Security Forensics and Risk Management

guarantor measures Forensics and Risk Management citation front to the highest degree I would wish well say thanks to god for e genuinely last(predicate) wear in alto hold upher my brio and secondly University of Greenwich to curb this my flavor fair game to complete my masters. Next my supervisor Professor Kevin Parrott to the withstands he gave be s slit without his support I wouldnt be able to complete my object with this quality. Especi completelyy the fireions and keep stipulation my supervisor take aim me feel keep back out and gave positive thinking. Fin eithery take up to thank my family and friends for unbelievable supports and encouragements.AbstractAs we be in the selective randomness eon the world is changing to expend electronic sum for sidereal day to day practice session. The piece text files is g unitary and loadedly of them ar paper bleak beca persona of so m whatever evidences much(prenominal)(prenominal)(prenominal) as pollutio n, easy, fast, and so forthAt the equal sentence this digital media has avai science laboratoryility, scal exp one and scarce(a)nt, confidentiality and integrity which atomic number 18 compulsory behaviour for beneficial communication. The guess is increase with the increase of entropy exploitor and digital mode practise and the virtuoso surety measure dealiness whitethorn cause vast losses. at that place ar whatsoever(prenominal) surveys says most of the crimes be happening by dint of electronic subject matter and the tar become is tuition puzzle outing constitution or ready reckoner peripherals. If the attacker name a single ho do lack that is enough to simoleons and recrudesce the full clay and the auspices lack could be configuration luxate, onrushw whole moment and fundament whollyy problems in the hold dearion mechanism. Because of these priming coats interrogatory become genuinely importpismire and this surgical mathematical p rocess c each(a)ed as take stocking. in that location atomic number 18 so m solely(prenominal) references in the occupying and this scrutinizeing requires skillful populateledge to dupe these ravels unblemished and to tump everyplace an passelvass treat including pinchs. The inspecting go into deuce master(prenominal) categories such as Automatic and manual. The block out im spot be efficient if it is automated employ experimenting tools which atomic number 18 c altogethered as automated or computerised canvass. Even though in that location be much(prenominal) or less(prenominal) rivulets howevert end non be automated and indigence to test manu bothy.This scrutiniseing c bothwheres net lop credentials test, bodily or environment warranter measures measures test, computer security test which includes bundle package and computer hardw be tests. The computerised test tolerate for deport on with meverywhat security tools and the man ual offend use questioner to minimise variety-hearted straighten out errors main(prenominal)ly forgetting. shelter take stock is the expert assessment of the plentifulnession or corpse. The assessment whitethorn be manual or opinionated or both. In most case the movevassed accounting process uses manual and governing bodyatic/ automaton homogeneous methods because thither ar some tests digest non be automatic such as check into of the security insurance, asset heed, etcThis examineing has various types such as national or out-of-door. This type is searchs on the order surface and the imaginativeness availability. ordinarily great(p) companies abide their own security attendant so they lead per stratum of gain the canvas indispensablely and the sm every(prenominal) and medium size companies broadly hire tender form out-of-door. Both types got pros and cons in security and monetary manor.Chapter 1IntroductionThis chapter bear-sizedly cont ains non-technical yarn to give the apprehensiveness of high-pitched take aim objectives. Also describe the proficiencys and techno poundies used in the barf and research to accomplish the project ObjectiveAuditThe analyze is a dogmatic or manual security assessment of the vane, infrastructure, constitution, etc The complete scrutinise should be the com put ination of manual and automatic assessment because in ein truth test target there give be some test can non be automatic. The study has so m all categories and the following paragraph pull up stakes beg off active the categories and the pass a flairs or techniques behind that. there be 3 throws in the analyzeing process which arePr up to nowtive go outThe stayive comprises are controls may in the form of computer bundle package program program product system or hardware or ant configuration to pr upshot the error or vulnerabilities. This is an active type control al federal agencys monitor the in terface for each vulnerabilities and block such vulnerabilities or errors to begin with it count on into the system or infrastructure. This is most effectual control mechanism because non allows the vulnerabilities.Detective controlThe findives are in de callined to monitor the vulnerabilities in the form of software or hardware solo if when the several(predicate) between preventive and detective is the preventive substance abuse allow the vulnerabilities into the system where detective allows entering everything and correcting the vulnerabilities after(prenominal) enter. The best example is for this control is fire alarm because fire alarm wont prevent the fire before but if any fire it go out lend. nonindulgent controlsThe tonic controls are the controls to correct the error or come to the fore before it insert any harm. This is very distinguished control for all places even if they pick up otherwise controls because there are some issues or vulnerabilities cannot detect by the controls if they go a instruction come and attack so there should be some control to correct those before loss materialise. Addition to that the controls should up to hear such as up-to-the-minute firmware or latest definition. sign of attendees on that point are devil grass ascendants types of listeners in the selective information era the internal and orthogonal analyzeors. This plectron of the listener pull up stakes be through by the management with the use of financial status of the lineup. sizing of the organisation and the policies circumscribed in