficeBranch Office
Wireless Network
LAN
Remote UserRemote User
Internet
Network perimeter protection includes:Network perimeter protection includes:
FirewallsBlocking communication portsPort and IP address translationVirtual private networks (VPNs)Tunneling protocolsVPN quarantine
FirewallsBlocking communication portsPort and IP address translationVirtual private networks (VPNs)Tunneling protocolsVPN quarantine
![Page 35: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/35.jpg)
Description of the Internal Network Layer
SalesSales
Wireless NetworkWireless Network
MarketingMarketing
FinanceFinanceHuman ResourcesHuman Resources
![Page 36: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/36.jpg)
Internal Network Layer Compromise
Unauthorized Access to Systems
Unauthorized Access to Systems
Access All Network Traffic
Access All Network Traffic
Unauthorized Access to Wireless Networks
Unauthorized Access to Wireless Networks
Unexpected Communication Ports
Unexpected Communication Ports
Sniff Packets from the Network
Sniff Packets from the Network
![Page 37: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/37.jpg)
Internal Network Layer Protection
Require mutual authenticationRequire mutual authentication
Segment the networkSegment the network
Encrypt network communicationsEncrypt network communications
Restrict traffic even when it is segmentedRestrict traffic even when it is segmented
Sign network packetsSign network packets
Implement IPSec port filters to restrict traffic to serversImplement IPSec port filters to restrict traffic to servers
![Page 38: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/38.jpg)
Demonstration 1: Configuring IPSec Port Filtering
Your instructor will demonstrate how to:
Create and configure an IP Security policy that contains IPSec port filters that will be used to lock down unnecessary ports on an IIS server
View IPSec port filter properties
![Page 39: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/39.jpg)
Description of the Host Layer
Contains individual computer systems on the network
Often have specific roles or functions
The term “host” is used to refer to both clients and servers
![Page 40: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/40.jpg)
Host Layer Compromise
Exploit Unsecured Operating System
Configuration
Exploit Operating System
Weakness
Unmonitored Access
Distribute Viruses
![Page 41: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/41.jpg)
Host Layer Protection
Harden client and server operating systemsHarden client and server operating systems
Disable unnecessary servicesDisable unnecessary services
Keep security patches and service packs up to dateKeep security patches and service packs up to date
Monitor and audit access and attempted accessMonitor and audit access and attempted access
Install and maintain antivirus softwareInstall and maintain antivirus software
Use firewallsUse firewalls
![Page 42: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/42.jpg)
Windows XP SP2 Advanced Security Technologies
Network protection
Memory protection
Safer e-mail handling
More secure browsing
Improved computer maintenance
Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview
Network protection
Memory protection
Safer e-mail handling
More secure browsing
Improved computer maintenance
Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview
![Page 43: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/43.jpg)
Demonstration 2: Overview of Windows XP SP2
Your instructor will demonstrate the new and enhanced security features in Windows XP SP2:
Security Center
Windows Firewall
Internet Explorer
![Page 44: Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico](https://reader036.vdocument.in/reader036/viewer/2022070411/56649cd65503460f9499d974/html5/thumbnails/44.jpg)
Preguntas
http://groups.msn.com/itpromexico
Sección de webcast