END POINT PROTECTION & MANAGEMENT
Operating System Patches
Patch adalah sekeping perisian yang direka untuk menyelesaikan masalah, atau mengemas kini program komputer atau data sokongannya
Intrusion Detection System (IDS)
Ini termasuk menetapkan kelemahan keselamatan dan bug lain dan meningkatkan kebolehgunaan atau prestasi
Patch yang direka dengan baik kadang-kadang boleh memperkenalkan masalah baru
Apabila OS baru dipasang pada komputer, tetapan keselamatan semuanya ditetapkan pada default values. Dalam kebanyakan kes tahap keselamatan ini tidak mencukupi. Terdapat beberapa langkah mudah yang perlu diambil untuk kebanyakan OS
Default username dan password perlu diubah dengan segera.
Akses kepada sumber sistem harus terhad kepada individu yang diberi kuasa menggunakan sumber tersebut
Sebarang perkhidmatan dan aplikasi yang tidak perlu harus dimatikan
Microsoft Patch
Microsoft releases patches for updating Windows OS and Microsoft applications (Such patches membaiki problems, or bugs, in an OS or application and are shipped in 3 formats)
Hotfixes -A code that fixes(mmbaiki) a bug in a product
Roll-ups -Merges updates of several Hotfixes into a single update file
Service packs -An update to software version that fixes a bug
Download Patch
Downloads patches or services pack files
Locations available for downloading services packs and hotfixes
Mocrosoft windows update -Download updates hotfixes, services packs and identifies patches
Micosoft offices updates -Provides update, add ins, extras, converters, and viewers for
Microsoft download center - searches for other software and update software fro microsoft.
web-based update -determines whether new updates are required for the computer
automatics updates -connects to the windows update site and determines whether the computer requires any updates
Patch tool
secureCenter patchQuest : web-based patch management software that manages and distributes security patches, update, across various platforms
operating systems -windows and linux (Red & Debian) operating systems
4 stages in working: systems addition & discovery/patch assessment or scanning/patch download and deployment/reporting
features: flexible modes of portion/ web-based administrators console for universal secure access- access to data views and configuration.
Cross- platforms products installation
IDS memantau all inbound and outbound host activity and identifies suspicious patterns on network, that indicate an attack
IDS gathers and analyzes the information regarding the misuse of a particular computer or total network
The TCP/IP packets ae examined in a number of ways after they are confined
An IDS can be configured to block the intruder IP when an alert is generated in response to the activity of the same IP
IDS concept: Architecture
2 Primary architectural components of IDS:
Host target co-location
Host target co-location and separation
IDS usually protect the systems that are running under their control
Host target separation:
Separating IDS host machine from target system will improve the security of IDS
IDS concept: Monitoring
monitoring refers to an action of gathering data from a data sources and passing it to an analysis engine.
The 4 different strategies of monitoring process are:
Host based monitor: gather the data from network internally to a system manually at operating system level
Network based monitor: collects the data from network packets which is done by using network devices that are running
Application based monitor: gather data from application that are running
Target based monitor: create the data on its own
IDS a concept: Goals
the main goal of IDS is to identify abnormal behavior of network or misuse of resources.
the 2 specific goals of IDS:
Accountability: it is capability to link a given activity or an event which is responsibility for initiating it
Response: it is an activity that is used to recognize the capability of an attack and take action to block that attack
Ciri2 of IDS
Runs constanly tnpa human supervision
survives with system crash and must be fault tolerant
adaptability of systems with technologies
knpntingan IDS
It create a database of the jenis of attacks
deal with large amount of data
possesses built-in forensic and reporting capabilities
IDS tool
Software
Snort: snort is a NIDS based on libcap, performs packets sniffing, and works as a logger .
BlackICE: consits of an intrusion detection system the warns of attacks and resist threat against the system
SecureHost: avoids attack by immediately halting the suspected app.
type IDS
Network-based IDS/Host-based IDS/ Distributes-based IDS/Protocols IDS
Intrusion Prevention System (IPS)
Host-based IDS (HIDS)
An intrusion prevention system (IPS) can be any device that uses access control to guard systems from misuse of attackers
It is a device that employee access control for securing systems abuse:Via enhancement of the IDS.
Application content is the key for making access control decisions
The following are the three different prevention strategies of IPS:
Host-based memory and process protection: This strategy tells that the IP system monitors the execution process
Session Interception: Terminating a session by sending a reset (RST) packet
Gateway Intrusion Detection: Snort uses gateway ID to block the hostile traffic
IPS Deployment Risk
Some of the risk related to IPS are:
Session interception and IDS identification: Snort terminates TCP session when it detects an attack with the help of RST packet.
Exploit defeat the attempted block: When there is any time gap between the IPS detecting the attack and ordering a change in access control lists
Self-inflicted denial-of-service:Modifying the actual source address as a forged address is called spoofing.
IPS Tool
Hardware
Sentivist
Mengenal pasti serangan menggunakan positif palsu dan membenarkan penggunaan ciri tindak balas automatik tanpa mengganggu aplikasi kritikal
Software
IPS StoneGate
Mengenal pasti trafik menggunakan sensor, menghubungkan peristiwa menggunakan penganalisis yang berbeza dan melaporkan mengenal pasti ancaman.
McAfee
Mempertahankan pelayan dan desktop sama sekali daripada pelbagai serangan yang dikenal pasti dan tidak dikenali
Host-based IDSs monitor the data in the system
Collect and analyze data, aggregating it
Advantages and disadvantages of HIDSs; detct broad range of decision support threats/ No requirement of dedicated hardware/ Maintenance is difficult due to distribution agents
HIDS Architecture
2 types of HIDS architecture: centralized host-based architecture/ Distributed real-time host-based architecture