• CCIE SEC Security General

    1. 1. Policies - Security Policy Best Practices

    2. 2. Information Security Standards (ISO 17799, ISO 27001, BS7799)

      1. Common Criteria

        1. Provides a security framework whereby...

          1. Users can specify what they want

          2. Vendors can implement it

          3. Labs can test vendors claims

        2. derrived from BS7799

    3. 3. Standards Bodies

    4. 4. Common RFCs (e.g. RFC1918, RFC2827, RFC2401)

    5. 5. BCP 38

    6. 6. Attacks, Vulnerabilities and Common Exploits - recon, scan, priv escalation, penetration, cleanup, backdoor

      1. Buffer Overflow

        1. When Data written to a memory buffer, due to insufficient bounds checking, Corrupts data vales in memory address adjacent to the buffer

          1. Bounds Checking: Checks if data is "appropriate for storage"

    7. 7. Security Audit & Validation

    8. Risk Assessment

      1. Quantitative

        1. A Risk calculation based on figures

        2. The probablility of an event, and the estimated cost if it does

          1. The Outputs of this....

            1. ALE Annual Loss Expectancy

            2. EAC Estimated Annual Cost

        3. + A number is generated and risks can easily be ranked by importance

        4. - Probability is rarely accurate / precice, an incorrect calculations can promote complacency

      2. Qualitative

        1. Only Potential Loss is Calculated

        2. Compenents....

          1. Threats

            1. Things that "can go wrong" or "attacks"

            2. e.g. Fire, Fraud

          2. Vulnerabilities

            1. Weaknesses or things that make a threat more likely

            2. e.g. paper in the building = FIRE

          3. Controls

            1. Countermeasus for Threats & Vuln's

              1. Deterrent

                1. Reduce probability

              2. Preventative

                1. Prevent sucess if happens

              3. Corrective

                1. Reduces effectiviness

              4. Detective

                1. Discovers if happens

                2. May trigger Corrective

    9. 9. Change Management Process

    10. 10. Incident Response Framework

    11. 11. Computer Security Forensics

    • All Comments ( 0 )

    CCIE SEC Security General

    Added: 2008-12-15 09:45:19

    From: linickx (Joined 2008-12-15 05:32:23)

    240 views |0 downloads

    CCIE SEC Security General

    More From: linickx

    CCIE SEC General Networking
    CCIE SEC General Networking
    2009-03-11 11:14:55|281 views
    CCIE SEC General Networking
    CCIE SEC General Networking
    2009-03-10 10:30:37|187 views
    CCIE SEC Security Protocols & Encryption
    CCIE SEC Security Protocols & Encryption
    2009-01-23 07:17:18|387 views
    CCIE SEC Security General
    CCIE SEC Security General
    2009-01-23 03:39:01|386 views
    Cisco Security Management
    Cisco Security Management
    2009-01-23 03:37:51|196 views
    CCIE SEC Cisco Security Appliances and Applications
    CCIE SEC Security Technologies
    CCIE SEC Security Technologies
    2009-01-23 03:36:44|4833 views
    CCIE SEC Application Protocols
    CCIE SEC Application Protocols
    2009-01-23 03:36:10|191 views
    CCIE SEC Security Protocols & Encryption
    CCIE SEC Security Protocols & Encryption
    2009-01-23 03:35:58|245 views
    CCIE SEC General Networking
    CCIE SEC General Networking
    2009-01-23 03:35:20|247 views
    CCIE SEC Intro
    CCIE SEC Intro
    2009-01-23 03:34:27|214 views
    CCIE SEC Cisco Security Appliances and Applications
    CCIE SEC Security Technologies
    CCIE SEC Security Technologies
    2009-01-15 07:21:02|259 views
    CCIE SEC Application Protocols
    CCIE SEC Application Protocols
    2009-01-14 09:27:54|288 views
    CCIE SEC Security Protocols & Encryption
    CCIE SEC Security Protocols & Encryption
    2009-01-14 08:31:35|437 views
    CCIE SEC Security Protocols & Encryption
    CCIE SEC Security Protocols & Encryption
    2009-01-13 09:57:15|218 views
    CCIE SEC Security General
    CCIE SEC Security General
    2009-01-09 07:52:26|183 views
    CCIE SEC Application Protocols
    CCIE SEC Application Protocols
    2009-01-09 07:38:04|110 views
    CCIE SEC Intro
    CCIE SEC Intro
    2009-01-09 06:30:59|253 views
    CCIE SEC README
    CCIE SEC README
    2008-12-17 08:32:42|931 views
    CCIE SEC Security General
    CCIE SEC Security General
    2008-12-15 09:45:19|240 views
    CCIE SEC Security Solutions
    CCIE SEC Security Solutions
    2008-12-15 09:45:12|289 views
    CCIE SEC Cisco Sec General
    CCIE SEC Cisco Sec General
    2008-12-15 09:45:05|184 views
    Cisco Security Management
    Cisco Security Management
    2008-12-15 09:44:57|223 views
    CCIE SEC Cisco Security Appliances and Applications
    CCIE SEC Security Technologies
    CCIE SEC Security Technologies
    2008-12-15 09:44:37|247 views
    CCIE SEC Application Protocols
    CCIE SEC Application Protocols
    2008-12-15 09:44:30|184 views
    CCIE SEC Security Protocols & Encryption
    CCIE SEC Security Protocols & Encryption
    2008-12-15 09:43:03|243 views
    CCIE SEC General Networking
    CCIE SEC General Networking
    2008-12-15 09:42:21|263 views
    CCIE SEC Intro
    CCIE SEC Intro
    2008-12-15 09:41:40|213 views