Uploaded by Gentlegianttoo

FBA-CISMP - Slides - v2.1 - FEB 21

advertisement
BCS FOUNDATION
CERTIFICATE IN INFORMATION
SECURITY MANAGEMENT PRINCIPLES
23/02/2021
C/w Ref: K-345-01
MODULE 0
INTRODUCTION
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
2
INTRODUCTION
This certificate covers the range of concepts, approaches and
techniques that are applicable to the BCS Foundation
Certificate in Information Security Management Principles
(CISMP).
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
3
INTRODUCTION
Candidates are required to demonstrate their knowledge and understanding of the
aspects of BCS Foundation Certificate in Information Security Management
Principles
The certificate is relevant to anyone requiring an understanding of BCS
Foundation Certificate in Information Security Management Principles including
those who have information security responsibilities as part of their day-to-day
role, or who are thinking of moving into an information security or related
function
It also provides the opportunity for those already within these roles to enhance or
refresh their knowledge and in the process gain a qualification, recognised by
industry, which demonstrates the level of knowledge gained
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
4
OBJECTIVES
Candidates should be able to demonstrate knowledge and
understanding of BCS Foundation Certificate in Information
Security Management Principles and techniques. Key areas are:
Knowledge of the concepts relating to information security
management (confidentiality, integrity, availability, vulnerability,
threats, risks, countermeasures)
Understanding of current national legislation and regulations which
impact upon information security management
Awareness of current national and international standards,
frameworks and organisations which facilitate the management of
information security
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
5
OBJECTIVES
Key areas are:
Understanding of the current business and common technical
environments in which information security management has to
operate
Knowledge of the categorisation, operation and effectiveness of
controls of different types and characteristics
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
6
EXAMINATION
There are no specific pre-requisites for entry to the exam;
however candidates should possess the appropriate level of
knowledge to fulfil the objectives:
A knowledge of IT would be advantageous but not essential
An understanding of the general principles of information technology
security would be useful
Awareness of the issues involved with security control activity would
be advantageous
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
7
EXAMINATION FORMAT
Format of the Examination:
Two hour ‘closed book’
100 multiple choice questions
Pass mark is 65/100 (65%) (Distinction mark is a minimum of 80/100)
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
8
COURSE SYLLABUS
The Firebrand CISMP Course includes some ‘value add’ modules
which are unique to this course. However, the course mainly
follows the BCS CISMP Book which is used as a reference
throughout.
Module
Name
Module Name
01
Information Security Principles
07
Cloud Computing
02
Risk
08
Software Development and Life Cycle (SDLC)
03
Information Security Framework
09
Securing the Infrastructure
04
Procedural and People Security Controls
10
Physical and Environmental Security Controls
05
Network Security
11
Disaster Recovery and Business Continuity Management
06
Technical Security Controls
12
Cryptography
23/02/2021
Module 0
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
9
MODULE 1
INFORMATION SECURITY PRINCIPLES
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
10
CONCEPTS & DEFINITIONS
One of the main tenets of security is CIA:
Confidentiality – Protecting the data from
unauthorised access through controls and
encryption
Integrity – Ensuring that the data has not been
tampered with or altered during transmission,
preventing unauthorised changes
Availability – The data is available when needed to
those authorised to receive it
C
I
A
Nearly all aspects of information security will
fall within the “CIA Triad”
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
11
CONCEPTS & DEFINITIONS
Access Control and Identification
Identity – The properties of an individual or resource that can be used
to uniquely identify one individual or resource
Authentication – The process of proving identity to a system by using
one or more processes (protocols)
Authorisation – Being granted controlled access to systems and
information in authenticated assets
Accounting (Auditing) – Maintaining and administrating Identification
and Authentication (ID&A)
Non Repudiation – The ability to prove the occurrence of a claimed
event or action and its origin
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
12
CONCEPTS & DEFINITIONS
Asset:
Is anything that has value to the organisation, its business operations
and its continuity:
Information Assets (in any format) – Data/Information
Physical Assets – Buildings, IT systems
Software Assets – Programs, Processes
Data:
A collection of values assigned to base measures, derived measures
and/or indicators
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
13
CONCEPTS & DEFINITIONS
Information:
An organised and formatted collection of data
Information Security:
The preservation of Confidentiality, Integrity and Availability of
information
Threat:
A potential cause of an incident that may result in harm to a system or
organisation
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
14
CONCEPTS & DEFINITIONS
Vulnerability:
A weakness of an asset or group of assets that can be exploited by one
or more threats
Risk:
The potential that a given threat will exploit vulnerabilities of an
asset or group of assets and thereby cause harm to the organisation
Impact:
The result of an information security incident, caused by a threat,
which affects assets
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
15
CONCEPTS & DEFINITIONS
The Information Lifecycle
Research
Creation
Storage
Sharing
Use
Processing
Archiving
Disposal
Design
Discovery
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
16
CONCEPTS & DEFINITIONS
Cyberspace:
An interactive domain made up of digital networks that is used to
store, modify and communicate information. It includes the Internet
and other information systems that support business, infrastructure
and services
Cyber Security:
The practice or science of protecting Cyberspace from accidental or
deliberate loss or harm
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
17
CYBER ESSENTIALS
NCSC, 2019. 10 Steps to Cyber
Security. [image] Available at:
<https://www.ncsc.gov.uk/col
lection/10-steps-to-cybersecurity/introduction-tocyber-security/executivesummary> [Accessed 19
February 2021].
