Reviewer Finals: System and Network Defense PDF

Summary

This document covers various aspects of system and network defense, including cybersecurity resilience, different storage methods (RAID), router redundancy, and the Internet of Things. It also touches upon special-purpose embedded systems within areas like medical devices and automotive applications.

Full Transcript

REVIEWER FINALS intentionally blocks redundant paths that could cause a loop. Router Redundancy System and Network Defense...

REVIEWER FINALS intentionally blocks redundant paths that could cause a loop. Router Redundancy System and Network Defense Default Gateway – provides devices access to the rest of the network and/or to the Cybersecurity Resilience: internet. - RAID Stroage If there is only one router serving as the - Spanning Tree default gateway, it is a single point of - Router Redundancy failure. To avoid this, you can choose to install an additional standby router. RAID (Redundant Array of Independent Disks) Internet of Things – big and collective network - takes data that is normally stored on a of connected devices and several technologies single disk and spreads it out among which communicates on either device, cloud and several drives. even between the devices themselves. - Increases the speed of data recovery. - It is usually group to: Mirroring – stores data, then duplicates and o General devices – data hub and stores the same on a second drive. smart devices Striping – writes data across multiple drives o Sensing devices – sensors that so that consecutive segments are stored on measure different parameter and different drives. performs different intended action. Parity – more precisely, striping with parity. After striping, checksums are generated to Special-Purpose Embedded Systems: check that no errors exist in the striped data. Medical Devices BREAKDOWN OF COMMON RAID LEVELS - The following devices are capable of wireless connectivity, remote monitoring, and Near-Field Communication (NFC). o Pacemakers o Insulin pumps o Medical implants o Defibrillators - Vulnerabilities in these medical devices can lead to patient safety issues, medical record leaks or the risk of granting access to the network to cybercriminals, who will move through it in search of a target. Automotive Spanning Tree Protocol (STP) – basic function is - For computer operated vehicle, it connects to prevent loops on a network when switches to the Internet to that may: interconnect via multiple paths and o Vehicles record speed o Location ASSESSMENTS o Braking maneuvers o Driver’s insurance company - Therefore, risks to in-vehicle communications include unauthorized tracking, wireless jamming, and spoofing. Aviation - Aircraft has many embedded control systems for: o Flight control o Communications - Unmanned Aerial Vehicles (UAVs), more commonly called drones, have been used in military, agricultural, and cartography applications. - Risks include hijacking, wi-fi attacks, GPS spoofing, jamming, and de-authentication attacks. Deception Devices – used by organizations to distract attackers from production networks. - Used to learn an attacker’s method and to warn of potential attacks that could be launched against the networks. - Adds a fake layer to the organization’s infrastructure. Honeypot – decoy system that is configured to mimic a server in the organization’s network. It is purposefully left exposed to lure attackers. DNS Sinkhole – prevents the resolution of hostnames for specified URLs and can push users away from malicious resources.. Services: - Software as a Service (SaaS) - Platform as a Service (PaaS) - Infrastructure as a Service (IaaS) Deployment: - Public - Private - Hybrid - Community CLOUD SECURITY Cloud Computing – usually associated with an internet-based set of computing resources, and typically sold as a service, provided by a cloud service provider (CSP). Characteristics: - Broad Network Access - Rapid Elasticity - Measured Service - On-Demand Self-Service Data in process – refers to data during initial input, modification, computation, or output. Technologies and Protocol Syslog – used for logging event messages from network devices and endpoints. Cyber Threats to Cloud - Allows for a system-neutral means of - Data Breaches transmitting, storing, and analyzing - Cloud Misconfiguration messages. - Poor Cloud Security Architecture - Helps to make security monitory practical. - Compromised Account Credentials - Typically listen on UDP port 514. - Insider Threat - Syslog messages are usually timestamped. - Insecure User Interface or Application Programming Interface (API) NTP (Network Time Protocol) – uses a hierarchy - Limited Cloud Visibility Usage of authorities time sources to share time information between devices on the network. Cloud Servicer Provider – IT company that provides on-demand, scalable computing - Operates on UDP port 123. resources like computing power, data storage, or - By using NTP, device messages will have application over the internet. consistent time information which can be submitted to the syslog server. State of Data – describes controls related to securing the data itself, of which encryption and DNS Threats hashing are of the most important. - DNS is now used by many types of Data at rest – no user or process is malware. accessing, requesting, or amending it. - Sme use DNS to communicate with command-and-control (CnC) servers to Data in transit – transmission could be exfiltrate data in traffic disguised as within a single server along its normal DNS queries. motherboard’s bus lines, between devices - Malware could encode stolen data as the on a single network, or between networks subdomain portion of a DNS lookup for a and possibly across the internet. domain where the nameserver is under