3.3 Given a scenario, implement secure systems design. Flashcards
Hardware/Firmware Security
When implementing system and device security, it is critical to look to hardware features or firmware features that can add to the security of the system or device.
Hardware/Firmware Security - FDE/SED
As discussed earlier, full disk encryption (FDE) is a security feature that allows a device to encrypt the entire hard disk to help maintain confidentiality in cases where a device is lost or stolen. You can also use a stream editor (SED) to transform text inside a file to an unreadable format.
Hardware/Firmware Security - TPM
When working with full disk encryption, you can use a Trusted Platform Module (TPM module), which is a computer chip located on the motherboard, to store encryption keys for the FDE feature.
Hardware/Firmware Security - HSM
Environments needing a high level of security can leverage a hardware security module (HSM), which is an add-on card or a separate device that takes care of managing encryption keys for the environment.
Hardware/Firmware Security - UEFI/BIOS
There are a number of UEFI or BIOS features that can be enabled to help with hardware security. For example, you can add bootup passwords to a device, prevent booting from optical drives or USB drives, and password protect the UEFI/BIOS setup program.
Hardware/Firmware Security - Secure Boot and Attestation
Secure boot is a device security feature that can be enabled that involves the system digitally signing the bootup files. Once the files are signed, the system will only load digitally signed files during bootup. This helps prevent someone from booting another operating system on that system in order to gain access to the system and its data. Attestation in this context means that the system has booted the way it was supposed to based on the digital signature.
Hardware/Firmware Security - Supply Chain
The supply chain is the list of organizations and people
that a product must move through before it reaches its customer. Be sure to get confirmation that you will be able to order parts and receive delivery quickly should a hardware failure occur.
Hardware/Firmware Security - Hardware Root of Trust
Hardware roots of trust are hardware components trusted by the system that perform security functions. For example, a TPM module that generates and stores a key pair.
Hardware/Firmware Security - EMI/EMP
Electromagnetic interference (EMI) is interference from an external source that distorts information being transmitted. An electromagnetic pulse (EMP) is a burst of electromagnetic energy. Ensure that you use technologies that are immune to EMI/EMP, such as fiber optic cabling instead of twisted-pair cabling, in order to protect your data.
Operating Systems
.
Operating Systems - Types
Depending on the type of operating system you are reviewing, you will need to refine the steps that you take to put the system in a secure state.
Operating Systems - Types - Network
A network operating system is designed to run on servers. Be sure to load only the services that are required of the network operating system to help reduce the number of vulnerabilities being exposed.
Operating Systems - Types - Server
Server operating systems are designed to provide resources to clients such as files and printers. Lockdown each server by only installing the software required and keep it up to date with patches.
Operating Systems - Types - Workstation
A workstation is what the user uses to access network resources. Be sure to install anti-malware software and keep the client up to date.
Operating Systems - Types - Appliance
An appliance is any device used by the users. Be sure to
investigate any services or protocols that are running on the appliance so that you can disable if needed.