Threats, Vulnerabilities, and Mitigations 2.5 Flashcards
Segmentation (What is it and why is it done)
Segment the network into smaller pieces (Physical, Logical or Virtual)
- Performance
- Security
- Compliance
How is Segmentation done?
Access control lists where control rules are based on source IP, destination IP or port number.
Restrict access to network devices,
Application allow list/deny list
Mitigation Techniques - Patching
Very important
Third Party Updates
Auto-Updates
Emergency out of band updates .
Mitigation Techniques - Encryption
Prevent access to application data files
File level encryption
Full disk encryption (Bit locker on Windows and File vault on mac).
Application data encryption
Mitigation Techniques - Monitoring
Can be done using technology built into switches, routers, firewalls ect
Sensors, intrusion prevention system, firewall logs, Authentication logs
Collectors SIEM consoles (consolidates logs using a correlation engine to compare diverse data), Proprietary Consoles - (IPS, Firewall)
Least Privilege
Rights and permissions should be set to bare minimum
What is a posture assessment. what is it for?
It is done to enforce configuration of the systems running on your network.
Checks the system to see if all security features are up to date such as a Operating system, updates and patches. Check EDR
What happens if a system fails the posture assessment
Systems out of compliance are quarantined or put on a private VLAN with limited access so updates to security can be made
Decommissioning
May be sensitive data on old devices so there should be a formal policy for devices which are no longer in use.
System Hardening Techniques - Encryption
Encrypt data using Windows encrypting file system (EFS)
Full Disk Encryption (FDE)
Windows Bitlocker, macOS Filevault
Encrypt Network device communication with VPN or HTTPS
System Hardening Techniques - Installation of endpoint protection
EDR (End point detection point) - A different method of threat protection to meet the increasing number of threats.
EDR is able to detect and investigate a threat threat,
EDR will respond to a threat, isolate the system and quarantine the threat. Even roll back to a previous configuration.
System Hardening Techniques - Host based firewall
Software firewall allows and disallows incoming or out-coming application traffic which runs on every end point and can be managed centrally.
System Hardening Techniques - Host based intrusion prevention system (HIPS)
- Recognise and block known attacks
- Secure OS and application configurations
-Often built into endpoint protection software.
System Hardening Techniques - Ports/Protocols
Closing ports because every open port is a possible entry point.
Control port access with firewall (NGFW)
Applications with broad port ranges -Open port 0-65,535
Use Nmap to scan port number
System Hardening - Default password changes
Change default settings when you set up applications. Change default settings. Multi-factor authentication.