Managing Security Flashcards
Geographical considerations
For business that transcends state lines and even outside of the country, legal implications must be considered. If you have servers or business outside of the country, personnel must be prepared with a passport and be able to clear immigration. Refer to a legal team.
Offsite Backups
If your organization has backups that are controlled by a 3rd party you must know what kind of control you have over your data; what kind of access does the 3rd party have over your data? If backups are offsite, how are you going to get your personnel to that location if necessary; in a disaster? Have all of this planned.
Response and Recovery Controls
Incident response and recovery has become commonplace. Attacks are frequent and complex. Incident response plan should be established. Documentation is critical, identify the attack, contain the attack. Limit the impact of an attack. Limit data exfiltration, limit access to sensitive data.
SSL/TLS Inspection
Commonly used to examine outgoing SSL/TLS. (Secure Sockets Layer/Transport Layer Security). Commonly monitor emails from your computer to your bank etc. SSL/TLS inspection is based on trust between the communicating devices. Your browser contains a list of trusted CA certificates. (certificate authority) The CA must sign the certificate for the web server. Your job is to double check the signatures from the CA to make sure it matches the websites signature. CA’s will perform checks such as validate DNS records, phone calls to the companies, various forms of verification to ensure things are what they say they are.
How to SSL/TLS Inspect?
Having a firewall or SSL decryption device. (Proxy in the middle) We add our own internal CA certificate for our private use. We additionally add it to our internal devices. The proxy acts as a bouncer at the door, and a messenger at the same time. The internal device sends a message to the proxy with our own CA. The message is reviewed by the proxy/firewall, then recreated and sent to the webserver with the external CA attached to that external webserver. The response is returned from the web server and checked at the proxy. When everything checks out, it is transmitted into a new message with our internal CA and forwarded to the internal device.
Hasing
We use hashing for so many things. (Encryption, digital signatures, other cryptographic functions) The hashing process is taking an amount of data and turning it into a short string of text information. Also known as a message digest. Hashing is a one way street, it can not be decrypted. This has advantages however hashing can be reverse engineered. If two people have the same password, their hashes will be the same. Hence adding “salt” to a password creates a different hash. Hashing is also used to verify that the information has not been tampered with. Any tampering will change the hash.
Application Programming Interface (API)
Mobile devices and cloud based tech creates a demand for API’s. We must create security specific to API’s. API’s work differently than typical login/password functions. These create different security needs. Attackers can use on-path attacks (man in the middle) or replay attack to intercept API commands and/or inject data into API messages/commands. A poorly designed/tested API can be abused to create DDOS attacks.
API Security
Many organizations create additional security for API’s, especially as it relates to authentication (login/pass).
Limit API access to legitimate users and make sure its encrypted. API’s should have some security controls that limit access to data. Web Application Firewall (WAF) specific to web apps, used to secure web app data.
