Flashcards in "Remember this" Study Guide Notes - Securing Hosts and Data Deck (32):
Hardware Security Module (HSM)
A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Many server-based applications use an HSM to protect keys.
Trusted Platform Module (TPM)
A hardware chip on the motherboard included on many newer laptops and it provides full disk encryption. A TPM includes a unique RSA asymmetric key. When a user activates the TPM, it creates a storage root key, which the TPM uses to generate and store other cryptographic keys.
Hardening a server makes it more secure from its default installation. Disabling unnecessary services and protocols reduces the attack surface of a system and improves its overall security posture.
Standardized images include mandatory security configurations. This ensures systems start in a secure state and reduces overall costs. Administrators are able to identify anomalies by comparing settings, services,
and applications in the image with settings, services, and applications on live computers.
Host software baselines provide a list of approved software and a list of software installed on systems. Administrators can use this to identify unauthorized software installed on systems. Unauthorized software is not maintained and can easily become vulnerable without patching.
Baseline reporting provides a report after comparing baselines with current systems. Administrators use baseline reporting for security baselines, operating system baselines, application configuration baselines, and software baselines.
Application white-listing identifies authorized software for workstations, servers, and mobile devices. It prevents users from installing or running
software that isn’t on the list.
Virtualization allows multiple virtual servers to operate on a single physical server. It provides increased availability with lower operating costs. Additionally, virtualization provides a high level of flexibility when testing security controls, updates, and patches because they can easily be reverted using snapshots.
Virtual local area networks (VLANs) separate or segment traffic on physical networks. You can also create VLANs using virtual switches within a virtual environment hosted on a physical server.
Patch management procedures ensure that operating systems and applications are up to date with current patches. This protects systems against known vulnerabilities.
Static Network Environment Controls
Incorporating control redundancy and diversity into security designs is a key method of protecting static environments such as supervisory control and data acquisition (SCADA) systems. Networks holding SCADA systems can be protected using virtual local area networks (VLANs) to segment traffic and network-based intrusion protection systems (NIPS) to block unwanted
Mobile device security includes device encryption to protect the data, screen locks to help prevent unauthorized access, and remote wipe capabilities to delete all data on a lost phone. Radio-frequency identification (RFID) methods are often used for inventory control.
BYOD Security Concerns
Data security is a significant concern related to BYOD policies. You can use VLANs to isolate mobile devices from the primary network, while still granting them access to the Internet.
Mobile Device Management (MDM)
Mobile device management tools help ensure systems are up to date with current patches and have up-to-date antivirus installed. These tools often block devices that are not up to date.
Application Security (Geo-Tagging)
Geo-tagging adds geographical information to files such as pictures when posting them on social media sites. Criminals can exploit this information when watching a specific person.
The primary methods of protecting the confidentiality of data (including data at rest and data in transit) are with encryption and strong access controls.
Data Protection Types
File-and folder-level protection protects individual files. Full disk encryption protects entire disks, including USB flash drives and drives on mobile devices. Database column encryption protects individual fields within a
Data Loss Prevention (DLP) systems
A network-based data loss prevention (DLP) system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in email and reduce the risk of internal users emailing sensitive data outside the organization. Similarly, endpoint DLP solutions can prevent users from copying or printing sensitive data.
Cloud Computing Types
Applications such as web-based email provided over the Internet are Software as a Service (SaaS) cloud-based technologies.
Platform as a Service (PaaS) provides customers with a fully managed platform, which the vendor keeps up to date with current patches.
Infrastructure as a Service (IaaS) provides customers with access to hardware in a self-managed platform. Customers are responsible for keeping an IaaS system up to date.
Written security policies are management controls that identify a security plan. Other security controls, such as technical, operational, and additional management controls, enforce security polices.
Manditory vacation policies require employees to take time away from their job. These policies help to deter frad and discover malicious activities while the employee is away.
Separation of Duties
Separation of duties prevents any single person or entity from being able to complete all the functuons of a critical or sensitive process by dividing the task between employees. This helps prevent fraud that can occur if a single person prints and signs checks.
Job rotation policies require employees to change roles on a regular basis.
Employees might change roles temporary, such as for three to four weeks, or permanently. This helps ensure employees cannot continue with fraudulent activity indefinitely.
Clean desk policy
A clean desk policy requires users to orginize their areas to reduce the risk of possible theft.
It reminds users to secure sensitive data and may include a statement about not writing down passwords.
Two account Requirement for Administrators
Requiring administrators to use two accounts, one with administrator privleges and the other with regular user privleges, helps prevent privlege escliation attacks.
Users should not use shared accounts.
Third Party Security Conserns
When working withthird parties or as a third party, it's important to protect data.
Most non-disclosure agreements prohibit sharing days unless you are the data owner
A Memorandum of Understanding (MOU) defines responsibilities of each party, but is not as strict as a Service Level Agreement (SLA) or Interconetivity Security Agreement (ISA).
If the partirs will be handling sensitive data, they should include an ISA to insure strict guidelines are placed to protect the data while in transit.
Change management defines the process and accounting structure for handeling modifications and upgrades
The goals are to reduce risks related to unintended outages.
Personally Identifiable Information (PII)
Personally Identifiable Information (PII) includes information such as full name , birthdate, biometric data, and identifying numbers such as a SSN.
Organizations have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies.
P2P secirity Issues
Data leakage occurs when users install P2P software and unintentially share files.
Organizations often block P2P Software at the firewall.
An incident response policy defines an incident and incident response procedures.
Incident response porcedures start with prepation to prepare for and prevent incidents. Preparation helps prevent 8ncidents such as malware infections.
Personnel review the policy, and in response to lessons learned after incidents.