Knowt
Note
Studied by 517 peopleNoteStudied by 5 peopleNoteStudied by 48 peopleNoteStudied by 3 peopleNoteStudied by 6559 peopleNoteStudied by 18 people
Network and Security Foundation (partial) D315
• Enterprise Vs Home Office Networks:
○ Small home office networks - the simplest network:
§ Usually has one all-in-one wireless router that can:
□ Route traffic
□ Act as a switch for devices in the LAN
□ Acts as a WAN
□ Act as a simple packet filtering firewall
□ Act as a DHCP server
○ Enterprise Networks:
§ Doesn’t utilize a multifunction device for network - uses dedicated devices for routing, firewalls, switches, etc
§ Using devices like this performance is better
§ Devices can have advanced config functionality to optimize a business grade network
• Network Devices:
○ Switch:
§ Primary device in a LAN
§ Facilitates communication between devices in an internal network
§ Learns what MAC addresses are associated with devices and uses a table to track the traffic
§ Operates at Layer 2 of OSI
○ WAP:
§ Wireless Access Point
§ Bridges wireless devices together
§ Usually only has a LAN port to connect to a switch
§ Operates at Layer 2
§ Uses MAC addresses to determine where traffic goes
○ Wireless Range Extender:
§ Expands wireless access signal to distribute network throughout building
§ Acts as a repeater
○ Routers:
§ Moves traffic from one IP network to another
§ Operate at Layer 3 of OSI
§ Use IP addresses
○ Firewall:
§ Primary security device that filters and evaluates traffic going in and out of the network
§ Uses a fixed set of rules for traffic
§ Operates at Layers 3 and 4 of OSI
○ All-in-One Wireless router:
§ Logically acts like 5 separate devices
§ Can use a router, switch, WAP, firewall, and DHCP server built in
§ Inexpensive
○ Modems:
§ Facilitates communication to internet through ISP
§ Operate at Layer 1 of OSI
§ Modulator-Demodulator
• Network Topologies:
○ Bus:
§ Information travels along one wire (trunk cable) that is shared between devices
§ Messages sent on the network are sent to all entities, not just who its intended for
§ Collisions can happen when devices send signals at the same time
○ Ring Topology:
§ Doesn’t use central device or hub
§ Direct connections to neighboring devices
§ A break between any two devices would cause the network to go down
§ Information gets passed between devices to get to its destination device
○ Star Topology:
§ Uses a central device for every other device to connect to, usually a switch
§ Every device connected to central device via individual cables
§ Central switch directs traffic from main port connected to internet, to designated MAC address for intended recipient
§ Scalable
○ Mesh Topology:
§ All devices connected to each other and central device
§ Often used on routers in large corporate networks
○ Point-To-Point:
§ Only connects two devices
• Network Deployments:
○ On premise vs Cloud
○ On premise: Everything to make a network function is located and managed within a company for self management
○ Cloud: Outsourcing some sort of IT infrastructure or software with a cloud provider
• Types of Network Architecture:
○ Client/Server:
§ Server devices share one or more resources with the rest of the network
§ Client device consumes those resources and doesn’t share or provide their own
§ Roles are strictly defined
○ Peer-to-Peer:
§ Any device can act as a client or the server to share resources
§ Roles are more fluid
• Network Commands - Windows:
○ Ping:
§ Use ping with name or IP of device to send packets to determine connectivity
§ No reply typically means theres a networking issue
○ Tracert:
§ Similar to ping, connects to remote device
§ Shows all hops between computer and remote device
○ Ipconfig/Ipconfig /all
§ Displays all IP information for a device
○ nslookup:
§ Input an IP or name and will send either Ips or names associated with destination
○ arp - a:
§ arp displays mac address and IP address associated
○ Netstat:
§ Shows all recent TCP connection
○ Nmap:
§ Scans ports and displays their statuses
○ Route:
§ displays routing table
○ FTP - TFTP:
§ used to upload or download files to or from network based servers
§ FTP uses TCP protocol
§ TFTP uses UDP protocol
Telnet/SSH:
§ Allows computer to remotely connect to a device via command line interface
• Network Commands - Linux:
○ Ping:
§ Does same thing as windows command
○ Traceroute:
§ Does same thing as tracert command in windows
○ Tracepath:
§ Similar to traceroute
○ Ifconfig:
§ Does what Ipconfig does in windows
○ IP:
§ Retrieves IP info
○ Nslookup:
§ Exact same command as windows
○ Dig:
§ Communicates with DNS server for info
○ arp:
§ Exact same function as windows
○ Netstat:
§ Same as windows, shows active or recent TCP connections
○ nmap:
§ Works same way as windows
○ Route:
§ displays routing table or adds or removes routes
○ Whois:
§ Domain info lookup
§ Shows information about a domain registration
○ TCPDump:
§ Lists all communications, as a packet sniffer
○ Finger:
§ Displays user info
○ SCP:
§ Secure copy
§ Same function as TCP - TFTP
○ Telnet/SSH:
§ Work the same as windows
• Virtualization and Cloud Computing:
○ Virtualization
§ Traditional computers run applications on an operating system, with the help of hardware like the CPU, memory, storage, NIC, and input
□ Virtualization simulates these parts
§ Type 1 Hypervisor:
□ Sits on the "bare metal" of hardware
§ Type 2 Hypervisor:
□ Runs on top of another OS, like VirtualBox
○ Cloud Computing:
§ Provides an alternative for businesses wanting to rely on IT assets but not wanting to provide their own datacenter
□ Cloud computing isnt free, corporations take on a different expense when utilizing these services
§ Services like:
□ Google Drive
□ One Drive
□ iCloud
□ Steam Cloud
§ Outsourcing processes or storage to another companies services or data centers
§ Models and Management Levels:
□ On-Premises:
® Handles every aspect of management within the facility
□ IaaS:
® Company manages application, data, runtime, middleware, and OS
® Hardware managed by cloud provider, resources are available as a service, and on a pay-as-you-go model
® Level of service closest to hardware
® No up front purchase required
® Includes VMs, storage, virtual networks, devices, and appliances
® Platform Virtualization
® IaaS provider manages infrastructure
® Best used for rapid growth, start ups, and larger companies
□ PaaS:
® Only manages application and data
® One of the most common models for software development
◊ Vendor provided hardware and software tools
® Internet delivery
® Framework delivery for application development
® Uses virtualization extensively
® Scalable
® Services for app dev, testing, and deployment
® Accessible to multiple users
® Cost effective - pay as you go
® Easy migration
® Rapid release
® Streamlines workflows for multiple developers
□ SaaS:
® No management, uses an outsourced software
