Security Forensics and Risk Management

Security Forensics and Risk perplexityAcknowledgementFore well-nigh I would worry vocalise thanks to god for e very(prenominal)(prenominal) support in only my life sentence and secondly University of Greenwich to go by this my life aim to complete my masters. Next my supervisor prof Kevin Parrott to the supports he gave beca practice session without his support I wouldnt be able to complete my disgorge with this quality. Especially the insinuations and appreciation ingestn my supervisor curb me feel better(p) and gave overconfident thinking. Finally requisite to thank my family and friends for unbelievable supports and encouragements.AbstractAs we argon in the info era the world is changing to use of goods and services electronic agency for twenty-four hour period to day use. The motif documents is g mavin and well-nigh of them argon paper free because of so m each reasons much(prenominal) as pollution, late, fast, etc At the same prison term this digital medi a has avai experience research laboratoryility, scalability, confidentiality and integrity which atomic number 18 required deportment for secure communication. The fortune is increased with the increase of data procedureor and digital core usage and the single warrantor escape whitethorn cause huge losses.There argon nigh surveys says approximately of the crimes argon spending through electronic means and the tar grow is figurer or reckoner peripherals. If the attacker found a single protection measure lack that is enough to start and break the whole establishment and the bail lack could be configuration mis go through, firewall issue and prefatorialally problems in the protection mechanism. Because of these reasons interrogatory become in truth important and this process called as canvassing.There are so mevery types in the visiting and this analyzeing requires technical knowledge to execute these running games perfect and to give an shadowervass overla y including suggestions. The studying falls into twain main categories such as autoloading(prenominal) and manual. The adjudicate result be economical if it is automated using test utensils which are called as automated or computerised test. Even though thither are nearwhat tests cannot be automated and subscribe to test manually.This size uping covers net mesh pledge test, carnal or environment shelter test, computer credentials test which includes packet package and hardware tests. The computerised test entrust carry on with some aegis tools and the manual pull up stakes use questioner to minimise sympathetic made delusions familiarly forgetting.Security take stock is the technical judging of the finishing or getation. The estimation may be manual or dodgingatic or both. In intimately case the size uping process uses manual and systematic/ automatic orders because there are some tests cannot be automatic such as review of the security indemnity , summation oversight, etcThis auditing has antithetical types such as knowledgeable or outside. This type is depends on the telephoner size and the resource availability. Usually big companies have their own security meeter so they go out get along the audit internally and the less(prenominal)ened and medium size companies mostly hire tender physique outside. Both types got pros and cons in security and fiscal manor.Chapter 1IntroductionThis chapter life-sizedly contains non-technical entropy to give the understanding of noble take objectives. Also describe the techniques and technologies utilize in the intent and research to come across the project Objectiveaudited accountThe audit is a systematic or manual security assessment of the profits, infrastructure, system, etc The complete audit should be the com stash a vogueation of manual and automatic assessment because in e very(prenominal) test target there will be some test cannot be automatic. The audit has so m each categories and the following paragraph will explain almost the categories and the functions or techniques behind that. There are 3 runs in the auditing process which arePreventive controlThe prophylactic controls are controls may in the form of software program or hardware or ant configuration to balk the misplay or vulnerabilities. This is an active type control everlastingly monitor the port wine for any vulnerabilities and block such vulnerabilities or errors before it enter into the system or infrastructure. This is most effective control mechanism because not frees the vulnerabilities.Detective controlThe detectives are in placed to monitor the vulnerabilities in the form of software or hardware simply the unalike between preventive and detective is the preventive wont allow the vulnerabilities into the system where detective allows entering every affaire and constituteing the vulnerabilities after enter. The best mannikin is for this control is fire alarm b ecause fire alarm wont prevent the fire before but if any fire it will field of study. corrective controlsThe disciplinal controls are the controls to correct the error or issue before it appoint any harm. This is very important control for all places even if they have another(prenominal) controls because there are some issues or vulnerabilities cannot detect by the controls if they will come and attack so there should be some control to correct those before loss occur. Addition to that the controls should up to date such as latest firmware or latest definition.Type of auditorsThere are two basic types of auditors in the tuition era the internal and international auditors. This excerpt of the auditor will be done by the management with the use of financial status of the organisation. Size of the organisation and the policies defined in the break openy. intrinsic auditorsInternal auditors are auditors belong to that particular company which is going to set the audit. That m eans the auditor is an employee of the company. So the auditor is always available to do the auditing and data or information will keep within the organisation. This is the main advantage of having the internal auditor and the same time and the employee solvely recruited for auditing indeed is cost a good deal for the company. So it is only thinkable for the big