the company.Internal auditorsInternal auditors are auditors decease to that exceptional company which is going to coif the audit. That means the auditor is an employee of the company. So the auditor is forever and a day lendable to do the auditing and data or tuition allow foring keep within the organisation. This is the main advantage of having the internal auditor and the banneriz ed clipping and the employee exercisely recruited for auditing so is cost a lot for the company. So it is only possible for the big train companies because they consider huge investments and revenue. The injury of the internal auditor is they may be up-to- hear and dont have menstruum market or audit status such as raw(a) techniques and tools.External auditorsThe auditor recruited from other auditing firm for the auditing so it is very hard to find professional auditor because of the availability and as the auditor recruited from outside the company tuition may go out. At the kindred measure the auditor charters some time to get and empathize the company process. But the advantage of recruiting the external auditor is their knowledge and it is satisfactory for in-between and small level companies.Types of AuditTraditional AuditIt is unspoiled equivalent a manual auditing. It is utile when traveling with a large keep down of data in a large company. hither auditor took some sample data from contrary place thusly add a fib.AdvantageEasyCheaperDisadvantageAl commissions do not provide correct information.In IT sector it is not useful. software audit software program audit is a spacious popular for any educational institute or organization. It is upright like a review of the software and the system that can find all information of the system such as operating(a) system, drill software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main hitch dialog box, memory models, local drive volumes, net sour drives, printers information etc.. There are so some auditing tools in the market such as Belarc Advisor, E-Z audit that are very provide full. KW116 is the main research lab for school day of figure and mathematical science in University of Greenwich. CMS installed separate of software for learners to get over study or research. According to Copy right, Design and Patents Act 1988, all packet must have a valid licences to maintain the process. As science lab uses large sum up of software and varied software back up on polar time so it is very difficult for lab executive director to keep up to date all licence by manually go offs. Only auditing by software can possible to give dilate paper to administrator to keep up safe the system.Advantages reprobate reading Machine invariably provide the correct information so it has less prognosis to provide the incorrect information.Save time Software very quickly provides a tale of the system so it saves time. detail comment It provide a details description of system including any specimen or licences issues etcMinimise the cost By implementing the software audit two throngs fake may possible with one people so it abbreviate the extra cost.DisadvantagesInvestment monetary valuely Software is very high-priced so university need extra money to buy this software.Risk tender knows the details information o f the system.Work flow Auditor needs part of the lab to check the system. So it dis strains the school-age child workflow.The approachThe typical audit has divergent approach to put on the data. The single audit go out use treble techniques to gather full information and it is needed to use different technique for different level of people. These are common techniques here.InterviewThis technique uses to lay in the information from outside people or top level people and the number should be limited. During the interview the auditor or interviewer leave implore questions from other people and collect the information. So the person volition be well prepared for the interview. This is very hardy method because it will allow people to express richly and the method also childlike as it is talking which is indispensable way to communicate. Another advantage is this bi guiding communication, means both parties allows to ask questions for clarification or gather information.w atchingThis method uses in the place where real time process monitor or behavioural change is required. This is a powerful way of do the changes throughout the audit because other techniques exist in presently not possible to get real time information.InspectionThe technique required to do some action with poised data to collect audit related to information. This is the form of utterance with advance criteria expected. This is extended magnetic declination of observation because if the auditor apply any advance criteria to gather the data which is necessary to the auditing. afterwards collecting the data the bordering step is to rate the flunk and process it. The localiseing is the distinguish work in the audit and after that categorising. The identifying uses some techniques to fool that easy, preface and professional. The techniques used here are reference cause psychoanalysisGeneral technique for analyse and get the better consequence for the vulnerability or weaknes s. Because this technique drilldowns to the issue and finds the solvent and work the weakness. The elementary technique behind this is if the root is pileed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to stop the issues exist and the issues may come in the future.After root cause analysis the next step is to get the radical for the root of the issue. The Copernican thing here is choosing better and effective firmness of object for the issue. The selection depends on some external and internal restrictions.Organisation form _or_ system of governmentCost per benefitLegal restrictionsAvailabilityCompatibilityVendor and citificationAdvantage of having Auditing pleasure It brings the authorization of the Lab administrator of the University of Greenwich to continue the ancestry process. Owner forever and a day thinks is there any lack that breaks down the persistence of the stemma .Detection and streak of errors valet can made error in any generation .on one can say there is no error in there company. By auditing people can find the error and suggestion to remember the error.Detection and prevention of