Protocol, App, and Cloud Security PDF

CHAPTER 10 Protocol, App, and Cloud Security SECURITY PRO 10. PROTOCOL, APP, AND 1 CLOUD SECURITY Host Virtualizati on SECURITY PRO Section Skill Overview Use VMWare Player. Use Hyper-V. Create virtual machines. Use Windows Sandbox. Create containers. Secure containers. SECURITY PRO Key Terms Physical machine Virtual machine Virtual hard disk (VHD) Hypervisor Load balancing SECURITY PRO Key Definitions Physical machine: The physical computer with hardware, such as the hard disk drive(s), optical drive, RAM, and motherboard. Virtual machine: A software implementation of a computer that executes programs like a physical machine. Virtual hard disk (VHD): A file that is created within the host operating system and simulates a hard disk for the virtual machine. Hypervisor: A thin layer of software that resides between the guest operating system and the hardware. It creates and runs virtual machines. Load balancing: A technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time. SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Hardware Virtualization Full virtualization Type 1 (bare metal) Type 2 (hosted) Partial virtualization Paravirtualization SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Virtualization Benefits Reduced expenses, better ROI Redundancy and load balancing Minimal downtime Rapid provisioning Snapshots and rollback Easily move or copy VMs Simpler management Less costly to own and operate SECURITY PRO Host Virtualization Overview SECURITY PRO Host Virtualization Overview SECURITY PRO Summary Virtualization roles Types of virtualization Hypervisor types Virtualization benefits VM escape attack SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Resource Pooling Created within a cluster Allocates CPU and RAM Prioritizes workloads Protects critical apps Establishes boundaries SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Load Balancing with Virtualization SECURITY PRO Summary Clustering with load balancing High performance & availability Resource pooling SECURITY PRO In-Class Practice Do the following labs: 10.1.6 Create Virtual Machines SECURITY PRO Class Discussion What is virtualization? What is the difference between a virtual machine and a hypervisor? What are the advantages of virtualization? How do you secure a container? SECURITY PRO 10. PROTOCOL, APP, AND 2 CLOUD SECURITY Virtual Networki ng SECURITY PRO Section Skill Overview Configure virtual network devices. Create virtual switches. SECURITY PRO Key Terms Virtual network Virtual local area network (VLAN) Virtual private network (VPN) Virtual machine (VM) Virtual switch (vSwitch) Virtual router (vRouter) Virtual firewall appliance (vFA) Virtual machine monitor (VMM)/hypervisor SECURITY PRO Key Definitions Virtual network: A computer network consisting of virtual and physical devices. Virtual local area network (VLAN): A virtual LAN running on top of a physical LAN. Virtual private network (VPN): A secure tunnel to another network that connects multiple remote end-points. Virtual machine (VM): A virtual computer that functions like a physical computer SECURITY PRO Key Definitions Virtual switch (vSwitch): Software that facilitates the communication between virtual machines by checking data packets before moving them to a destination. Virtual router (vRouter): Software that replicates the functionality of a physical router. Virtual firewall appliance (vFA): Software that functions as a network firewall device. A virtual firewall appliance provides packet filtering and monitoring functions. Virtual machine monitor (VMM)/hypervisor: Software, firmware, or hardware that creates and runs virtual machines. SECURITY PRO Virtual Networking Overview SECURITY PRO Virtual Networking Overview SECURITY PRO Virtual Networking Overview SECURITY PRO Virtual Networking Overview SECURITY PRO Virtual Networking Overview SECURITY PRO Virtual Networking Overview SECURITY PRO Summary Virtual Bridging Creating a sandbox NAT router Virtualizing the network SECURITY PRO Virtual Network Devices SECURITY PRO Network Virtualization VLANs VPNs SECURITY PRO Virtual Switch (vSwitch) Software application Easier to implement and manage Security integrity of virtual hosts SECURITY PRO Common Platforms Open vSwitch (OVS) VMware Virtual Switch Cisco Nexus lOOOv SECURITY PRO Virtual Router Move routing functions around Not locked into proprietary protocols SECURITY PRO Summary Virtual Bridging Creating a sandbox NAT router Virtualizing the network SECURITY PRO In-Class Practice Do the following labs: 10.2.6 Create Virtual Switches SECURITY PRO Class Discussion How does a virtual network differ from a physical network? What is a Virtual Private Network (VPN)? What is a virtual machine? What terms are associated with virtualization and what do they mean? What is the Dynamic Host Configuration Protocol (DHCP)? How can physical devices become virtual ones? Who are some of the network virtualization service providers? SECURITY PRO 10. PROTOCOL, APP, AND 3 CLOUD SECURITY Software- Defined Networki ng SECURITY PRO Key Terms Software-defined