cissp中文培訓(xùn)課件國(guó)內(nèi)知名機(jī)構(gòu)-操作安全

SecurityControlsandAuditing 1 控制與保護(hù)(ControlsandSecurityControlsandAuditing1 控制與保護(hù)(Controlsand1.11.1保護(hù)的資終端用戶資源(員工使用的windows98／2000/XP主機(jī)網(wǎng)絡(luò)資源(路由器、交換機(jī) 系統(tǒng)服務(wù)器資源(包括操作系統(tǒng)，數(shù)據(jù)庫Web，F(xiàn)TP和e-mail服務(wù)器信息資源(包括人力資源和電子商務(wù)數(shù)據(jù)庫ProcessingequipmentProcessingequipmentSensitive/CriticaldataSystemSystemlogs/audittrailsViolationreportsBackupfilesSensitiveforms1.2識(shí)whatcanbedonetoprotectithowistheitemused?Describepermissionsets(whocanread,write,orexecutethefiles,forexample)forthedifferenttypesofobjectswithinyourinfrastructure1.3目對(duì) 、減少脆弱性、限制安全事故產(chǎn)生的影功形1.3目對(duì) 、減少脆弱性、限制安全事故產(chǎn)生的影功形控制（實(shí)踐、規(guī)程、制度PreventativeAredesignedtolowertheamountandimpactofunintentionalerrorsthatareenteringthesystemandtopreventunauthorizedintruderfrominternallyorexternallyaccessingthesystem.保護(hù)脆弱點(diǎn)，減 的影響，或者避免的成CategoriesCategoriesof檢測(cè)控制DetectiveAreusedtodetectanerroronceithasoccurred.檢測(cè)擊/錯(cuò)誤的發(fā)糾正/恢復(fù)CorrectiveControlsRecoveryControls:Areimplementedtomitigatetheimpactofalosseventthroughdatarecoveryprocedures.減 的影Categoriesof威懾控制DeterrentDontrol/DirectiveAreusedtoencouragecompliancewithexternal減 發(fā)生的可能應(yīng)用控制ApplicationArethecontrolsthataredesignedintoasoftwareapplicationtominimizeanddetectthesoftware'soperationalirregularitiesCategoriesCategoriesof事務(wù)控制TransactionTypesofcontrolsare:Input,processing,output,changeandtestcontrols.輸入控制：事務(wù)進(jìn)入更改控制：系統(tǒng)置變化時(shí)的據(jù)完整性測(cè)試控制：系統(tǒng)測(cè)試時(shí)的 性和1.3.2OrangeBook操作保障OperationalfocusesonbasicfeaturesandarchitectureofaSystemintegrityCovertchannel TrustedfacilitymanagementTrustedrecoveryLifecyclecontrolsandstandardsrequiredforbuildingandmaintainingasystem-Lifecyclecontrolsandstandardsrequiredforbuildingandmaintainingasystem-SecurityDesignspecificationandtestingConfigurationmanagementTrusteddistrbutionCovert -Thesystemmustprotectagainstcovertstorage-B3andThesystemmustprotectagainstbothcovertstorageandcoverttimingchannels(隱蔽定時(shí)通道）.Itmustperformacovertchannelysisforbothtypes.TrustedFacilityTrustedFacilitySystemsmustsupportseparateoperatorandsystemadministratorroles.