aim companies because they have huge investments and revenue. The in comelyice of the internal auditor is they may be up-to-date and dont have up-to-the-minute market or audit status such as new techniques and tools. otioseneous auditorsThe auditor recruited from other auditing firm for the auditing so it is very hard to take place professional auditor because of the availability and as the auditor recruited from outside the company information may go out. At the same time the auditor necessarily some time to get and understand the company process. But the advantage of recruiting the external auditor is their knowle dge and it is suitable for middle and petty direct companies.Types of AuditTraditional AuditIt is just like a manual auditing. It is useful when operative with a large amount of data in a large company. hither auditor took some sample data from different place then provide a report.AdvantageEasyCheaperDisadvantageAlways do not provide correct information.In IT sector it is not useful.Software auditSoftware audit is a wide fling offular for any educational institute or governing body. It is just like a review of the software and the system that can find all information of the system such as operating system, application software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main circuit board, retentivity models, local drive volumes, net urinate drives, printers information etc.. There are so many auditing tools in the market such as Belarc Advisor, E-Z audit that are very power full. KW116 is the main testing ground for school of c omputing and mathematical science in University of Greenwich. CMS installed lashings of software for savants to continue study or research. According to likeness right, Design and Patents Act 1988, all Software must have a valid crowns to continue the process. As Lab uses large amount of software and different software expire on different time so it is very difficult for Lab administrator to keep up to date all licence by manually checks. Only auditing by software can accomplishable to give details report to administrator to keep up safe the system.AdvantagesCorrect Information Machine always provide the correct information so it has less chance to provide the incorrect information.Save time Software very quickly provides a report of the system so it saves time.Details definition It provide a details description of system including any warning or licences issues etcMinimise the cost By implementing the software audit two peoples work may possible with one people so it reduce the extra cost.Disadvantages enthronisation Costly Software is very expensive so university need extra money to buy this software.Risk Auditor knows the details information of the system.Work melt Auditor needs part of the lab to check the system. So it discontinues the student workflow.The approachThe typical audit has different approach to collect the data. The single audit will use multiple techniques to gather full information and it is necessary to use different technique for different train of people. These are common techniques here. dis cut throughThis technique uses to collect the information from outside people or diadem level people and the number should be limited. During the converse the auditor or interviewer will ask questions from other people and collect the information. So the person will be well prepared for the interview. This is very robust method because it will allow people to express fully and the method to a fault simple as it is talking which is natu ral way to communicate. Another advantage is this bi directional communication, means both parties allows to ask questions for clarification or gather information.ObservationThis method uses in the place where reliable time process monitoring or behavioural variegate is required. This is a powerful way of do the changes throughout the audit because other techniques exist in currently not possible to get real time information.InspectionThe technique required to do some movement with collected data to collect audit think information. This is the form of observation with lift criteria expected. This is extended version of observation because if the auditor apply any make criteria to gather the data which is necessary to the auditing.After collecting the data the next tint is to identify the weakness and process it. The identifying is the key work in the audit and after that categorising. The identifying uses some techniques to make that easy, preface and professional. The techni ques used here are foundation cause outlineGeneral technique for analyse and get the better solution for the vulnerability or weakness. Because this technique drilldowns to the issue and finds the root and assign the weakness. The basic technique behind this is if the root is fixed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to land up the issues exist and the issues may come in the future.After root cause compendium the next step is to get the solution for the root of the issue. The important thing here is choosing better and effective solution for the issue. The selection depends on some external and internal restrictions.Organisation constitutionCost per benefitLegal restrictions availabilityCompatibilityVendor and citificationAdvantage of having AuditingSatisfaction It brings the confidence of the Lab administrator of the University of Greenwich to continue the credit line proc ess. Owner always thinks is there any lack that breaks down the pertinacity of the argumentation.Detection and prevention of errors Human can made error in any times .on one can say there is no error in there company. By auditing people can find the error and suggestion to recover the error.Detection and prevention of fraud It too just likes errors. sometimes drug exploiter intentionally or unintentionally does this thing. So after audit we can find out the fraud.Verification of the Licences KW116 Lab installs dissever of software for student. here(predicate) some software for 1 year some software for more(prenominal) than one year and some software has limitation (No. Of user can use) for use. So auditor can find all winning of licence issues.Independent impression Audit always done by the independent