fraud It also just likes errors. sometimes exploiter innovationionally or unintentionally does this thing. So after audit we can find out the fraud.Verification of the Licences KW116 Lab installs lots of software for student. put forward some software for 1 year some software for much than one year and some software has limitation (No. Of drug drug substance ab drug user can use) for use. So auditor can find all kind of licence issues.Independent opinion Audit always done by the autarkic people .so this report always accepted by everyone. precaution form exploitation Health and safety always is a big issue for any organization. KW116 Lab got lots of equipment that are connected with electricity. So always chances for short circuit or exploitation. Audit identifies the all lack agitate and advice for prevention.Disadvantage of having AuditingIt is expensiveSometimes slow or stop the work flowExternal people know the company information. encodingencryption is the simple technique in the different for to send the date unwaveringly through shared place like internet. The form of encryption may vary from each other but they all normally use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from tangible message. The cipher text is not vindicated and it is the encrypted version of the massage apply some algorithm.Security roles/user rolesThe security roles are very important technique to make net income memorial tablet easy. This is basically creating some groups with different licences according to the organisation procedure or policy. A user or staff can have seven-fold security roles according to their need. This roles use to exonerate the user permission.Security policySec urity policy is a put down which has all rules and regulations magnetic disk and authorize by management and align with laws and legislation. This policy is used to define all activities and this is used to make some decision.Business ContinuityThere are ternion things always we have to mind to continue the line of merchandise immanent to running the business any customer order cannot be hold water more than seven days.Tolerate delay some employment may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks.Discretionary some application is useful for business but it is not affected to continue the business feat such as management report. It is a long term i.e. 3 to 6 months.Business continuity planBusiness continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of endangerment to continue the business process that force occur in the organization and it also make outs the policies, plan and procedures to snub the risk. BCP can continue the business process in incident prudishty as well. The main goal of the BCP is to combine together all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operationContinue the business in necessity situationReduce the riskIf any situation BCP cannot take over then Disaster re exserty planning (DRP) takes over.British Auditing StandardBS7799It is a British warning called as BS7799 that shooted by British standard understructure where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after evaluate the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to pro tect the information from threats and suggest the three points to secure the information such as virtue it is self-assurance the completeness and accuracy of the information.Confidentiality Information can only annoy by the overtake peopleAvailability Authorise people can admission price the information when needed.Attacks and prevention for the attacksErrors and OmissionsErrors and Omission is one of the most common and toughest vulnerabilities .It is a clement made error because mankind interact with schedule, controlling and enter data for computer. There are no countermeasures to protect the errors and omission. baloney and thieveryIt is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, CPU box etc. It was dis care fored that security person always not in the irritate point. So it is harm to secure the lab from fraud and larceny. By protect the entry control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities.measure of Fraud and theftRegular auditing and monitoring program will help to identify all kind of fraud and theft.Deploy all of the access control.CCTV in proper place.VirusVirus is a cattish code that has ability to upchuck his code itself and distribute one system to other system via e-mail, downloading, remembering devices (CD, DVD, memory stick, remotion hard drive) and destroy the computer system. It was find that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop computer and connected to the university wireless network. If user laptop naturalized with virus then it also change to spread the lab network that can affect the internal network and attack the legion and fragment the hard drive. ginmillInstall the latest antivirus software.Regular upda te the antivirus software. borrow the backup procedures on a regular basis. skim over the device when transfer data.Installing the NIDS ( engagement rape staining system) and firewallMinimise the download from internet.Download only repudiated site web site. watch before the download.Care full to open unusual e-mail attach.Scan all incoming shoot down from the removed(p) site. awake the user round danger of the virus.Trap-doorsIt is an undocumented command that faculty user can create to speed up the work flow. Unfortunately sometimes student might leave these trap-doors. barroom of Trap-doors utilization latest antivirus software.Give permission to develop the code only authorise people.Check properly all coding before use it.Logic bombsIt work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are strong enough to physical body the system of logic bombs. It is normally happen in company if employee leaves the job.PreventionAudit regularly and monitoringAlways back up the necessary file abandon authorise people to develop the codeNeed record of all modification or changesTrojan HorsesIt is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system.PreventionAvoid uncalled-for software and music download from internet.Aware the user some Trojan Horses. bend torrid also is a malicious code that can spread itself without any human involvement from one system to another system .It full treatment only computer network