Flashcards in Chapter 7: Host, Data, and Application Security Deck (24)
Allows data to be viewed in dynamic ways based on your needs. If you need to look up patients who have not had a checkup this year and also have a history of eye surgeries, you can do that.
Structured Query Language (SQL)
Most common query language used to communicate with database servers.
One-Tier vs. Two-Tier vs. Three-Tier model
-Database and application are located on the same machine
-A client system runs an application that communicates with the database
-This is most common
-You have a middle-tier server that processes communication requests between the client and the database. Kinda like a proxy database, almost.
A database that's not relational, and not easily scalable. It can handle less-structured data, but to expand you'll need to add more servers rather than just upgrading the hardware in existing ones.
When you have crazy amounts of data of data, you'll need to store it on a SAN because that's the only thing big enough once you get into petabytes of information. Dell will soon have capital on this following their acquisition of EMC.
Storage Area Network (SAN)
A separate network made to look like storage on another network. You probably want to secure it with a firewall, maybe even an IDS. It's usually connected via fiber, maybe iSCI.
Flooding an application with unexpected or incompatible information (usually a huge stream of random bits) for the purpose of crashing the application and/or elevating your privileges.
-Avoid these attacks by validating all incoming traffic.
The best (read: only) way to prevent attacks like SQL injection, XSS, and buffer overflows.
Open Web Application Security Project (OWASP)
A voluntary organization centered around coding standards for web applications.
The most fundamental is input validation (either client side or server side)
Client-side vs. server-side validation
-Checking the client inputting information and validating it to make sure nothing shitty is going on.
-Validating data as it is being received by the server. It's not common to only have server-side validation.
Computer Emergency Response Team (CERT) Secure Coding Standards
-CERT has complete language-specific standards for Java, Perl, C, and C++
-They address exception handling
-The best way to address this is to give the user good information about a crash, but log the specifics so a hacker can't easily access the information
Different kinds of patches
-An immediate and urgent fix, generally due to security errors
-Non-urgent fix or additional functionality. It can be optional.
-All hotfixes and patches to date. Big overhaul kind of thing.
Access Control Lists (ACLs)
Who can access which resource and at what level?
You can use a whitelist or blacklist system, whichever is more convenient.
How do I harden a web server?
Web servers are popular targets for attackers because of their immense reach.
-Set up filters to make sure only the traffic you need is happening
-Make sure you block out the access to executable scripts as much as you can
How do I harden an email server?
Make sure to run regular virus scans. If you're running an Exchange server, you'll need special software for this.
Use ACL to block specific attacking sources.
How do I harden an FTP server?
FTP is garbage for security. You can make it less shitty by using it with a VPN or with SSH. FTP is very commonly used to exploit systems.
-Use virus scanners, implement separate accounts, and disable the anonymous account.
At the end of the day you should really just be using SFTP instead. It's not 1997 anymore.
How do I harden a DNS server?
DNS attacks are rare, but usually come in these flavors:
-Make sure to keep your shit up to date and enable two-factor authentication
-Network footprinting can exploit a lot of data about your network from your DNS. Keep the DNS datastore to a bare minimum.
-Compromising Record Integrity
-Make sure all DNS servers require authentication before changes are propagated. We have DNSSEC now to add security.
You save all data. Very system intensive, time consuming, and you'll need an incredible amount of storage space if you want to remain scalable.
You do a full backup and then backup the changes that get made. Every increment will be bigger, more system intensive, and more time consuming.
You have a full backup and then little increments that you must restore in order. This is not resource intensive, but it is complex.
RAID 3 or 4-Striped Disks with dedicated parity
RAID 5-Striped disks with distributed parity
RAID 6-Striped Disks with Dual parity
RAID 1+0-Mirrored Set which is then Striped
RAID 0+1-Striped Set which gets mirrored
Data Loss Prevention (DLP)
-Monitors your systems to make sure critical files are not modified or deleted
-Monitors who uses the data, and who's transmitting it. Kind of similar to an IPS that way.
-MyDLP is a common, open source application that runs on most Windows Operating Systems
Trusted Platform Module (TPM)
Hardware-based encryption device that takes over for the BIOS. It can assist with hash key generation.
It stores cryptographic keys, passwords and/or certificates.
-TPM can be used on a wide range of devices, and can be configured for lots of things, including whole-disk encryption with, say, bitlocker. You can use bitlocker without a TPM, but you shouldn't.