people .so this report always accepted by everyone.Safety form exploitation Health and resort always is a big issue for any organization. KW116 Lab got a great deal of eq uipment that are machine-accessible with electricity. So always chances for short circuit or exploitation. Audit identifies the all lack point and advice for prevention.Disadvantage of having AuditingIt is expensiveSometimes loath or stop the work flowExternal people know the company information.EncryptionEncryption is the simple technique in the different for to convey the date securely through shared place like internet. The form of encoding may vary from each other but they all commonly use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from actual message. The cipher text is not exonerated and it is the encrypted version of the massage using some algorithm.Security roles/user rolesThe security roles are very important technique to make network administration easy. This is essentially creating some groups with different permissions harmonise to the organisation operating theater or policy. A user or staff can have multiple se curity roles according to their need. This roles use to authorise the user permission.Security policySecurity policy is a document which has all rules and regulations documented and love by management and queue up with laws and legislation. This policy is used to define all activities and this is used to make some decision. chore ContinuityThere are trine things always we have to brainiac to continue the handicraftEssential to running the business any customer modulate cannot be delay more than seven days.Tolerate delay some application may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks.Discretionary some application is useful for business but it is not affected to continue the business operation such as management report. It is a long term i.e. 3 to 6 months.Business continuity planningBusiness continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of r isk to continue the business process that might occur in the organization and it also reachs the policies, plan and procedures to reduce the risk. BCP can continue the business process in disaster situation as well. The main goal of the BCP is to combine unneurotic all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operationContinue the business in emergency situationReduce the riskIf any situation BCP cannot take over then Disaster recovery planning (DRP) takes over.British Auditing measuring rodBS7799It is a British stock called as BS7799 that developed by British standard institution where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after pass judgment the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to protect the information from threats and suggest the three points to secure the information such as Integrity it is assurance the completeness and trueness of the information.Confidentiality Information can only access by the authorise peopleavailableness Authorise people can access the information when needed.Attacks and prevention for the attacksErrors and inattentionsErrors and Omission is one of the most common and toughest vulnerabilities .It is a human made error because human interact with computer programming, controlling and enter data for computer. There are no countermeasures to protect the errors and omission. role player and theftIt is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, central processing unit box etc. It was observed that security person always not in the access point. So it i s harm to secure the lab from fraud and theft. By protecting the access control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities. prevention of Fraud and theft continual auditing and monitoring program will help to identify all kind of fraud and theft.Deploy all of the access control.CCTV in decorous place.VirusVirus is a malicious enter that has ability to reproduce his autograph itself and spread one system to another system via netmail, downloading, storage devices (CD, DVD, depot tick, removal hard drive) and destroy the computer system. It was observed that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop and connected to the university wireless network. If user laptop effected with virus then it also change to spread the lab network that can affect the internal network and attack the s erver and crash the hard drive. barroomInstall the latest antivirus software.Regular update the antivirus software.Follow the backup procedures regularly.Scan the device when transfer data. place the NIDS (Network Intrusion detection system) and firewallMinimise the download from internet.Download only repudiated site blade site.Scan before the download.Care full to open nameless e-mail attach.Scan all incoming file from the remote site.Aware the user most danger of the virus.Trap-doorsIt is an undocumented command that might user can create to speed up the work flow. Unfortunately sometimes student might return these trap-doors.Prevention of Trap-doors usage latest antivirus software.Give permission to develop the code only authorise people.Check properly all coding before use it.Logic bombsIt work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are safe enough to build the logic bombs. It is normally happen in company if employee leaves the job.PreventionAudit regularly and monitoringAlways back up the necessary fileAllow authorise people to develop the code collect record of all modification or changesTrojan HorsesIt is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system.PreventionAvoid unwanted software and music download from internet.Aware the user about Trojan Horses.WormWarm also is a malicious code that can spread itself without any human involvement from one system to another system .It works only computer network system and does not need any devices to transport.PreventionUse firewallUse update antivirus softwareSpywareIt is an unwanted software interface that monitors the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities.AdwareIt is also exchangeable to spyware but it does not intent to transfer the user details to a remote system. It works like advertisements on the internet. Some adware monitor the searching behaviour of