4.1 Apply common security techniques to computing resources

Secure baseline (security baseline/baselining)

sets of standard security controls you apply to any object in your environment to ensure its protection ( This is how you ensure that you have applied the basic security requirements to ensure confidentiality, integrity, and availability (CIA) is met.

Establishing baseline

The act of creating a secure baseline by identifying the minimal functional requirements needed for a system or application to operate.

Deploy baseline

The act of applying predetermined configurations to the computing resources in the operational environment

Baseline configuration

based on a component or a system and includes the configurations and settings that are made as the foundation for all similar systems ( vendor recommendations are part of this)

Maintaining baseline

Retesting your environment periodically to check whether your thresholds remain within the baseline

Hardening targets (systems)

the process of reducing risk by ensuring that any system (target) is tested, assessed, and set to only provide what it needs—nothing more and nothing less

Hardening mobile devices

Encryption, Authentication (like passcode and facial rec.), Regular software updates, Control apps (install only from trusted sources and manage app permissions), Install antimalware, Enable remote wipe

Hardening Workstations

Access control and user authentication, Endpoint protection software (like antivirus), Regular updates and patch management, Remove unnecessary software, Data encryption

Hardening network switches (networking devices that connect multiple devices together on a network)

Change default credentials, Patch OS and firmware, use secure shell (SSH), Disable unused ports, Deploy strong password management, Deploy strong configuration management (make backups of configuration), Assess Layer 2 protocols (data link layer), Provide physical security

Hardening routers (devices that forward data packets between various networks by directing outgoing and incoming traffic on that network using the most efficient route)

Assess Layer 3 protocol (Network layer) protocols along with Layer 2 ( Data link layer)

Hardening cloud infrastructure ( refers to the virtualized resources—such as servers, storage, networking, and computing power—provided over the Internet by cloud service providers)

Implement strong access control via. IAM ( Identity and access management) policies, Implement MFA (Multi- factor authentication), Encrypt data, regular updates and patches, use secure APIs (application programming interfaces), implement security groups and firewalls

Hardening servers (powerful computers designed to provide data, resources, services, or programs to other computers)

Regular updates and patch management, disable unused services and ports, use data encryption, Use secure protocols (SSH & HTTPS), use antivirus and antimalware, employ backups and redundancy

Hardening ICS/SCADA

Network segmentation, update and patch management, physical security, access control and authentication, disable unused ports and services.

Hardening embedded systems (specialized computing systems that perform dedicated functions or tasks within larger mechanical or electrical systems, often with real-time computing constraints)

Secure boot (booting with software only made by a trusted manufacturer), code signing (use digital signatures to verify integrity and origin of code), access control, regular firmware updates, disable unused service ports, physical security, least privilege principle.

Hardening Real-time operating system (RTOS)

Secure boot, regular software updates, disable unused services, code signing and verification, Data encryption.

Hardening Internet of things (IoT) devices

Change default credentials, regular firmware updates, network segmentation, disable unused services and features, regular security audits.

Wireless devices

Devices that enable network connectivity via wireless communication and are vulnerable to security threats due to data transmitting over the air

installation considerations

Critical factors for optimizing security and performance, necessitating careful planning to address vulnerabilities and ensure comprehensive coverage.

Site surveys

Assessments for wireless network deployments, utilizing tools to map infrastructure and generate visual representations of signal strength distribution for effective planning and troubleshooting

Heat map

Visual representations illustrating signal strength distribution, facilitating identification of coverage areas, and potential sources of interference in wireless networks for optimization purposes

Benefits op heat maps

Identify dead zones, optimize signal coverage, eliminate signal interference and overlap, detect unauthorized access points

Mobile solutions

The integration of mobile devices, operating systems, and services to enable connectivity and functionality on the go

Hardening mobile solutions

Disable unneeded services and apps, use encryption, update device, password protect the device

Mobile device management (MDM)

software-based solution used by IT departments to monitor, manage, and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems

Mobile deployment models

strategies and frameworks that organizations use to manage and integrate mobile devices into their IT infrastructure and business processes

Bring your own device (BYOD)

reduces corporate costs and

increases productivity by allowing employees, partners, and guests to

connect to the corporate network using their own personal devices so they can access resources, gives employees freedom to choose the device, applications, and services that best meet their needs. When employees can use their own personal devices, productivity usually increases, has increased administrative overhead and security concerns because many different devices are in use, and the organization has no control over the software or applications users have installed

Corporate owned, business only (COBO)

provides the greatest level of security. With COBO, the devices are owned and controlled by the organization and are for business purposes only

Corporate owned, personally enabled (COPE)

combination of security and flexibility. With COPE, the company owns the devices but allows employees to use them for personal purposes in addition to business