501 ch 5 securing hosts and data

Proprietary & Confidential
@GoCyberSec | January, 2020
Chapter 5
Securing Hosts and Data
CompTIA Security +

Introduction
• Implementing secure systems
• Summarizing cloud concepts
• Deploying mobile devices securely

Implementing Host Security
• Least functionality
–Disabling unnecessary services
• Improves security posture
• Reduces attack surface
–Reduces risks from open ports
• Disabling unneeded applications
• Disabling unnecessary accounts
• Keeping systems up-to-date

Secure Operating Systems
• Windows
• MAC
• Linux
–Kiosks
–Network
–Appliance
• Trusted OS

Using Master Images
• Provides secure starting point
• Reduces

• Resiliency and automation strategies
–Automation, scripting, and templates
–Group Policy
• Standardize system configuration
• Standardize security settings
• Enforce strict company guidelines
–Easily apply security settings
to multiple computers
–Account Policies
–Local Policies
–System Services
–Software Restrictions

• Three steps
–Initial baseline configuration
–Integrity measurements for baseline deviation
–Remediation

Implementing Secure Systems
• Patch management
–Ensure that systems are up-to-date
–Protects system against known vulnerabilities
–Test patches in a test environment that mirrors the production
environment
–Automated deployment
–Testing, deploying and verifying updates

• Change management
–Helps ensure changes to IT systems do not result in
unintended outages
–Provides an accounting structure or method to document all
changes
–Changes are proposed and reviewed before implementation

• Unauthorized software
–Can include malware
• Compliance violations
–Licenses

Whitelisting vs Blacklisting
• Application whitelisting
–Identifies authorized software for workstations, servers, and
mobile devices
–Prevents users from installing or running software that isn’t on
the list
• Application blacklisting
–A list of prohibited applications
–Prevents users from installing or running software on the list

Secure Staging and Deployment
• Sandboxing
• Used for testing
• Isolated area on a system
• VMs
• Isolated operating system
• Chroot
• Isolated area within a Linux OS

Secure Staging Environment
• Development
• App created in a development environment
• Test
• App tested in a testing environment
• Staging
• Simulates production environment
• Production
• Final product

Peripherals
• Wireless keyboards
• Wireless mice
• Displays
• External storage devices
• Digital cameras
• Wi-Fi-enabled MicroSD card
• Printers and other multi-function devices (MFDs)

Hardware and Firmware Security
• Electromagnetic interference
(EMI)
• Interference from various
sources
• Motors
• Power lines
• Fluorescent lights
• Electromagnetic pulse (EMP)
• Short burst of electromagnetic
energy
• Electrostatic discharge (ESD)
• Lightning
• Military weapons

• EMI
• Electromagnetic interference
• Interference from various
sources
• Motors
• Power lines
• Fluorescent lights
• EMP
• Electromagnetic pulse
• Short burst of electromagnetic
energy
• Electrostatic discharge (ESD)
• Lightning
• Military weapons

• Full disk encryption (FDE)
- Can be software application
• Self-encrypting drives (SED)
- Includes the hardware and software to encrypt all data on the
drive
- Securely stores the encryption keys
- Typically unlocked with user credentials

• Basic Input/Output System (BIOS)
- Firmware used to start a computer
- Software stored on hardware chip
• Unified Extensible Firmware Interface (UEFI)
- Replacement for BIOS on most newer systems
- Includes similar functions and some enhancements
• Update BIOS and UEFI by flashing

Hardware-Based Encryption
Characteristics TPM HSM
Hardware Chip in motherboard (included with many
laptops)
Removable or external hardware device,
(purchased separately)
Uses Full disk encryption (for laptops and some
servers)
High-end mission-critical servers (SSL
accelerators, high availability clusters,
certificate authorities)
Authentication Performs platform authentication (verifies drive
not moved)
Performs application authentication (only
used by authorized applications)
Encryption Keys Includes endorsement key (burned into chip)
and storage root key
Storage root key generates and protects other
keys
Stores RSA keys used in asymmetric
encryption and can generate keys

Benefits of TPM and HSM
• Secure boot process
–Checks the files against stored signatures to ensure files
haven’t changed
–Attests that the files haven’t changed
–Blocks boot process if files have been modified
• Remote attestation
–Sends information on files to remote system
–Remote system verifies files haven’t changed

Benefits of TPM and HSM
• Hardware root of trust
–Known secure starting point
–TPM/HSM ships with a unique private key burned into
hardware
–Matched with public key
–Used during secure boot process

• Additional vulnerabilities
–End of life systems
• Sanitize before disposing
• Lack of vendor support
–No security updates
–No technical support
–Susceptible to security issues

