SlideShare a Scribd company logo

It Audit And Forensics

J
JED Consulting Services LLC

The document provides an overview of a proposed IT audit training plan covering topics such as IT risk assessment, general controls, network controls and security, auditing different operating systems, internet controls and security, and putting the training together. The plan includes assessing IT risks, benchmarking against peers, and developing audit plans. Network security, wireless and VPN audits are discussed. Controls for Unix, Windows, and internet security are also outlined. The training concludes with presentations on findings and next steps.

1 of 70
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
IT Audit and Forensics Proposed Training Plan for Tribal Internal Audit Prepared by John Donnelly
Training Plan IT Risk Assessment A New Approach to General Controls Network Controls and Security Control and Security of UNIX Auditing Windows Internet Control and Security Putting It All Together
The IT Risk Assessment IT risk universe Historical risk models Understanding new IT risks Technical Risk assessment Creating an IT Audit Plan Timing and Budgets Presenting the plan to management
The IT Risk Assessment It certainly isn’t news that our organization is confronted with risk every day. In fact, how we identify and deal with risk is key to our success. Companies without best practice risk management implemented consistently across the enterprise will significantly under perform their peers.
The IT Risk Assessment The logic is simple. Just like the solution. Risk is too important to leave to chance. We need an integrated risk management effort. Do we have a holistic approach to enterprise risk management?
Senior Management Decide to Change Recognize and communicate the urgency to change information management practices Get line management involved and create ownership. Take action and maintain momentum.
Direct Change Anchor strategic planning in customer needs and mission goals Measure the performance of key mission delivery processes Focus on process improvements in the context of an architecture Manage IS projects as investments Integrated the planning, budgeting and evaluation processes
Support Change Establish customer/supplier relationship between line and IS professionals Position a chief information officer as a senior management partner. Upgrade skills and knowledge of line management and IS professionals.
Benefits of Change Increased productivity Improved customer service Higher returns on IS investments Lower risks of failure, delay, and overspending
The IT Risk Assessment Benchmark our current risk profile, processes and spending vs. our peers, industry, and best practices Assess and analyze threats and vulnerabilities, and their potential impact including financial consequences of loss Develop plans for organization, governance, strategy, architecture, business continuity , disaster recovery and crisis management
IT Risk Assessment Strategy Policies and procedures Information management practices Information systems organizational Structure
Strategy Mission Statements Strategic Planning IS budgeting IS Planning or steering committee Monitoring techniques Total Quality Management Management techniques
Policies and Procedures IS Purchasing policies Human resource policies Security/privacy policies Standards
Standards COBIT ISO17799 NIST SANS NSA CIS
Information Management Practices IS Quality assurance Security awareness program Personnel practices IS Purchasing practices
Organizational Structure Organizational Structure Job description Segregation of duties and responsibilities Organizational change management IS internal audit function IS quality assurance
A New Approach to General Controls Physical security post 9/11 Logical security in a hacker infested world Business continuance-surviving and thriving when others fail Disaster preparedness– when all else fails, planning prevails Storage management- protecting your assets
A New Approach to General Controls Evaluating IT organizational effectiveness Risk/Control tables
A New Approach to General Controls Business Process Evaluation and Risk Management Disaster Recovery and Business Continuity Protection of Information Assets
Protection of Information Assets Importance of Information Security Management Logical Access Exposures and Controls Auditing Information Security Management and Logical Access Issues and Exposures Network Infrastructure Security Environmental Exposures and Controls
Importance of Information Security Management Ensure the integrity of information stored on their computer systems Preserve confidentiality of sensitive data Ensure the continued availability of their information systems Ensure conformity to laws, regulations and standards
