Security Operations 4.1 Flashcards
Given a Scenario apply common security techniques to computing resources
Secure Baselines - Establish
Security Baselines need to be established. All application instances must follow this baseline. List of security baselines is often already established and provided by the manufacture.
Secure Baselines - Deploy
How do we put those baselines into action. How do we deploy the baselines. May require multiple deployment mechanisms.
Secure Baselines- Maintain
Many of these are maintained through best practices. Test and measure to avoid conflicts. Audit baselines to make sure they maintain in effect.
Hardening targets - Mobile Phones
Bug fixes and security Patches, Prevent any known vulnerabilities.
Segmentation can protect data (Company data and user data are separated)
Harding Techniques- Workstations
User desktops and laptops likely use windows, macOS, Linux, etc
Constant monitoring and updates
Remove unnecessary software.
Network Infrastructure Devices
Examples: Switches, routers
They often have an embedded OS, with a limited OS.
Harden by not using default credentials and checking with the manufacturer for security updates. Not usually updated frequently.
Cloud infrastructure
Secure the cloud management workstation. Use principle of least privilege. All services, network setting, application rights and permissions.
Configure endpoint detection and response.
Always have back ups - Cloud to cloud
Servers
Make sure operating system is updated. Make sure user accounts have minimum password lengths. Network access and security. Server should have anti-virus and anti-malware
SCADA/ICS - hardening techniques.
Supervisory Control and Data Acquisition System
Provide insight into the the systems. Should be hardened with the use of segmentation no access from the outside.
Embedded system - Hardening techniques
Hardware and software designed for a specific function. Can be difficult to harden, unlikely to have a security patch. Important to provide additional security by putting them on a segmented network and a firewall.
RTOS - hardening techniques
Real time operating system.
An operating system with a deterministic processing schedule. Industrial equipment, automobiles, military environments.
Isolated from the rest of the network
Run with the minimum services which helps to prevent for exploit.
IoT - hardening devices.
Internet of things
Heating, cooling and lighting. Home automation, wearable technology.
Put updates for IoT’s at a high priority.
Securing Wireless and Mobile - Site Survey
Determine the existing wireless landscape. Sample the existing wireless spectrum. Identify existing access points. Work around existing frequencies.
Heat maps.
Wireless survey tools - Security.
Shows signal coverage, Potential interference, Built-in tools, 3rd.
Mobile Device management -Securing Wireless and Mobile
Manage company owned and user-owned mobile devices. Centralised management of mobile devices.Employer can implement security controls and segmentation on mobile devices.
BYOD -Securing Wireless and Mobile
Bring your own device.
Employee own the device. Difficult to secure. Policies and procedures are necessary to keep personal devices secure
COPE - Securing Wireless and Mobile
Corporate owned, personally enabled.
Used as both a corporate device and a personal device.
Organisation Keeps full control of the device. Similar to company-owned laptops.
CYOD - Choose your own device.
Security challenges relating to mobile phones?
-Can be easily hidden on somebodies person
-Contain a lot of data
-Can be located anywhere in the world
Wifi - Securing Wireless and Mobile
Encrypt the data with VPN
On path attacks - allow/ and or modify data.
Denial of service - Frequency interference.
Bluetooth - Securing Wireless and Mobile
High speed communication over short distances. There is a formal pairing process to prevent unauthorised connections.
Wireless network settings - WPA2 what is it?
Used to encrypt wireless data
WPA2 Problem.
WPA2 has a problem where the hash associated with the four way handshake at the during the connection is derived by an attacker.
Once the hash is derived, attackers run it through a brute force attack to find the pre -shared key.
A weak PSK is easier to brute force, GPU processing and Cloud based password cracking make finding the PSK easier.
WPA3 and GCMP
Stronger encryption used with WPA3 than WPA2
GCMP - Galois/ Counter mode Protocol - stronger encryption.
Includes data confidentiality
Message integrity check
WPA3 Changes the PSK authentication process.
Includes mutual authentication. Creates a shared session key on the end devices rather than sending hashes these keys across the network. Nothing for the attacker to brute force.
SAE
Simultaneous Authentication of Equal.
The way in which pre-shared keys are derived in WPA3
A diffie-hellman derived key exchanged with an authentication component.
Everyone uses a different session key
Included in IEEE Standard
Radius (A AAA server)
Authentication protocol, Remote authentication dial in user service. Including connections on a local network.
EAP
Extensible Authentication Protocol.
Input validation
Analysing data and making sure it matches the data entry that what was expected.
Secure cookies
Bits of information stored on your computer by bowser. Information inside the cookie can be valuable to the attacker. Secure cookies often used.
Sensitive information often not put in cookies.
Static code analyses (SAST)
Used to find security flaws in applications. Not everything can be identified through analysis. Helps to find many security vulnerabilities such as buffer overflows, database injections but not everything can be identified by analysis.
Code Signing
A way to check if the code on an application is the same code that was sent by the manufacturer.
Has the application been modified in any way?
Can you confirm that the application was written by a specific developer.
Code is digitally signed. If the code. The OS will analyse the code and then alert if anything has changed.
Sandboxing the application
The application begins executing but only has access to the data it needs for the application to work.
Developers will create code in a separated sandbox so they do not impact the production during development.
Sandbox used in mobile devices which keeps applications separated from having access to the rest of the personal details on the phone.
Application security Monitoring
View blocked attacks, SQL injection attempts. patched vulnerabilities