the user and then redirect the related websites.Prevention of Adware /SpywareClose the pop up window.Aware about the spyware/adware.Click only reputed link.Social Engineering nearly of the users are getting unnoticeable mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by agitateing the mail or chatting with people to know the password. So it is a major risk to the security of the password.PreventionNot response the unknown mail.Not chatting with unknown people.Dont give any one personal information or login id.Proper training or aware the new user about social engineering.Ping of death we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP specialation. So they study to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system.Dumpster diving Every day Lab user printing there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always look at the bin and find the necessary document to access the network.PreventionDestroy all documents before put in a binNatural disastersIf anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for KW116 lab. I t may cause from heater, power supply, over oestrus the power box, short circuit etc. Natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information.PreventionFollow the health and precaution procedures.Clear the fire exit.Aware the user about possible disaster.Man-Made DisastersIf anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and Power Outages etc.PreventionCheck always ID tantaliseAllow only authorise peopleUse metal detectorCCTVEquipment unsuccessful personStudents are always busy with their course work and other course related work so equipment failure may loss the all data.PreventionUse extra UPSBack up all dataAuditing Stages/stairs setting and Pre-Audit survey formulationField work compendReportingScope and Pre-AuditingTh e first step or comprise of the audit is to understand the purpose of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the idea why this audit needs to manage means any special risk assessment or annual audit. If it is special risk assessment audit this will be more specific and the scope will be narrow and deep otherwise if it is annual audit it will be the general audit to cover as much as possible area.Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, undercoat reading, etc This will reduce the chance of failure by correcting the plan by lesson learned.Planning and PreparationIn this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage will involve the work breakdown plan and risk control mat rix. The risk control matrix is just a check list contains questions to carry out during the audit.Field workActual auditing will perform during this stage by different techniques or methods. exclusively it starts with interviewing staff or students using questioner or oral interview to system or network test by auditing software tools. The result of this stage will be the evidence of the audit to get a culmination or submit to the management with audit report. So this will be the most important stage in the audit process.This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. rattling those are virus and the reason of making virus in the form of auditing tools. The reason of spreading the virus in the form of auditing or testing tool is very easy and hart to detect.AnalysisUsing the evidences or any results c ollected in the previous stage are the input of this stage. This stage is fully analytic thinking and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that should be perfect otherwise the audit is useless and it will lead to make some wrong decision.ReportingThe stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the higher level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision. difficulty DomainBecause of the increased use of university of Greenwich KW116 lab t he chances of threats or issues are high and this is the responsibility of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs.Easiest way to come across the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etcThere are so many ways to make sure the security level such as penetration testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab.So the auditing will cover most of the areas of the lab with the aid of standard checklist which is approved by British Standard Institute.Test behind the auditingPhysical testNetwork testSoftware TestSecurity Policy testcomputer hardware/Peripherals testAccess control testObjectivesTo evaluate the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab.Activitiesplan and schedule the auditAuditing with software toolsAnalysis audit resultdeliverableDetailed audit report with suggestions and recommendationThis is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities.To evaluate various methods of implementing the security policy, envision the secur ity weaknesses and implement risk management for the existing security weaknesses.University lab security policy reviewAnalysisDeliverableDetailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement.Learn Audit and Audit process and practice auditing and look into auditing products available in the market and select appropriate.This task is fully eruditeness about audit and audit related stuffs.This objective is the key or appetizer of this project because if project start without proper knowledge that will direct to somewhere else not to project aim.To draft a new security policy that addresses the existing weakness to the management.According to the analysis draft a security policy to fix or overcome all existing security holes.DeliverableDraft security policyHow the objectives will be achievedThird and poop objectives will be achieved with books and internet. This objective will give the idea about auditing the moment of this objective will be a documentation which contains all requirements which need to cover in this project.The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for this research as it is easy to access and with wide range of data.Tools which identified from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. Mostly these tools will be freeware and from well-known vendor.The auditing will perform in three different views to make sure the area is secured fully. The