Key Elements of Information Security Management Policies and Procedures Organization Data Classification System Access
Key Elements of Information Security Management: Organization Executive Management Security committee Data owners Process owners IT developers IS auditors Users
Data Classification Who has access rights Who is responsible for determining access rights and access levels What approvals are needed for access
System Access Security, Awareness and education Monitoring and Compliance Incident Handling and response
Information Security Management Standards Privacy Impact Analysis Identifying the nature of personally identifiable information associated with business processes Document the collection, use, disclosure and destruction of personally identifiable information Providing management with a tool to make informed policy, operations and system design decisions based on an understanding of privacy risk and options available
Risk Management Domains Security: Focuses on security and privacy concerns including cryptography, confidentiality, integrity, availability and more Systems and Technology: Enabling technologies for customer and supplier chain support and highlights integrated software solutions and trends in technology
Risk Management Domains Strategy-Critical business strategic issues such as setting strategic direction, analyzing competitors, and leveraging information technology Organization and Competencies- Aspects as whether organization requires new skills, new competencies
Risk Management Domains Performance Management – How an organization plans, measures, monitors, and controls the performance of its business capabilities and function
Network Control and Security Auditing the Carriers Understanding and auditing communications alternatives Auditing network equipment and configuration Auditing the wire-based intranet Auditing dial up access
Network Management Systems Review Audit Objectives To review the adequacy of administrative procedures. To assess the effectiveness of the configuration management function To assess the network security function To assess the adequacy performance management system
Network Administration Obtain a copy of organization chart for the telecommunications and network function Inquire whether segregation of duties is available Understand the type of network services being used. Take an inventory of data circuits and terminals
Network Administration Review network traffic volumes for identifying trends. Inquire whether network balancing procedures are being practiced Determine whether backup and recovery procedures for the network are included? With the use of audit software determine connect time, the type and volume
Configuration Management Review the adequacy of network configuration procedures for the following situations When network components malfunction When nodes are added to or removed from networks Confirm that network management has adequate procedures to address the following conditions To diagnose and remedy performance degradation problems in order to provide quality and reliable service to system users
Network Security Determine whether access can be restricted to a specific time of day with automatic time zone adjustment Confirm that access can be restricted Ensure that a user ID and password are required to reconnect a session
Network Terminal Expansion System Determine whether the terminal expansion system has the ability to Produce an audible alarm when changes occur in a hidden session Provide duplex support which allows concurrent access to a single session from two physical terminals
Network Control and Security Auditing wireless networks Auditing VPN networks Mapping the network Trading partner connectivity Network Management and operations Network incident management
Auditing Wireless Networks Introduction to the Wireless Community Wireless Internet Internet Security
Introduction to the Wireless Community Trends Faster bandwidth connections to the World Wide Web Higher clock speed process New breakthroughs in wireless technology There are now around 200 million internet users in the United States alone. And half of them are wireless.
Wireless Internet Wireless technology uses radiation as it means of transmitting date through space. Specifically, wireless technology uses electromagnetic radiation to transmit data, because it does not require a medium to transfer the energy from one point to another. The set of evolutionary IEEE standards, 802.11 is designated as the Wireless LAN Working Group.
How Wireless Access Protocol Works Takes requests Sends it to the gateway Optimize the Network Translation
Why WAP? Wireless networks present a constrained communication environment. Due to fundamental limitations of power, available spectrum, and mobility wireless data networks tend to have Less bandwidth More latency Less connection stability Less predictable availability
