A5 – Software & Hardware Security Measures (Further Security) Flashcards
A - Cyber Security Threats, System Vulnerabilities and Security Protection Methods
Access Controls
👉 Access control is needed to restrict access to resources, such as files, folders, applications & physical resources.
👉 Once a user is authenticated this will authorise them to access certain resources. This includes the files that they can access (and what level of access), the software they can access, and the functionality they can perform (such as installing software). Organisations should work on the “principle of least privilege”. This means users can only access the data, software and functionality they need to do their job.
👉 after authorisation there is audit. We will maintain an audit log of how users use the network, including when and where. This can ensure appropriate use and help identify where a threat has occurred.
Trusted Computing
👉 Trust computing is a term used for a technology that ensures hardware has security built-in so that devices will perform in predictable and secure ways. It takes away the control of security from the user, thus removing them from the possibility of deliberately or accidentally causing a threat to occur.
👉 Trusted computing can help ensure a system is significantly more secure from all kinds of threats
MAC Address Filtering & Network Cloaking
👉 MAC address filtering enables specific computers to be restricted access to a network based upon the individual MAC address a computer has. This works particularly well as a MAC address is a permanent identifier, unlike an IP address. MAC addresses can be spoofed though which would fool the filter into letting a device to connect when it should not.
👉 We can also use network cloaking to hide the service set identifier (SSID). The SSID is the name of your wireless network. This could prevent some attacks on the network by preventing someone from seeing it. However, this can be easily gotten around as there are software tools available to identify the SSID of cloaked networks.
Wireless Encryption
Wireless encryption protects our network by ensuring data being transmitted wirelessly is scrambled and so unauthorised devices cannot access it. The two main types of wireless encryption are:
👉 WEP– Wired Equivalent Privacy was an early wireless encryption method. It is considered incredibly insecure now and a WEP password can be easily cracked. Even so, it is still heavily in use due to people using outdated wireless routers or not having the knowledge as to how to change their encryption type.
👉 WPA2– Wi-Fi Protected Access 2 is the latest version of WPA, which replaced WEP. It uses AES encryption which is considered incredibly secure, so much so it’s been adopted by the US government when sending classified documents. There are other security benefits, including enforcing longer passwords.
Wireless Encryption 2
👉 Another wireless encryption technology that is worth considering is Wi-Fi Protected Setup (or WPS). WPS only works with networks being encrypted with WPA Personal or WPA2 Personal. It was designed to make WiFi encryption secure while still usable. Instead of a long password, you could use an 8-digit pin or a push button method for syncing.
👉 However, routers using a WPS pin method were found to have a serious security flaw using the WPS pin recovery system which could be easily brute-force attacked and gained access to, along with the WPA/WPA2 password.
👉 We’ve already mentioned some vulnerabilities to wireless encryption. There are many more threats to it but most can be mitigated through some simple procedures, such as:
Use WPA2 encryption rather than WEP or WPA.
Set a complex wireless password.
Turn off the WPS feature.
Regularly update wireless router firmware.
Consideration of Issues During Network & System Design
👉 Before implementing a WLAN you should design the network & system with security in mind.
👉 Key areas that should be considered and included in your design are:
👉 Network firewalls, intrusion detection systems and virtual private network protection.
Content inspection systems, such as anti-malware programs, anti-spam and URL filters.
Network Compartmentalisation, i.e. splitting the network into several different zones based on threat susceptibility.
Principle of least privilege, where users and administrators only have access to information necessary for them to be able to complete their role.