security metric
play

Security Metric Friedwart Digitally signed by Friedwart Kuhn, - PowerPoint PPT Presentation

May 20, 2023 •223 likes •967 views

Developing a Comprehensive Active Directory Security Metric Friedwart Digitally signed by Friedwart Kuhn, Heinrich Wiederkehr, Nina Matysiak Friedwart Kuhn Date: 2018.03.15 Kuhn 13:54:43 +01'00' 1 Agenda Who We Are o Introduction:

  1. Developing a Comprehensive Active Directory Security Metric Friedwart Digitally signed by Friedwart Kuhn, Heinrich Wiederkehr, Nina Matysiak Friedwart Kuhn Date: 2018.03.15 Kuhn 13:54:43 +01'00' 1

  2. Agenda Who We Are o Introduction: Problem Statement & Why Security Metrics o Development of an Active Directory Security Metric o Where Do We Stand o Where Do We Want To Go o Lessons Learned o 2 2

  3. Who We Are o Nina Matysiak o Heinrich Wiederkehr o Friedwart Kuhn Member of Microsoft Head of Microsoft Member of Microsoft o o o Security Team @ERNW Security Team Security Team @ERNW @ERNW 15+ years experience in 5+ years in security o o security assessments, 3+ years in security assessments and o administration, assessments trainings publications and IT security IT security professional o trainings o professional with a with a focus on IT security professional o focus on Windows Windows Security and with a strong focus on Security and Active Active Directory Active Directory Security Directory Security Security 3

  4. Introduction Problem Statement & Why Security Metrics 4

  5. Memo From: CEO To: ISO “Dear John, I am under renewed pressure from the board to clarify a few things about your budget proposals for the financial year ahead. Please, would you address the following issues in writing before the next board meeting: A) We have spent a small fortune on information security in the past three years: naturally, this seemed justified at the time, but it is perfectly reasonable for the board to ask what we have actually achieved in the way of a return on our investment to date? Can you put a figure on it? Can you demonstrate the value? 5

  6. …Continuation of the Memo B) How does our inform rmat ation security y stack ck up a again ainst st our peers in the industry ry? How secure are we, and how secure do w we need to be? Some of the more cynical members of the board are starting to express the opinion that we are going for gold when silver will do, and I must admit I have some sympathy for that viewpoint. C) If budget cuts are necessary (which looks increasingly likely), in which ch areas as can we safely ly trim m back k on security spending without jeopardizing the excellent progress we have already made? Looki king g forwar ard d maybe e three to five years, , can you please se give ve us a a clear arer r picture re of how the informa mation on security y managem gemen ent system m will ll pan out? ? Regards, Fred B (CEO)” From [2], p. xvii 6

  7. What do you feel…? o Indisposition …? o Uncertainty…? o Headaches…? Why?? 7

  8. Reasons for a (Security) Metric o “To measure is to know.” (Lord Kelvin) o “If you can not measure it, you can not improve it.” (Lord Kelvin) 8

  9. Reasons for an Active Directory Security Metric? o 1. Because it does not exist! 9

  10. The Goal o To design a well-defined Active Directory security metric that: ‘looks’ at the security -relevant indicators of a) Active Directory and that measures these indicators in a b) meaningful way o The metric is intended for Active Directory responsible personnel and experts 10

  11. Reasons for an Active Directory Security Metric? o 2. To measure Active Directory security and thus being enabled to answer the awkward questions. 11

  12. Terminology o “Metric” is “a system or standard of measurement” (Oxford American Dictionary) 12

  13. Terminology (well-known) o Measure ure: (verb) action to determine one or more parameters of something o Measurin uring g point nt : is the “location”, where the measure is taken (‘height’ of a door) o Measurement urement: is the result of the action of measuring, the value of a parameter for something, ideally expressed in defined units (the height of the door is 2 meters) o Measurin uring g Instrum trument ent : in short “instrument” is, a “device“ for measuring (‘measuring tape’) 13 Cf. [2], p. 10.