WAP Security Specifies a framework for secure connections, using protocol elements from common Internet security protocols like SSL and TLS Provides security facilities for encryption, strong authentication, integrity , and key management
WAP Security Provides end-to-end security between protocol end points Lightweight and efficient protocol with respect to bandwidth, memory and processing power Employs special adapted mechanisms for wireless usage: Long lived secure sessions
Internet Security No security backbone Security has become a big issue Wired Equivalent Privacy (WEP) was one of first wireless security encryptions designed to protect Wide Local Area Networks from unauthorized users. This protocol uses security keys that are created within the router and then encrypted.
Operating Systems Operating System overview Windows Mainframe UNIX ( HP, Solaris, AIX) What are some tools and resources Common Vulnerabilities
Control and Security of Unix Understanding UNIX System Command Directories File systems The Super-user UNIX communications UNIX security Using audit scripts Risk/Control tables Unix Audit Guide
Understanding UNIX To understand how numerous attacks function, we must have a basic understanding of the UNIX operating system because it so popular both as a target platform and as an operating system to launch attacks.
Learning about UNIX Architecture UNIX File System Architecture The Kernel and Processes Automatically Starting up Processes Init-Starts various processes at boot time Inetd-Listens for network traffic for numerous services Cron-Used to schedule the running of specific system commands
Learning about UNIX Accounts and Groups The /etc/passwd File The /etc/group File Root: It’s a Super User! Privilege Control –UNIX Permissions Set UID Programs UNIX Trust
Learning about UNIX Common UNIX Network Services Telnet: Command-Line Remote Access FTP- File Transfer Protocol TFTP- The Trivial File Transfer Protocol Web Servers: HTTP Electronic Mail r - commands
Auditing Windows Understanding Windows 2000 Understanding Active Directory File System Administration User & Group Administration Overall Security Differences between NT and 2000 Policies Logs
Internet Control and Security Internet Security Basics Internet communications and Architecture Securing the web presence Controlling internet connections
Internet Control and Security Understanding and responding to attacks Tools and techniques of the hacking trade Vulnerabilities and Exploits Building and maintaining secure firewalls Hardening your network Risk Control Tables Internet Audit Guide
Putting it All together Risk assessments Staging the audits Presenting issues in an understandable format Reporting Follow-up: Tracking control implementation What comes next: On Going Monitoring Closing comments
IT Risk Assessment Identifying your Assets Who you need to be cautious of and why Security Basics Frequently Exploited Ports and Services Tools of the Trade Hacking Your Network Interpreting the results Resolving the Issues
Identifying Your Assets Customers Employees Company Trade Secrets Fast Global connections Proprietary Software Storage Facility
Who you need to be cautious of and why Disgruntled Employees Contractors, Business Partners and Trade Associates Competitors Hackers Industrial Espionage Agents
Security Basics Policies and Procedures Security Banners (no trespassing signs) Password Standards Log Files Internet Anti-Virus Software Backup Systems and Media Network Security Software Encryption
Frequently Exploited Ports and Services Commonly Exploited Ports and Services E-mail Denial of Service Spoofing
Tools of the Trade Network Scanners Port Scanners War Dialers Password Crackers Packet Snifers Miscellaneous Tools
Hacking your network Safe hacking Internet Servers Firewall Securing of the Firewall Routers Router usage Router rules Securing your routers
Common Network Devices Switches, Routers, and Bridges Have all network connectivity devices been identified? Have all of the security devices been implemented on each of network devices/ Have vendor default passwords been changed/ Are direct dial modems attached to any network devices?
Control Check Lists: Routers Do vendors have remote access to routers? Are router tables dumped periodically to ensure there are no unusual entries? Are static routers used to ensure that only approve traffic is routed through the network?
Control Checklists: Firewalls Are hacker penetration attempts investigated? Are internal firewalls used to limit damage that can be done when the network is penetrated? Is a firewall proxy server used to protect the internet connection? Are password crackers run against all of the machines in the internet cluster periodically?
 
