Chapter 3 - 02 - Discuss Network Security Fundamentals - 03_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Continual/Adaptive Security Strategy 0 @® l‘_njo] O Organizations should adopt adaptive security strategy, which involves implementing all the four network security approaches O The adaptive security strategy consists of four security activities corresponding to each security approach Protect Detect Includes a set of prior countermeasures taken towards eliminating all the possible vulnerabilities of the network Involves continuous monitoring of network and identifying abnormalities and their origins Respond Preaict Involves a set of actions taken to contain, eradicate, mitigate, and recover from the impact of attacks on the network Involves identifying most likely attacks, targets, and methods prior to materialization of a potential attack Copyright © by EE-£ cll ANl Rights Reserved, Reproduction is Strictly Prohibited Continual/Adaptive Security Strategy (Cont’d) 7> Risk and Vulnerability Assessment » Protect Y Predict w~ Attack Surface Analysis » Threat Intelligence Respond ~ 7 Incident Response Defense-in-depth Security Strategy * Protect endpoints * Protect network * Protectdata Detect » Continuous Threat Monitoring Continual/Adaptive Security Strategy The adaptive security strategy prescribes that continuous prediction, prevention, detection, and response actions must be taken to ensure comprehensive computer network defense. = Protection: This includes a set of prior countermeasures taken towards eliminating all the possible vulnerabilities on the network. It includes security measures such as security policies, physical security, host security, firewall, and IDS. Module 03 Page 429 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Detection: Detection involves assessing the network for abnormalities such as attacks, damages, unauthorized access attempts, and modifications, and identifying their locations in the network. It includes the regular monitoring of network traffic using network monitoring and packet sniffing tools. Responding: Responding to incidents involves actions such as identifying incidents, finding their root causes, and planning a possible course of actions for addressing them. It includes incident response, investigation, containment, impact mitigation, and eradication steps for addressing the incidents. It also includes deciding whether the incident is an actual security incident or a false positive. Prediction: Prediction involves the identification of potential attacks, targets, and methods prior to materialization to a viable attack. Prediction includes actions such as conducting risk and vulnerability assessment, performing attack surface analysis, consuming threat intelligence data to predict future threats on the organization. Predict » Protect Risk and Vulnerability Assessment » » Attack Surface Analysis » Threat Intelligence Respond 7 Defense-in-depth Security Strategy * Protect endpoints = Protect network = Protect data Detect Incident Response » Continuous Threat Monitoring Figure 3.7: Continual/Adaptive Security Strategy Module 03 Page 430 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Security Controls: Administrative Security Controls O The management implements administrative access controls to ensure the safety of the organization Examples of Administrative Security Controls 01 ’ Regulatory framework Compliance 02 | Security policy 03 ’ Employee Monitoring and Supervising 04 | Information Classification 05 | Security Awareness and Training Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited Network Security Controls Administrative Security Controls Administrative security controls are management limitations, operational and accountability procedures, and other controls that ensure the security of an organization. The procedures prescribed in administrative security control ensure the authorization and authentication of personnel at all levels. Components of an administrative security control includes: = Regulatory framework compliance = Security policy = Employee monitoring and supervising * Information classification = Separation of duties » Principle of least privileges = Security awareness and training Module 03 Page 431 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Security Controls: Physical Security Controls Q This is a set of security measures taken to prevent unauthorized access to physical devices Examples of Physical Access Controls (Al il Locks Fences U Badge system [ Security guards o Biometric system Lighting Motion detectors Mantrap doors (e Closed-circuit TVs Copyright © by E o5 Alarms il All Rights Reserved. Reproduction is Strictly Prohibited. Physical Security Controls Appropriate physical security controls can reduce the chances of attacks and risks in an organization. Physical security controls provide physical protection of the information, buildings, and all other physical assets of an organization. Physical security controls are categorized into: = Prevention Controls These are used to prevent unwanted or unauthorized access to resources. They include access controls such as fences, locks, biometrics, and mantraps. = Deterrence Controls These are used to discourage the violation of security policies. They include access controls such as security guards and warning signs. = Detection Controls These are used to detect unauthorized access attempts. They include access controls such as CCTV and alarms. Module 03 Page 432 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Examples of Physical Access Controls: 1l Locks Biometric system Fences Lighting U Badge system Motion detectors Ll Security guards T Closed-circuit TVs & Mantrap doors © Alarms Figure 3.8: Physical Security Controls Module 03 Page 433 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.