® Cloud-based instances of applications accessed from the internet
® No downloads or installs required
® Vendor hosted on remote server
® Multi-platform support
® Vendor handles all maintenance and upkeep
§ Cloud Deployment Models:
□ Public Cloud:
® A multi-tenanted environment operated by a third party service provider that businesses pay for provisioned services
® Provides compute power, storage, application, and development platforms
® Available to anyone with internet access
® Provides savings in areas like time, money, management, and maintenance
□ Private Cloud:
® Single-tenanted environment where businesses have complete control with regard to architecture and configuration
® Used for internal functions
® Typically exists with an existing datacenter
® On-prem private clouds offer:
◊ Security
◊ Scalability
◊ Configuration
® Costs can be higher since resources are provided on your own
® Can be difficult due to budget or time constraints
® VPC - Virtual Private cloud
◊ Resources provided by a public cloud provider
□ Hybrid Cloud:
® Combination of public and private that has the advantages of both with fewer disadvantages
® Mix mostly of private and public, usually used to augment previously existing clouds
□ Community Cloud:
® A collaborative effort where infrastructure is shared and jointly accessed by several organizations from a specific group
® Promote joint projects and collaborations
□ Multi-Cloud:
® Simply, outsourcing services to multiple cloud providers
§ Cloud Value Proposition:
□ Cloud computing allows management of resources online, anywhere anytime
□ Cost of cloud computing can be lower than on-prem infrastructure
□ Can be more secure in some cases
□ Provides flexibility and unlimited resources
□ Also provides:
® Agility for response to events
® Scalability
® Robust disaster recovery
Principles of Network Security Design:
• Security Policies:
○ Guidelines and rules set to protect information and technology assets
• Data handling policy:
○ Outlines procedures for managing and securing data
○ Includes data collection, storage, and disposal
• Password Policy:
○ Specifies password requirements and management
§ Complexity
§ Regular password changes
§ Account lockout after incorrect inputs
• Acceptable Use Policy:
○ Outlines acceptable behaviors and actions of users on an orgs network
○ Prevents resource misuse
○ Can outline use of internet browsing and personal email usage
• Bring Your own Device:
○ Sets rules and expectations for employees using their own personal devices for work purposes
§ Requirements for security software and config
§ Procedures for reporting lost or stolen devices
• Privacy Policy:
○ Explains how an organization uses, discloses, and manages both IP and PII outlining the rights of the individuals and compliance with data protection laws
○ Examples include: disclosure of the type of info collected, explanation of how personally identifying info is used and why, and info on how to access, update, and delete their personal info
• Least Privilege:
○ Limits user rights and access control permissions to the minimum necessary for them to perform their job
§ Employees can only access files and systems and files needed for their job
§ Reduces insider threats
§ Grants better system stability by avoiding less hands causing accidental changes
§ Easier to manage security breaches
§ Streamlines compliance and auditing
• Complete mediation:
○ Checks authentication every time someone tries to access any resource, not just at login
○ Continuous permission checks verifies a resource has correct permissions to prevent unauthorized access
○ Design against security bypass by planning ahead for potential loopholes in security that need safeguards
○ Implement best practices like timeouts that log a user out, or account locks after unsuccessful password attempts
• Separation of Privilege/Duties:
○ Means that critical tasks require more than one person to be involved
○ An example would be one person having a password and another having a keycard that both are required to present for access
○ No solo completion of tasks prevents any one person from being able to complete important tasks alone
○ Prevents fraud be requiring multiple people for critical actions
• Fail-Safe Defaults:
○ Default to maximum security settings
○ Access is denied by default
○ Should also apply when handling errors and exceptions
§ When a failure or error occurs, all access is denied by default
• Economy of Mechanism:
○ Keep security systems as simple as possible
○ Use proven components that are trusted rather than creating new ones as they have already been tested and problems have been resolved
○ Stick to essentials, remove any services, protocols or applications that arent necessary
§ Start with the minimum necessary components and add more if needed
• Least Common Mechanism:
○ Use separate devices, tools, applications, and resources for different users or activities whenever possible
○ This stops information leaks
○ Contains security threats by keeping access separate
○ Minimizes damage from breaches
• Human centered design:
○ System designed with humans in mind for ease of use to meet end-user goals
○ Implements user-friendly security: straight forward, easy to use
○ Goals include focus on people, testing with real users, solving core issues, and consideration of the whole system
• Psychological Acceptability:
○ Keep security design simple and intuitive
○ Using user-friendly authentication like biometrics or SSO
○ Security should be implemented into daily routines so it feels natural and not burdensome
○ Importance of security must be explained
• Open-design:
○ The security of a system shouldn’t depend on its secrecy, but rather it implementation
○ Can be reviewed for improvement
○ System should remain secure even if threat actor knows exactly how the system works
• Zero-trust::
○ Distrust by default
○ Verify everything
Securing a Network: Firewalls & IDS/IPS:
• Firewalls:
○ Primary IT security device
○ Filters traffic in and out of network and compares traffic to rules to allow or disallow traffic flow
○ Can be hardware devices or software
○ Application firewalls will allow protection on one device
○ Hardware devices can support multiple devices
• Border/Perimeter Firewall:
○ Sits between router and end users and filters all incoming and outgoing traffic for all devices on that network
• Screened Subnet (DMZ) Firewall:
○ Firewall has multiple interfaces with different criteria and rules
○ More relaxed rules, allows users into firewall for redirection to correct destination
• Multilayered Firewalls:
○ Can contain a firewall for the network, with specific systems having their own firewall protection for an extra layer of protection
• Packet Filtering:
○ Examines each packer of data entering or leaving the network and applies predefined rules to determine access