networking SECURITY PRO Key Definitions Software-defined networking: An architecture that allows network and security professionals to manage, control, and make changes to a network. SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO Software-Defined Networking Basics SECURITY PRO SDN Infrastructure and Architecture SECURITY PRO SDN Infrastructure and Architecture SECURITY PRO SDN Infrastructure and Architecture SECURITY PRO SDN Infrastructure and Architecture SECURITY PRO SDN Infrastructure and Architecture SECURITY PRO Class Discussion Which three layers exist in the software-defined networking (SDN) architecture? What is the function of the controller? What technology allows network and security professionals to manage, control, and make changes to a network? What are the advantages of SDN? What are the disadvantages of SDN? SECURITY PRO 10. PROTOCOL, APP, AND 4 CLOUD SECURITY Cloud Services SECURITY PRO Key Terms Cloud Cloud computing Public cloud Private cloud Community cloud Hybrid cloud SECURITY PRO Key Definitions Cloud: A metaphor for the internet. Cloud computing: Software, data access, computation, and storage services provided to clients through the internet. Public cloud: A cloud that is deployed for shared use by multiple independent tenants. Private cloud: A cloud that is deployed for use by a single entity. Community cloud: Platforms, applications, storage, or other resources that are shared by several organizations. Hybrid cloud: A cloud deployment that uses both private SECURITY PRO and public elements. Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Deployment Public cloud Private cloud Community cloud Hybrid cloud SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Cloud Services Introduction SECURITY PRO Enhancing Cloud Performance SECURITY PRO Enhancing Cloud Performance SECURITY PRO Enhancing Cloud Performance SECURITY PRO Benefits - Fog Computing Lower latency Greater security Enhanced storage capacity Real-time incident response SECURITY PRO Fogging Security Issues Account hijacking Denial of service Access control issues Unsecure APls System/app vulnerabilities Shared tech issues SECURITY PRO Enhancing Cloud Performance SECURITY PRO Benefits - Edge Computing Lower latency Increased bandwidth Greater resiliency Data sovereignty Real-time processing Timely decisions Reduce costs Engage with customers Increase privacy SECURITY PRO Enhancing Cloud Performance SECURITY PRO Benefits - Serverless Synced data and apps Increased agility Faster time to market Improved operational efficiency Reduced operational costs Increased flexibility & scalability SECURITY PRO Drawbacks - Serverless Performance Security SECURITY PRO Enhancing Cloud Performance SECURITY PRO Drawbacks - Serverless Performance Security Privacy SECURITY PRO Integration Types Cloud-to-cloud Cloud-to-on-prem Hybrid combination SECURITY PRO Security Issues - Integration Data and app protection Internal threats External threats Misconfigurations SECURITY PRO Resource Policies Attached to a specific resource Who has access What they can do with it Microsoft Intune BYOD Corporate apps and data encrypted Requires Azure Active Directory SECURITY PRO Summary Fog computing Edge computing Serverless architecture Services integration Resource policies SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Cloud Computing Security Issues SECURITY PRO Class Discussion What is the difference between a hybrid cloud and a community cloud? What is the difference between infrastructure as a service (IaaS) and platform as a service (PaaS)? Which two implementations are available for software as a service (SaaS)? What services does cloud computing provide? Which cloud computing model allows the client to run software without purchasing servers, data center space, or network equipment? SECURITY PRO 10. PROTOCOL, APP, AND 5 CLOUD SECURITY Mobile Devices SECURITY PRO Section Skill Overview Enforce security policies on mobile devices. Sideload an application. SECURITY PRO Key Terms App whitelisting Geotagging Data exfiltration Sandboxing Jailbreaking Sideloading SECURITY PRO Key Definitions App whitelisting: The process of identifying apps that users are allowed to have on mobile devices. Geotagging: The process of embedding GPS coordinates within mobile device files, such as image or video files created with the device's camera. Data exfiltration: The unauthorized copy, transfer, or retrieval of data from a computer, server, or network. SECURITY PRO Key Definitions Sandboxing: The isolation of an app so that it can't affect other areas of a computer or network. Jailbreaking: The process of removing inherent protections placed by the device manufacturer. Sideloading: Installing an app on a mobile device via a method other than the manufacturer's app repository. SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Mobile Device Connection Methods SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Enforcing Mobile Device Security SECURITY PRO Class Discussion Which process allows you to define specific apps that users can have on mobile