Application Security

Get Started. It's Free
or sign up with your email address
Application Security by Mind Map: Application Security

1. Setup

1.1. Lay down the law

1.1.1. prohibit P2P Limewire UTorrent Torrent apps IM for corporate communications vulnerable to packet sniffers certain email attachements .exe torrent search engines most outlawed

1.2. Wyatt Earp

1.3. encryption

1.3.1. set it up

1.3.2. PrettyGood Privacy email popular strong

1.4. education

1.4.1. teach Hoaxes emotional strings new virus end of world chain mails social engineering

2. Virtualization

2.1. Honey Pot

2.1.1. decoy

2.1.2. virtual SQL

2.2. Honeypot

3. Hardening Practices

3.1. updates

3.1.1. Auto pros set it and forget it cons latest update conflicts with other apps

3.1.2. Workstation update managment WSUS

3.1.3. track changes keep a log hard log reccomended software 3rd party packages exist WSUS be a team player keep comm people move on

3.2. OS/NOS

3.2.1. removal unnessesary software options services Examples

3.2.2. existing/needed services configure properly Examples File safegaurds

3.2.3. Server system files files should be stored on a separate disk or partition to ensure these system files are not accidentally accessed or removed Do apply check vender website frequently for news and updates secure behind locked door install HIDS Don't Surf Web install software from fly by night company install patch Server admins activate security options Know Logs ACL harden your system Know thyself do you Be very familiar with different types of security vulnerabilities inherent with each type of Internet server and know how to prevent them from being exploited. balance

3.3. Good Practice

3.3.1. start with nothing and add as needed not the other way around least privledge

3.4. baselines

3.4.1. history of past security vulnerabilities compile time intensive length 2-3 weeks minimum nights and weekends

3.4.2. industry security standards

3.4.3. info gather organizations associations other admins don't be shy talk!

3.4.4. Tools MicroSoft Microsoft Baseline Security Analyzer (MBSA)

3.5. Templates

3.5.1. documented minimum

3.5.2. group policies accounting financial data salaries marketing Sales pricing HR confidential data each grop policy uniqe based on role be mindful that if employee moves to a diff dept rights must be added/taken away Role based access control most popular highly customizeble fairly secure centraly administered

4. Security Apps

4.1. Personal Firewalls

4.1.1. Windows firewall heavily critized too integrated with OS I think other examples of app heavily integrated into OS

4.1.2. Symantec

4.1.3. Mcafee

4.2. Antivirus

4.2.1. versions email regular

4.2.2. parts engine stays the same signature files viruses contain or create a specific binary code detectable by the signature file engineers make the signature files

4.2.3. Price about $40 military next to nothing or free

4.3. Caution!

4.3.1. if when installing an app and the install program prompts you to turn of your AV be weary!

4.3.2. If you turn off AV in order to install a program or to make some change remember to turn it back on!

5. Other

5.1. related security issue

5.1.1. cryptograpy stenography

5.1.2. Mitigation DRP OFFsites backup schemes fire resistance

5.1.3. Attacks syn flood DOS DDOS masters managers zombies MITM DNS Poisening prevent TCP/IP Hijacking SMURF blue jacking

5.1.4. Communication protocols File transfer

5.1.5. Device Security network devices switch router AP (wireless)

5.1.6. Intrusion Detection Sensor connected via tap types based venders Norton