○ Rules based on factors like source and destination IP addresses, port numbers, and protocol type used (IP, TCP, UDP, or ICMP)
• Stateful Inspection Firewall:
○ Keeps track of active connection and uses that info to allow or deny traffic
○ Inbound and outbound traffic are compared to determine if a connection should be allowed (Established Session)
§ Generally requires a prior outbound request before allowing traffic into the network
○ Protects the inside network from the outside world but still allows traffic from inside to go out and return
• Application Level:
○ Inspects the contents of packets
○ Designed to monitor and control traffic based on the applications or services gathering data
○ Can enforce more granular policies by inspecting application-specific commands or data payloads
• Proxy-firewall:
○ Intermediary between internal and external networks
○ Establish separate connections for each request allowing extensive security measures, such as content filtering and encryption, before forwarding to the destination
• Unified Threat Management:
Encryption:
• Three states of data
○ Rest: Not being used and sitting in storage
○ Transit: Being transferred to a destination
○ In use: Currently being utilized
• Message runs through encryption algorithm using a key to encrypt it, gets sent to receiver with same key and is decrypted using that key
• Symmetric encryption uses the same key to encrypt and decrypt
○ Faster, meant for big loads of data, less secure
• Asymmetric encryption uses a public key and private key to encrypt data, but the private key is required to decrypt it
○ Slower, meant for smaller portions of data, more secure with use of private keys
• Common Encryption uses:
○ SSL/TLS
§ Most common form of encryption
§ TLS is the replacement for SSL
§ Used to encrypt webpages
• Device Hardware:
○ Defense in Depth:
§ Data level has encryption at rest
§ Application security uses RBAC (rules based access control), auditing and monitoring
§ Endpoint security is protection for the devices and applications users interact with
§ Network security involves access controls, and L2/L3 security
§ Perimeter security includes DMZ, firewalls, IDS/IPS, auditing and monitoring
§ Physical Security includes physical safeguards
§ Policies, procedures, and user security awareness
○ Device Hardening Techniques:
§ Change default passwords
§ Remove unnecessary logins
§ Enforce a strong password policy
§ Remove unnecessary services
§ Keep patches up to date
§ Limit physical access to devices
§ Only allow changes from a trusted network
§ Require encryption for wireless networks
§ Audit access
§ Data backups
• Mitigation of Cyberattacks:
○ Policy:
§ A formal set of principles from management that outlines expectations regarding security and usage of its IT systems
○ Standard:
§ Specifies the definitive requirements for technologies and methods that must be used within the organization
§ Ensures consistency and compliance with security practices across all operations
○ Procedures:
§ Detailed step-by-step instructions describing exactly how specific tasks and operations should be carried out
○ Guidelines:
§ Offer advice and best practices on how to effectively follow policies and meet standards
§ Not necessarily mandatory
○ Foundational IT Security Policies:
§ Acceptable Use Policy (AUP):
□ A guide to employees detailing what can and cant be done while using an organizations IT resources
§ Security Awareness Policy:
□ Mandates training and education about security provided to employees
§ Asset Classification Policy:
□ Involves categorizing the organizations assets based on how critical the asset is
§ Asset Protection Policy:
□ Establishes measures required to physically and digitally protect an organizations assets
§ Asset Management Policy:
□ Includes security operations and management of all IT assets within the seven domains of a typical IT
§ Vulnerability Assessment and Management:
□ Involved identifying, classifying, and managing vulnerabilities within the IT environment
§ Threat Assessment and Monitoring:
□ Outlines the processes for continuously monitoring and assessing the threats that could impact an orgs IT infrastructure
• Cloud Security:
○ Data Classification:
§ Private Data:
□ Personally Identifiable Information
§ Confidential:
□ Data owned by an organization
§ Internal Use Only:
□ Data only shared internally by an organization
§ Public-Domain:
□ Information shared with the public
○ Data Classification Military:
§ Top Secret:
□ Grave damage to national security
§ Secret:
□ Serious damage to National Security
§ Confidential:
□ Damage to national security
§ Unclassified:
□ Controlled Unclassified Information
○ Three states of data:
§ At rest:
□ Not used and stored in some drive
§ In transit:
□ Data is being moved
§ In use:
□ Data is being used by and end user
○ Data Protection:
§ Encrypt data at rest
§ Encrypt data in transit
§ Back up data
○ Data protection tools:
§ Firewalls
§ IPS
§ Antivirus/Antimalware/Antispyware
○ Data protection:
§ Strong authentication can be implemented
§ Authorization and access controls dictate what users can do
§ Network security implements things like firewalls and VPNs
○ Controlling Access:
§ Identification:
□ Statement of Identity
§ Authentication:
□ Verification of identity by providing authentication factor
§ Authorization:
□ Permissions for users and what they can do
§ Accounting:
□ Tracking or logging what users do on the system
• Wireless Security:
○ Infrastructure mode:
§ Means there is a central wireless device (like an AIO router)
§ Devices on network communicate with central device, then message is relayed to recipient
○ Ad-hoc:
§ No central wireless device
§ Device-to-device connection
○ Wireless Security:
§ WEP:
□ Weakest
§ WPA:
□ Weak
§ WPA2:
□ Strong
§ WPA3:
□ Strongest
○ WPA3 Security Benefits:
§ Stronger Encryption
§ Individualized encryption on personal networks:
□ Devices get their own unique encryption key
§ Better defense against password guessing
□ Passwords require a new real-time attempt preventing repeated automated attacks
§ Enhanced public wi-fi security
□ Encrypts individual connections
§ Simplified secure setup for devices without displays:
□ Connecting IoT devices is easier
○ Deauthentication Attack:
§ Forces client off network
§ DoS attack
§ Tricks users into rejoining the attackers fake access point
§ WPA3 can mitigate
□ Encrypts management packets
○ Fake AP:
§ Sets up fake network to trick users
□ Same SSID as legitimate AP
□ Stronger signal than legitimate AP
□ Often will connect to internet
§ Attacker can capture data
□ Usernames and Passwords
□ Confidential Data
§ Mitigate by using VPN
○ Eavesdropping:
§ Someone captures wifi traffic to steal information
§ Mitigate by using WPA2 or WPA3
○ User Authentication and Access Control - AAA:
§ Authentication: Who are you?
§ Authorization: What can you do?
§ Accounting: What did you do?
