2.5 Flashcards
Mitigation and Security for Legacy Systems
hardening, patching, configuration enforcement, decommissioning isolation and segmentation
Securing Bluetooth Devices
Turn off bluetooth when not in use
set devices to non discoverable mode by default
regularly update firmware so security patches are up to date
only pair with trusted devices
use a unique passkey or pin during pairing
be cautious of unsolicited connection requests
use encryption for sensitive data transfers
securing Mobile devices
MDM Mobile device management
- includes patching, config management and best practice enforcement like disabling sideloading, detecting jailbreaking/rooting and enforcing vpn use
Securing OS Zero Day vulnerability
frequent system and software updates
Securing OS Misconfiguration vulnerability
conduct periodic audits and reviews to identify and mitigate vulnerabilities due to misconfigurations
Securing OS Data exfiltration vulnerability
protect with encryption for data at rest and endpoint protection tools to monitor and restrict unauthorized data transfers
Securing OS Malicious Updates vulnerability
maintain app allow lists, verify authenticity with digital signatures and hashes, source updates from trusted vendors
Hardening
process of enhancing system app or network security
What default configurations should be changed in relation to hardening?
default passwords
preset authentication details
should immediately be changes
rotate every 90 days
rely on password manager
unneeded ports and protocols
audit ports that are enabled
close unneeded ports
look for secure versions of protocols and use those
extra open ports
may be open by default
use the more secure ports and close insecure ones
How can you restrict apps in the hardening process?
Least functionality - involves configuring system with only essential apps and services, un-needed apps should be restricted
managing software
- keep software up to date
- large networks should require preventive measures to control excessive installations
create secure baselines
- secure baseline images are used for new computers
- baselines include the os and minimum required apps
preventing unauthorized software
app allowlisting and blocklisting are used to control which apps can run on a workstation
- only apps on the approved list are allowed to run
- all other apps are blocked from running
app blocklisting
- apps placed on blocklist are prevented from running
centralized management
-microsoft AD domain controllers allow centralized management of lists
TOS
Trusted OS
an OS that is designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory
SELinux is an example of a trusted OS so is Trsusted Solarisaccess controls
include mandatory access control
security auditing
role based access control (SELinus)
EAL
Evaluation Assurance Level
a predefined security standard and cert from the common criteria for IT security evaluation
EA1 lowest
EA7 highest level of assurance
Mandatory Access Controls
access permissions are determined by a policy defined by the system admin and enforced by the OS. Its controlled at the kernel level and is often used for high security orgs like for the government or millitary
Hotfix
a software patch that solves a security issue and should be applied immediately after being tested in a lab environment
Update
provides a system with additional functionality but it doesnt usually provide any security patching. they often introduce new vulnerabilities
Service Pack
includes all the hotfixes and updates since the release of the OS
Patch Management
planning testing implementing and auditing of software patches
Patch Planning
creating policies procedures and systems to track and verify patch compatibility
Patch Rings
implementing patches one group at a time
Patch auditing
scanning network to ensure patch was installed correctly
Group Policies
a set ofr ules and policies that can be applied to users or computer accounts within an OS
can be accesses by entering gpedit in the run prompt
each policy acts as a security template applying rules like password complexity, acct lockout policies, software restrictions and app restrictions
Security Templates
a group of policies that can be loaded through one procedure
GPO
group policy objective
used to harden the OS and establish secure baselines
its like a secutity template in windows to apply settings across devices on a network
Baselining
a process of measuring changes in the network hardware of software environment
helps establish what is normal for the org and identify deviations
SELinux
Security enhanced linux
provides an additional layer of security for linux distros
enforces mandatory access control
enabled info to be classified and protected
enhances file system security
MAC
mandatory access control
restricts access to system resources based on subject clearance and object labels
SELinux Context based permissions
permission schemes that consider various properties to determine whether to grant or deny access to a user
two main types that use MAC
SELinux and App Armor
DAC
discretionary access control
allows object owners to directly control access using tools like chown and chomos
selinux uses mac not dac
Three main contexts in selinux
user context (defines which users have access to an object)
role context
type context - essential for fine grained access control most critical
Optional context
level context
describes the sensitivity level of a file directory or process
SELinux Modes
disabled turns off selinux relying on default dac for access control
enabled
permissive enabled selinux but does not enforce policies
SELinux Policy Types
Targeted - only specific processes are confined to a domain while others are unconfined
strict policies - every subject and object operates under mac but its more complex to setup. most secure
MLS policy implements a more stringent security model based on the Bell-LaPadula model, which focuses on maintaining data confidentiality by controlling read and write access based on security levels.
Data Encryption Levels
Full disk
partition
volume
file level
database
record
Veracrypt
tool that encrypts partitions of a hard drive
Volume encryption
used to encrypt a set space on the storage medium
GNU Privacy Guard
a tool that provides cryptographic privacy and authentication for data and communication
Mutex
mutually exclusive flag that acts as a gatekeepers to a section of the code so that only one threat can be processed at a time
Deadlock
occurs when a lock remains in place because the process its waiting for is terminated crashes or doesnt finish properly