control of an attacker. Incident – an event that actually or potentially jeopardizes the CIA of an information system. Intrusion – security event or combination of events that constitutes a deliberate security incident in which an intruder gains without authorization. Breach – loss of control, compromise, unauthorized disclosure or acquisition, or any SMTP – Simple Mail Transfer Protocol similar occurrence where a person other than IMAP – Internet Message Access Protocol authorized user accesses personally identifiable information. POP – Pop Office Protocol Exploit – the specific attack. Email Threats Threat – any circumstance or event with the - SMTP, POP3, and IMAP can be used by potential to adversely impact either national or threat actors to spread malware, organizational operations, assets, destruction, exfiltrate data, or provide channels to disclosure, modification of information, and malware CnC servers. denial of service. IMAP & POP3 – used to download email Zero Day – previously unknown system messages from a mail server to the host vulnerability with the potential of exploitation computer. without risk of detection or prevention. ICMP (Internet Control Message Protocol) - Can be used to identify hosts on a The Goal of Incident Response network, the structure of a network, and determine the operating systems at use on 1. Preparation the network. 2. Protect life, health, and safety - Can also be used as a vehicle for various 3. Reduction of Impact types of DoS attacks. Components of an IR Plan - Can also be used for data exfiltration. - Preparation ICMP Tunneling – transferring files from - Detection and Analysis infected hosts to threat actors. - Containment - Post-Incident Activity INCIDENT RESPONSE ACCESS CONTROLS Terminologies: Event – any observable occurrence in a network Security Controls – pertain to different or system. mechanisms that act as safeguards or countermeasures prescribed for an information system to protect the CIA of the system and its Accountability – the protection against an information. individual falsely denying having performed a particular action. ASSESSMENT Authorization – the right or a permission that is granted to a system to access a system resource. Integrity – the property that data has not been altered in an unauthorized manner. Confidentiality – the characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. Privacy – the right on a individual to control the distribution of information about themselves. Physical Controls – provide ways of controlling, directing or preventing the movement of people Availability – ensuring timely and reliable access and equipment throughout a specific physical to and use of information by authorized users. location. Non-repudiation – inability to deny taking an Administrative Controls – also called as action. managerial controls, are directives, guidelines, or Authentication – Access control process that advisories aimed at the people within the compares one or more factors of identification organization. to validate that the identity claimed by a user is Technical Controls – also called as logical known to the system. controls, are security controls that computer systems and networks directly implement. Logical Controls: 1. Discretionary Access Control (DAC) – Authentication – process of verifying or proving grants the user almost the same level of the user’s identification. access as the original owner of the file. Three Common Method 2. Mandatory Access Control (MAC) – only properly designated security Something you know: Passwords administrators can modify any of the Something you have: Memory Cards security rules that are established. Something you are: Biometrics 3. Role-Based Access Control (RBAC) – provides each worker privileges based on Methods of Authentication what role they have in the organization. - Single-factor Authentication (SFA) 4. Attribute-Based Access Control (ABAC) – - Multi-factor Authentication (MFA) allows access based on attributes of the object (resource) to be accesses. Principle of Least Privilege - To preserved the confidentiality of information and ensure that it is only available to the personnel who are authorized to see it, we use privileged access management concept. ASSESSMENTS FIREWALL TECHNOLOGIES 2. Stateful Firewalls – provide stateful packet filtering by using connection information maintained in a state table. Firewalls – system that enforces an access 3. Application Gateway Firewall – filters control policy between networks. information at Layers 3, 4, 5, and 7 of the OSI reference model. All firewalls share some common properties: 4. Next-Generation Firewalls – go beyond - Resistant to network attacks stateful firewalls by providing integrated - Only transit point between internal intrusion prevention and more. corporate networks and external networks - Enforces the access control policy Host-Based Firewall – a pc or serve with firewall software running on it. Transparent Firewall – filters IP traffic between a pair of bridged interfaces. Hybrid Firewall – combination of the various firewall types. ASSESSMENTS Types of Firewall: 1. Packet Filtering (Stateless Firewall) – typically a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information. Common Security Architectures Public and Private Demilitarized Zone Zone-Based Best Practices for Firewall Implementation - Position firewalls at security boundaries. - Deny all traffic by default. - Permit only services that are needed. - Ensure that physical access to the firewall is controlled. - Regularly monitor firewall logs. - Practice change management for firewall configuration changes. - Remember that firewalls primarily protect from technical attacks originating from the outside. ASSESSMENTS

Use Quizgecko on...
Browser
Browser