devices? Which two configurations can be used to deploy Windows Intune? What does a mobile device management (MDM) solution allow you to do? How do jailbreaking and sideloading differ? SECURITY PRO 10. PROTOCOL, APP, AND 6 CLOUD SECURITY Mobile Device Managem ent SECURITY PRO Section Skill Overview Enroll devices and perform a remote wipe. SECURITY PRO Key Terms Windows Information Protection Network fencing Mobile device management Mobile application management Enterprise mobility management (EMM) Unified endpoint management (UEM) Bring your own device (BYOD) SECURITY PRO Key Definitions Windows Information Protection: A technology that helps protect against data leakage on company-owned and personal devices without disrupting the user experience. Network fencing: Location compliance, known as network fencing, allows you to keep devices outside your corporate network from accessing network resources. Mobile device management: The administration of mobile devices. MDM software generally allows for tracking devices; pushing apps and updates; managing security settings; and remotely wiping the device. Mobile application management: The administration of applications on a mobile device. MAM software allows a system administrator to remotely install or remove organizational apps and to disable certain functions within the apps. SECURITY PRO Key Definitions Enterprise mobility management (EMM): A combination of MDM and MAM solutions in one package. EMM allows a system administrator to remotely manage hardware and applications on a mobile device. Unified endpoint management (UEM): An all-in-one device management solution. UEM allows a system administrator to manage local and mobile devices, including Internet of Things devices. Bring your own device (BYOD): The practice of having employees use their own personal mobile devices for business related tasks. SECURITY PRO Mobile Device Management SECURITY PRO Mobile Devices Cell phones Tablets Laptops Bring your own device SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management Mobile Device Management Mobile Application Management Enterprise Mobility Management Unified Endpoint Management Tracking Device provisioning Manage security Remote wipe SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Mobile Device Management SECURITY PRO Intune Manage mobile devices Manage mobile apps Control data access Comply with security policies SECURITY PRO Mobile Device Management SECURITY PRO Summary Mobile Device Management Mobile Application Management Enterprise Mobility Management Unified Endpoint Management Intune SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Intune Create app catalog Self-service portal Remotely manage apps SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Mobile Application Management SECURITY PRO Summary Intune: Create app catalog Self-service portal Remotely manage apps SECURITY PRO Class Discussion What are four methods of mobile device management (MDM)? What are the benefits of implementing mobile application management (MAM)? What do Windows Information Protection (WIP) policies provide? How does Intune help you to secure data? SECURITY PRO 10. PROTOCOL, APP, AND 7 CLOUD SECURITY BYOD Security SECURITY PRO Section Skill Overview Secure mobile devices. Secure an iPad. Create a guest network for BYOD. SECURITY PRO Key Terms Bring your own device (BYOD) Acceptable use policy (AUP) Virtual desktop infrastructure (VDI) Choose your own device (CYOD) Corporate owned, personally enabled (COPE) SECURITY PRO Key Definitions Bring your own device (BYOD): A BYOD policy allows employees to use personal devices for work related tasks. Acceptable use policy (AUP): An AUP determines the rules for using corporate resources, such as internet access, computers, etc. Virtual desktop infrastructure (VDI): VDI is a technology that uses virtual machines and virtual desktops. SECURITY PRO Key Definitions Choose your own device (CYOD): In a CYOD system, the company provides a list of approved devices for an employee to choose from. The ownership and management of devices varies by organization. Corporate owned, personally enabled (COPE): In a COPE system, the company provides a list of approved devices for an employee to choose from. The company owns the device; the employee uses and manages the device. SECURITY PRO BYOD Security Issues SECURITY PRO Mobile Device Management Define a provisioning process Define acceptable uses Define who owns data Address insider attack threats Develop a management plan Network Access Control (NAC) Guest wireless network Data protection policies SECURITY PRO MDM Infrastructure Use an MDM infrastructure Implement device lockout Enable device encryption Use for remote wipe Have reporting process SECURITY PRO In-Class Practice Do the following labs: 10.7.4 Secure an iPad 10.7.6 Create a Guest Network for BYOD SECURITY PRO Class Discussion How would you remediate a tablet or phone infected with malware? What is an acceptable use policy (AUP)? How does it benefit mobile security? How does virtual desktop infrastructure (VDI) provide enhanced