Summarizing Cloud Computing
• Accessing computing resources on another system
• On-premise
–Cloud resources owned, operated, and maintained by an
organization for its employees
• Hosted
–Resources rented and managed by another organization
–Typically accessed via the Internet

• Software as a Service (SaaS)
–Applications provided over the Internet (such as web-mail
accessed with a web browser)
• Platform as a Service (PaaS)
–Provides customers with a fully managed platform
–Vendor keeps platform up-to-date
• Infrastructure as a Service (IaaS)
–Provides customers with access to hardware in a self-managed
platform
–Customers are responsible for keeping an IaaS system up to
date

• Comparing responsibilities

Understanding Cloud Computing
• Security as a service
–Any services provided via the cloud that provide security
services
–Commonly viewed as a subset of Software as a Service (SaaS)
• Cloud access security broker (CASB)
–Software tool or service
–Placed between organization’s network and the cloud provider

Cloud Deployment Models
• Public – Available to anyone
• Private – Only available within a company
• Community – Cloud shared by two or more organizations
• Hybrid – Combination of any two models

Mobile Device Deployment Models
• Models support connecting mobile devices to organization’s
network
–Corporate-owned
–COPE (corporate-owned, personally enabled)
–BYOD (bring your own device)
–Bring your own disaster
–CYOD (choose your own device)
–Limits supported devices
• VDI (virtual desktop infrastructure)

Mobile Device Connection Methods
• Cellular
• Wi-Fi
• SATCOM
• Bluetooth
• NFC (near field communication)
• ANT
• Infrared
• USB (Universal Serial Bus)

Mobile Device Management (MDM)
• Application management
• Full device encryption
• Storage segmentation
• Content management
• Containerization
• Passwords and PINs
• Biometrics
• Screen locks
• Remote wipe
• Geolocation
• Geofencing
• GPS tagging
• Context-aware
authentication
• Push notification services

MDM Enforcement / Monitoring
• Unauthorized software
– Third party app stores
– Rooting and jailbreaking
– Updates
– Sideloading
– SMS and MMS
– SMS

Mobile Device Management (MDM)
• Hardware control
• USB OTG cables
• Unauthorized connections
• Tethering
• Wi-Fi Direct
• Ad hoc

Embedded System
• Any device that has a dedicated function and uses a computer system
to perform that function
– Compare to desktop PCs, laptops, and servers
– All use central processing units (CPUs), operating systems, and
applications to perform various functions
• Embedded systems
– Use CPUs, operating systems, and one or more applications to
perform specific functions

Embedded System
• Security implications and vulnerabilities
– Keep up-to-date
• Implement patch management processes
• Avoid default configurations

Comparing Embedded Systems
• Smart devices
• Internet of things (IoT)
– Wearable technology
– Home automation
• HVAC
• SoC
• RTOS
• Printers/MFDs
• Camera systems
• Special purpose
– Medical devices
– Vehicles
– Aircraft/UAV

Protecting SCADA/ICSs
• Redundancy and diversity
• Network segmentation
• Security layers
• Application firewalls
• Manual updates
• Firmware version control
• Wrappers

Protecting Data
• Data at rest
– Any stored data
– Hard drives, mobile phones, USB flash drives, external drives,
databases. and backups
• Data in transit
– Data in motion
– Any data traveling over a network

Protecting Confidentiality with Encryption
• Software-based encryption
• Full disk encryption
• Database column encryption
• File/folder encryption

Permission Issues & Access Violations
• Principle of least privilege
– Ensures users granted only the rights and permissions needed to
perform assigned tasks or functions
– Rights identify what a user can do, such as changing the system
time or rebooting a system
– Permissions define access to resources, such as being able to read
or modify a file
– Rights and permissions combined called privileges

File System Security
• Linux permissions
– Owner
– Group
– Others
– Read (r) 100 (4)
– Write (w) 010 (2)
– Execute (x) 001 (1)

• Linux permissions
• Chmod

• Windows permissions
– Read
– Read & Execute
– Write
– Modify

Data Loss Prevention (DLP)
• Removable media
• Data exfiltration
– Unauthorized transfer of data outside an organization
• Cloud-based DLP
– Can protect PII and PHI

Chapter 5 Summary
• Implementing secure systems
• Summarizing cloud concepts
• Deploying mobile devices securely

501 ch 5 securing hosts and data

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 501 ch 5 securing hosts and data

Similar to 501 ch 5 securing hosts and data (20)

More from gocybersec

More from gocybersec (11)

Recently uploaded

Recently uploaded (20)

501 ch 5 securing hosts and data