Chapter 5
Virtualization: technology used in data centers. Used to host virtual machines.
Hypervisor: that creates, runs, and manage virtual machines. Ex VMware, Microsoft Hyper-V, Oracle VM
Virtual Box
Host: Physical system running VMs. Required to have more RAM, more hard drive space, more fast
network cards. Remains less expensive than running multiple virtual machines.
Guest: Operating systems running on host machines
Host Scalability: Requires reboot, ability to provide more RAM or Hard Drive space MANUALLY if
needed.
Host Elasticity: Does NOT require reboot, dynamically change resources assigned to the VM based on
load. Ex: Monitoring software senses increased load and automatically increases the VM Load.
Best RIO option when having underutilized servers.
VDI: Virtual Desktop Infrastructure- host’s a user’s desktop operating system on a server
Container Virtualization: runs services or apps within isolated containers. The host’s operating system or
kernel will run the services.
VM Escape: an attack that allows an attacker to access the host system from within a virtual system. The
attacker uses a code on a virtual system and interact with hypervisor. Solution: Patch Management
VM Sprawl: when organizations have many VM’s not managed appropriately. Ex: Change Management
and Security policies
Replication: VM’s are just files that allows replication. Able to create backup VM’s (or virtual server)
incase one fails. Takes time away from building a new server.
Snapshots: Allow you to use VM normally, and save snapshot incase a problem occurs and need to roll
back to original state. Ex: Risky operations or testing.
Persistence vs Non Persistence: Persistence virtual desktop, each user has custom desktop image and
able to change and customize.
Non Persistence virtual desktop, each user access the remote server and it provides a desktop operating
system from a preconfigured snapshot. It reverts back original snapshot and known configuration when
they logoff.
Implementing Secure Systems- Server, Workstation, laptop, network device, or
mobile device
Endpoint Security: Endpoint Detection and Response (EDR) provides continuous monitoring of endpoints
(servers, desktops, laptops, mobile devices, or Internet of Things (IoT)
EDR Platforms (Solutions): Anti-malware, Host-based intrusion detection systems(HIDS), application
allow and blocklists
Hardening Systems: Making Operating systems or App more secure. Ex: Eliminating FTP if it’s not being
used, or disabling unused ports, or uninstalling unused software.
New Technique: Modifying the registry harden systems. Attackers use PowerShell scripts in attacks
which are not logged by default. Modifying registry In hardening process ensure ALL PowerShell activity
is logged.
Secure Baseline: 1. Starting Point, Admins user various tools to deploy secure systems
2. Measures deviation from Baseline, Vulnerability scanner monitor the system and report changes.
Group policy automatically reconfigure the systems to baseline settings when changes are detected.
3. Remediation: NAC Network Access Control detect changes in baseline and automatically quarantine
systems in a remediation network. Admins correct problem manually
Master Image: Snapshot of a single image deployed to other systems securely. The captured image is a
file stored on a sever or copied to external DVD or USB Hard Drive. Use Security and configuration
baselines.
Solution: Symantec Ghost (Imaging application), Windows Server offers free tools to capture/deploy
images.
Application Whitelists: (Allow) list of applications authorized to run on a system.
Application Blacklists: list of applications the system blocks.
API: Application Programming Interface, software component that gives developers access to features
or data within another application. Ex: Amazon use web service-based APIs provided by shippers.
Different web services-based APIs are used. IoT devices like Wireless Thermostats uses APIs to set and
adjust temperatures. APIs interact with IoTs such as wireless thermostat to adjust temperatures.
Allowed for a Specific Business
Solutions: Strong Authentication, Authorization (Level of Access), TLS (Transport Layer Security) should
be used to transport internet traffic.
Microservice Code Module: In contrast to API, Microservice that receives value and responds with a
value. Ex: Customer enter tracking ID, Microservices would determine the shipper. Not set for a Specific
Business. Allow Developers to use multiple Apps without modifying
FDE, Full Disk Encryption: Encrypts entire disc. Allows you to encrypt partitions or entire storage device
Solution: VeraCrypt (open source software)
SED, Self-encrypting disc: Includes encryption circulatory built into those drives. Opal-compliance is
required which sets standards for SEDs (Ex: require username/password to decrypt device)
BIOS/UEFI: Boot Integrity
TPM, Trusted Platform Module: hardware chip on the motherboard that stored cryptographic keys.
Provides full disc encryption. Hard drives remains locked and sealed until authentication. Caputures
signatures of key files used to boot system and stores them within the TPM. Secure boot checks files
against the stored signatures to see what may have changed. If changed, blocks the boot process.
Included on laptops and mobile devices
Solution: Bitlocker (which uses TPM)
Data Loss Prevention, DLP:
configured to examine traffic leaving the network by keywords within emails, attachments, or any
outgoing data and blocks it. It will notify security admins or the user who sent it.
Solution: DLP Software
Rights Management: Provides copyright protection of copyrighted works for original creativity. Used to
protect intellectual property such as books, art, music, etc. Ex: PDF book on amazon being sold on the
black web.
Solution: Encrypt PDF and require password to open them.
Removable Media: USB or MP3 Players, Smartphones used to copy data to and from the system.
Solution: USB Data Blocker, Implementing Security policy
Data Exfiltration: unauthorized transfer of data out of a network. Often encrypted before being sent out.
Solution: Unified Threat Management (UTM) devices (monitors incoming data streams for malicious
code),
Network-based DLP systems monitor outgoing data looking for sensitive data specified by the
admin. Able to scan text of all emails including attachments, spreadsheets, presentations, databases.
Includes mask to identify SS number ###-##-####, if email is sent with SS it will be blocked. Ability to
scan FTP and HTTP. Alerts Admins of encrypted data sent out.
Database Security: use Database Column encryption to protect individual fields within a database.
Cloud Concepts
Software As a Service (SaaS): Gmail, Yahoo Mail, Google Drive, OneDrive
Platform As a Service (PaaS): Provides customer with fully managed platforms including hardware, OS,
and apps. Ex: Virtual Server. Bluehost, GoDaddy
Infrastructure As a Service (IaaS): Customer rents access to equipment and pay on per-user basis. Ex:
Outsourcing servers so they don’t have to maintain.
Anything As a Service (XaaS): Applies to anything that can be deliver via cloud databases,
communications, desktop, storage, security, etc. Managed by the cloud provider