views are inside computer local network, outside computer local network, outside computer different network.Audit MethodologyThis project uses two different methodologies to accomplish the task such as checklist and questioner. The check list is an aid for the audi tor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion.The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents arePhysical Security/ ESecurity Forensics and Risk ManagementSecurity Forensics and Risk ManagementAcknowledgementForemost I would like say thanks to god for all support in all my life and secondly University of Greenwich to give this my life aim to complete my masters. Next my supervisor Professor Kevin Parrott to the supports he gave because without his support I wouldnt be able to complete my project with this qual ity. Especially the suggestions and appreciation given my supervisor make me feel better and gave positive thinking. Finally need to thank my family and friends for unbelievable supports and encouragements.AbstractAs we are in the information era the world is changing to use electronic means for day to day use. The paper documents is gone and most of them are paper free because of so many reasons such as pollution, easy, fast, etc At the same time this digital media has availability, scalability, confidentiality and integrity which are required behaviour for secure communication. The risk is increased with the increase of computer and digital means usage and the single security lack may cause huge losses.There are some surveys says most of the crimes are happening through electronic means and the target is computer or computer peripherals. If the attacker found a single security lack that is enough to start and break the whole system and the security lack could be configuration mist ake, firewall issue and basically problems in the protection mechanism. Because of these reasons testing become very important and this process called as Auditing.There are so many types in the auditing and this auditing requires technical knowledge to make these tests perfect and to give an audit report including suggestions. The auditing falls into two main categories such as Automatic and manual. The test will be efficient if it is automated using testing tools which are called as automated or computerised test. Even though there are some tests cannot be automated and need to test manually.This auditing covers network security test, physical or environment security test, computer security test which includes software and hardware tests. The computerised test will carry on with some security tools and the manual will use questioner to minimise human made errors mainly forgetting.Security audit is the technical assessment of the application or system. The assessment may be manual o r systematic or both. In most case the auditing process uses manual and systematic/ automatic methods because there are some tests cannot be automatic such as review of the security policy, asset management, etcThis auditing has different types such as internal or external. This type is depends on the company size and the resource availability. Usually big companies have their own security auditor so they will perform the audit internally and the small and medium size companies mostly hire auditor form outside. Both types got pros and cons in security and financial manor.Chapter 1IntroductionThis chapter largely contains non-technical information to give the understanding of high level objectives. Also describe the techniques and technologies used in the project and research to accomplish the project ObjectiveAuditThe audit is a systematic or manual security assessment of the network, infrastructure, system, etc The complete audit should be the combination of manual and automatic as sessment because in every test target there will be some test cannot be automatic. The audit has so many categories and the following paragraph will explain about the categories and the functions or techniques behind that. There are 3 controls in the auditing process which arePreventive controlThe preventive controls are controls may in the form of software or hardware or ant configuration to prevent the error or vulnerabilities. This is an active type control always monitor the interface for any vulnerabilities and block such vulnerabilities or errors before it enter into the system or infrastructure. This is most effective control mechanism because not allows the vulnerabilities.Detective controlThe detectives are in placed to monitor the vulnerabilities in the form of software or hardware but the different between preventive and detective is the preventive wont allow the vulnerabilities into the system where detective allows entering everything and correcting the vulnerabilities after enter. The best example is for this control is fire alarm because fire alarm wont prevent the fire before but if any fire it will work.Corrective controlsThe corrective controls are the controls to correct the error or issue before it make any harm. This is very important control for all places even if they have other controls because there are some issues or vulnerabilities cannot detect by the controls if they will come and attack so there should be some control to correct those before loss occur. Addition to that the controls should up to date such as latest firmware or latest definition.Type of auditorsThere are two basic types of auditors in the information era the internal and external auditors. This selection of the auditor will be done by the management with the use of financial status of the organisation. Size of the organisation and the policies defined in the company.Internal auditorsInternal auditors are auditors belong to that particular company which is going to perform the audit. That means the auditor is an employee of the company. So the auditor is always available to do the auditing and data or information will keep within the organisation. This is the main advantage of having the internal auditor and the same time and the employee purposely recruited for auditing then is cost a lot for the company. So it is only possible for the big level companies because they have huge investments and revenue. The disadvantage