2.5 Flashcards
Mitigation and Security for Legacy Systems
hardening, patching, configuration enforcement, decommissioning isolation and segmentation
Securing Bluetooth Devices
Turn off bluetooth when not in use
set devices to non discoverable mode by default
regularly update firmware so security patches are up to date
only pair with trusted devices
use a unique passkey or pin during pairing
be cautious of unsolicited connection requests
use encryption for sensitive data transfers
securing Mobile devices
MDM Mobile device management
- includes patching, config management and best practice enforcement like disabling sideloading, detecting jailbreaking/rooting and enforcing vpn use
Securing OS Zero Day vulnerability
frequent system and software updates
Securing OS Misconfiguration vulnerability
conduct periodic audits and reviews to identify and mitigate vulnerabilities due to misconfigurations
Securing OS Data exfiltration vulnerability
protect with encryption for data at rest and endpoint protection tools to monitor and restrict unauthorized data transfers
Securing OS Malicious Updates vulnerability
maintain app allow lists, verify authenticity with digital signatures and hashes, source updates from trusted vendors
Hardening
process of enhancing system app or network security
What default configurations should be changed in relation to hardening?
default passwords
preset authentication details
should immediately be changes
rotate every 90 days
rely on password manager
unneeded ports and protocols
audit ports that are enabled
close unneeded ports
look for secure versions of protocols and use those
extra open ports
may be open by default
use the more secure ports and close insecure ones
How can you restrict apps in the hardening process?
Least functionality - involves configuring system with only essential apps and services, un-needed apps should be restricted
managing software
- keep software up to date
- large networks should require preventive measures to control excessive installations
create secure baselines
- secure baseline images are used for new computers
- baselines include the os and minimum required apps
preventing unauthorized software
app allowlisting and blocklisting are used to control which apps can run on a workstation
- only apps on the approved list are allowed to run
- all other apps are blocked from running
app blocklisting
- apps placed on blocklist are prevented from running
centralized management
-microsoft AD domain controllers allow centralized management of lists
TOS
Trusted OS
an OS that is designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory
SELinux is an example of a trusted OS so is Trsusted Solarisaccess controls
include mandatory access control
security auditing
role based access control (SELinus)
EAL
Evaluation Assurance Level
a predefined security standard and cert from the common criteria for IT security evaluation
EA1 lowest
EA7 highest level of assurance
Mandatory Access Controls
access permissions are determined by a policy defined by the system admin and enforced by the OS. Its controlled at the kernel level and is often used for high security orgs like for the government or millitary
Hotfix
a software patch that solves a security issue and should be applied immediately after being tested in a lab environment
Update
provides a system with additional functionality but it doesnt usually provide any security patching. they often introduce new vulnerabilities