○ Authentication Factors:
§ Knowledge Factor:
□ Something you know
§ Possession Factor:
□ Something you have
§ Inherence Factor:
□ Something you are
§ Somewhere you are:
□ Using GPS location to verify access
§ Something you do:
□ Actions performed unique to you
○ Security Governance:
§ A set of policies, standards, and procedures that are established to define security objectives and strategies to ensure effective security
§ Goals:
□ Establish business goals and objectives in relation to IT security
® Protect assets, reputation, and investments
□ Defines security policies, standards, procedures, and determine technical requirements
□ Roles and Responsibilities:
® Defines roles of individuals within the organization
□ Risk management
® Identify and evaluate risks in an orgs assets
□ Compliance:
® Ensure laws, regulations, and standards are followed
□ Monitoring and reporting
§ Goals of security governance:
□ Resource allocation & purchasing of technology and services
□ Human behavior:
® Establish acceptable use policy
® Develop employee security awareness training
Principles of network security design:
• Common security policies:
○ Data handling policies:
§ Determines if corporate data is restricted to specific rules or public
§ Identifies legal or regulatory restrictions
§ Includes naming and labeling schema
§ Outlines ownership, if it can be owned, custodianship, and stewardship of data
§ Sample approach:
□ Define amount of protection needed
□ Collect and create only whats necessary
□ Offer minimum needed access
□ Disclose lowest amount of info necessary
□ Safeguard data in transit
□ Secure physical resources
□ Defend archival media and cloud storage
□ Disposed of data securely in the disposition phase
□ Stay up to date on new risks
○ Password Policies:
§ Stringent policies must be in place
§ Represents the leadership of security governance toward securing access to data and systems
§ Fine line between strong passwords and difficult to remember passwords
○ Acceptable use Policies (AUP):
§ An agreement between 2 or more parties that details appropriate use of access to corporate network
§ States what users may and may not do
§ One of the most important aspects of security policies
§ Common elements:
□ Data access and disclosure
□ Data retention
□ Asset custodianship
□ Passwords
□ System access
□ Clean desk policy
□ Removable device policy
□ Web surfing
□ AR
□ BYOD
○ Bring Your Own Device:
§ Employees can use their own device for access to enterprise data and systems
§ Four basic options:
□ Unlimited access for personal devices
□ Access to only non-sensitive systems and data
□ Access with IT control over personal devices, apps, and stored data
□ Access while preventing local storage of data
○ Privacy Policy:
§ Protects:
□ Intellectual Property
□ Personal information
□ Personal health information
• Human Centered Design Principles:
○ 4 design principles:
§ Ensures that root issues are solved:
□ Focus on the cause and not the symptoms
□ Needs to be integral to the design process
□ Solving fundamental problems will solve root problems
§ Ensures people are the main focus:
□ Focus is on people not the technology
□ History, culture, and beliefs of the group are important
□ Focus on situation, motivation, and expected outcomes
§ Focus on system interactions and not just on one part:
□ All parts of the system are equally important
□ Improving one part should not weaken another
§ Perform prototyping and testing iteratively and quickly:
□ Should be used to quickly elicit feedback
□ Should always be done with real users
• Least Privilege:
○ Provides lowest level of rights or permissions for an employee needed to accomplish a task
○ Limits exposure and access by limiting permissions and time
○ Varied security levels based on tasks needed to perform
○ Context:
§ Application run-time permission
§ Context is user permission level
§ Run with least privileges required
○ Need to know:
§ No privileges
§ Establish need to know
§ Gain privilege
○ Sensitive data:
§ Keeps sensitive data confidential
§ Maintains secrecy
• Fail-safe defaults:
○ States when a system experiences failure it should fail to a safe state
§ A state that doesn’t compromise security
○ Exceptions:
§ Defined as events outside natural process flow
§ Not necessarily an error
§ Have specific handling requirements
○ Errors:
§ Mistakes or faults
§ Can be due to human error
§ Have specific handling requirements
○ Handling:
§ Event occurs
§ System fails safely
§ System returns to normal operation
○ Explicit deny:
§ Deny by default
□ Authorization is denied by default
○ Think error codes not error messages:
§ Error codes or Error IDs
• Economy Of Mechanism:
○ Keep things simple as possible
§ Complex software can be difficult to protect and can have complex problems
○ Use Existing Trusted Components:
§ Using existing components allows you to take advantage of:
□ Trusted Libraries
□ Trusted Infrastructure
□ Trusted Utilities
○ Only the Essentials:
§ Remove unneeded services and protocols
○ Determine Essentials:
§ Start with minimal services and protocols
§ Add on as needed
• Zero Trust:
○ Distrust by default:
§ All clients and hosts have potential to turn hostile
○ Threats always exist
○ No local trust assumptions
○ Multi-factor authentication
○ Always require authentication
○ Trust:
§ Broad exceptions are dangerous
§ Trust requires strong authentication
§ Assert trust through active monitoring of traffic
○ Authorization:
§ Enforcement: front-line authorization
§ Policy
§ Trust
§ Data
○ Zero-trust Priorities:
§ Authenticate before processing
§ Encrypt before transmitting
§ End-to-end security
§ Deprecate weak authentication and encryption
§ Keep hardware and software up to date
• Complete Mediation:
○ When a subject requests access to systems authorization occurs every time
○ Prevent bypass:
§ During design
§ Consider potential bypass
§ Prevent instantiation
○ Session management:
§ Cookies
§ Cached credentials
§ Tokens
§ Certificates
• Open Design:
○ Security of system needs to be independent of design
Securing A Network:
• Firewall Types:
○ Packet Filtering:
§ Very basic
§ Compares received traffic with a set of rules that define which traffic can pass
○ Stateful Inspection:
§ Remembers info about the status of a network communication
§ The firewall will remember the communication session until its closed
§ Needs to check rules only when a new communication session starts
○ Application Proxy:
§ Doesn’t actually allow packets to travel directly between systems
§ Instead opens a separate connection with the two communicating systems and acts as a proxy between the two
• Deployment Techniques:
○ Border Firewall:
§ Most basic approach
§ Simply separate the protected network from the internet
§ Normally use packet filtering or stateful inspection
§ Normally sit behind the router
○ Screened Subnet (DMZ):
§ Has three network interfaces with two set up identically to border the firewall, one connected to the internet and the other connected to the private network
§ The third one connects to a special network known as the screened subnet, or demilitarized zone (DMZ)
§ Most common firewall topology used today
○ Multilayered Firewalls:
§ Useful for when networks have different security levels
○ Unified Threat Management:
§ These devices are firewalls that do the following:
□ URL filtering: Filters web traffic by examining the URL as opposed to the IP address
□ Content inspection: Looks at packet content to help identify malicious content from trusted sources
□ Malware inspection
• IDS/IPS:
○ Broken down into deployments:
§ Network: Network intrusion detection/Prevention (NIDS/NIPS)
§ Host: Host intrusion Detection/Prevention (HIDS/HIPS)