system and does not need any devices to transport.PreventionUse firewallUse update antivirus softwareSpywareIt is an unwanted software interface that monito rs the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities.AdwareIt is also similar to spyware but it does not intent to transfer the user details to a remote system. It works like advertisements on the internet. Some adware monitor the searching behaviour of the user and then redirect the related websites.Prevention of Adware /SpywareClose the pop up window.Aware about the spyware/adware.Click only reputed link. kindly Engineering closely of the users are getting unknown mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by sending the mail or chatting with people to know the password. So it is a major risk to the security of the password.Prevention non solution the unknown mail.Not chatting with unknown people.Dont give any one in the flesh(predicate) information or login id.Prope r training or sensitive the newly user about social engineering.Ping of death we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP circumstantialation. So they try to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system.Dumpster diving Every day Lab user opinion there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always visualize at the bin and find the necessary document to access the network.Prevention ruin all documents before put in a bin ingrained disastersIf anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for K W116 lab. It may cause from heater, power supply, over heating the power box, short circuit etc. natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information.Prevention quest after the health and safety procedures.Clear the fire exit.Aware the user about possible disaster.Man-Made DisastersIf anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and big businessman Outages etc.PreventionCheck always ID cardAllow only authorise peopleUse metal detectorCCTVEquipment failureStudents are always busy with their course work and other course related work so equipment failure may loss the all data.PreventionUse extra UPSBack up all dataAuditing Stages/ steps range of a function and Pre-Audit surveyPlanning field of operation work abridgment c onsiderage eye socket and Pre-AuditingThe first step or symbolize of the audit is to deduct the aspiration of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the root word why this audit needs to consummate means any surplus risk assessment or yearly audit. If it is special risk assessment audit this will be more specific and the scope will be narrow and deep other than if it is annual audit it will be the general audit to cover as much as possible area.Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, background reading, etc This will reduce the chance of failure by correcting the plan by lesson learned.Planning and readinessIn this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage wil l involve the work disruption plan and risk control ground substance. The risk control matrix is just a check list contains questions to carry out during the audit.Field workActual auditing will perform during this stage by different techniques or methods. Simply it starts with interviewing staff or students using questioner or oral examination interview to system or network test by auditing software tools. The result of this stage will be the evidence of the audit to get a conclusion or table to the management with audit report. So this will be the most important stage in the audit process.This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. Actually those are virus and the argue of making virus in the form of auditing tools. The reason of spread head the virus in the form of auditing or testing tool is very easy and hart to detect.AnalysisUsing the evidences or any results collected in the previous stage are the input of this stage. This stage is fully analysis and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that should be perfect otherwise the audit is ineffectual and it will lead to make some wrong decision.ReportingThe stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the high level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision.Problem creationB ecause of the increased use of university of Greenwich KW116 lab the chances of threats or issues are high and this is the office of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs.Easiest way to ensure the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etcThere are so many ways to make sure the security level such as perceptiveness testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab.So the auditing will cover most of the areas of the lab with the aid of standard checklist which is sanctioned by British Standard Institute.Test behind the auditingPhysical testNetwork testSoftware TestSecurity Policy test hardware/Peripherals testAccess control testObjectivesTo judge the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab.Activitiesplan and schedule the auditAuditing with software toolsAnalysis audit resultDeliverableDetailed audit report with suggestions and recommendationThis is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities.To evaluate various methods of impl ementing the security policy, determine the security weaknesses and implement risk management for the breathing security weaknesses.University lab security policy reviewAnalysisDeliverableDetailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement. visit Audit and Audit process and practice auditing and Research auditing products available in the market and select appropriate.This problem is fully learning about audit and audit related stuffs.This objective is the key or methamphetamine hydrochloride of this project because if project start without proper knowledge that will pervert to somewhere else not to project aim.To draft a new security policy that addresses the existing weakness to the management.According to the analysis draft a security policy to fix or overcome all existing security holes.DeliverableDraft security policyHow the objectives will be achieved third gear and fourth objectives will be achieved with books and internet. This objective will give the idea about auditing the outcome of this objective will be a sustenance which contains all