Scribd Logo
Upload

Welcome to Scribd!

  • Mikrotik Routeros Security Audit Checklist: Akbar Azwir / Mikrotik User Meeting Indonesia 2014

    Uploaded by

    Samsul Maulana
    43 views15 pages
    The document discusses a security audit checklist for Mikrotik RouterOS. It begins with introductions of the author and his training organization BelajarMikrotik. It then provides overviews of information security, ISO 27001 standards, and the structure of the ISO 27001. The checklist itself contains questions organized into categories like router policy, administrator authentication, router access management, configuration management, business continuity, and log management. The checklist is available for download from the listed URL and is licensed for sharing under Creative Commons.

    Original Description:

    -

    Original Title

    02. Teknik_Audit_Keamanan_Router_Mikrotik_sahoobi

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses a security audit checklist for Mikrotik RouterOS. It begins with introductions of the author and his training organization BelajarMikrotik. It then provides overviews of information security, ISO 27001 standards, and the structure of the ISO 27001. The checklist itself contains questions organized into categories like router policy, administrator authentication, router access management, configuration management, business continuity, and log management. The checklist is available for download from the listed URL and is licensed for sharing under Creative Commons.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    43 views15 pages

    Mikrotik Routeros Security Audit Checklist: Akbar Azwir / Mikrotik User Meeting Indonesia 2014

    Uploaded by

    Samsul Maulana
    The document discusses a security audit checklist for Mikrotik RouterOS. It begins with introductions of the author and his training organization BelajarMikrotik. It then provides overviews of information security, ISO 27001 standards, and the structure of the ISO 27001. The checklist itself contains questions organized into categories like router policy, administrator authentication, router access management, configuration management, business continuity, and log management. The checklist is available for download from the listed URL and is licensed for sharing under Creative Commons.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Mikrotik RouterOSc o m

    i.
    Security AuditbChecklist
    o o
    a h
    Akbar Azwir / Mikrotik User Meeting Indonesia 2014

    s
    m
    About me http://id.linkedin.com/in/akbarazwir/

    c o
    i.
    Akbar Azwir

    b
    • Graduated from Binus University

    o
    • Certified Trainer since 2008

    o
    • Founded Forum Mikrotik Indonesia in 2007
    • Working in PT Bayan Resouces Tbk since 2008

    h
    • Trainer at BelajarMikrotik.Com

    s a 02
    m
    About me

    o
    Belajar Mikrotik

    c
    • Started in 2013 by Herry Darmawan and Akbar

    i.
    Azwir

    b
    • We deliver all Certified Mikrotik class, Academy
    class, and Integration class

    o
    • Working with more than 10 partners we have

    o
    delivered almost 30 trainings throughout 2014

    h
    • Please visit our website at
    www.belajarmikrotik.com or

    a
    www.belajarmikrotik.co.id for more information

    s
    • Please ask us for training discount coupon
    during MUM Indonesia 2014 only

    02
    m
    Information Security

    c o
    i.
    Information
    Assets that has a value which therefor needs

    b
    protection

    o o
    Information Security

    a h Preservation of Confidentiality, Integrity, and


    Availability of an information

    s 02
    m
    Information Security

    c o
    b i.
    o o
    a h
    s Graphic: http://www.cyberintelligence.my/our-approach/
    03
    m
    Information Security

    c o
    b i.
    o o
    a h
    There’s no such thing as Information Security is a

    s
    100% secure continuous effort

    Graphic : http://www.iphonefaq.org/archives/ios-501,
    http://idealway.tumblr.com/post/1434031686/3-reasons-why-continuous-improvement-efforts-fail 04
    m
    ISO 27001

    c o
    i.
    ISO/IEC 27001:2013

    b
    Information technology – Security techniques –

    o
    Information security management systems -
    Requirements

    o
    Standards that provides methodology for the implementation of

    h
    Information Security Management System in an organization.

    a
    Can be implemented in any kind of organization, profit or non-profit,
    private or state-owned, small or large.

    s 05
    m
    ISO 27001

    c o
    Benefit ISO 27001 PDCA Cycle

    i.
    • Achieve marketing

    b
    advantage

    o
    • Lower cost

    o
    • Better organization
    • Comply with legal

    h
    requirements or regulations

    s a Graphic : http://www.netgrowthltd.co.uk/ISO27001.aspx
    06
    m
    ISO 27001 Structures

    c o
    Sections 0 to 3 are

    i.
    introductory and are not
    Section 0 Section 1
    Section 2 Section 3 mandatory for implementation
    Normative Terms and
    Introduction Scope

    b
    references definitions
    Sections 4 to 10 contains
    requirements that must be

    o
    Section 7 Section 6 Section 5
    Section 4 implemented in an

    o
    Context of the
    Support Planning Leadership
    organization organization if it wants to
    comply

    h
    Section 9
    Annex A contains 114 controls

    a
    Section 8 Section 10
    Operation
    Performance
    Improvement
    Annex A that must be implemented if
    evaluation
    applicable

    s 07
    m
    Checklist

    co
    i.
    Mikrotik RouterOS Security
    Audit Checklist contains
    questions based on Annex A

    b
    controls that are applicable to
    Mikrotik RouterOS

    o
    Derivative work from the same

    o
    document for Cisco Router from
    www.iso27001security.com

    h
    This is not a security advice

    a
    document

    s
    Ver 0.91 – On going works

    08
    m
    Checklist Download

    c o
    i.
    Mikrotik RouterOS Security Audit Checklist is licensed under Creative
    Commons

    b
    Can be downloaded from :

    o
    http://www.belajarmikrotik.com/?p=21598

    ho
    s a 08
    m
    Checklist Categories

    c o
    i.
    Router Policy
    Contains question regarding the existence of Router Security Policy

    o b
    Administrator Authentication

    o
    Questions about the procedure and technical control on how
    administrator access to the router

    a h Router Access Management

    s
    Questions about services to access routers and snmp usage

    09
    m
    Checklist Categories

    c o
    i.
    Configuration Management
    Contains question regarding the management of router configuration

    Business Continuity

    o b
    o
    Questions about the procedure for disaster recovery and business
    continuity

    a h Log Management and Incident Handling

    s
    Questions about how the logs are being managed and the procedure
    for handling any incident

    10
    Thank you
    o m
    i. c
    o b
    ho
    a
    For more info please contact us

    s
    akbar@belajarmikrotik.com
    www.belajarmikrotik.com
    m
    Credits

    Thank you for the support for this presentation

    co
    i.
    Dirga Yosafat Hyasintus

    b
    Sigit Pratomo

    o
    Gajendran Kandasamy, PhD

    ho Herry Darmawan

    a
    Adhie Lesmana

    s 12

    You might also like