Please enable JavaScript.
Coggle requires JavaScript to display documents.
Data Monitoring and Analysis (Data Analysis "After Attack" (Logs…
Data Monitoring and Analysis
Data monitoring
Proactive Analysis
Criteria
SSE-CMM: Systems Security Engineering Capability Maturity Model
ISO17799(BS7799): Information security code of practice
ISO7498-2: Information processing systems–Open systems interconnection–Basic Reference Model–Part2:Security architecture
ISO13335: Information technology(IT)–security technology–IT security management guide
ISO27001: Standard for information security management
IATF: Information assurance technical framework
Security assessment methods
3- Penetration test
4- Implement Privilege Escalation and penetration
5- Study Penetration Test Results
3- Report and Analyze Information
6- Create a Penetration Test Result
2- Make Presentation, Test Solution and preparation
7- Response Security Solutions
1- Collect and Analyze Information
4- Questionnaire
2- Manual audit
No Tools
Check Latest Patch
FW Policies
Service Minimal Principles
5- Interview survey
1- Security scan
Contents
SQL injection
Cross Site Scripting XSS, XSRF, CSRF
Weak Passwords
Enabled Ports
Types
APP Scanning: "Burp Suite" can scan for:
Client Vulnerability: XSS, HTTP Header injection, Operation redirection
Server Vulnerability: SQL Injection, CLI Injection, File Search
Vulnerability Scanning: Dictionary Attack"Sparta"
Port Scanning "SuperScan" "NMAP"
Passive Collection "After Attack"
Data Analysis "After Attack"
Port Mirroring
Packet Capture
CLI "Debug"
SW
Logs
Device
Binary: can't be viewed on NW device - need log server
Syslog: text
0 Emergency: Malfunction
1 Alarm: immediately
2 Critical: Analyzed
3 Error: Improper, Exception
4 Warning: May affect
5 Notice: Key Operation Event
6 Info: Routine Operation Event
7 Debug: Generated Info
Netflow
DataFlow
SNMP: Polling, traps
OS
System log
App log
Security Log
Log Analysis
To Generate Events
Who "User/Guest"
When
Where "Location/Device/Interface/Srvice"
How "Wired/Wireless/VPN"
What "Action/Device Type/Resources"
Log AnalysisTools
Log Parser "Microsoft": text, xml, CSV, events, FileSystem