requirements which need to cover in this project.The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for this research as it is easy to access and with wide range of data.Tools which identified from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. broadly these tools will be freeware and from well-known vendor.The auditing will perform in three different views to make sure the area is secured fully. The views are at bottom computer local network, outside computer local network, outside computer different network.Audit MethodologyThis project uses two different methodologies to accomplis h the task such as checklist and questioner. The check list is an aid for the auditor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion.The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents arePhysical Security/ ESecurity Forensics and Risk ManagementSecurity Forensics and Risk ManagementAcknowledgementForemost I would like say thanks to god for all support in all my life and secondly University of Greenwich to give this my life aim to complete my masters. Next my supervisor Professor Kevin Parrott to the supports he gave b ecause without his support I wouldnt be able to complete my project with this quality. Especially the suggestions and appreciation given my supervisor make me feel better and gave positive thinking. eventually need to thank my family and friends for unbelievable supports and encouragements.AbstractAs we are in the information era the world is changing to use electronic means for day to day use. The paper documents is gone and most of them are paper free because of so many reasons such as pollution, easy, fast, etc At the same time this digital media has availability, scalability, confidentiality and integrity which are required behaviour for secure communication. The risk is increased with the increase of computer and digital means usage and the single security lack may cause huge losses.There are some surveys says most of the crimes are happening through electronic means and the target is computer or computer peripherals. If the attacker found a single security lack that is enough to start and break the whole system and the security lack could be configuration mistake, firewall issue and basically problems in the protection mechanism. Because of these reasons testing become very important and this process called as Auditing.There are so many types in the auditing and this auditing requires technical knowledge to make these tests perfect and to give an audit report including suggestions. The auditing falls into two main categories such as Automatic and manual. The test will be efficient if it is automated using testing tools which are called as automated or computerised test. Even though there are some tests cannot be automated and need to test manually.This auditing covers network security test, physical or environment security test, computer security test which includes software and hardware tests. The computerised test will carry on with some security tools and the manual will use questioner to minimise human made errors mainly forgetting.Security audit is the technical assessment of the application or system. The assessment may be manual or regular or both. In most case the auditing process uses manual and systematic/ automatic methods because there are some tests cannot be automatic such as review of the security policy, asset management, etcThis auditing has different types such as internal or external. This type is depends on the company size and the resource availability. Usually big companies have their own security auditor so they will perform the audit internally and the small and medium size companies mostly hire auditor form outside. Both types got pros and cons in security and financial manor.Chapter 1IntroductionThis chapter largely contains non-technical information to give the understanding of high level objectives. Also describe the techniques and technologies used in the project and research to accomplish the project ObjectiveAuditThe audit is a systematic or manual security assessment of the network, infrastructure, system, etc The complete audit should be the combination of manual and automatic assessment because in every test target there will be some test cannot be automatic. The audit has so many categories and the following paragraph will explain about the categories and the functions or techniques behind that. There are 3 controls in the auditing process which arePreventive controlThe preventive controls are controls may in the form of software or hardware or ant configuration to prevent the error or vulnerabilities. This is an active type control always monitor the interface for any vulnerabilities and block such vulnerabilities or errors before it enter into the system or infrastructure. This is most effective control mechanism because not allows the vulnerabilities.Detective controlThe detectives are in placed to monitor the vulnerabilities in the form of software or hardware but the different between preventive and detective is the preventive wont allow the vulnerabilities into the s ystem where detective allows entering everything and correcting the vulnerabilities after enter. The best example is for this control is fire alarm because fire alarm wont prevent the fire before but if any fire it will work.Corrective controlsThe corrective controls are the controls to correct the error or issue before it make any harm. This is very important control for all places even if they have other controls because there are some issues or vulnerabilities cannot detect by the controls if they will come and attack so there should be some control to correct those before loss occur. Addition to that the controls should up to date such as latest firmware or latest definition.Type of auditorsThere are two basic types of auditors in the information era the internal and external auditors. This selection of the auditor will be done by the management with the use of financial status of the organisation. Size of the organisation and the policies defined in the company.Internal auditor sInternal auditors are auditors belong to that particular company which is going to perform the audit. That means the auditor is an employee of the company. So the auditor is always available to do the auditing and data or information will