WORKSHOP ABSTRACT / OBJECTIVE
Security Audits of IT Infrastructure is an important activity in almost every organisation to ensure the compliance of security controls and policy. It is also critical to protect organisation from emerging cyber threats and vulnerabities in the cyberspace and instances of data leakage. Generally, IT Audits are carried out physically which is a cumbersome and inefficient method. Auditor may not be able to cover all systems in a limited time period. Manual checking of security controls may also lead to human errors and make audit process ineffective. To overcome such limitations, an online automatic audit tool is need of the hour.
The objective of the workshop is to demonstrate how to build custom made audit tools for Windows and Linux based system customized to organizational security policies and procedures. We will also highlight the importance of automatic security audits, secure practices of keeping systems safe and how to implement effective security controls. We have made a successful attempt of developing an in house audit tool named AVASYAM abbreviated for A Versatile Automated SYstem for Audit Management. This tool is for performing audits on Windows and Linux based systems. This tool is written in python and PHP language with user friendly GUI. The use and implementation of this tool will be demonstrated in the workshop so that it can be used at various organisation for the purpose of audit. AVASYAM is available in the form of an executable file which generates a comprehensive audit report of the end-point system after the completion of audit.
The audit report gives detailed system information essential for the purpose of audit along with a system security. The information includes end-point system details like IP Address, MAC Address, Serial Number, Wired and Wireless Network connections, Operating System details, user accounts, strength of system password, USB plugged-in details, details of programs/ applications installed, UDP connections, opened ports and services, anti-virus status, firewall status, list of P2P software, details of shared folders. All the reports and their details are shared on a centralised server for the system administrator to have a bird’s eye view of systems audited.
A centralised dashboard is available to view the details of system audited, their security scores and other related information.
COURSE CONTENT (TOC)
- Why IT Audit is important?
- Prevailing practice of conducting IT Audit.
- Limitation of Manual Audits and its effectiveness
- Open Source Available Auditing Tools and their Features
- Overview of AVASYAM Audit Tool
- Build your own AVASYAM Audit Tools in Python
- Audit Report Generation
- Central Dashboard for ISO and CISO
- Overall Security posture of Organization
- Advanced Features like Detection of Classified and Not Safe For Work (NSFW) content
- Python, Powershell, basic knowledge of windows commands
WHO SHOULD ATTEND
Information security officers, security auditors, developers
WHAT TO EXPECT:
- Design and building of custom made Audit Automation Tool, Central Dashboard and Visualization, Audits in a simple and elegant way, windows scripting and use of powershell.
WHAT NOT TO EXPECT:
- Python programming, Windows Scripting
Misha Mehra is working as Scientist D in DIT&CS DRDO Hqr. She holds a master’s degree in computer science from the Indian Institute of Technology, Delhi (IITD) and a bachelor degree from Jamia Millia Islamia, New Delhi. She has been part of a specialised cyber security course from Masarky University, Czech Republic for building trustworthy cyber security systems. She was awarded the prestigious award for “Cyber Innovater - Women in Cyber: Making a difference” from The Associated Chambers of Commerce and Industry of India (ASSOCHAM) in the year 2021. She was also awarded the “Women Scientist of the Year” award by Engineering Watch magazine in the year 2014. She has also been conferred with DRDO Technology Day Award in the year 2012.
She has authored research papers in the field of cyber security which are published in prestigious conferences. Her latest paper is on “Improving ML Detection of IoT Botnets using Comprehensive Data and Feature Set”, published in 13th International Conference on COMmunication Systems & NETworkS (COMSNETs) 2021. Another paper on “Event triggered malware: A new challenge to sandboxing” was published in 2015 Annual IEEE India Conference (INDICON).
Her sound knowledge on building secure cyber systems has been utilised in designing and developing indigenous cyber security solutions for DRDO. Her major contributions include development of two security solutions- one for secure transferring of files in cross domain networks and another for carrying out security audits for windows and Linux based systems. She has been working extensively on machine learning techniques so as to apply them in the area of cyber security. On this line, she has developed a tool based on neural networks to detect the presence of confidential text in classified documents. During her masters’ thesis at IITD, she has used supervised machine learning techniques to detect the presence of botnets in IoT networks and SSH logs. She has also worked on open source sandboxing techniques for analysing windows and linux based malwares. She has also been instrumental in the formulation and implementation of security policies and guidelines and deployment of security solutions in DRDO and other agencies. Besides research and academics, she is a trained kathak dancer. Her hobbies include reading and travelling while listening to music.
Nitin Rai is working as a Senior Scientist in DIT&CS DRDO. He holds a master’s degree in Internet Science & Engineering from the Indian Institute of Science, Bengaluru (IISc) and bachelor degree from Lakshmi Narayan College of Technology (LNCT), Bhopal. He has 18+ years of experience in designing and developing Cyber security and Network security solutions for defence users. He has received Group Technology Award for “Design, Development & Implementation” Network Gateway Firewall” in 2004. He has also been conferred with National Technology Day-2019 and National Science Day-2020 award by DRDO. He has authored research papers in the field of cyber security which are published in prestigious conferences. His latest paper is on “PDF Sanitizer”, published in IEEE international conference on Power and Advance Computing Technologies i-PACT 2019. Another paper on Windows API based Malware Detection and Framework Analysis" has been published in International Journal of Scientific & Engineering Research Volume, Issue3, March 2012. His sound knowledge on building secure cyber systems has been utilised in designing and developing indigenous cyber security solutions for DRDO. His major contributions include development of two security solutions- one for secure transferring of files in cross domain networks and another for carrying out security audits for windows and linux based systems.