支持操作員與系統(tǒng)管理員角色分離B3andA1:Systemmustclearlyidentifyfunctionsofthesecurityadministratortoperformthesecurity-relatedfunctions.TrustedRecovery可信恢復(fù)TrustedEnsuresSecurityisnotbreachedwhenacrashesorSystemmustberestartedwithoutcompromisingTrustedTrustedRecoveryIsonlyrequiredforB3andA1levelsystems.Twoprimaryactivities:FailureBackingupallcriticalfilesonaregularbasis.Systemrecovery:reboot,recoverallfilesystems變更控制(RequiredB2,B3andConfiguration/ChangeManagementControl: 系統(tǒng)變化網(wǎng)影響安全的其他變變更控制的目標(biāo)：避免系統(tǒng)變化對(duì)于安全性的無確保將要發(fā)生的變更已經(jīng)通知到每個(gè)相關(guān)用戶分析實(shí)現(xiàn)系統(tǒng)變更后的效果 -Applyingtointroducea-Catalogingtheintended-確保將要發(fā)生的變更已經(jīng)通知到每個(gè)相關(guān)用戶分析實(shí)現(xiàn)系統(tǒng)變更后的效果-Applyingtointroducea-Catalogingtheintended-文檔變 ingthe-Testingthe-Reportingthe行行政控制人員安全alSecurity責(zé)任分離SeparationofDuties LeastPrivilege需要知道Needto變更控制Change/Configuration記錄保留RecordRetentionandEmploymentScreeningorBackgroundChecks雇傭選或背MandatoryVacationMandatoryTakingofVacationinOneWeekIncrement強(qiáng)制休假JobActionWarningsor警告或解RotationofLimitingthelengthoftimeaperformsdutiesbeforebeingmovedSeparationSeparationofduties責(zé)任分離分權(quán)制–三權(quán)分系統(tǒng)管理員、安全管理員系統(tǒng)管理員增刪用安全管理員安全審計(jì)員評(píng)審審計(jì)數(shù)據(jù),日志Two-manTwooperatorsreviewandapprovetheworkofeachDualTwo-manTwooperatorsreviewandapprovetheworkofeachDualBothoperatorsareneededtocompleteasensitiveLeastPrivilegeReadOnly只讀：只可以數(shù)Read/write讀/寫：可以修 的數(shù)AccessChange修改：可以修改源數(shù)據(jù)和的執(zhí)行執(zhí)行一個(gè)工作所需要的特定計(jì)算機(jī)操作員備安裝和卸載作業(yè)控制分析總體質(zhì)生產(chǎn)調(diào)度員度建立處理周期和日生產(chǎn)控制分析打印和分發(fā)計(jì)算機(jī)報(bào)表和縮微磁帶管理員和 交換磁)Data–ReferstothedataleftonthemediaafterthemediahasbeenerasedDueCareandDueStepsthataretakentoshowthatacompanyhastakenresponsibilityfortheactivitiesthattakeplacewithinthecorporationandhavetakenthenecessarystepstohelpprotectthecompany,itsresourcesand–是否采取了適當(dāng)?shù)姆婪侗Ｗo(hù)措施應(yīng)該的努力DueDiligence:Continualactivitiesthatmakesurethemechanismsarecontinuallymaintainedand是否在日常管理中盡到責(zé)ResourceProtectionSoftwareMediaResourceProtectionPhysicalAccessControls ResourceIstheconceptofprotectinganorganization'scomputingresourcesandassetsfromlossorcompromise.Covershardware,softwareanddataresources.anythingthatisacomputerResourceProtectionSoftwareMediaResourceProtectionPhysicalAccessControlsResourceIstheconceptofprotectinganorganization'scomputingresourcesandassetsfromlossorcompromise.Covershardware,softwareanddataresources.anythingthatisacomputerresource(software,data,HardwareControls:HardwareMaintenanceMaintenanceAccountsDiagnosticsPortControlHardwareHardwareControls:HardwareMaintenanceMaintenanceAccountsDiagnosticsPortControlHardwarePhysicalControlSoftware 軟件測(cè)試Software軟件工具Software軟 SafeSoftware備份控制Backup面面系統(tǒng)安裝防產(chǎn)品定義及時(shí)更防系統(tǒng)安全策注意的蠕培訓(xùn)所有的電子文檔安全管理制度的制定 防護(hù)管理制度的定期或不定期檢查重要的軟件進(jìn)行異地交叉?zhèn)浞?