of the internal auditor is they may be up-to-date and dont have current market or audit status such as new techniques and tools.External auditorsThe auditor recruited from other auditing firm for the auditing so it is very hard to find professional auditor because of the availability and as the auditor recruited from outside the company information may go out. At the same time the auditor needs some time to get and understand the company process. But the advantage of recruiting the external auditor is their knowledge and it is suitable for middle and small level companies.Types of AuditTraditional AuditIt is just like a manual auditing. It is useful when working with a large amount of data in a large company. Here auditor took some sample data from different place then provide a report.AdvantageEasyCheaperDisadvantageAlways do not provide correct information.In IT sector it is not useful.Software auditSoftware audit is a wide popular for any educational institute or organization. It is just like a review of the software and the system that can find all information of the system such as operating system, application software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main circuit board, memory models, local drive volumes, network drives, printers information etc.. There are so many auditing tools in the market such as Belarc Advisor, E-Z audit that are very power full. KW116 is the main Lab for school of computing and mathematical science in University of Gre enwich. CMS installed lots of software for students to continue study or research. According to Copy right, Design and Patents Act 1988, all Software must have a valid licences to continue the process. As Lab uses large amount of software and different software expire on different time so it is very difficult for Lab administrator to keep up to date all licence by manually checks. Only auditing by software can possible to give details report to administrator to keep up safe the system.AdvantagesCorrect Information Machine always provide the correct information so it has less chance to provide the incorrect information.Save time Software very quickly provides a report of the system so it saves time.Details description It provide a details description of system including any warning or licences issues etcMinimise the cost By implementing the software audit two peoples work may possible with one people so it reduce the extra cost.DisadvantagesInvestment Costly Software is very expensiv e so university need extra money to buy this software.Risk Auditor knows the details information of the system.Work flow Auditor needs part of the lab to check the system. So it discontinues the student workflow.The approachThe typical audit has different approach to collect the data. The single audit will use multiple techniques to gather full information and it is necessary to use different technique for different level of people. These are common techniques here.InterviewThis technique uses to collect the information from outside people or top level people and the number should be limited. During the interview the auditor or interviewer will ask questions from other people and collect the information. So the person will be well prepared for the interview. This is very robust method because it will allow people to express fully and the method also simple as it is talking which is natural way to communicate. Another advantage is this bi directional communication, means both parties allows to ask questions for clarification or gather information.ObservationThis method uses in the place where real time process monitoring or behavioural change is required. This is a powerful way of do the changes throughout the audit because other techniques exist in currently not possible to get real time information.InspectionThe technique required to do some action with collected data to collect audit related information. This is the form of observation with advance criteria expected. This is extended version of observation because if the auditor apply any advance criteria to gather the data which is necessary to the auditing.After collecting the data the next step is to identify the weakness and process it. The identifying is the key work in the audit and after that categorising. The identifying uses some techniques to make that easy, preface and professional. The techniques used here areRoot cause analysisGeneral technique for analyse and get the better solution for the vul nerability or weakness. Because this technique drilldowns to the issue and finds the root and fix the weakness. The basic technique behind this is if the root is fixed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to stop the issues exist and the issues may come in the future.After root cause analysis the next step is to get the solution for the root of the issue. The important thing here is choosing better and effective solution for the issue. The selection depends on some external and internal restrictions.Organisation policyCost per benefitLegal restrictionsAvailabilityCompatibilityVendor and citificationAdvantage of having AuditingSatisfaction It brings the confidence of the Lab administrator of the University of Greenwich to continue the business process. Owner always thinks is there any lack that breaks down the continuity of the business.Detection and prevention of errors Human can made error in any times .on one can say there is no error in there company. By auditing people can find the error and suggestion to recover the error.Detection and prevention of fraud It also just likes errors. Sometimes user intentionally or unintentionally does this thing. So after audit we can find out the fraud.Verification of the Licences KW116 Lab installs lots of software for student. Here some software for 1 year some software for more than one year and some software has limitation (No. Of user can use) for use. So auditor can find all kind of licence issues.Independent opinion Audit always done by the independent people .so this report always accepted by everyone.Safety form exploitation Health and safety always is a big issue for any organization. KW116 Lab got lots of equipment that are connected with electricity. So always chances for short