§ Active (IPS: NIPS/HIPS)
§ Passive (IDS: NIDS/HIDS)
§ Works with signatures and heuristics
○ Placement Issues:
§ Network segments can only see its own segment
§ DMZ is the first line of warning
§ Critical servers should have their own HIDS or HIPS
• Encryption:
○ Encryption scrambles data
○ Keys are needed to unscramble data
○ Can encrypt data at rest or in transit
○ Symmetric vs Asymmetric
§ Symmetric are strongest and uses same key for encryption and decryption
□ Weakness lies in key transfers since those can be intercepted
□ Used for bulk data
□ Examples:
® AES
® DES/3DES
® IDEA
® RC4
® BlowFish
® Twofish
§ Asymmetric involves two keys, one for encryption, and a separate one for decryption (private keys, public keys)
• Network Device hardening:
○ Two main approaches to device hardening:
§ Removing network connectivity to sensitive resources
§ Adding countermeasures to protect the network and sensitive resources
○ Simply unplugging a device will affect its availability, so often countermeasures are necessary
○ Most approaches to device hardening fall into the following categories:
§ A centralized device to protect the entire network
§ A dedicated countermeasure for each device or resource
§ A countermeasure for each type of threat
§ Strict least privilege policy
§ Multilayered defense
• Security Hardening:
○ Layered Network Security Architectures: Defense In Depth:
§ Defense in Depth is an approach where a series of defensive security controls are layered to protect sensitivve data
○ Each layer must be assessed to determine:
§ Design
§ Procurement
§ Implementation security
• How Defense in depth works:
○ Uses several defensive security controls to protect data, network, and applications
○ Applies to all levels of network:
§ Data and applications
§ Host
§ Network
§ Physical environment
○ Designed to slow an attack
○ Works in a "fail-safe" flow, if a defense fails there is a backup
○ uses physical, administrative, and technical controls
○ Layer Defenses:
§ Perimeter security:
□ Perimeter firewall
□ Perimeter IDS/IPS
□ Secure DMZ's
□ Message security
□ Honeypot
□ DLP
□ DHS Einstein
§ Network Security:
□ NAC
□ Inline patching
□ Enterprise IDS/IPS
□ VoIP Protection
□ Enclave/ data center firewall
□ Web proxy content filtering
□ Enterprise message security
□ Enterprise remote access
□ DLP
§ Endpoint Security:
□ Desktop Firewall
□ Host based IDS/IPS
□ Endpoint security enforcement
□ Content security
□ USGCB compliance
□ Patch management
□ DLP
§ Application Security:
□ Static app testing code review
□ Database secured gateways
□ Database monitoring and scanning
□ Dynamic app testing
□ WAF
§ Data Security:
□ PKI
□ DLP
□ DAR protection
□ Data cleansing
□ Data classification
□ Enterprise rights management
□ IAM
□ Data integrity monitoring
□ Encryption
§ Policy management:
□ Risk management
□ Vulnerability assessment
□ Pen. Testing
□ Threat modeling
□ Cyber threat intelligence
□ Security policies and compliance
§ Operations:
□ Digital forensics
□ SOC/NOC monitoring
□ SIEM
□ Escalation management
□ Focused operations
□ Incident reporting
□ Security SLA/SLO reporting
○ Risk Mitigation Strategies:
§ Goal is to reduce likelihood or impact of the threat
§ If cost of mitigation is greater than the expected loss, the risk may be considered acceptable
○ Risk Mitigation:
§ Risk is the potential or probability of a loss that may occur
□ Is focused on the potential of future events
□ Not always avoidable
§ Risk based methodology:
□ Decide what is important and needs protection
□ Determines how to protect assets
□ Identifies approach that is adequate
□ Monitors and improves controls
§ Risk profile:
□ Defines willingness to take risks
□ Quantitative - assigns numbers to each threat and their risks
□ Based on non-subjective evaluation
□ Identifies level of risk that can be taken
□ Defines cost and potential damage if risk is exploited
§ Risk appetite
□ Amount of risk an org is willing to take
□ Different from risk tolerance and is broadly defined
□ Should be in sync with strategic objectives
□ Helps an organization understand its risk exposure
□ Helps to make - risk based decisions
§ Risk Appetite Types:
□ Averse
□ Minimal
□ Cautious
□ Open
□ Hungry
○ Security Risk Identification:
§ Assessment:
□ Helps identify, assess, and implement security measures
□ Focus on preventing security vulnerabilities and exploits
□ Integral part of an organizations risk management process
§ Cost Justification
□ IT risk assessments provide a snapshot of potential vulnerabilities
□ Organizations always have a potential to be vulnerable
□ Assessments help budget and plan for additional resources needed to protect an organization and its data
§ Likelihood of Risk:
□ Things to be aware of:
® When is an organization susceptible to risk?
® Why would a risk occur to this organization?
® Where could the risk occur?
® How is the risk likely to take place?
§ Origin of Risk:
□ Is it an external risk?
□ Is it an internal risk?
§ Potential Impact:
□ What are the potential consequences?
□ Who is affected and what is the impact?
§ Threat Evaluation:
□ Identify potential threats
□ Use preventative measures even when threats are outside of an organizations control
Data Security: Classification, Protection, and Access Control:
• Access control models:
○ Discretionary Access Control (DAC)
○ Role-based Access Control (RBAC)
○ Attribute-based Access Control (ABAC)
○ Rule-based Access Control (RuBAC)
○ Context-based Access Control (CBAC)
• Classification of Data:
○ How secure does data need to be?:
§ Sensitive
□ Highest classification, release would cause harm
§ Confidential
□ Medium classification, can cause harm to an enterprise
§ Private
□ Must be protected, likely would not cause harm to corporation
§ Public
□ Available to be released to the public that wont cause much har,
○ Data states:
§ Data in transit
§ Data at rest
§ Data in use
○ What controls to use?
§ Confidentiality: Encryption, file permissions
§ Integrity: Hashing, checksums, file system permissions, digital signatures
§ Availability: Redundancies, off-site backups, cloud sync
○ Protection Tools:
§ Antivirus
§ Firewalls
§ Anti-spyware
§ IDS/IPS
○ Securing Data at Rest and Data in Transit:
§ Data states:
§ Data in transit:
® Data or file being uploaded or downloaded through a network
§ Data at rest:
® Data not in use
§ Data in use:
® Data being used or altered in some way
§ Objective:
§ Protect Data
® Open, read, write, sharing
® Integrity/safety
® Upload, download, synchronization, backup, restore
§ Methodologies:
§ Use Access Control Lists (ACLs)
§ Database object permissions
§ Implement authentication and Key Management methodologies
§ Storage encryption
§ Backup/ restore
§ Auditing
§ Transport level encryption:
® SSL/TLS, or VPN tunnel
§ Firewalls
§ Server hardening
§ Physical security
§ Physical hardware failover topologies at data centers
Cloud Security:
• Cloud Security Threats:
○ Attractive for malicious users
○ On prem security threats also apply to the cloud
§ Malicious user vulnerability scanning
§ Phishing emails
§ Malware/ransomware
○ Unpatched firmware and software
• Virtualization Vulnerabilities:
○ Missing updates
○ Hypervisor compromise can lead to VM compromise
○ VM Sprawl
○ Unmonitored VNet traffic
Wi-Fi Security Protocols:
• A WLAN must meet a number of requirements to be secure
○ Authentication and access control:
§ Receiving and transmitting data should require authentication both ways
§ Both devices must be aware each other exists and that it’s a safe communication partner
§ A WAP broadcasts beacon frames that include its SSID, a wireless station receives the beacon frame and must decide if it wants to associate with the AP.