  14. Terminology - Key Security Indicator (KSI) o KSI : A quantifiable measure used to evaluate the security state of an IT security-relevant component o (cf. KPI in Oxford Living Dictionary) A KSI can equal a measurement (i. e. the value of o the measurement) or it can be the result of a (mathematical and/or logical) operation applied to the measurement o KSI with respect to AD: A quantifia fiable ble measure re used to evaluat luate e the o security stat ate of a a security-rele releva vant item m of a an AD 14

  15. KSIs Are Derived/Defined From… o (AD) Findings, Respectively Their Corresponding Security Best Practices Security best practice: No end-of-life systems o KSI: Number of EoL systems in use o o Recommendations From (AD) Security Professionals’ Experience Recommendation: Secure configuration of the o ACL of the AdminSDHolder object KSI: Number of accounts with read and write o permissions on the object that differ from the default 15

  16. KSIs Are Derived/Defined From… o (AD) Vendor Recommendations Recommendation: No DC of internal AD in o DMZ KSI: Number of DCs of internal AD in DMZ o 16

  17. Prerequisites of a Well-Designed AD Security Metric o “Good Metric” o Well-designed with respect to AD 17

  18. Attributes of a Good Metric o Consistently measured Sample: number of systems with disabled UAC o collected via PS script o Cheap to gather Sample: GPO data can be accessed with standard o user rights (including GPOs with UAC settings) o Expressed as a number or percentage Sample: number/percentage of systems with UAC o disabled per Domain o Contextually specific 18

  19. Prerequisites of a Well-Designed Active Directory Security Metric o Carefully chosen measuring points o Well-defined measuring methods (operations/algorithms) to measure these KSIs (How do you measure the security of UAC?) Laborious part of the work o 19

  20. Disclaimer o This talk... …describes the development process of an AD security metric o …describes where we came from, where we currently stand and o where we want to go o It’s not about… …an already completed metric o …a security monitoring framework o 20

  21. Development of an Active Directory Security Metric 21

  22. Before the Idea of an AD Security Metric 22

  23. Initial Situation Project: o Extensive AD security assessment in form of an audit o of more than 50 international AD forests Our goals and requirements: o Standardize the assessment methodology to (rapidly) o gather and analyze information of multiple AD environments Do not require direct access to the AD environments o Perform assessment with least possible privileges o Still obtain data that enables us to meaningfully o assess the security of an AD 23

  24. What does an environment of this size look like? 24

  25. Implications of the Project Goals for the Assessment Define possible findings, ratings, and recommendations o beforehand Creates a static framework applicable to every AD o Define clear guidelines for the assessment o Different people come to the same conclusions o Automate as much as possible o Makes the assessment consistent and less error prone o Information gathering in AD only with standard user o permissions Raises acceptance of performing the assessment o Limits discussions with administrators o 25

  26. Assessed Areas DESIGN AD (security) architecture. TECHNICAL ORGANIZATIONAL AD (security) AD (security) configuration. processes. 26

  27. Assessment Tools We Created I o AD Auditing Questionnaire Title: AD Assessment Questionnaire Covering five areas of AD Organization: o security AD Responsibility: Respondent: o Documentation Date: o Security Design o Admin and Operational Practice How to use this questionnaire? o Patch and Vulnerability This questionnaire is divided into five different sections (Documentation, Security Design, Administrative and Operational Practices, Patch and Vulnerability Management, Monitoring Management and Incident Management). For questions regarding each section, there is a distinct o Monitoring and Incident worksheet. We ask you to fill out each worksheet and make sure there are no red cells left . If you would like to add further information in the annex, please state the index number of the Handling question to which you refer. 27

  28. Assessment Tools We Created II o AD Auditing script(s) PowerShell-based o Requires only standard o domain user permissions Collects relevant technical AD o configuration Interprets collected data o 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Metric Spaces Definition If d is a metric on X , then the metric topology on X induced by d is

Metric Spaces Definition If d is a metric on X , then the metric topology on X induced by d is

Metric Spaces Definition If d is a metric on X , then the metric topology on X induced by d is the topology generated by the basis = { B d ( X , ) : x X and > 0 } . The set X endowed with this topology is called the metric space (

52 views • 4 slides
Welcome back... Metric spaces. Approximate metric using a tree. Tree metric: 16 16 A metric

Welcome back... Metric spaces. Approximate metric using a tree. Tree metric: 16 16 A metric

Welcome back... Metric spaces. Approximate metric using a tree. Tree metric: 16 16 A metric space X , d ( i , j ) where d ( i , j ) d ( i , k )+ d ( k , j ) , X is nodes of tree with edge weights d ( i , j ) = d ( j , i ) , and d ( i , j )

376 views • 4 slides
IT Security Evaluation Why do we need security evaluation To provide a basis for specifying

IT Security Evaluation Why do we need security evaluation To provide a basis for specifying

IT Security Evaluation Why do we need security evaluation To provide a basis for specifying security expectations To verify that a computer product/system fulfills the requirements imposed on it To establish a metric for the degree

535 views • 19 slides
OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography

Presentation of the rank metric Description of the scheme Security and parameters OUROBOROS-R, an IND-CPA KEM based on Rank Metric NIST First Post-Quantum Cryptography Standardization Conference Carlos AguilarMelchor 2 Nicolas Aragon 1 Slim

157 views • 15 slides
Why do we need security evaluation To provide a basis for specifying security expectations

Why do we need security evaluation To provide a basis for specifying security expectations

Why do we need security evaluation To provide a basis for specifying security expectations IT Security Evaluation To verify that a computer product/system fulfills the requirements imposed on it To establish a metric for the degree

70 views • 4 slides
Multiwavelength UV-metric and pH-metric determination of the dissociation constants of the

Multiwavelength UV-metric and pH-metric determination of the dissociation constants of the

Multiwavelength UV-metric and pH-metric determination of the dissociation constants of the hypoxia-inducible factor prolyl hydroxylase inhibitor Roxadustat * Milan Meloun 1 , Lucie Pilaov 1 , Milan Javrek 2 and Tom Pekrek 3 1

178 views • 15 slides
Metric Conversions Ladder Method T. Trimpe 2008 http://sciencespot.net/ Metric System The

Metric Conversions Ladder Method T. Trimpe 2008 http://sciencespot.net/ Metric System The

Metric Conversions Ladder Method T. Trimpe 2008 http://sciencespot.net/ Metric System The metric system is based on a base unit that corresponds to a certain kind of measurement Length = meter Volume = liter Weight (Mass) =

293 views • 11 slides
Dynamical Systems Continuous maps of metric spaces We work with metric spaces, usually a

Dynamical Systems Continuous maps of metric spaces We work with metric spaces, usually a

Dynamical Systems Continuous maps of metric spaces We work with metric spaces, usually a subset of R n with the Euclidean norm. A map of metric spaces F : X Y is continuous at x X if it preserves the limits of convergent sequences,

409 views • 17 slides
Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security

Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security

Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security metrics do not show us how we need to improve our defenses Image:

560 views • 28 slides
Some remarks about metric spaces, 1 Stephen William Semmes Of course various kinds of metric

Some remarks about metric spaces, 1 Stephen William Semmes Of course various kinds of metric

Some remarks about metric spaces, 1 Stephen William Semmes Of course various kinds of metric spaces arise in various contexts and are viewed in various ways. In this brief survey we hope to give some modest indications of this. In particular,

566 views • 10 slides
Metric Challenges Bheshaj Krishnappa Risk Analysis & Mitigation About RF ReliabilityFirst

Metric Challenges Bheshaj Krishnappa Risk Analysis & Mitigation About RF ReliabilityFirst

Metric Challenges Bheshaj Krishnappa Risk Analysis & Mitigation About RF ReliabilityFirst preserves and enhances bulk power system reliability and security across 13 states and the District of Columbia. The Boundaries of

569 views • 7 slides
Shortest Path Similar Routing 2 A New Metric A new metric path- based metric that can use used

Shortest Path Similar Routing 2 A New Metric A new metric path- based metric that can use used

R outing S tate D istance: A Path-based Metric for Network Analysis Gonca Grsun joint work with joint work with Natali Ruchansky, Evimaria Terzi, Mark Crovella Distance Metrics for Analyzing Routing Shortest Path Similar Routing 2 A New

1.43k views • 48 slides
Information Theoretic Metric Learning Instructor: Sham Kakade 1 Metric Learning In k -nearest

Information Theoretic Metric Learning Instructor: Sham Kakade 1 Metric Learning In k -nearest

CSE 547/Stat 548: Machine Learning for Big Data Lecture by Adam Gustafson Information Theoretic Metric Learning Instructor: Sham Kakade 1 Metric Learning In k -nearest neighbors ( k -nn) and other classification algorithms, one crucial choice

221 views • 8 slides
GENERAL RULES OF MEASUREMENT All measurements are METRIC! Use the correct piece of

GENERAL RULES OF MEASUREMENT All measurements are METRIC! Use the correct piece of

November 05, 2015 GENERAL RULES OF MEASUREMENT All measurements are METRIC! Use the correct piece of equipment All measurements are METRIC! Make all readings at eye level All measurements are METRIC! If your measurement

287 views • 6 slides
Distance Metric Learning: Beyond 0/1 Loss Praveen Krishnan CVIT, IIIT Hyderabad June 14, 2017 1

Distance Metric Learning: Beyond 0/1 Loss Praveen Krishnan CVIT, IIIT Hyderabad June 14, 2017 1

Distance Metric Learning: Beyond 0/1 Loss Praveen Krishnan CVIT, IIIT Hyderabad June 14, 2017 1 Outline Distances and Similarities Distance Metric Learning Mahalanobis Distances Metric Learning Formulation Mahalanobis metric for clustering