circuit or exploitation. Audit identifies the all lack point and advice for prevention.Disadvantage of having AuditingIt is expensiv eSometimes slow or stop the work flowExternal people know the company information.EncryptionEncryption is the simple technique in the different for to send the date securely through shared place like internet. The form of encryption may vary from each other but they all commonly use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from actual message. The cipher text is not readable and it is the encrypted version of the massage using some algorithm.Security roles/user rolesThe security roles are very important technique to make network administration easy. This is basically creating some groups with different permissions according to the organisation operation or policy. A user or staff can have multiple security roles according to their need. This roles use to authorise the user permission.Security policySecurity policy is a document which has all rules and regulations documented and approved by management and align with laws and legisla tion. This policy is used to define all activities and this is used to make some decision.Business ContinuityThere are three things always we have to mind to continue the businessEssential to running the business any customer order cannot be delay more than seven days.Tolerate delay some application may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks.Discretionary some application is useful for business but it is not affected to continue the business operation such as management report. It is a long term i.e. 3 to 6 months.Business continuity planningBusiness continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of risk to continue the business process that might occur in the organization and it also creates the policies, plan and procedures to reduce the risk. BCP can continue the business process in disaster situation as well. The main goal of the BCP is to c ombine together all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operationContinue the business in emergency situationReduce the riskIf any situation BCP cannot take over then Disaster recovery planning (DRP) takes over.British Auditing StandardBS7799It is a British standard called as BS7799 that developed by British standard institution where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after accepting the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to protect the information from threats and suggest the three points to secure the information such as Integrity it is assurance the completeness and accuracy of the information.Conf identiality Information can only access by the authorise peopleAvailability Authorise people can access the information when needed.Attacks and prevention for the attacksErrors and OmissionsErrors and Omission is one of the most common and toughest vulnerabilities .It is a human made error because human interact with programming, controlling and enter data for computer. There are no countermeasures to protect the errors and omission.Fraud and theftIt is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, CPU box etc. It was observed that security person always not in the access point. So it is harm to secure the lab from fraud and theft. By protecting the access control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities.Prevention of Fraud and theftRegular auditing and monitoring program will help to identify all kind of fraud a nd theft.Deploy all of the access control.CCTV in proper place.VirusVirus is a malicious code that has ability to reproduce his code itself and spread one system to another system via e-mail, downloading, storage devices (CD, DVD, memory stick, removal hard drive) and destroy the computer system. It was observed that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop and connected to the university wireless network. If user laptop effected with virus then it also change to spread the lab network that can affect the internal network and attack the server and crash the hard drive.PreventionInstall the latest antivirus software.Regular update the antivirus software.Follow the backup procedures regularly.Scan the device when transfer data.Installing the NIDS (Network Intrusion detection system) and firewallMinimise the download from internet.Download only repudiated site web site.Scan before the download.Care full to open unknown e-mail attach.Scan all incoming file from the remote site.Aware the user about danger of the virus.Trap-doorsIt is an undocumented command that might user can create to speed up the work flow. Unfortunately sometimes student might leave these trap-doors.Prevention of Trap-doorsUse latest antivirus software.Give permission to develop the code only authorise people.Check properly all coding before use it.Logic bombsIt work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are strong enough to build the logic bombs. It is normally happen in company if employee leaves the job.PreventionAudit regularly and monitoringAlways back up the necessary fileAllow authorise people to develop the codeNeed record of all modification or changesTrojan HorsesIt is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system.PreventionAvoid unwanted software and music download from internet.Aware the user about Trojan Horses.WormWarm also is a malicious code that can spread itself without any human involvement from one system to another system .It works only computer network system and does not need any devices to transport.PreventionUse firewallUse update antivirus softwareSpywareIt is an unwanted software interface that monitors the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities.AdwareIt is also similar to spyware but it does not intent to transfer the user details to a remote system. It works like advertisements on the internet. So me adware monitor the searching behaviour of the user and then redirect the related websites.Prevention of Adware /SpywareClose the pop up window.Aware about the spyware/adware.Click only reputed link.Social Engineering Most of the users are getting unknown mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by sending the mail or chatting with people to know the password. So it