keep within the organisation. This is the main advantage of having the internal auditor and the same time and the employee purposely recruited for auditing then is cost a lot for the company. So it is only possible for the big level companies because they have huge investments and revenue. The disadvantage of the internal auditor is they may be up-to-date and dont have current market or audit status such as new techniques and tools.External auditorsThe auditor recruited from other auditing firm for the auditing so it is very hard to find professional auditor because of the availability and as the auditor recruited from outside the company information may go out. At the same time the auditor needs some time to get and understand the company process . But the advantage of recruiting the external auditor is their knowledge and it is suitable for middle and small level companies.Types of AuditTraditional AuditIt is just like a manual auditing. It is useful when working with a large amount of data in a large company. Here auditor took some sample data from different place then provide a report.AdvantageEasyCheaperDisadvantageAlways do not provide correct information.In IT sector it is not useful.Software auditSoftware audit is a wide popular for any educational institute or organization. It is just like a review of the software and the system that can find all information of the system such as operating system, application software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main circuit board, memory models, local drive volumes, network drives, printers information etc.. There are so many auditing tools in the market such as Belarc Advisor, E-Z audit that are very power full. KW116 i s the main Lab for school of computing and mathematical science in University of Greenwich. CMS installed lots of software for students to continue study or research. According to Copy right, Design and Patents Act 1988, all Software must have a valid licences to continue the process. As Lab uses large amount of software and different software expire on different time so it is very difficult for Lab administrator to keep up to date all licence by manually checks. Only auditing by software can possible to give details report to administrator to keep up safe the system.AdvantagesCorrect Information Machine always provide the correct information so it has less chance to provide the incorrect information.Save time Software very quickly provides a report of the system so it saves time.Details description It provide a details description of system including any warning or licences issues etcMinimise the cost By implementing the software audit two peoples work may possible with one people so it reduce the extra cost.DisadvantagesInvestment Costly Software is very expensive so university need extra money to buy this software.Risk Auditor knows the details information of the system.Work flow Auditor needs part of the lab to check the system. So it discontinues the student workflow.The approachThe typical audit has different approach to collect the data. The single audit will use multiple techniques to gather full information and it is necessary to use different technique for different level of people. These are common techniques here.InterviewThis technique uses to collect the information from outside people or top level people and the number should be limited. During the interview the auditor or interviewer will ask questions from other people and collect the information. So the person will be well prepared for the interview. This is very robust method because it will allow people to express fully and the method also simple as it is talking which is natural way to com municate. Another advantage is this bi directional communication, means both parties allows to ask questions for clarification or gather information.ObservationThis method uses in the place where real time process monitoring or behavioural change is required. This is a powerful way of do the changes throughout the audit because other techniques exist in currently not possible to get real time information.InspectionThe technique required to do some action with collected data to collect audit related information. This is the form of observation with advance criteria expected. This is extended version of observation because if the auditor apply any advance criteria to gather the data which is necessary to the auditing.After collecting the data the next step is to identify the weakness and process it. The identifying is the key work in the audit and after that categorising. The identifying uses some techniques to make that easy, preface and professional. The techniques used here areRoot cause analysisGeneral technique for analyse and get the better solution for the vulnerability or weakness. Because this technique drilldowns to the issue and finds the root and fix the weakness. The basic technique behind this is if the root is fixed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to stop the issues exist and the issues may come in the future.After root cause analysis the next step is to get the solution for the root of the issue. The important thing here is choosing better and effective solution for the issue. The selection depends on some external and internal restrictions.Organisation policyCost per benefitLegal restrictionsAvailabilityCompatibilityVendor and citificationAdvantage of having AuditingSatisfaction It brings the confidence of the Lab administrator of the University of Greenwich to continue the business process. Owner always thinks is there any lack that brea ks down the continuity of the business.Detection and prevention of errors Human can made error in any times .on one can say there is no error in there company. By auditing people can find the error and suggestion to recover the error.Detection and prevention of fraud It also just likes errors. Sometimes user intentionally or unintentionally does this thing. So after audit we can find out the fraud.Verification of the Licences KW116 Lab installs lots of software for student. Here some software for 1 year some software for more than one year and some software has limitation (No. Of user can use) for use. So auditor can find all kind of licence issues.Independent opinion Audit always done by the independent people .so this report always