7. Introducing
Basic Risk
Concepts
• Threats
• Vulnerabilities
• Any weakness
• Risk is
• The likelihood that a threat will
exploit a vulnerability
• Risk mitigation
• Reduces the chances that a threat will
exploit a vulnerability by implementing
controls
8. Understanding
Control Types
Overview
• Technical controls use
technology.
• Administrative controls use
administrative or
management methods.
• Physical controls refer to
controls you can physically
touch.
9. Understanding
Control Types
• Technical controls
– Use technology to reduce
vulnerabilities
• Examples
– Encryption
– Antivirus software
– IDSs
– Firewalls
– Least privilege
10. Understanding
Control Types
• Administrative controls
– Use administrative or management
methods
• Examples
– Risk assessments
– Vulnerability assessments
– Penetration tests
– Awareness and training
– Configuration and change
management
– Contingency planning
– Media protection
– Physical and environmental
protection
12. Control
Goals
Overview
• Preventive attempt to prevent an
incident from occurring.
• Detective controls attempt to detect
incidents after they have occurred.
• Corrective controls attempt to reverse
the impact of an incident.
• Deterrent controls attempt to
discourage individuals from causing an
incident.
• Compensating controls are alternative
controls used when a primary control
is not feasible.
13. Control Goals
• Preventive controls
• Attempt to prevent an incident from
occurring
• Hardening, training, guards, change
management, disabling accounts
• Detective controls
• Attempt to detect incidents after they
have occurred
• Log monitoring, trend analysis, security
audit, video surveillance, motion
detection
14. Comparing
Detection &
Prevention
• Detection controls
• Cannot predict when an incident will
occur
• Cannot prevent an incident
• Used after an incident
• Prevention controls
• Stop the incident before it occurs
15. Control Goals
• Corrective controls
– Attempt to reverse the impact of an
incident
– Active IDS, backups, system recovery
• Compensating
– Alternative controls used when a
primary control is not feasible
– TOTP instead of smart card
16. Control Goals
• Deterrent
• Attempt to discourage individuals
from causing an incident
• Cable locks, hardware locks
• Compare to prevention
• Deterrent encourages people to
decide not to take an undesirable
action
• Prevention stops them from
taking an undesirable action
• Security guard can be both
18. Comparing
Hypervisors
• Type I (bare-metal)
– Runs directly on hardware
– No host operating system required
• Type II
– Runs as software
within an
operating system
20. Using
Virtualization
• Snapshots
– Copy of a VM at a moment in
time
– Can revert to a snapshot if
necessary
• VDI/VDE
– A user’s desktop
– Persistent VDE – keeps user
changes
– Non-persistent VDE – doesn’t
keep user changes
21. Risks
Associated
with
Virtualization
• VMs are files
– Can be copied
• VM escape
– Allows attacker to access
host from guest
• VM sprawl
– Uncontrolled VM creation
(not managed)
• Loss of confidentiality
22. Kali Linux
• Free Linux distribution
– Often used for penetration
testing and security auditing
– Can be installed on Windows
system (that supports Hyper-
V)
– Can be used to run Linux
commands on a Windows
system
– Free online labs
• Gcgapremium.com/501lab
s/
• May need to register on
site to access labs
25. Understanding
Switches &
Case
• Windows switches typically
use slash /
– ipconfig /?
• Linux systems typically use
dash –
– ifconfig -?
• Windows commands rarely
case sensitive
• Linux commands are case
sensitive