Secure Device Management Flashcards
Risk Management Process
- Risk identification
- Risk Assessment (score, weigh, prioritise risks)
- Risk Response Planning (determine risk response, plan actions)
- Response Implementation (continuous risk monitoring)
- Monitor and Assess results (continuous risk monitoring and response evaluation)
T-V pair
Threat Vulnerabilities
Risk avoidance
- Stop performing the activities that create risk
Risk reduction
Decrease the risk by taking measures to reduce vulnerability
Risk sharing
Shift some of the risk to other parties
Risk retention
Accept the risk and its consequences
Vulnerability Management
a security practice that is designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization.
Vulnerability Management Life Cycle
- Discover
- Prioritise Assets
- Assess
- Report
- Remediate
- Verify
Discover
Inventory all assets across the network and identify host details, including operating systems and open services, to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule.
Prioritise Assets
Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations.
Assess
Determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability, threats, and asset classification.
Report
Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities.
Remediate
Prioritize according to business risk and address vulnerabilities in order of risk.
Verify
Verify that threats have been eliminated through follow-up audits.
Asset management
Asset management involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise. As part of any security management plan, organizations must know what equipment accesses the network, where that equipment is within the enterprise and logically on the network, and what software and data those systems store or can access. Asset management not only tracks corporate assets and other authorized devices, but also can be used to identify devices that are not authorized on the network.
MDM
Mobile Device Management (MDM) tackles unique challenges in asset management, especially with the rise of Bring Your Own Device (BYOD). Since mobile devices aren’t physically within an organization’s control, they’re susceptible to loss, theft, and tampering, endangering data and network access. MDM involves strategies for responding when devices are no longer under responsible parties’ supervision. Actions may encompass deactivating lost devices, encrypting device data, and bolstering access security through stronger authentication.
Configuration management
Configuration management addresses the inventory and control of hardware and software configurations of systems. Secure device configurations reduce security risk
Patch Management
Enterprise Patch Management involves handling software vulnerabilities in operating systems, firmware, and applications. It covers identifying, acquiring, distributing, installing, and verifying patches to mitigate vulnerabilities, including those in critical systems and frameworks. This practice is essential for security and compliance with regulations like SOX and HIPAA. Patches are crucial for addressing vulnerabilities effectively and are mandated in some cases. Asset management data is used to identify systems needing patches. Tools like SolarWinds, LANDesk, and Microsoft SCCM automate patch distribution in large networks.
Patch Management techniques
- Agent-based
- Agentless Scanning
- Passive Network Monitoring
Agent-based
This requires a software agent to be running on each host to be patched. The agent reports whether vulnerable software is installed on the host. The agent communicates with the patch management server, determines if patches exist that require installation, and installs the patches. The agent runs with sufficient privileges to allow it to install the patches. Agent-based approaches are the preferred means of patching mobile devices.
Agentless scanning
Patch management servers scan the network for devices that require patching. The server determines which patches are required and installs those patches on the clients. Only devices that are on scanned network segments can be patched in this way. This can be a problem for mobile devices.
Passive Network monitoring
Devices requiring patching are identified through the monitoring of traffic on the network. This approach is only effective for software that includes version information in its network traffic.