Running Managed Security Services
[pic]
Written by : Mohamed Sabah Mohamed
Program : GIAC - GSEC
Email : Mohamed.Sabah@DataFort.net
Date : 30-7-2002
Table of Contents
I Introduction 3
II What & why Managed Security Services 4
- Fault and Performance Management. 4 - Configuration Management. 4 - Security Reporting Management. 5 - Vulnerability Assessments. 5 - Anti Virus Management. 5
III Running Managed Security Services 5
1- Operational Procedures & MSS Operator Tasks 5 - Log Analysis. 5 - Preventive Maintenance. 6 - Backup. 6 - Reports Generation. 6 - Vulnerability Assessments. 6 - Advisors with the new Viruses & Vulnerabilities. 7 2- MSS Correlation 7 - Reporting. 8 - SMS notifications. 8 - Web. 8 MSS Operational & Correlation software 's 8 An Example of a correlated event 9
IV MSS processes 9
1- Fault & performance & security monitoring & management of security assets 9 - Received and Transmitted packets in a network interface 10 -Top Bandwidth users 10 - Bandwidth Usage per hour 11 -Denied Connection per hour 12 - Top alerts of the week 12 - Top 20 attackers. 13 2- Incident handling 13 - Remaining Calm. 13 - Taking Good Notes. 14 -Notifying the right people. 14 -Enforce a Need-to-know Policy 14 -Use Out-of-Band Communications 14 -Containing the problem. 14 -Making Backups. 15 -Getting rid of the problem. 15 -Getting back in business 15
V Resources & References 16
I Introduction
One of the hottest topics in the Information security industry now is the Managed Security Services. Everyday, we keep hearing about different organizations proposing for managed security services, presenter 's preparing hundreds of slides on describing the functions, importance and benefits of managed security services. This report is an
Written by : Mohamed Sabah Mohamed
Program : GIAC - GSEC
Email : Mohamed.Sabah@DataFort.net
Date : 30-7-2002
Table of Contents
I Introduction 3
II What & why Managed Security Services 4
- Fault and Performance Management. 4 - Configuration Management. 4 - Security Reporting Management. 5 - Vulnerability Assessments. 5 - Anti Virus Management. 5
III Running Managed Security Services 5
1- Operational Procedures & MSS Operator Tasks 5 - Log Analysis. 5 - Preventive Maintenance. 6 - Backup. 6 - Reports Generation. 6 - Vulnerability Assessments. 6 - Advisors with the new Viruses & Vulnerabilities. 7 2- MSS Correlation 7 - Reporting. 8 - SMS notifications. 8 - Web. 8 MSS Operational & Correlation software 's 8 An Example of a correlated event 9
IV MSS processes 9
1- Fault & performance & security monitoring & management of security assets 9 - Received and Transmitted packets in a network interface 10 -Top Bandwidth users 10 - Bandwidth Usage per hour 11 -Denied Connection per hour 12 - Top alerts of the week 12 - Top 20 attackers. 13 2- Incident handling 13 - Remaining Calm. 13 - Taking Good Notes. 14 -Notifying the right people. 14 -Enforce a Need-to-know Policy 14 -Use Out-of-Band Communications 14 -Containing the problem. 14 -Making Backups. 15 -Getting rid of the problem. 15 -Getting back in business 15
V Resources & References 16
I Introduction
One of the hottest topics in the Information security industry now is the Managed Security Services. Everyday, we keep hearing about different organizations proposing for managed security services, presenter 's preparing hundreds of slides on describing the functions, importance and benefits of managed security services. This report is an
References: 1- SANS - Computer Security Incident Handling: Step-by-Step URL: http://www.sans.org/newlook/publications/incident_handling.htm ( 4-7-2002) 2- Counter Pane - Managed Security Monitoring: Network Security for the 21st Century URL: http://www.counterpane.com/msm.html ( 5-5-2002) 3- Guardent – Managed Security Services Overview URL: http://www.guardent.com/mss_overview.html ( 5-5-2002) 4- SANS Information Security Reading Room- Managed Room URL: http://rr.sans.org/managed/managed_list.php ( 20-5-2002) 5- Data Fort - Managed Security Services URL: http://www.datafort.net/mss.php ( 20-5-2002) 6- 1-Net - Managed Security Services Frequently Asked Questions URL: http://www.1-net.com.sg/0231securityFAQ.htm (10-5-2002) 7- CERT - Responding to Intrusions URL: http://www.cert.org/security-improvement/modules/m06.html (12-6-2002) 8- Network Intelligence- Envision – Private I software URL: http://www.opensystems.com/ENT_products/Software/ (2-7-2002) 10- The Secure Solution URL: http://www.pwcglobal.com/extweb/ manissue.nsf/DocID/0B6E4A47A89C257C85256BC0006DBC91 (26-6-2002) 11- RFC 1244 - Incident Handling URL: http://www.net.ohio-state.edu/rfc1244/incident.html ( 4-7-2002) ( 22-6-2002) 12 - Intelligent Distributed Fault and Performance Management for Communication Networks URL: http://www.isr.umd.edu/TechReports/CSHCN/2002/CSHCN_PhD_2002-2/CSHCN_PhD_2002-2.phtml ( 24-6-2002) 13- IDS Incident Flowchart