Running Managed Security Services

Only available on StudyMode
  • Download(s) : 18
  • Published : February 21, 2013
Open Document
Text Preview

Written by: Mohamed Sabah Mohamed
Program: GIAC - GSEC
Date: 30-7-2002
Table of Contents

I Introduction3

II What & why Managed Security Services4

- Fault and Performance Management.4
- Configuration Management.4
- Security Reporting Management.5
- Vulnerability Assessments.5
- Anti Virus Management.5

III Running Managed Security Services5

1- Operational Procedures & MSS Operator Tasks5
- Log Analysis.5
- Preventive Maintenance.6
- Backup.6
- Reports Generation.6
- Vulnerability Assessments.6
- Advisors with the new Viruses & Vulnerabilities.7
2- MSS Correlation7
- Reporting.8
- SMS notifications.8
- Web.8
MSS Operational & Correlation software's8
An Example of a correlated event9

IV MSS processes9

1- Fault & performance & security monitoring & management of security assets9 - Received and Transmitted packets in a network interface10 -Top Bandwidth users10
- Bandwidth Usage per hour11
-Denied Connection per hour12
- Top alerts of the week12
- Top 20 attackers.13
2- Incident handling13
- Remaining Calm.13
- Taking Good Notes.14
-Notifying the right people.14
-Enforce a Need-to-know Policy14
-Use Out-of-Band Communications14
-Containing the problem.14
-Making Backups.15
-Getting rid of the problem.15
-Getting back in business15

VResources & References16


One of the hottest topics in the Information security industry now is the Managed Security Services. Everyday, we keep hearing about different organizations proposing for managed security services, presenter's preparing hundreds of slides on describing the functions, importance and benefits of managed security services. This report is an attempt to highlight the operational workings of a Managed Security Services Providers and thereby help the readers in understanding what is involved in operating and functioning in Managed Security Centers.

The report includes an introduction on why Managed Security Services, and how to function in Managed Security Services centers, and what is the operations and actions which are being currently practiced and implemented in a MSS center in brief.

The report will also demonstrate briefly the operational procedures which are running in an MSS center, like Incident handling, security h/w and s/w fault maintenance, monitoring of security assets, managing the security assets, and reporting. The report will also demonstrate the working of a Managed Security Services Center, explaining and evaluating MSS processes and procedures in brief.

An introduction on the correlation model and how to integrate all of the security systems in one reporting model and an example of a correlated event will be included also. A basic investigation for the current practices in Incident Handling will also be discussed.

Because running Managed Security Services is a trade secret to many MSS providers, and because it's a new field, it is hard to find more detailed information on running MSS centers and the best practices in functioning the MSS center from the Internet or Books,. It's obvious that this type of information is confidential to many MSS providers and they will never publish their trade secret and their operational procedures and processes for the public. Although to find a full overview on what is an MSS is very easy process and the resources are many in the Internet

That's why, most of this report information is based on the experience which I have from my company, and I will be so careful in writing it in order to not expose the full practices which we have in our company's MSS center because of the confidentiality of it and I only will try to have an introductory...
tracking img