is a major risk to the security of the password.PreventionNot response the unknown mail.Not chatting with unknown people.Dont give any one personal information or login id.Proper training or aware the new user about social engineering.Ping of death we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP specification. So they try to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system.Dumpster diving Every day Lab user printing there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always look at the bin and find the necessary document to access the network.PreventionDestroy all documents before put in a binNatural disastersIf anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for KW116 lab. It may cause from heater, power supply, over heating the power box, short circuit etc. Natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information.PreventionFollow the health and safety procedures.Clear the fire exit.Aware the user about possible disaster.Man-Made D isastersIf anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and Power Outages etc.PreventionCheck always ID cardAllow only authorise peopleUse metal detectorCCTVEquipment failureStudents are always busy with their course work and other course related work so equipment failure may loss the all data.PreventionUse extra UPSBack up all dataAuditing Stages/StepsScope and Pre-Audit surveyPlanningField workAnalysisReportingScope and Pre-AuditingThe first step or stage of the audit is to understand the purpose of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the idea why this audit needs to perform means any special risk assessment or annual audit. If it is special risk assessment audit this will be more specific and the scope will be narrow and deep otherwise if it is annual audit it will be the general audit to cover as much as possible area.Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, background reading, etc This will reduce the chance of failure by correcting the plan by lesson learned.Planning and PreparationIn this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage will involve the work breakdown plan and risk control matrix. The risk control matrix is just a check list contains questions to carry out during the audit.Field workActual auditing will perform during this stage by different techniques or methods. Simply it starts with interviewing staff or students using questioner or oral interview to system or network test by auditing software tools. The result of this stage will be the evidence of the a udit to get a conclusion or submit to the management with audit report. So this will be the most important stage in the audit process.This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. Actually those are virus and the reason of making virus in the form of auditing tools. The reason of spreading the virus in the form of auditing or testing tool is very easy and hart to detect.AnalysisUsing the evidences or any results collected in the previous stage are the input of this stage. This stage is fully analysis and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that should be perfect otherwise the audit is useless and it will lead to make some wrong de cision.ReportingThe stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the higher level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision.Problem DomainBecause of the increased use of university of Greenwich KW116 lab the chances of threats or issues are high and this is the responsibility of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs.Easiest way to ensure the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etcThere are so many ways to make sure the security level such as penetration testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab.So the auditing will cover most of the areas of the lab with the aid of standard checklist which is approved by British Standard Institute.Test behind the auditingPhysical testNetwork testSoftware TestSecurity Policy testHardware/Peripherals testAccess control testObjectivesTo evaluat e the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab.Activitiesplan and schedule the auditAuditing with software toolsAnalysis audit resultDeliverableDetailed audit report with suggestions and recommendationThis is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities.To evaluate various methods of implementing the security policy, determine the security weaknesses and implement risk management for the existing security weaknesses.University lab security policy reviewAnalysisDeliverableDetailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement.Learn Audit and Audit process and practice auditing and Research auditing products available in t he market and select appropriate.This task is fully learning about audit and audit related stuffs.This objective is the key or starter of this project because if project start without proper knowledge that will mislead to somewhere else not to project aim.To draft a new security policy that addresses the existing weakness to the management.According to the analysis draft a security policy to fix or overcome all existing security holes.DeliverableDraft security policyHow the objectives will be achievedThird and fourth objectives will be achieved with books and internet. This objective will give the idea about auditing the outcome of this objective will be a documentation which contains all requirements which need to cover in this project.The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for this research as it is easy to access and with wide range of data.Tools which identifi ed from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. Mostly these tools will be freeware and from well-known vendor.The auditing will perform in three different views to make sure the area is secured fully. The views are inside computer local network, outside computer local network, outside computer different network.Audit MethodologyThis project uses two different methodologies to accomplish the task such as checklist and questioner. The check list is an aid for the auditor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion.The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents arePhysical Security/ E