1.
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Fundamentals of Information
Systems Security
Unit 5
Importância do teste, auditoria e
monitoramento

2.
Page 2Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Learning Objective
Explain the importance of security
audits, testing, and monitoring to
effective security policy.

3.
Page 3Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Key Concepts
§ Role of an audit in effective security baselining
and gap analysis
§ Importance of monitoring systems throughout the
IT infrastructure
§ Penetration testing and ethical hacking to help
mitigate gaps
§ Security logs for normal and abnormal traffic
patterns and digital signatures
§ Security countermeasures through auditing,
testing, and monitoring test results

4.
Page 4Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
DISCOVER: CONCEPTS

5.
Page 5Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Purpose of an IT Security
Assessment
Check effectiveness of security
measures.
Verify access controls.
Validate established mechanisms.

6.
Page 6Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
IT Security Audit Terminology
§Verification
§Validation
§Testing
§Evaluation

7.
Page 7Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Purpose of an IT Infrastructure
Audit
Verify that established controls
perform as planned.
Internal audits examine local security
risks and countermeasures.
External audits explore attacks
from outside.

8.
Page 8Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
IT Security Assessment vs. Audit
Security
Assessment:
Examines systems for
established security
policies and regulatory
compliance
Security Audit:
Identifies what
weaknesses exist
despite established
security controls

9.
Page 9Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Ethical Hacking
§Seeks to identify and demonstrate exploits
for discovered vulnerabilities
• Good guys employ technical methods
used by the bad guys.
§Also called penetration testing
§Black, white, or gray box testing

10.
Page 10Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Role of Ethical Hacking
§Ethical hackers are white hats experienced
in penetration testing and security
assessments.
§Ethical hacking tests security controls
against actual attacks.

11.
Page 11Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
DISCOVER: PROCESSES

12.
Page 12Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Penetration Testing
§Employs testing methodologies depending
on the scope of access and information
provided by client:
• Black box
• White box
• Gray box

13.
Page 13Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Penetration Testing: white box
§O desenvolvedor tem acesso ao código
fonte da aplicação e pode construir códigos
para efetuar a ligação de bibliotecas e
componentes.
§Analisa-se o código fonte e elabora-se
casos de teste que cubram todas as
possibilidades do programa.

14.
Page 14Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Penetration Testing: black box
§ O desenvolvedor dos testes não possui
acesso algum ao código fonte.
§ O objetivo é efetuar operações sobre as
diversas funcionalidades e verificar se o
resultado gerado por estas está de acordo
com o esperado.

15.
Page 15Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Penetration Testing: gray box
§ O desenvolvedor dos testes não tem
acesso ao código fonte da aplicação,
porém tem conhecimento dos algoritmos
que foram implementados.
§ Pode manipular arquivos de entrada e
saída do tipo XML ou acessos ao banco de
d a d o s d a a p l i c a ç ã o p a r a s i m p l e s
conferência de dados/alteração de
parâmetros considerados nos testes.

16.
Page 16Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
DISCOVER: ROLES

17.
Page 17Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Roles in an IT Security
Assessment and Audit
§Information Systems Security (ISS)
officers/managers
§Network and systems administrators
§Managers/data owners
§Auditors
§Penetration testers or
ethical hackers

18.
Page 18Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
DISCOVER: CONTEXTS

19.
Page 19Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Real-Time Monitoring
§ Host Intrusion Prevention System (HIPS):
Monitors individual hosts for suspicious activity
§ Network Intrusion Prevention System (NIPS):
Monitors entire network for suspicious traffic
§ Wireless Intrusion Prevention System (WIPS):
Specifically monitors the wireless network for
suspicious traffic

20.
Page 20Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Real-Time Monitoring Functions
Respond to incidents as they
occur.
HIPS denies and disrupts a live
attack on a system.
NIPS intercepts and interrupts a
live attack on the wire.

21.
Page 21Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Ways to Detect Bad Behavior in
Real-Time Monitoring
§Attack signatures
§Statistical anomalies
§Stateful protocol analysis

22.
Page 22Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Real-Time Monitoring Targets
§ Authentication failures
§ Application crashes
§ Service disruptions
§ System intrusions

23.
Page 23Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Real-Time Monitoring Targets
(Continued)
§ Network abuses
§ Policy violations
§ Unauthorized activities
§ Inventory changes

24.
Page 24Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Ingress and Egress
Firewalls
Intrusion detection system (IDS)
Intrusion prevention system (IPS)

25.
Page 25Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

26.
Page 26Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Ataque em rede interna protegida

27.
Page 27Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Employing Countermeasures
§Monitor security at several layers of the
environment:
• System logs
• Service logs
• Application logs
• Network logs

28.
Page 28Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Summary
§ IT security assessments and audits verify, validate,
test, and evaluate the infrastructure.
§ Penetration testing helps mitigate security gaps.
§ Security log monitoring reveals normal and
abnormal traffic patterns and digital signatures.
§ System and network monitoring helps prevent
attacks and unauthorized access.
§ Appropriate security countermeasures are
determined through auditing, testing, and
monitoring test results.