What We Do? Write published products, including articles posted daily to Web sites, Strategic Analysis Reports, Monthly Research Review contributions and newsletter articles Assume project management responsibilities to fulfill project deadlines Select suitable topics for articles to be written for high level executives
What we do? Analyze technological and financial information for inclusion in written work. Translate complex and confusing ideas and concepts into clear and understandable writing .
Putting It All Together Do we understand how technology impacts our organizations, our departments and us. Are we using technology as a tool to get us where we need to be or is technology managing us. Technology should not control us. We should take control of technology and put it to work for us.
Putting It all Together What is the inside information about how to identify real organizational barriers and find ways to resolve them How do know how to apply technology properly? How do we secure rapidly expanding information warehouses properly?

More Related Content

PDF
Ch06 Policy
phanleson
 
PDF
Ch09 Information Security Best Practices
phanleson
 
PPTX
Security Management | System Administration
Lisa Dowdell, MSISTM
 
PPT
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
PPTX
Enterprise Architecture and Information Security
John Macasio
 
PPTX
Security management and tools
Vibhor Raut
 
PPTX
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
PDF
Chapter 12 iso 27001 awareness
newbie2019
 
Ch06 Policy
phanleson
 
Ch09 Information Security Best Practices
phanleson
 
Security Management | System Administration
Lisa Dowdell, MSISTM
 
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Enterprise Architecture and Information Security
John Macasio
 
Security management and tools
Vibhor Raut
 
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Chapter 12 iso 27001 awareness
newbie2019
 

What's hot (20)

PPT
Security Management Practices
amiable_indian
 
PPT
Security policy
Dhani Ahmad
 
DOCX
Security Management Strategies and Defense and their uses.
Computer engineering company
 
PPT
Network security policies
Usman Mukhtar
 
PPT
IT Audit methodologies
genetics
 
PPTX
Information Security Blueprint
Zefren Edior
 
PPT
develop security policy
Info-Tech Research Group
 
PDF
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
PPTX
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
PDF
Chapter 10 security standart
newbie2019
 
PPTX
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
PPTX
It audit methodologies
Salih Islam
 
PDF
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
 
PPTX
Security Policies and Standards
primeteacher32
 
PPTX
Role management
Abidullah Zarghoon
 
PDF
E1804012536
IOSR Journals
 
PPTX
CMMC Certification
ControlCase
 
PPTX
Security management concepts and principles
Divya Tiwari
 
DOCX
Information security management iso27001
Hiran Kanishka
 
PDF
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
Security Management Practices
amiable_indian
 
Security policy
Dhani Ahmad
 
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Network security policies
Usman Mukhtar
 
IT Audit methodologies
genetics
 
Information Security Blueprint
Zefren Edior
 
develop security policy
Info-Tech Research Group
 
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
Chapter 10 security standart
newbie2019
 
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
It audit methodologies
Salih Islam
 
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
 
Security Policies and Standards
primeteacher32
 
Role management
Abidullah Zarghoon
 
E1804012536
IOSR Journals
 
CMMC Certification
ControlCase
 
Security management concepts and principles
Divya Tiwari
 
Information security management iso27001
Hiran Kanishka
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
Ad

Viewers also liked (16)

DOC
Vanita Resume_kyc
Vanita Reshamwala
 
PDF
L e s p r o g r a m m a
micd88
 
DOCX
Mapa coceptual
ray1425
 
PPTX
San Francisco Digital Identity and Commerce Tour
Whitepages Pro
 
PDF
Nesibe Aydin Dershanesi 2010 Brosur
Nesibe Aydın Eğitim Kurumları
 
DOCX
Mapa coceptual
ray1425
 
PDF
Drafts Of Projects
KONZABETAS - ARCHITECTS+ENGINEERS
 
PPTX
Liberians, remember to vote responsibly
Stanley Mcgill
 
PDF
Piles treatment homeo
Howard Shelton
 
PPTX
Engage your world
mookhrasky
 
PDF
How to reprogram your mind to achieve success
adameast
 
PPSX
Pemasaran Email untuk bisnes dari rumah
amendvinfo
 
PDF
Fgd rupm provinsi jambi
asholahuddin
 
PPTX
4 g technology
Beena Jain
 
XLS
Moveinfo
sww176
 
PDF
Formulation of corporate strategy to get successful in rspo and ispo certific...
Suhardiyoto Haryadi
 