23/02/2021
Module 1
NCSC, 2016. NCSC Logo.
[image] Available at:
<https://www.ncsc.gov.uk/blo
g-post/active-cyber-defencetackling-cyber-attacks-uk>
[Accessed 19 February 2021].
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
18
CONCEPTS & DEFINITIONS
Defence in Depth (and Breadth)
An Information Assurance concept in
which multiple layers of security
measures are placed throughout an
IT infrastructure
23/02/2021
Module 1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
19
MODULE 2
RISK
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
20
MANAGING RISK
Threats are a valid or realistic event or action which may
occur and cause an unwanted consequence.
Threats may be categorised into two main areas:
Accidental
Deliberate
And further broken down into:
Internal
External
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
21
THREAT
Examples:
Accidental, Internal threat:
User spilling tea on laptop
Deliberate, Internal threat:
Disgruntled employee turning power off
Accidental, External threat:
Flood, earthquake, natural disaster
Deliberate, External threat:
Hacker gaining unauthorised access to IT system
BBC Weather, 2016. Flood Warning. [image] Available at: <https://twitter.com/bbcweather/status/800244804055691264> [Accessed 19 February 2021].
SafetyShop, n.d. Caution Sign. [image] Available at: <https://www.safetyshop.com/guardian-floor-stands-rg23.html> [Accessed 22 February 2021].
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
22
THREAT
Types of information related threats include:
Physical threat
Outages and Failures
Hacking and Abuse
Legal and Contractual
Accidents and Disasters
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
23
VULNERABILITY
A vulnerability is a weakness in a system which if exploited
may result in unwanted consequence.
Vulnerabilities may fall into two categories:
General:
E.g. buildings, software, people, processes and procedures
Information-specific:
E.g. unsecured computers, servers, operating systems, network devices and
applications
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
24
ASSETS
Assets vary in type:
Physical assets (IT systems, Databases, Buildings)
Intellectual Property (IP)
Brand name
Reputation
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
25
IMPACT
The impact is the result of the risk actually occurring.
Impact needs to be considered against other factors, such as
likelihood and risk, and may result in a wide range of actions.
If the impact is low then the risk may be accepted.
If the impact is high, then it may result in the business losing
any part of confidentiality, integrity or availability – resulting
in financial loss, inability to trade, loss of customer
confidence or damage to reputation.
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
26
RISK MANAGEMENT
There are four key areas in
Risk Management:
Identify
Analyse
Treat
Monitor
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
27
RISK MANAGEMENT
Identification of Threat
Carried out in conjunction with an understanding of known
vulnerabilities
Considered in light of the impact on the asset
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
28
ANALYSIS
Assess the likelihood against the impact.
This is an ongoing process and would be dependant upon
multiple factors such as changing threat, vulnerabilities and
impact assessments.
Once initial analysis has been completed a risk matrix may be
compiled.
Risk matrices will vary depending upon the organisation and
level of granularity required.
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
29
RISK MATRIX
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
30
TREATING RISK
The Risk Matrix will determine how to treat the risk; the risk
may be:
Avoided or Terminated
Accepted or Tolerated
Reduced or Modified
Transferred or Shared
Most aspects of Risk will involve some form of cost which
needs to be balanced against the impact.
No risk should be ignored.
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
31
MONITORING RISK
Monitor the treatment of risk.
Threats may change over a period of time (some quicker than others)
so monitoring should be conducted at frequent intervals
The whole Risk cycle should be repeated over time
Collett, S., 2017. Mobile Security Threats. [image] Available
at: <https://www.csoonline.com/article/2157785/five-newthreats-to-your-mobile-security.html> [Accessed 19 February
2021].
23/02/2021
Module 2
Kizhakkinan, D., 2016. Threat Actor. [image] Available at:
<https://www.fireeye.com/blog/threatresearch/2016/05/windows-zero-day-payment-cards.html>
[Accessed 19 February 2021].
