Security lifecycle management process
Introduction-
The Security Lifecycle is a process that must be continuously executed. It is an ongoing process that can help guide a security organization.
Purpose-
- application web issues
- web application information security
- a process which software is securely development
Excepted outcome-
- an increased awareness of how to prevent web application attacks
- implementation the SLCMP process into the SDLC
- more securely build application and infrastructure
Need to know -
1. web- based malicious activity has accelerated
2. cyber criminals want your information
3. rapid adaptation to security measures
Phases-
the model follows the basic steps of IDENTIFY – ASSESS – PROTECT –
MONITOR.
a) Identify
it includes the System and network administrators, application developers
and individuals from the network operations. Basic information such as OS,
applications, patch level, customer and location need to be collected for each
system.
Many times there are systems connected to a network that people have
forgotten about or didn’t know that it even existed. Identifying systems is the goal
at this point in the Lifecycle.
Once you’ve gathered all of this information you’ll want to document it in a format
that can be easily searched, sorted and reused. A small database containing
information such as hostname, OS, business applications supported and location
on the network will be very helpful. The goal should be to have a well
documented inventory of resources from the entire enterprise.
b) Assess
The assessment phase of the Security Lifecycle builds on the identification
phase. Once the assets have been identified, the next step is to perform a
thorough security assessment. The assessment phase can encompass many
different aspects from reviewing processes and procedures to vulnerability
scanning.
– system administrators, network administrators and
developers that support applications running on the systems. Find out as much
as you can about the application, how it is configured and where the various
components reside.
Some of the
items that should be examined might be:
Password and User Account Policies.
¸
Review of Userids and Groups
¸
Review of Administrator or Root accounts
¸
Review of web server configurations
¸
Review of what is being logged and who has access to the logs.
¸
Trusted relationships with other servers.
c) Protect
Once you have mapped out the network and systems and identified some
vulnerabilities, you will need to bring the systems in-line with corporate security
policy and standards. Essentially it is now time to protect the systems. This
phase of the lifecycle is sometimes referred to as the ‘mitigation’ phase, since the
objective is to mitigate any risks identified during the assessment phase.
The focus of this phase is to configure and update each system and network
component, so that its security is strengthened and complies with corporate
policy. Thus eliminating some vulnerabilities and mitigating others
First is
creditability and trust within your organization. In order to make changes to
systems and network components, you will need the help and cooperation of
individuals across the organization – typically system and network administrators.
If you demand changes to critical systems
Secondly, you don’t want to implement changes on critical systems until they’ve been thoroughly tested. quickly strict security policy on critical servers could have disastrous results.
d) Monitor
The last phase of the security lifecycle is to monitor the security that you have
established. Once you’ve strengthened the security of servers, firewalls and
routers, you need to ensure that those changes remain in place. Additionally,
you need to monitor the compliance of new systems that are introduced into the
enterprise. Computer systems are dynamic and are continually being updated
and modified by administrators, developers and anyone else that has access to
them. A process needs to be implemented that monitors and measures the
status of security across the enterprise. There are several key goals for the
monitoring phase: security compliance and verification and validating the security
posture of the enterprise.
common attack tools-
- phishing
- malicious code software
- spam
- worms
- torjan
- virus
- key stroke logger
- denial of service
- web application attack
threats on web application -
- broken authentication
- broken access control
- insecure storage
- improper error handling
- insecure configuration management
- cross- site scripting (XSS)
- unvalidated input
- buffer overflows
- injection flaws
- application denial-of-service
Comments
Post a Comment