Vanita Resume_kyc
Vanita Reshamwala
 
L e s p r o g r a m m a
micd88
 
Mapa coceptual
ray1425
 
San Francisco Digital Identity and Commerce Tour
Whitepages Pro
 
Nesibe Aydin Dershanesi 2010 Brosur
Nesibe Aydın Eğitim Kurumları
 
Mapa coceptual
ray1425
 
Drafts Of Projects
KONZABETAS - ARCHITECTS+ENGINEERS
 
Liberians, remember to vote responsibly
Stanley Mcgill
 
Piles treatment homeo
Howard Shelton
 
Engage your world
mookhrasky
 
How to reprogram your mind to achieve success
adameast
 
Pemasaran Email untuk bisnes dari rumah
amendvinfo
 
Fgd rupm provinsi jambi
asholahuddin
 
4 g technology
Beena Jain
 
Moveinfo
sww176
 
Formulation of corporate strategy to get successful in rspo and ispo certific...
Suhardiyoto Haryadi
 
Ad

Similar to It Audit And Forensics (20)

PPT
Information Security Framework
ssuser65fa31
 
PPT
How much does it cost to be Secure?
mbmobile
 
PPT
II Security At Microsoft
Mark J. Feldman
 
PPTX
D1 security and risk management v1.62
AlliedConSapCourses
 
DOCX
The Crucial Role of IT Network Support Services.docx
TheWalkerGroup1
 
DOCX
A Comprehensive Guide to Ensuring Optimal Network Health with Network Operati...
HEX64
 
PPT
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
PPT
Cyber crime with privention
Manish Dixit Ceh
 
PPT
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
PPTX
Provide Network System Administrationa.pptx
nahomtilahun29
 
PPT
Securing Call Center Recordings Webinar 4 16 09
Ginney McAdams
 
PPT
S nandakumar
IPPAI
 
PPT
S nandakumar_banglore
IPPAI
 
PPT
Security Readiness Profile
pds2k.com
 
PPTX
Network management
Manali Wadnerkar
 
PPTX
Network Management - IntroductionIntorduction to network management
ssuser2f3ce7
 
PPTX
Technology Audit | IT Audit | ERP Audit | Database Security
Arish Roy
 
PDF
Best Practices for Robust IT Network Security
ITconsultingfirmnj
 
PPT
Lecture week8
ismaelhaider
 
PDF
Sivasankaran_9yrs_Information_security V1
Sivasankaran Krishnan
 
Information Security Framework
ssuser65fa31
 
How much does it cost to be Secure?
mbmobile
 
II Security At Microsoft
Mark J. Feldman
 
D1 security and risk management v1.62
AlliedConSapCourses
 
The Crucial Role of IT Network Support Services.docx
TheWalkerGroup1
 
A Comprehensive Guide to Ensuring Optimal Network Health with Network Operati...
HEX64
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Cyber crime with privention
Manish Dixit Ceh
 
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
Provide Network System Administrationa.pptx
nahomtilahun29
 
Securing Call Center Recordings Webinar 4 16 09
Ginney McAdams
 
S nandakumar
IPPAI
 
S nandakumar_banglore
IPPAI
 
Security Readiness Profile
pds2k.com
 
Network management
Manali Wadnerkar
 
Network Management - IntroductionIntorduction to network management
ssuser2f3ce7
 
Technology Audit | IT Audit | ERP Audit | Database Security
Arish Roy
 
Best Practices for Robust IT Network Security
ITconsultingfirmnj
 
Lecture week8
ismaelhaider
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran Krishnan
 

