Threats, Vulnerabilities, and Mitigations 2.5

Question 1

Segmentation (What is it and why is it done)

Answer 1

Segment the network into smaller pieces (Physical, Logical or Virtual)
- Performance
- Security
- Compliance

Question 2

How is Segmentation done?

Answer 2

Access control lists where control rules are based on source IP, destination IP or port number.

Restrict access to network devices,

Application allow list/deny list

Question 3

Mitigation Techniques - Patching

Answer 3

Very important
Third Party Updates
Auto-Updates
Emergency out of band updates .

Question 4

Mitigation Techniques - Encryption

Answer 4

Prevent access to application data files
File level encryption
Full disk encryption (Bit locker on Windows and File vault on mac).
Application data encryption

Question 5

Mitigation Techniques - Monitoring

Answer 5

Can be done using technology built into switches, routers, firewalls ect

Sensors, intrusion prevention system, firewall logs, Authentication logs

Collectors SIEM consoles (consolidates logs using a correlation engine to compare diverse data), Proprietary Consoles - (IPS, Firewall)

Question 6

Least Privilege

Answer 6

Rights and permissions should be set to bare minimum

Question 7

What is a posture assessment. what is it for?

Answer 7

It is done to enforce configuration of the systems running on your network.

Checks the system to see if all security features are up to date such as a Operating system, updates and patches. Check EDR

Question 8

What happens if a system fails the posture assessment

Answer 8

Systems out of compliance are quarantined or put on a private VLAN with limited access so updates to security can be made

Question 9

Decommissioning

Answer 9

May be sensitive data on old devices so there should be a formal policy for devices which are no longer in use.

Question 10

System Hardening Techniques - Encryption

Answer 10

Encrypt data using Windows encrypting file system (EFS)
Full Disk Encryption (FDE)
Windows Bitlocker, macOS Filevault
Encrypt Network device communication with VPN or HTTPS

Question 11

System Hardening Techniques - Installation of endpoint protection

Answer 11

EDR (End point detection point) - A different method of threat protection to meet the increasing number of threats.

EDR is able to detect and investigate a threat threat,

EDR will respond to a threat, isolate the system and quarantine the threat. Even roll back to a previous configuration.

Question 12

System Hardening Techniques - Host based firewall

Answer 12

Software firewall allows and disallows incoming or out-coming application traffic which runs on every end point and can be managed centrally.

Question 13

System Hardening Techniques - Host based intrusion prevention system (HIPS)

Answer 13

• Recognise and block known attacks
• Secure OS and application configurations
  -Often built into endpoint protection software.

Question 14

System Hardening Techniques - Ports/Protocols

Answer 14

Closing ports because every open port is a possible entry point.
Control port access with firewall (NGFW)
Applications with broad port ranges -Open port 0-65,535
Use Nmap to scan port number

Question 15

System Hardening - Default password changes

Answer 15

Change default settings when you set up applications. Change default settings. Multi-factor authentication.

Question 16

System Hardening - Removal of Unnecessary Software

Answer 16

Remove all unused software because every application could have secuirty concerns.