4.1 Given a scenario, apply common security techniques to computing resources

  • Device Hardening: Practice of changing configurations to secure systems from threats by reducing vulnerabilities attributed to default configurations.

    • Standard Techniques Include:

    • Regular update processes.

    • Secure password policies.

    • Principle of least privilege (users should have minimum necessary access).

    • Disabling or removing unnecessary software, services, and features.

    • Additional Strategies:

    • Data encryption.

    • Network-level hardening (implementing firewalls and intrusion detection systems).

    • Monitoring: Security analysts use these techniques to maintain secure configurations and monitor systems.

    • Regular Security Audits & Vulnerability Assessments: Ensure ongoing security and timely responses to emerging threats.

Secure Baselines

  • Definition: A secure baseline is a collection of standard configurations and settings for various IT components including network devices, software, access controls, and endpoint protection.

  • Purpose: Secure baselines improve IT security, manageability, and operational efficiencies by establishing consistent configuration and security procedures.

Benchmarks and Secure Configuration Guides

  • CIS Benchmarks: Developed by the Center for Internet Security, provide best practice guides for securing IT systems.

    • Covers multiple domains: networks, operating systems, applications, etc.

    • Continuously updated in response to evolving risks.

    • Examples of compliance benchmarks include PCI DSS, NIST 800-53, and ISO 27000.

  • Security Technical Implementation Guides (STIGs): Developed by the Defense Information Systems Agency (DISA) for the US Department of Defense, defining sets of security configurations for DoD's IT infrastructure.

Tools for Managing Secure Baselines

  • Configuration Management Tools: Automate deployment of secure baseline configurations. Examples include:

    • Puppet

    • Chef

    • Ansible

    • Microsoft's Group Policy

  • Compliance Monitoring Tools:

    • Security Content Automation Protocol (SCAP) compliant tools like OpenSCAP to assess adherence.

    • CIS-CAT Pro Tool for CIS benchmarks assessment.

    • SCAP Compliance Checker (SCC) by DISA for STIG compliance measurement.

Hardening Concepts

  • Network Devices Default Settings: Default configurations may include insecure passwords, protocols, and settings.

  • Importance of Changing Defaults: Changing these to enhance security is crucial as they are common targets for attackers.

Switches and Routers Hardening Examples

  • Change Default Credentials: To mitigate security risks from widely known information.

  • Disable Unnecessary Services and Interfaces: Services not required should be disabled (e.g., HTTP, Telnet).

  • Use Secure Management Protocols: Prefer protocols like SSH over Telnet.

  • Implement Access Control Lists (ACLs): Limit access to necessary devices/networks.

  • Enable Logging and Monitoring: For identifying issues such as repeated login failures.

  • Configure Port Security: Limit devices connecting to specific switch ports.

  • Strong Password Policies: Enforce to mitigate the risk of attacks.

  • Physical Security: Keep equipment secured in locked areas.

Server Hardware and Operating Systems Hardening Examples

  • Change Default Credentials: Similar to network devices, to prevent unauthorized access.

  • Disable Unnecessary Services: To reduce attack surfaces each service presents.

  • Regular Software Security Patching: Automated patch management ensures timely updates.

  • Least Privilege Principle: Limits accounts to only necessary permissions, minimizing account compromise risk.

  • Implement Firewalls and IDS: To block/make alerts on malicious activities.

  • Use Secure Configuration: Align setups with standards like CIS or STIGs.

  • Strong Access Controls: Enforce measures like MFA and privileged access management.

  • Logging and Monitoring: Similar benefits as for network devices.

  • Use Antivirus Solutions: Auto-detect and quarantine threats.

  • Physical Security of Server Facilities: Ensure restricted access to server environments.

Wireless Network Security

Infrastructure-based Wireless Networks

  • Consist of wireless access points (WAPs) connected to a wired network.

  • WAP Identification: Each WAP has a MAC address (BSSID); networks have SSIDs.

Installation Considerations for Wireless Networks

  • Site Survey: Ensures good availability and coverage; performed using Wi-Fi analyzer software to measure signal strength.

  • WAP Placement: Must minimize overlap and maximize coverage.

Security of Wireless Networks

  • WPA: Original WPA designed to fix vulnerabilities in WEP; integrates TKIP for stronger security.

  • Wireless Encryption Importance: Configuring security settings helps prevent packet interception.

Wi-Fi Protected Setup (WPS)

  • Overview: Automates device configuration via push-button or PIN, but has vulnerabilities exposing it to brute force attacks.

  • Proposed Replacement: Easy Connect for securely configuring devices using QR codes.

WPA3 Features

  • Upgrade from WPA2: Addresses vulnerabilities and enhances security with features like Enhanced Open and Wi-Fi Easy Connect.

  • Authentication Methods: WPA3 introduces Simultaneous Authentication of Equals (SAE) for improved password security.

Wireless Authentication Methods

  • Pre-Shared Key (PSK): Requires passphrase shared among group members; vulnerable to dictionary/brute force attacks.

  • WPA3 Personal: Uses PAKE for session key agreements, enhancing security against sniffing attacks.

  • WPA2/WPA3-Enterprise: Requires unique credentials, offering better control and auditing capabilities.

RADIUS Authentication

  • Involves NAS devices, supplicants, and an AAA server for user authentication; processes payloads securely using shared secrets and EAP protocols.

Endpoint Hardening

Operating System and Application Security

  • Combining access controls, secure configurations, patch management, and monitoring protects OS from malware and breaches.

  • Hardening Best Practices Include:

    • Regular OS patches.

    • User training on threats.

Workstation Security

  • Workstations must undergo changes such as software removal, privilege limitations, detailed monitoring, and strict peripheral device security.

  • Importance of User Training: Workers need awareness of potential threats.

Endpoint Protection Principles

  • Reduce vulnerabilities through secure policy implementation and adherence.

Configuration Inquiry and Compliance

Endpoint Configuration Management

  • Regularly perform checks on configuration adherence and protections.

  • Utilize static and dynamic analysis along with secure coding practices to ensure applications guard against vulnerabilities.

Access Control Frameworks

  • Principle of Least Privilege (PoLP): Assigns minimum permissions necessary for system interactions.

  • Access Control Lists (ACLs): Define user/group permissions over resources to secure system access.

Application Security Practices

Fortification Strategies

  • Secure Coding Techniques: Address client-side vulnerabilities through validation methods, secure cookies, and code signing practices.

Threat Monitoring and Response

  • EDR tools and automated systems enhance organizational responsiveness to cyber threats and incidents.

Mobile Device Management

  • Control Frameworks: MDM strategies govern policies on corporate devices, ensuring security compliance.

  • Encryption and Data Protection: Security measures apply to protect organizational data.

  • Device models (BYOD, COBO) determine organizational control.

Conclusion

  • The comprehensive approach to security techniques across devices, networks and applications is imperative to maintaining integrity and confidentiality within an organization's computing resources. These holistically structured methodologies help in mitigating potential threats while enhancing the overall security stance.