，相互定期檢驗(yàn)備份軟件的有效性也非常重PrivilegedEntityControls/PrivilegedoperationsSpecialaccesstosystemcommandsAccesstospecialparametersAccessPrivilegedEntityControls/PrivilegedoperationsSpecialaccesstosystemcommandsAccesstospecialparametersAccesstothesystemcontrolprogram MediaResourceAreimplementedtoprotectanysecuritythreatbyintentionalorunintentionalexposureofsensitivedata保護(hù)敏感信息和介質(zhì)的創(chuàng)建，處理 ，清理和破壞介質(zhì)介質(zhì)安全控使用記錄控制Access恰當(dāng)丟棄：重寫、消磁、銷毀ProperMediaViabilityMarking：物理標(biāo)記不同于邏輯標(biāo)卷名和版處理Handling：使用、清潔和中防止物理損Storage：溫度、濕度、灰、液體、電磁、PhysicalPhysicalAccessPiggybacking:Iswhenanunauthorized throughadoorbehindanauthorized .Theconceptofa“mantrap”isdesignedtopreventit. 用戶尾隨用戶進(jìn)2Auditing Containsthemechanisms,toolsand2AuditingContainsthemechanisms,toolsandtechniqueswhichpermittheidentificationofsecurityeventsthatcouldimpacttheoperationsofacomputerfacility.MonitoringMonitoring檢測(cè)Intrusiondetection滲透測(cè)試Penetrationtesting異常分析ViolationSnifferPromiscuousmode混雜模式Switchednetwork交換網(wǎng)絡(luò)Network-basedIDSHost-basedIDSSignaturebased ClipClipThresholdsforcertaintypesoferrorsormistakesallowedandtheamountofthesemistakesthatcantakeplacebeforeitisconsideredsuspicious.Oncethe levelhasbeenexceeded,furtherviolationsrecordedfor某種錯(cuò)誤允許發(fā)生的滲透測(cè)試Penetrating–模仿者（聰明的、有創(chuàng)意的、擁有豐富資源的）的擊行自我測(cè)試或者第測(cè)探測(cè)輪廓(footprintor社會(huì)工程(social枚舉掃描探測(cè)(scanand滲((pen-行為探測(cè)輪廓(footprintor社會(huì)工程(social枚舉掃描探測(cè)(scanand滲((pen-行為數(shù)據(jù)，后門，痕跡擦除–Traceroute, 網(wǎng)絡(luò)級(jí)：掃描應(yīng)用級(jí)：服務(wù)安全存活掃sweep端口掃掃Nessus,緩沖緩沖溢出buffer猜測(cè)password越 non-authorization權(quán)限提升elevated2.2IsthefoundationofoperationalsecuritycontrolsAuditTrails審計(jì)記錄Enablesasecuritypractitionertotracea創(chuàng)建和受保護(hù)客體的 審計(jì)記錄，并能非對(duì) 問題和解決問題的過程進(jìn)行控制，包括對(duì)于給定的可控級(jí)別，減少故障減輕問題的影響. 對(duì) 問題和解決問題的過程進(jìn)行控制，包括對(duì)于給定的可控級(jí)別，減少故障減輕問題的影響.3與3與aneventthatcouldcauseharmbyviolatingthe意外損失Accidental有意或非有意的行為造成的-Operatorabuseofprivilegesinputerrorandomissions-TransactionprocessingInappropriate不恰當(dāng)?shù)膬?nèi)容Inappropriate浪費(fèi)公司W(wǎng)asteofCorporateResources或種族SexualorRacialHarassment權(quán)利AbuseofPrivilegesorRightsExternalweaknessinasystemthatenablessecuritytobeWeaksegregationofTraffic/Trend MaintenanceAccountsDataScavengingAttacksNetworkAddressHjackingHackandAttack-PortScanningandHackandAttack-PortScanningandNetworkingmap:Networkingmap toolssendoutseeminglybenignpacketstomanydifferentsystemsonanetwork.Portscanningidentifiesopenportonacomputer.IsautilityusedinIBMmainframecentersandhasthecap