It Audit And Forensics

  • 1. IT Audit and Forensics Proposed Training Plan for Tribal Internal Audit Prepared by John Donnelly
  • 2. Training Plan IT Risk Assessment A New Approach to General Controls Network Controls and Security Control and Security of UNIX Auditing Windows Internet Control and Security Putting It All Together
  • 3. The IT Risk Assessment IT risk universe Historical risk models Understanding new IT risks Technical Risk assessment Creating an IT Audit Plan Timing and Budgets Presenting the plan to management
  • 4. The IT Risk Assessment It certainly isn’t news that our organization is confronted with risk every day. In fact, how we identify and deal with risk is key to our success. Companies without best practice risk management implemented consistently across the enterprise will significantly under perform their peers.
  • 5. The IT Risk Assessment The logic is simple. Just like the solution. Risk is too important to leave to chance. We need an integrated risk management effort. Do we have a holistic approach to enterprise risk management?
  • 6. Senior Management Decide to Change Recognize and communicate the urgency to change information management practices Get line management involved and create ownership. Take action and maintain momentum.
  • 7. Direct Change Anchor strategic planning in customer needs and mission goals Measure the performance of key mission delivery processes Focus on process improvements in the context of an architecture Manage IS projects as investments Integrated the planning, budgeting and evaluation processes
  • 8. Support Change Establish customer/supplier relationship between line and IS professionals Position a chief information officer as a senior management partner. Upgrade skills and knowledge of line management and IS professionals.
  • 9. Benefits of Change Increased productivity Improved customer service Higher returns on IS investments Lower risks of failure, delay, and overspending
  • 10. The IT Risk Assessment Benchmark our current risk profile, processes and spending vs. our peers, industry, and best practices Assess and analyze threats and vulnerabilities, and their potential impact including financial consequences of loss Develop plans for organization, governance, strategy, architecture, business continuity , disaster recovery and crisis management
  • 11. IT Risk Assessment Strategy Policies and procedures Information management practices Information systems organizational Structure
  • 12. Strategy Mission Statements Strategic Planning IS budgeting IS Planning or steering committee Monitoring techniques Total Quality Management Management techniques
  • 13. Policies and Procedures IS Purchasing policies Human resource policies Security/privacy policies Standards
  • 14. Standards COBIT ISO17799 NIST SANS NSA CIS
  • 15. Information Management Practices IS Quality assurance Security awareness program Personnel practices IS Purchasing practices
  • 16. Organizational Structure Organizational Structure Job description Segregation of duties and responsibilities Organizational change management IS internal audit function IS quality assurance
  • 17. A New Approach to General Controls Physical security post 9/11 Logical security in a hacker infested world Business continuance-surviving and thriving when others fail Disaster preparedness– when all else fails, planning prevails Storage management- protecting your assets
  • 18. A New Approach to General Controls Evaluating IT organizational effectiveness Risk/Control tables
  • 19. A New Approach to General Controls Business Process Evaluation and Risk Management Disaster Recovery and Business Continuity Protection of Information Assets
  • 20. Protection of Information Assets Importance of Information Security Management Logical Access Exposures and Controls Auditing Information Security Management and Logical Access Issues and Exposures Network Infrastructure Security Environmental Exposures and Controls
  • 21. Importance of Information Security Management Ensure the integrity of information stored on their computer systems Preserve confidentiality of sensitive data Ensure the continued availability of their information systems Ensure conformity to laws, regulations and standards
  • 22. Key Elements of Information Security Management Policies and Procedures Organization Data Classification System Access
  • 23. Key Elements of Information Security Management: Organization Executive Management Security committee Data owners Process owners IT developers IS auditors Users
  • 24. Data Classification Who has access rights Who is responsible for determining access rights and access levels What approvals are needed for access
  • 25. System Access Security, Awareness and education Monitoring and Compliance Incident Handling and response
  • 26. Information Security Management Standards Privacy Impact Analysis Identifying the nature of personally identifiable information associated with business processes Document the collection, use, disclosure and destruction of personally identifiable information Providing management with a tool to make informed policy, operations and system design decisions based on an understanding of privacy risk and options available