§ To do this the wireless station transmits a probe frame (includes its station id, configured SSID, and authentication method to use)
§ The AP receives the transmitted probe frame and responds according to its config for establishing an authentication method
○ Encryption and data privacy:
§ Provides privacy and data integrity
○ Open System Authentication:
§ Provides no security due to "open" nature of protocol
§ Any wireless station is allowed to associate with an access point using a randomly generated shared key
§ Authentication implies that a shared key is used to verify that an association exists between two devices
§ In OSA the sending and receiving stations create and transmit their own randomly generated key
§ Uses basically a two-step authentication process:
§ A station transmits its identity and shared key
§ The access point responds with acceptance frames and the data needed to establish an association
§ The frames used to create the association under OSA are transmitted "in the clear"
○ Shared Key Authentication:
§ Follows a set sequence of actions to authenticate a station attempting to establish an association with Network Access Protection (NAP).
§ NAP was deprecated on Windows Server 2012 R2 and removed from Windows Server 2016
§ An association request frame (802.11 registration request frame) is received, then the AP generates a random number challenge key and transmits it to the requesting station
§ The station applies its preset shared key to the challenge key then sends the signed key back to the AP for verification
§ The AP performs the same signing operation and compares its key to the signed key sent from the requesting station
§ If the keys match the station is authenticated and the association is established
○ Extensible Authentication Methods:
§ EAP
§ Was developed to add security to PTP communications
§ Allows standard and proprietary authentication methods to be overridden and other methods to be applied
§ Was adapted for use on wireless networks
§ On an 802.11x network, authentication and security methods are divided into three primary areas:
§ Authentication Framework:
® Includes login processing, service classes, protocol support, and functions that perform user or device authentication
® Each authentication type constitutes a different authentication framework
§ Authentication Algorithm:
® The 802.11x standards define two primary authentication algorithms:
◊ RC4 which is used in Wired Equivalent Privacy (WEP) and the Wi-Fi Protected Access (WPA) protocols
◊ Advanced Encryption Standard (AES) defined in IEEE 802.1X and used in most Extensible Authentication Protocols
§ Data Frame Encryption:
® A function that applies the encryption key to the data payload of a frame to ensure its secure transmission
• Wi-Fi Security:
○ Wireless radio transmissions
○ Considered less secure than wired networks
○ Beware of war driving
○ Wi-fi hardening:
§ Reduce access: turn off things not being used
§ Wireless router/access point placement
§ Configure signal strength to minimum needed
§ Disable ESSID broadcasting
Security Standards and Frameworks:
• Categories of Security Standards:
○ Standards
§ Internal
§ e.g. Coding standards
§ External
§ Industry
® e.g. PCI DSS
§ Government
® e.g. NIST standards
§ International
® e.g. ISO series
§ National
® e.g. FIPS
• Security Standards:
○ Standards: Requires by organizations
○ Guidelines: Not mandatory
• Organizations:
○ National Institute of Standards and Technology (NIST)
§ Special Publications
§ Federal Information Processing Standards (FIPS)
○ International Organization for Standardization (ISO)
○ Payment Card Industry (PCI)
○ Organization for the Advancement of Structured Information Standards (OASIS)
• Zachman Framework:
○ Goal:
§ Bring information technology in line with business goals
• COBIT:
○ Control objectives for information and related technology
§ Control requirements
§ Technical issues
§ Business risks
• Committee of Sponsoring Organizations (COSO):
○ Organization governance
○ Business ethics
○ Internal controls
○ Risk management
○ Fraud and financial reporting
• Sherwood Applied Business Security Architecture:
• Security and Coding Standards:
○ Standards that are focused on best practices:
§ Common Vulnerabilities and Exposures (CVE)
§ Common Weakness Enumeration (CWE)
§ Open Web Application Security Project (OWASP)
○ Functional Safety:
§ Industry Standards
§ Aviation
§ Automotive
§ Nuclear
§ Hazardous Waste
○ Coding Safety:
§ Safety first
§ No guarantees
○ Choosing Appropriate Security Standards:
§ Industry standard practice
§ Legal requirements
§ Developer readiness
§ Safety
§ Flexibility
§ Integration
Wireless Attack Types:
• Security Threats to WLANs:
○ Extensible Authentication Methods:
§ The Extensible Authentication Protocol (EAP) was developed to add security to P2P communications
§ Allows standard and proprietary authentication methods to be overridden and other authentication methods to be applied
§ Was adapted for use on wireless networks
§ 802.11x network authentication and security methods are divided into three main areas:
§ Authentication Framework:
® Includes login processing, service classes, protocol support, and functions that perform user device authentication
§ Authentication Algorithm:
® Defines two primary authentication algorithms
◊ RC4 - used in WEP and WPA
◊ Advanced Encryption Standard (AES)
§ Data frame encryption:
® The function that applies an encryption key to the data payload of a frame to ensure transmission
○ Client-To-Client Attacks:
§ Nodes configured with TCP/IP services can be attacked by another node on a WLAN
§ Common version of this attack is denial of service (DoS)
○ Denial Of Service (DoS) Attacks:
§ Objective is to prevent users from accessing network resources
§ Most common DoS attack involves flooding a gateway, web server, or internal server with packets or frames that must be processed
§ There are multiple types of DoS attacks that can happen on various layers of the OSI model:
§ Application Layer:
® These attacks often involve seemingly legit requests to a network ready application on a server or node
® Example: a flood of HTTP page requests are sent to a web server, causing the server to become overloaded attempting to fulfill the requests preventing other legitimate requests to go through
§ Transport Layer:
® Typically launched against a network operating system (NOS) environment that manages the connections made tro network hosts
® Remote devices attempting to establish TCP connections transmit synchronization (SYN) packets to request the opening of the TCP link
® A SYN flood overloads the NOS due to there being a limit on the number of links they can process per second and the number of links established
§ Network Layer:
® These attacks usually target transmission capabilities of a network
® Network layer attacks flood the transmission media with more packets than they can process
® Example: Transmitting more than 100 Mbps of data to a 10 Mbps network causes network data to drop
® Most common type of attack is a ping flood, excessive ICMP echo request packets are transmitted to the targeted network, overloading the gateway and denying access to the internet by network nodes
§ Data Link Layer:
® Data link layer attacks can target an entire wireless network, or focus on a single network node
® Most common attack is a flood of empty and invalid frames that the network server rebroadcasts across the network, tying up media
® Effective only on networks or segments without a WLAN router or switch
® If the attack originates within the network the network segment of the source is also affected
§ Physical Layer:
® Physical layer of a wireless network is much easier to attack than the physical layer of a wired network
◊ The physical layer for a wireless network is transmitted through the air making it easier to intercept
§ Insertion Attacks:
® Also known as unauthorized or illicit use attacks
® Involve adding an unauthorized device to a wireless network to gain access to the internet gateway or the wired network that an AP is connected to
® Only possible when an attacker is able to bypass the security settings of a WLAN
® Can happen on two levels:
◊ Insertion of a wireless node (like a laptop)
◊ Insertion of an unauthorized access point or router
® Interception Attacks:
◊ More common on wired networks
◊ Four types of interception attacks:
} ARP spoofing:
– Address Resolution Protocol (ARP) is a Data Link Layer protocol used on TCP/IP networks to resolve IP addresses to MAC addresses and provides the MAC address associated with an IP address on the network
• Wireless Attack Methods:
○ Eavesdropping:
§ Listening in on network traffic for information
§ Also called sniffing
§ Theft of info in transit over a network
§ Difficult to detect
§ Takes advantage of weak connection
§ Attacker installs monitoring software to initiate
○ Data modification and corruption
§ Changing data in transit
§ Modification/Corruption
○ Relay attacks:
§ Relaying same info to get specific information from a response
§ Contactless card attack/using a card skimmer
§ Vehicle relay theft
§ SMB relay attacks - exploiting file share protocols
○ Spoofing
§ Impersonating part of a network to make someone think their connection is safe
§ Involves spoofing an IP address, ARP spoofing, DNS cache poisoning
○ Deauthentication:
§ Taking someone off the network
§ Deauthentication frames are used to tell someone theyre off a network
§ Doesn’t require encryption, only needs MAC address
○ Jamming:
§ Disrupting a signal so nobody knows whats going on
§ Active attacks continuously generate interference
§ Reactive attacks listens for activity on a specific band
○ Capture handshakes:
§ Disruption as a connection starts
§ Targets initial connection frames
○ On-path:
§ Interception for complete control, disinformation, and other things
§ General forms of MitM attacks
§ Attacker intercepts connections
§ Collects info and impersonates
User Authentication and Access Control:
• Access Controls:
○ Needed to identify, authenticate, and authorize users and account for them
○ Different layers can be used for stronger access control depending on the sensitivity of the data
○ The following are example access controls;
§ Network access controls for local and WLAN access
§ Local access controls when sitting in a workspace
§ Wireless access controls when mobile at a workplace
§ Local access with multifactor authentication
§ Network Access controls that support remote access with multifactor authentication
§ Remote access to a web-hosted SaaS application or secure portal that requires access controls with multifactor authentication
• Identification, Authentication, Authorization, and Accounting:
○ Identification is the process of confirming a specific user
§ Each user must have a unique user ID, such as a username, email address, employee ID number, etc
§ User IDs are used to uniquely assign role based access control to systems, applications, and data
§ Multiple methods of authentication include:
§ Something the user knows (password or PIN)
§ Something the user has (hardware fob, soft token, SMS message of a PIN)
§ Something the user is (biometrics; fingerprint, facial recognition, etc)
§ Somewhere the user is (GPS finder data)
§ Something the user does (their profession)
○ Local Authentication:
§ Means the authentication mechanism is embedded in the application itself and hosted by the server
§ Also refers to the user authenticating on a server in the same network
§ Several authentication servers are commonly deployed:
§ RADIUS - Remote Authentication Dial-In User Service:
® Networking protocol operating on port 1812
® Supports AAA management
® Uses UDP (User Datagram Protocol)
§ TACACS+ - Terminal Access Controller Access Control Server
® Security Protocol
® Supports AAA management for users who want to gain access to the network
® Uses TCP (Transmission Control Protocol)
§ Kerberos
® A network authentication protocol
® Works on the basis of tickets that permits endpoints for communication over nonsecure networks
® Endpoints confirm their identity to one another in a secure manner
§ Windows Active Directory Domain Controllers:
® A domain controller server responds to security authentication requests from Windows endpoints
§ RADIUS and TACACS+ servers are commonly used for sys. admins and IT personnel for local and remote access to IT systems
○ Authorization:
§ Approval of access
§ Based on job role and access to systems, applications, and data
§ Provided by HR that hires user
§ Where role based access control (RBAC) applies
§ Preauthorization allows for immediate access to applications and tools job functions, and once HR clears the new user access controls are granted
○ Accounting:
§ Refers to continuous monitoring
§ Users audit trails and logs are part of accounting
§ Gives access, duration, and other measurable metrics
§ Can also be used to help with capacity planning, network performance, and incident response
§ Trending and baselining can be defined
○ Single Sign-On (SSO) and Identity Access Management (IAM):
§ Different job functions require different levels of access to systems and applications
§ SSO provides users with a single login and password authentication requirement
§ In order to work effectively role-based access control must be set up for seamless authentication
§ Identity access management integrates user or group identification, authentication, and authorization for applications and access by associating user rights with profiles or identities
○ Remote Access Controls and Multifactor Authentication:
§ Remote access is typically supported via:
§ IPSec VPN connection coupled with two-factor authentication
§ An application gateway that requires ID and two-factor authentication
• Access Control Policies:
○ Least privilege
○ Separation of duties:
§ Duties for a process divided between people
○ Conflict of interest
○ No shared/generic accounts
○ No anonymous access
IT Governance:
• Defined as "the framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensures that the organizations information systems support and enable the achievement of its strategies and objectives."