accepted by everyone.Safety form exploitation Health and safety always is a big issue for any organization. KW116 Lab got lots of equipment that are connected with electricity. So always chances for short circuit or exploitation. Audit identifies the al l lack point and advice for prevention.Disadvantage of having AuditingIt is expensiveSometimes slow or stop the work flowExternal people know the company information.EncryptionEncryption is the simple technique in the different for to send the date securely through shared place like internet. The form of encryption may vary from each other but they all commonly use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from actual message. The cipher text is not readable and it is the encrypted version of the massage using some algorithm.Security roles/user rolesThe security roles are very important technique to make network administration easy. This is basically creating some groups with different permissions according to the organisation operation or policy. A user or staff can have multiple security roles according to their need. This roles use to authorise the user permission.Security policySecurity policy is a document which has all rules a nd regulations documented and approved by management and align with laws and legislation. This policy is used to define all activities and this is used to make some decision.Business ContinuityThere are three things always we have to mind to continue the businessEssential to running the business any customer order cannot be delay more than seven days.Tolerate delay some application may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks.Discretionary some application is useful for business but it is not affected to continue the business operation such as management report. It is a long term i.e. 3 to 6 months.Business continuity planningBusiness continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of risk to continue the business process that might occur in the organization and it also creates the policies, plan and procedures to reduce the risk. BCP can continue the business process in disaster situation as well. The main goal of the BCP is to combine together all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operationContinue the business in emergency situationReduce the riskIf any situation BCP cannot take over then Disaster recovery planning (DRP) takes over.British Auditing StandardBS7799It is a British standard called as BS7799 that developed by British standard institution where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after accepting the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to protect the information from threats and suggest the three points to secure the information suc h as Integrity it is assurance the completeness and accuracy of the information.Confidentiality Information can only access by the authorise peopleAvailability Authorise people can access the information when needed.Attacks and prevention for the attacksErrors and OmissionsErrors and Omission is one of the most common and toughest vulnerabilities .It is a human made error because human interact with programming, controlling and enter data for computer. There are no countermeasures to protect the errors and omission.Fraud and theftIt is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, CPU box etc. It was observed that security person always not in the access point. So it is harm to secure the lab from fraud and theft. By protecting the access control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities.Prevention of Fraud and th eftRegular auditing and monitoring program will help to identify all kind of fraud and theft.Deploy all of the access control.CCTV in proper place.VirusVirus is a malicious code that has ability to reproduce his code itself and spread one system to another system via e-mail, downloading, storage devices (CD, DVD, memory stick, removal hard drive) and destroy the computer system. It was observed that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop and connected to the university wireless network. If user laptop effected with virus then it also change to spread the lab network that can affect the internal network and attack the server and crash the hard drive.PreventionInstall the latest antivirus software.Regular update the antivirus software.Follow the backup procedures regularly.Scan the device when transfer data.Installing the NIDS (Network Intrusion detect ion system) and firewallMinimise the download from internet.Download only repudiated site web site.Scan before the download.Care full to open unknown e-mail attach.Scan all incoming file from the remote site.Aware the user about danger of the virus.Trap-doorsIt is an undocumented command that might user can create to speed up the work flow. Unfortunately sometimes student might leave these trap-doors.Prevention of Trap-doorsUse latest antivirus software.Give permission to develop the code only authorise people.Check properly all coding before use it.Logic bombsIt work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are strong enough to build the logic bombs. It is normally happen in company if employee leaves the job.PreventionAudit regularly and monitoringAlways back up the necess ary fileAllow authorise people to develop the codeNeed record of all modification or changesTrojan HorsesIt is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system.PreventionAvoid unwanted software and music download from internet.Aware the user about Trojan Horses.WormWarm also is a malicious code that can spread itself without any human involvement from one system to another system .It works only computer network system and does not need any devices to transport.PreventionUse firewallUse update antivirus softwareSpywareIt is an unwanted software interface that monitors the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities.AdwareIt is also similar to spyware but it does not intent to transfer t he user details to a remote system. It works like advertisements on the internet. Some adware monitor the searching behaviour of the user and then redirect the related websites.Prevention of Adware /SpywareClose the pop up window.Aware about the spyware/adware.Click only reputed link.Social Engineering Most of the users are getting unknown mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by sending the mail or chatting with people to know the password. So it is a major risk to the security of the password.PreventionNot response the unknown mail.Not chatting with unknown people.Dont give any one personal information or login id.Proper training or aware the new user about social engineering.Ping of death we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP specification. So they try to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system.Dumpster diving Every day Lab user printing there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always look at the bin and find the necessary document to access the network.PreventionDestroy all documents before put in a binNatural disastersIf anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for KW116 lab. It may cause from heater, power supply, over heating the power box, short circuit etc. Natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information.PreventionFollow the health and saf ety procedures.Clear the fire exit.Aware the user about possible disaster.Man-Made DisastersIf anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and Power Outages etc.PreventionCheck always ID cardAllow only authorise peopleUse metal detectorCCTVEquipment failureStudents are always busy with their course work and other course related work so equipment failure may loss the all data.PreventionUse extra UPSBack up all dataAuditing Stages/StepsScope and Pre-Audit surveyPlanningField workAnalysisReportingScope and Pre-AuditingThe first step or stage of the audit is to understand the purpose of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the idea why this audit needs to perform means any special risk assessment or annual audit. If it is special risk assessment aud it this will be more specific and the scope will be narrow and deep otherwise if it is annual audit it will be the general audit to cover as much as possible area.Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, background reading, etc This will reduce the chance of failure by correcting the plan by lesson learned.Planning and PreparationIn this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage will involve the work breakdown plan and risk control matrix. The risk control matrix is just a check list contains questions to carry out during the audit.Field workActual auditing will perform during this stage by different techniques or methods. Simply it starts with interviewing staff or students using questioner or oral interview to system or network tes t by auditing software tools. The result of this stage will be the evidence of the audit to get a conclusion or submit to the management with audit report. So this will be the most important stage in the audit process.This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. Actually those are virus and the reason of making virus in the form of auditing tools. The reason of spreading the virus in the form of auditing or testing tool is very easy and hart to detect.AnalysisUsing the evidences or any results collected in the previous stage are the input of this stage. This stage is fully analysis and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that sho uld be perfect otherwise the audit is useless and it will lead to make some wrong decision.ReportingThe stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the higher level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision.Problem DomainBecause of the increased use of university of Greenwich KW116 lab the chances of threats or issues are high and this is the responsibility of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs.Easiest way to ensure the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etcThere are so many ways to make sure the security level such as penetration testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab.So the auditing will cover most of the areas of the lab with the aid of standard checklist which is approved by British Standard Institute.Test behind the auditingPhysical testNetwork testSoftware Test Security Policy testHardware/Peripherals testAccess control testObjectivesTo evaluate the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab.Activitiesplan and schedule the auditAuditing with software toolsAnalysis audit resultDeliverableDetailed audit report with suggestions and recommendationThis is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities.To evaluate various methods of implementing the security policy, determine the security weaknesses and implement risk management for the existing security weaknesses.University lab security policy reviewAnalysisDeliverableDetailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement.Learn Audit a nd Audit process and practice auditing and Research auditing products available in the market and select appropriate.This task is fully learning about audit and audit related stuffs.This objective is the key or starter of this project because if project start without proper knowledge that will mislead to somewhere else not to project aim.To draft a new security policy that addresses the existing weakness to the management.According to the analysis draft a security policy to fix or overcome all existing security holes.DeliverableDraft security policyHow the objectives will be achievedThird and fourth objectives will be achieved with books and internet. This objective will give the idea about auditing the outcome of this objective will be a documentation which contains all requirements which need to cover in this project.The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for th is research as it is easy to access and with wide range of data.Tools which identified from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. Mostly these tools will be freeware and from well-known vendor.The auditing will perform in three different views to make sure the area is secured fully. The views are inside computer local network, outside computer local network, outside computer different network.Audit MethodologyThis project uses two different methodologies to accomplish the task such as checklist and questioner. The check list is an aid for the auditor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion.The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents arePhysical Security/ E