security and better data protection? What is the difference between choose your own device (CYOD) and corporate owned, personally enabled (COPE)? How can you prevent malicious insider attacks? SECURITY PRO 10. PROTOCOL, APP, AND 8 CLOUD SECURITY Embedde d and Specialize d Systems SECURITY PRO Section Skill Overview Configure smart home devices. SECURITY PRO Key Terms Supervisory control and data acquisition (SCADA) Internet of Things (IoT) Arduino Raspberry Pi Field Programmable Gate Array (FPGA) Subscriber identity module (SIM) card Zigbee SECURITY PRO Key Definitions Supervisory control and data acquisition (SCADA): SCADA is an industrial computer system that monitors and controls a process. Internet of Things (IoT): The network of physical devices such as vehicles, home appliances, etc., that are embedded with electronics, software, sensors, actuators, and connectivity that enable them to connect, collect, and exchange data through the internet. Arduino: Arduino is an open-source hardware and software platform for building electronic projects. Raspberry Pi: Raspberry Pi is a low-cost device the size of a credit card that's powered by the Python programming language. It's manufactured into a single system on a chip (SoC). SECURITY PRO Key Definitions Field Programmable Gate Array (FPGA): FPGA (Field- Programmable Gate Array) is a reconfigurable integrated circuit that can be programmed to perform various tasks and functions. Subscriber identity module (SIM) card: A SIM card encrypts data transmission and stores information. Zigbee: Zigbee is a radio protocol that creates low-rate private area networks. SECURITY PRO Embedded and Specialized Systems SECURITY PRO SCADA Supervisory control Data acquisition DCS RTUs PLCs Satellite, WAN, modem SECURITY PRO IoT Collect, send, act Connectivity Usability Interoperability RIOT OS SECURITY PRO Embedded and Specialized Systems SECURITY PRO IoT RealSense OS X Nucleus Integrity RTOS Ubuntu Core Snappy SECURITY PRO Embedded and Specialized Systems SECURITY PRO Smart Devices Not customizable Security risks Lack monitoring Lack protection SECURITY PRO Embedded and Specialized Systems SECURITY PRO Defense Against Attacks Firewall Intrusion detection Security policies SECURITY PRO Summary SCADA IoT Smart devices Mobile devices Security risks Raspberry Pi Defense SECURITY PRO Constraints and Security of Embedded Devices SECURITY PRO Constraints and Security of Embedded Devices SECURITY PRO Constraints and Security of Embedded Devices SECURITY PRO Authentication Secure authentication Mirai botnet Weak/default passwords Two-factor authentication SECURITY PRO Encryption Cleartext Open ports Data stays vulnerable SECURITY PRO Constraints and Security of Embedded Devices SECURITY PRO Summary Susceptible to exploitation Understand challenges Protect data SECURITY PRO Communication of Embedded Systems SECURITY PRO Communication of Embedded Systems SECURITY PRO Communication of Embedded Systems SECURITY PRO Communication of Embedded Systems SECURITY PRO QR and Barcodes QR Two-dimensional Barcodes One- or two-dimensional SECURITY PRO Short-Range Protocols Thread - IPv6 Zigbee - IEEE 203.15.4 Z-Wave - home loT systems 802.11n 600 megabits 50 meters SECURITY PRO Communication of Embedded Systems SECURITY PRO Short-Range Protocols Hotspots Simple and fast 3G, 4G, 5G SECURITY PRO Medium-Range Protocols HaLow: Wi-Fi extended range Rural areas Low power/cost LTE-Advanced: Mobile Better data rate Extended range Efficiency SECURITY PRO Communication of Embedded Systems SECURITY PRO Wired Communication Ethernet Baseband MoCA PLC SECURITY PRO Communication of Embedded Systems SECURITY PRO Summary Short-range Medium-range Long-range protocols Wired communication SIM cards SECURITY PRO Class Discussion How can you minimize the damage of compromised embedded devices? What are common static environments within the Internet of Things (IoT)? SECURITY PRO 10. PROTOCOL, APP, AND 9 CLOUD SECURITY Email SECURITY PRO Section Skill Overview Protect a client from spam. Secure an email server. Configure email filters. Secure accounts on an iPad. Secure email on an iPad. SECURITY PRO Key Terms Spam SMTP relay Phishing email SECURITY PRO Key Definitions Spam: Unwanted and unsolicited email usually sent to many recipients. SMTP relay: An email server that accepts mail and forwards it to other mail servers. Phishing email: A fraudulent email claiming to be from a trusted organization. The email typically asks a user to verify personal information or send money. SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO Email Security SECURITY PRO In-Class Practice Do the following labs: 10.9.5 Configure Email Filters 10.9.7 Secure Email on iPad SECURITY PRO Class Discussion How does spam filtering help end users? In what format are emails sent? Why is it important to add multiple layers of security? Why would you encrypt email coming only from outside your network? What is S/MIME? What is the difference between POP3 and IMAP? SECURITY PRO

Protocol, App, and Cloud Security PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue