2.1 - Explain the importance of security concepts in an enterprise environment. Flashcards
Configuration management
-identify + document hardware/software settings
->manage sec when changes occur
->rebuild sys if disaster occurs
-documentation + processes = CRITICAL
-identify + control + audit deployment and changes made to established baseline
-help enforce standards, manage sys, report on areas where sys don’t match expected settings
-OS’s, patches, app updates, net mods, new apps, etc
Benefits in these processes;
-provisioning new sys
-replicating environ
-recovering from disasters
-onboarding + training
-ensuring hardened/secure sys
-ensuring stability
Weiss 124
Gibson 148
Chapple 336
Diagrams
-important 4 nets + interconnected complex sys
-EX: net maps, cabling/wiring, etc
-critical in incident response + disaster recovery ops b/c allows responders to quickly understand how infra/sys r configured/interconnect/where data flows/dependencies that exist/etc
-can be provided 2 auditors + is useful artificat for assessment of designs
Network diagrams
-document physical wire + device
Physical data center layout
-can include physical rack locations
Device diagrams
-individual cabling
Weiss 125
Chapple 336
Neil 379
Baseline configuration
-config + settings that r set as foundation 4 all similar systems
-ideal starting place 2 build from to 2 help reduce complexity
-without it = more susceptible to errors, malfunctions, sec breaches
-documentation = v important
->so that another person could easily replicate config
->standardization helps facilitating audit activities
-sec of app environ should be well defined
->all apps instances follow baseline
->firewall, patch levels, OS file versions
->may require constant updates
-integrity measurements check 4 secure baseline should be performed often
->check against well-documented baselines
->failure requires immediate correction
Weiss 124-125
Chapple 336
Gibson 148
Neil 380
Standard naming conventions
-easily understood by everyone
-agreed upon method of naming assets
->valuable 4 everyday mgmt + emergencies
-to identify standard configs
-can make sys more anonymous = less meaningful to a perp
-make scripting mgmt easier b/c can filter/sort/take actions more easily
-Devices: asset tag names + #s, comp names (location/region), serial #s, owners, function, etc.
-Networks: port labeling
-Domain configs: usr acct names, standard email addresses
Weiss 125
Gibson 148
Chapple 337
Neil 379
Internet protocol (IP) schema
-IP address plan/model
->consistent addressing 4 net devices
->helps avoid duplicate IP addressing
-segmenting sys based on purpose + location + etc.
-managing IP address space helps avoid address collisions, running out of addresses in net segments, identify sys that shouldn’t be using a given address
-if u run out + have to re-address -> significant rework may be required to update firewall rules + tools, etc
Locations: # of subnets, hosts per subnet
IP ranges: dif sites have a dif subnet
Reserved addresses: usrs, printers, routers/default gateways
Weiss 125
Chapple 337
Data sovereignty
-data is subject to legal restrictions of any jurisdiction where its COLLECTED, STORED, or PROCESSED
-data residing in a country = subject to laws of that country (legal monitoring, court orders, etc)
-laws may prohibit WHERE data is stored
-> GDPR
->data collected on EU ppl has to be stored in the EU
-wherever ur data is stored, ur compliance laws may prohibit moving data out of the country
-where ur data is located has major impact on restoration phase following a disaster
Weiss 139
Chapple 311
Neil 325
Data protection
-maintaining confidentiality/ensuring privacy
->only ppl who should be authorized to view data r allowed to do so
-preventing theft/disclosure of data (intentional/unintentional)
-tools include;
->DLP
->cloud access sec brokers
->data obfuscation
->rights mgmt/data permissions
->hardware sec modules
->encrypted traffic mgmt
->sec policies
Weiss 126
Neil 53
DLP
-Data loss prevention
-identify confidential/sensitive info thru content analysis
-helps orgs enforce info handling policies + procedures to prevent data loss + theft
-way 2 detect + prevent it from being exfiltrated
->based on 1/3 states: data in use/in motion/in transit
-way 2 enforce data sec policies by providing centralized mgmt
-can config 2 look 4 specific words, phrases, character strings
->can block transmission b4 damage is done
->policies 4 blocking USBs, removable media, etc
->alert admins to attempted breach
->usr can be alerted about sec policy violations 2 keep sensitive info from leaving their desktop
-international orgs need 2 ensure they’re compliant wth local privacy regulations as its implemented
-work in 2 diff environments
->host based DLP
->network DLP
Weiss 127
Chapple 10
Neil 54
Gibson 155
Masking
-partially redacts sensitive info by replacing some or all sensitive fields with blank characters
-only partial data is left in data field so that OG data can’t be stolen
-protect PII
-may be hidden from view BUT data might be intact in storage
->ctrl view based on permissions
-diff techniques
->substituting
->shuffling
->encrypting
->masking out, etc
-commonly required 4 app development
-similar 2 tokenization b/c DM can preserve data format + referential integrity
Weiss 131
Chapple 12
Neil 328
Gibson 422
Encryption
-uses mathematical algs. to protect info (in transit + while it resides on systems)
-2 way street
->convert btwn one + the other if u have proper key
-unintelligible to anyone who doesn’t have access to decryption key
-encode info into unreadable data
->OG = in plaintext
->encrypted form = cipher text
confusion = encrypted data is drastically diff than plaintext
diffusion = change one character of the input + many characters change of the output
Gibson 357
Chapple 10
At rest
-data in its stored/resting state/not being used
->stored on storage device
->hard drives, SSD, flash drives, other storage media
- prone to theft by insiders/external perps who gain access to systems + are able to browse through their contents
-encrypt the data
->whole disk encryption
->database encryption
->file/folder level encryption
-apply permissions
->ACLs (access ctrl lists)
->only authorized usrs can access data
Chapple 10
Gibson 357
Weiss 129
Neil 53
In transit/motion
- data moving across a net or from one sys to another
-data that’s in transit over a network
->not much protection as it travels
->when travels on untrusted network it’s open 2 eavesdropping by anyone with access to that net
-net based protections (firewall, IPS)
-provide transport encryption (TLS and IPsec)
-EX: ecommerce sites use HTTPS sessions 2 encrypt transactions that include credit card data -> if perps intercept transmissions they only see ciphertext
Chapple 10
Gibson 357
Weiss 129
Neil 54
In processing (finish)
-data that’s actively in use by comp. system
-> data stored in memory while processing takes place
-perp may be able to read contents of memory + steal sensitive info
Chapple 10
Gibson 357
Weiss 129
Neil 54
Tokenization (finish)
-replaces sensitive values with unique identifier using a lookup table
Chapple 11
Gibson 423
Weiss 130
Neil 329
Rights management (finish)
-
Gibson 155-156
Weiss 132-133