• There are five drivers for organizations to adopt IT governance strategies:
○ The requirements (in the UK) of the Corporate Governance Code and the Risk Guidance; for US-listed companies, Sarbanes-Oxley; for banks and financial institutions, BIS and Basel 2/3; and for businesses everywhere, the requirements of their national corporate governance regimes
○ Increasing intellectual capital value that the organization has at risk
○ The need to align technology projects with strategic organizational goals and to ensure that they deliver planned value
○ Proliferation of threats to information and information security, partly in cyberspace, with consequent potential impacts on corporate reputation, revenue, and profitability
○ The increase in the compliance requirements of information-and privacy- related regulation, particularly the EU GDPR and regulations inspired by it
• Security governance:
§ Defines how security is executed and controlled
§ Important for insight within the IT security environment
§ Required to endure security risks are addressed
§ Ensure security and business objectives are aligned
§ Ensures value is delivered as expected
§ A subset of enterprise governance
§ Aligned with IT governance
§ Consists of leadership team, organizational structures, and security processes
§ The basis for all security policies, processes, and procedures
○ Purposes:
§ Brings together:
§ Business goals and vision
§ Best practices
§ Technical requirements
○ Benefits:
• The Need For Security Governance:
○ Reduces uncertainty in business operations
○ Optimizes resource allocation and usage
○ Ensures compliance with security policy
○ Sets foundation for risk management
○ Ensures decisions are based on factual information
○ Ensures accountability
• Compliance Laws and Regulations:
○ Federal Information Security Management Act (FISMA):
§ Passed in 2002
§ Requires federal civilian agencies to provide security controls over resources that support federal operations
○ Federal Information Security Modernization Act (FISMA):
§ Passed in 2014
§ Enacted to update FISMA from 2002 with info on modern threats and security controls and best practices
○ Arbanes-Oxley Act (SOX):
§ Passed in 2002
§ Requires publicly traded companies to submit accurate and reliable financial reporting
§ Does not require securing private information, but does require security controls to protect confidentiality and integrity of the reporting itself
○ Gramm-Leach-Bliley Act (GLBA):
§ Passed in 1999
§ Requires all types of financial institutions to protect customers private financial information
○ Health Insurance Portability and Accountability Act (HIPAA):
§ Passed in 1996
§ Requires health care organizations to implement security and privacy controls to ensure patient privacy
○ Children's Internet Protection Act (CIPA):
§ Passed in 2000 and updated in 2011
§ Requires public schools and libraries to use an internet safety policy addressing the following:
§ Restricting access to inappropriate matter on the internet
§ Ensuring children's safety when using email, chatrooms, and other communications
§ Restricting hacking and other unlawful activities by children online
§ Prohibiting the disclosure and distribution of personal information about children without permission
§ Restricting children's access to harmful materials
§ Warning children on the use and dangers of social media
○ Family Educational Rights and Privacy Act (FERPA):
§ Protects the private data of students and their school records
• Legal Considerations:
○ Data protection regulations typically cover collection, storage, and use of data
○ PII - personal Identifiable Information:
§ Name
§ IP address
§ Address
§ Phone number
§ Social Insurance Number
§ Passport number
○ GDPR - General Data Protection regulation:
§ Most known privacy law in the EU
§ Defines how institutions store, use, and share information
§ Applies to organizations conducting business with EU citizens
§ Standardizes privacy rules
§ Implementation of privacy requirements
§ Ensures the privacy of personal data
§ Protection for:
§ Personal info
§ Ip address
§ Health info
§ Economic data
§ pictures
§ Biometrics
○ Personal Information protection and Electronic Documents Act (PIPEDA):
§ Federal privacy legislation for Canadian private sector
§ Promotes trust and data privacy in ecommerce
§ Governs the collection, use, and disclosure of personal information
§ Places responsibilities on organizations to protect personal data
§ Recognizes who is responsible for this data and ensures they protect it
§ Principles:
§ Accountability ensures the corporation assumes responsibility for the data it handles
§ Purpose requires the organization to identify its purpose for collecting data
§ Consent requires that permission is granted by the user to have data gathered
§ Collection requires the organization uses fair and lawful methods to collect user data
§ Retention and disposal requires personal information to be kept only as long as it is necessary, and that it is properly disposed of once it is used
§ Accuracy ensures organizations are keeping up to date records of user information
§ Safeguard requires organizations protect data against threats that could cause loss or damage
§ Access gives individuals the right to access their information and challenge accuracy if necessary
§ Compliance requires that all organization employees are trained on policy and procedures of proper security guidelines
○ U.S. Data Protection Laws:
§ Federal Trade Commission Act
§ Fair Credit Reporting Act
§ Gramm Leach Bliley Act
§ Health Insurance Portability and Accounting Act
§ Children's online Privacy Protection Act
• Guidelines and Best Practices For Network Security:
○ Know your network
○ Implement information security governance
○ Implement methods to detect insider threats
○ Perform regular backups
○ Update systems and applications regularly
○ Educate users on security awareness regularly
○ Perform and maintain compliance
○ Avoid complicating network architecture by implementing unnecessary security controls
○ Segregate and segment the network
○ Aggregate and correlate logs in a centralized location
○ Implement network address translation (NAT)
○ Use honeypots and honeynets
○ Ensure physical security of network devices and equipment
○ Implement data loss solution
○ Perform a third-party security assessment of the network
○ Implement an incident management process
○ Baseline everything
○ Perform operating system and application hardening
○ Keep what is necessary
○ Integrate security as part of the network design
○ Use principle of least privilege
○ Avoid using insecure protocols
○ Implement defense in depth
○ Implement a security policy
○ Use multi-factor authentication
○ Implement complex password policy
○ Perform user activity monitoring continuously
○ Implement network monitoring tools
○ Perform regular audits
• Security Planning and Communicating:
○ Physical access control checklist
○ Personnel checklist
○ Database secure installation and configuration checklist
○ Network security checklist
○ Database secure installation and configuration checklist:
§ Install only the necessary components
§ Lock and expire default user accounts
§ Change default user passwords
§ Practice principle of least privilege
○ Enforce and restrict access to access controls, operating system access, network access, and apply all security patches and workarounds
○ Network security checklists:
§ SSL checklist
§ Listener checklist
§ Client checklist
§ Network checklist
○ Database Security and Breach Concerns:
§ SQL Injection attacks
§ No security testing before deployment
Poor data encryption
NoteStudied by 517 peopleNoteStudied by 5 peopleNoteStudied by 48 peopleNoteStudied by 3 peopleNoteStudied by 6559 peopleNoteStudied by 18 people