  • 27. Risk Management Domains Security: Focuses on security and privacy concerns including cryptography, confidentiality, integrity, availability and more Systems and Technology: Enabling technologies for customer and supplier chain support and highlights integrated software solutions and trends in technology
  • 28. Risk Management Domains Strategy-Critical business strategic issues such as setting strategic direction, analyzing competitors, and leveraging information technology Organization and Competencies- Aspects as whether organization requires new skills, new competencies
  • 29. Risk Management Domains Performance Management – How an organization plans, measures, monitors, and controls the performance of its business capabilities and function
  • 30. Network Control and Security Auditing the Carriers Understanding and auditing communications alternatives Auditing network equipment and configuration Auditing the wire-based intranet Auditing dial up access
  • 31. Network Management Systems Review Audit Objectives To review the adequacy of administrative procedures. To assess the effectiveness of the configuration management function To assess the network security function To assess the adequacy performance management system
  • 32. Network Administration Obtain a copy of organization chart for the telecommunications and network function Inquire whether segregation of duties is available Understand the type of network services being used. Take an inventory of data circuits and terminals
  • 33. Network Administration Review network traffic volumes for identifying trends. Inquire whether network balancing procedures are being practiced Determine whether backup and recovery procedures for the network are included? With the use of audit software determine connect time, the type and volume
  • 34. Configuration Management Review the adequacy of network configuration procedures for the following situations When network components malfunction When nodes are added to or removed from networks Confirm that network management has adequate procedures to address the following conditions To diagnose and remedy performance degradation problems in order to provide quality and reliable service to system users
  • 35. Network Security Determine whether access can be restricted to a specific time of day with automatic time zone adjustment Confirm that access can be restricted Ensure that a user ID and password are required to reconnect a session
  • 36. Network Terminal Expansion System Determine whether the terminal expansion system has the ability to Produce an audible alarm when changes occur in a hidden session Provide duplex support which allows concurrent access to a single session from two physical terminals
  • 37. Network Control and Security Auditing wireless networks Auditing VPN networks Mapping the network Trading partner connectivity Network Management and operations Network incident management
  • 38. Auditing Wireless Networks Introduction to the Wireless Community Wireless Internet Internet Security
  • 39. Introduction to the Wireless Community Trends Faster bandwidth connections to the World Wide Web Higher clock speed process New breakthroughs in wireless technology There are now around 200 million internet users in the United States alone. And half of them are wireless.
  • 40. Wireless Internet Wireless technology uses radiation as it means of transmitting date through space. Specifically, wireless technology uses electromagnetic radiation to transmit data, because it does not require a medium to transfer the energy from one point to another. The set of evolutionary IEEE standards, 802.11 is designated as the Wireless LAN Working Group.
  • 41. How Wireless Access Protocol Works Takes requests Sends it to the gateway Optimize the Network Translation
  • 42. Why WAP? Wireless networks present a constrained communication environment. Due to fundamental limitations of power, available spectrum, and mobility wireless data networks tend to have Less bandwidth More latency Less connection stability Less predictable availability
  • 43. WAP Security Specifies a framework for secure connections, using protocol elements from common Internet security protocols like SSL and TLS Provides security facilities for encryption, strong authentication, integrity , and key management
  • 44. WAP Security Provides end-to-end security between protocol end points Lightweight and efficient protocol with respect to bandwidth, memory and processing power Employs special adapted mechanisms for wireless usage: Long lived secure sessions
  • 45. Internet Security No security backbone Security has become a big issue Wired Equivalent Privacy (WEP) was one of first wireless security encryptions designed to protect Wide Local Area Networks from unauthorized users. This protocol uses security keys that are created within the router and then encrypted.
  • 46. Operating Systems Operating System overview Windows Mainframe UNIX ( HP, Solaris, AIX) What are some tools and resources Common Vulnerabilities