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
32
RISK ASSESSMENT
There are two risk assessment methodologies:
Quantitative risk assessments calculate monetary values based on
levels of risk, potential loss, cost of countermeasures and value of
safeguards
A simple way of calculating this is by using the formula:
Annualised Loss Expectancy = Annualised Rate of Occurrence x Single Loss Expectancy
Or ALE = ARO x SLE
Qualitative risk assessments rank threats on a scale to evaluate their
risks, costs and effects
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
33
RISK ASSESSMENT
Whiteman, H., 2014. Terror Alert Levels. [image] Available at:
<https://edition.cnn.com/2014/09/12/world/asia/australia-terror-alertlevel/index.html> [Accessed 19 February 2021].
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
34
RISK ASSESSMENT
Whichever method is used, it is essential to seek
advice/guidance from various areas of the organisation.
Information may be gathered by:
Questionnaires
Surveys
Checklists
Asset identification (and value)
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
35
RISK REGISTER
Risk registers are a vital part of
the risk management process:
Risks are formally documented
Allow for auditing
Allow for ongoing monitoring and
mitigation
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
36
RISK CONTROL
Controls are used to reduce risk. Types of controls include:
Physical – Controlling physical access
Procedural – Policies and procedures for staff
Technical – Firewalls, Anti-virus etc.
Controls can be used in one of four ways:
Preventative
Directive
Detective
Corrective
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
37
HORIZON SCANNING
“The systematic examination of potential threats,
opportunities and likely future developments including (but
not restricted to) those on the margins of current thinking
and planning” – UK Office of Science & Technology
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
38
HORIZON SCANNING
As technology advances, threats and risks advance also –
Horizon Scanning is a term used to keep a view on the current
and future advances in technology and how they correspond
to cyber related issues.
Horizon Scanning is essential in maintaining a proactive strategy to
cyber defence
Horizon Scanning is used by large organisations and Government
agencies to identify future trends and analyse any impact it may have
on cyber security
The UK Government has a programme team within the Cabinet Office
dedicated to Horizon Scanning (across all areas)
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
39
HORIZON SCANNING
There are many sources used for Horizon Scanning including:
Government Sponsored Sources:
NCSC
CiSP (Cyber Security Information Sharing Partnership)
CertUK (Computer Emergency Response Team)
National Crime Agency (NCA)
Market Trend Reports (Business)
Business Continuity Institute (BCI)
Professional journals
Conferences
Online resources
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
40
HORIZON SCANNING
Horizon Scanning goes beyond the technical aspects and
includes other areas such as:
Political
Economic
Legislative
Social
Environmental
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
41
HORIZON SCANNING
As such many organisations and companies use Horizon
Scanning as a fundamental tool when predicting future trends,
threats and analysis, and as a part of the overall strategy
planning.
The UK Government uses the ‘Futures Toolkit’ as an example.
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
42
HORIZON SCANNING METHODS
The theory of Horizon Scanning can be complex. Analysis is
made based on:
Probable Future (Likely)
Possible Future (Less Likely)
Wildcard (Unlikely)
Preferable Future
Analysis is also required for the following:
Short term
Mid Term
Long Term
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
43
HORIZON SCANNING METHODS
A great example of Horizon Scanning Reports and Trend Analysis
is conducted by the Business Continuity Institute (BCI) who
issue a yearly report.
BCI, 2019. Horizon Scan Report
2019. [image] Available at:
<https://www.thebci.org/resource/
horizon-scan-report-2019.html>
[Accessed 19 February 2021].
23/02/2021
Module 2
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
44
HORIZON SCANNING METHODS
Sifting out
erroneous or
unlikely events.
Filter for events
which will have an
impact.
Using multiple sources to discover
new technologies/trends/threats
Scanning
Collection/Filtering
Analysis
Actions
23/02/2021
Module 2
Making analysis based on
trends, technologies, risk
and vulnerability assessment
and likelihood.
Implementing new design, strategy or policy.
Publicising reports.
User training and awareness.
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
45
MODULE 3
INFORMATION SECURITY
FRAMEWORK
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
46
INFO SECURITY FRAMEWORK
Everybody is responsible for the security of systems and data
they use.
An Information Security Framework ensures appropriate control
mechanisms are in place to manage Information Assurance (IA)
across the enterprise. This ensures:
Assurance requirements are understood
Responsibilities are allocated appropriately
Accountabilities are clearly defined
Assurance activities are co-ordinated
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
47
INFO SECURITY FRAMEWORK
The Management team.