716 views • 44 slides
The Metric Coalescent joint with David Aldous Daniel Lanoue University of California, Berkeley

The Metric Coalescent joint with David Aldous Daniel Lanoue University of California, Berkeley

Introduction The Metric Coalescent The Metric Coalescent joint with David Aldous Daniel Lanoue University of California, Berkeley June 25, 2014 Daniel Lanoue The Metric Coalescent Introduction FMIE Processes The Metric Coalescent The

862 views • 33 slides
How Expert Knowledge Can Three Case Studies Help Measurements: First Case Study Second Case

How Expert Knowledge Can Three Case Studies Help Measurements: First Case Study Second Case

Using Expert . . . So How Can Expert . . . Why Is This Useful? But How to . . . How Expert Knowledge Can Three Case Studies Help Measurements: First Case Study Second Case Study Three Case Studies Third Case Study Auxiliary Results

808 views • 63 slides
Software Measurement and Complexity Mark C. Paulk, Ph.D. Mark.Paulk@utdallas.edu,

Software Measurement and Complexity Mark C. Paulk, Ph.D. Mark.Paulk@utdallas.edu,

Software Measurement and Complexity Mark C. Paulk, Ph.D. Mark.Paulk@utdallas.edu, Mark.Paulk@ieee.org http://mark.paulk123.com/ Measurement & Complexity Topics Goal-driven measurement Operational definitions Driving behavior What is

784 views • 36 slides
for Mobile Augmented Reality David Chen 1 , Mina Makar 1,2 , Andre Araujo 1 , Bernd Girod 1 1

for Mobile Augmented Reality David Chen 1 , Mina Makar 1,2 , Andre Araujo 1 , Bernd Girod 1 1

Interframe Coding of Global Image Signatures for Mobile Augmented Reality David Chen 1 , Mina Makar 1,2 , Andre Araujo 1 , Bernd Girod 1 1 Department of Electrical Engineering, Stanford University 2 Qualcomm Inc. 1 Chen et al. , Interframe Coding

805 views • 23 slides
experiments Alexander Struck, Georg Bastian Daria Dvorzhitskaia, Lina Kyvoruchkov, Lea Wemmers,

experiments Alexander Struck, Georg Bastian Daria Dvorzhitskaia, Lina Kyvoruchkov, Lea Wemmers,

Making and using video introductions for physics lab experiments Alexander Struck, Georg Bastian Daria Dvorzhitskaia, Lina Kyvoruchkov, Lea Wemmers, Antonia Geck 2015-08-18 1 Our situation HSRW: International University of Applied Sciences

873 views • 9 slides
BS2247 Introduction to Econometrics Lecture 4: The simple regression model OLS Unbiasedness, OLS

BS2247 Introduction to Econometrics Lecture 4: The simple regression model OLS Unbiasedness, OLS

BS2247 Introduction to Econometrics Lecture 4: The simple regression model OLS Unbiasedness, OLS Variances, Units of measurement, Nonlinearities Dr. Kai Sun Aston Business School 1 / 26 Unbiasedness of OLS SLR for Simple Linear

797 views • 56 slides
Software Measurement Massimo Felici and Conrad Hughes mfelici@staffmail.ed.ac.uk

Software Measurement Massimo Felici and Conrad Hughes mfelici@staffmail.ed.ac.uk

Software Measurement Massimo Felici and Conrad Hughes mfelici@staffmail.ed.ac.uk conrad.hughes@ed.ac.uk http://www.inf.ed.ac.uk/teaching/courses/sapm/ Slides: Dr James A. Bednar SAPM Spring 2009: Software Measurement 1 Why Measure? If we

385 views • 22 slides
The Webinar Will Begin Shortly. Please remember to mute your phone lines and computers. Please

The Webinar Will Begin Shortly. Please remember to mute your phone lines and computers. Please

The Webinar Will Begin Shortly. Please remember to mute your phone lines and computers. Please use this link for closed captioning: http://www.fedrcc.us//Enter.aspx?EventID=3261304&CustomerID=321 This link is also included in the invite.

784 views • 46 slides
Measuring -- a Simple Solution!? Why not obtain a WCET estimate by measuring the execution time?

Measuring -- a Simple Solution!? Why not obtain a WCET estimate by measuring the execution time?

Measuring Execution Times Peter Puschner Benedikt Huber slides credits: P. Puschner, R. Kirner, B. Huber VU 2.0 182.101 SS 2015 Contents Why (not to) measure

832 views • 43 slides

More recommend