  • 47. Control and Security of Unix Understanding UNIX System Command Directories File systems The Super-user UNIX communications UNIX security Using audit scripts Risk/Control tables Unix Audit Guide
  • 48. Understanding UNIX To understand how numerous attacks function, we must have a basic understanding of the UNIX operating system because it so popular both as a target platform and as an operating system to launch attacks.
  • 49. Learning about UNIX Architecture UNIX File System Architecture The Kernel and Processes Automatically Starting up Processes Init-Starts various processes at boot time Inetd-Listens for network traffic for numerous services Cron-Used to schedule the running of specific system commands
  • 50. Learning about UNIX Accounts and Groups The /etc/passwd File The /etc/group File Root: It’s a Super User! Privilege Control –UNIX Permissions Set UID Programs UNIX Trust
  • 51. Learning about UNIX Common UNIX Network Services Telnet: Command-Line Remote Access FTP- File Transfer Protocol TFTP- The Trivial File Transfer Protocol Web Servers: HTTP Electronic Mail r - commands
  • 52. Auditing Windows Understanding Windows 2000 Understanding Active Directory File System Administration User & Group Administration Overall Security Differences between NT and 2000 Policies Logs
  • 53. Internet Control and Security Internet Security Basics Internet communications and Architecture Securing the web presence Controlling internet connections
  • 54. Internet Control and Security Understanding and responding to attacks Tools and techniques of the hacking trade Vulnerabilities and Exploits Building and maintaining secure firewalls Hardening your network Risk Control Tables Internet Audit Guide
  • 55. Putting it All together Risk assessments Staging the audits Presenting issues in an understandable format Reporting Follow-up: Tracking control implementation What comes next: On Going Monitoring Closing comments
  • 56. IT Risk Assessment Identifying your Assets Who you need to be cautious of and why Security Basics Frequently Exploited Ports and Services Tools of the Trade Hacking Your Network Interpreting the results Resolving the Issues
  • 57. Identifying Your Assets Customers Employees Company Trade Secrets Fast Global connections Proprietary Software Storage Facility
  • 58. Who you need to be cautious of and why Disgruntled Employees Contractors, Business Partners and Trade Associates Competitors Hackers Industrial Espionage Agents
  • 59. Security Basics Policies and Procedures Security Banners (no trespassing signs) Password Standards Log Files Internet Anti-Virus Software Backup Systems and Media Network Security Software Encryption
  • 60. Frequently Exploited Ports and Services Commonly Exploited Ports and Services E-mail Denial of Service Spoofing
  • 61. Tools of the Trade Network Scanners Port Scanners War Dialers Password Crackers Packet Snifers Miscellaneous Tools
  • 62. Hacking your network Safe hacking Internet Servers Firewall Securing of the Firewall Routers Router usage Router rules Securing your routers
  • 63. Common Network Devices Switches, Routers, and Bridges Have all network connectivity devices been identified? Have all of the security devices been implemented on each of network devices/ Have vendor default passwords been changed/ Are direct dial modems attached to any network devices?
  • 64. Control Check Lists: Routers Do vendors have remote access to routers? Are router tables dumped periodically to ensure there are no unusual entries? Are static routers used to ensure that only approve traffic is routed through the network?
  • 65. Control Checklists: Firewalls Are hacker penetration attempts investigated? Are internal firewalls used to limit damage that can be done when the network is penetrated? Is a firewall proxy server used to protect the internet connection? Are password crackers run against all of the machines in the internet cluster periodically?
  • 66.  
  • 67. What We Do? Write published products, including articles posted daily to Web sites, Strategic Analysis Reports, Monthly Research Review contributions and newsletter articles Assume project management responsibilities to fulfill project deadlines Select suitable topics for articles to be written for high level executives
  • 68. What we do? Analyze technological and financial information for inclusion in written work. Translate complex and confusing ideas and concepts into clear and understandable writing .
  • 69. Putting It All Together Do we understand how technology impacts our organizations, our departments and us. Are we using technology as a tool to get us where we need to be or is technology managing us. Technology should not control us. We should take control of technology and put it to work for us.
  • 70. Putting It all Together What is the inside information about how to identify real organizational barriers and find ways to resolve them How do know how to apply technology properly? How do we secure rapidly expanding information warehouses properly?