Depending upon the size of the organisation the Management team will
consist of the following:
CEO – Chief Executive Officer
CFO – Chief Financial Officer
CIO – Chief Information Officer
COO – Chief Operations Officer
CISO – Chief Information Security Officer
Smaller organisations will probably have managers with
combined roles and responsibilities.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
48
ROLE OF THE CISO
Needs to understand the Risks and Vulnerabilities of the organisation
Must be able to communicate effectively to senior management (who
hold ultimate responsibility for IA)
Activities include:
Co-ordination of IA activity across the enterprise
Production of the Security Policy
Communicating with users and creating a good culture of information exchange
and good practices
Monitoring the effectiveness of the business assurance agreements
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
49
BOARD RESPONSIBILITY
A senior member of the board within the organisation should be
given the overall responsibility for IA and should be formally
accountable. This may be the CISO (if they are a board
member).
Their main responsibilities are:
Single point of accountability for IA
Ensure assurance goals are identified
Ensure that adequate resources are made available
Assign specific roles and responsibility across the enterprise
Provide direction, commitment and support
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
50
WORKING GROUP
Companies have a responsibility to ensure compliance and
adequate service continuity to prevent cease of operation or
legal action.
A high level working group should be established to ensure that
adequate assurance levels are in place.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
51
WORKING GROUP
The working group should consist of:
Line Managers
Department Heads
CISO
HR
Internal Auditors
Head of IT
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
52
WORKING GROUP
The working group should be responsible for:
Ensuring assurance is applied across the enterprise at planning level
Approving and prioritising assurance improvements
Review assurance performance
Approving policies, standards and procedures
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
53
USER RESPONSIBILITY
Anyone who has access to the organisation’s information assets
will have a level of personal responsibility for its assurance and
it is important that these are known and understood.
User responsibility needs to be clearly defined in an Acceptable
Information Usage Policy/Acceptable Usage Policy/AUP.
Users should receive regular training and awareness sessions
Users with specific access should have their responsibilities defined in the
System Operating Procedures
3rd party responsibilities should be included in contractual Terms and
Conditions
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
54
INFO SECURITY FRAMEWORK
Statutory Requirements are legal requirements that must be
fulfilled.
Processes should be in place to ensure relevant personnel are
aware of their responsibilities:
Data Protection Act (what/when data may be disclosed)
General Data Protection Regulation (GDPR)
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
55
INFO SECURITY FRAMEWORK
Conditions when law enforcement agencies must be contacted:
Illegal activity
CMA Offences
Downloading indecent images/child pornography
Supporting forensic investigation/assisting law enforcement
Action Fraud, n.d. Action Fraud Logo. [image] Available at: <https://www.actionfraud.police.uk/> [Accessed 22 February 2021].
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
56
INFO SECURITY FRAMEWORK
Regulatory Requirements are not legal obligations and specify
how an organisation should conform to certain standards.
Often imposed by Trade Bodies
Fines/penalties may be issued by the governing regulatory body
for example:
Health and Safety Executive (HSE)
Financial Conduct Authority (FCA)
Gambling Commission
Information Commissioners Office (ICO)
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
57
INFO SECURITY FRAMEWORK
Advisory requirements are not legally binding and are issued
from Government Agencies or Utility companies and advise on
coping with certain instances.
For example:
Fire
First Aid
Natural disaster
Acts of Terrorism
23/02/2021
Module 3
NaCTSO, 2014. Counter Terrorism Support. [image] Available at:
<https://www.gov.uk/government/publications/counter-terrorismsupport-for-businesses-and-communities> [Accessed 22 February 2021].
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
58
INFO SECURITY FRAMEWORK
Professional bodies may be used to enhance internal skill sets
in the form of certified training or membership.
These include:
BCS – The British Computer Society
ISACA – Information Systems Audit and Control Association
GCHQ – CESG – Communications Electronic Security Group
ISSA – Information System Security Association
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
59
INFO SECURITY FRAMEWORK
There are also certification bodies that can certify employees
to a perceived standard of security knowledge and awareness:
BCS – CISMP and other certifications
ISACA – CISM and CISA certifications
EC-Council – CEH certification
(ISC)2 – CISSP certification
CREST
IISP (Institute of Information Security Professionals)
Several universities now have schemes providing Masters courses in
Computer Security and Forensics
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
60
INFO SECURITY FRAMEWORK
Policies, Standards, Procedures and Guidelines provide
guidance to users as to what the enterprise expects of them.
Policy – A high level statement of an organisation’s values, goals and
objectives in a specific area, and a general approach to achieving
them. Compliance is mandatory
Standard – Quantifies what needs to be done and provides consistency
in controls that can be measured. Standards are mandatory
Procedure – A set of detailed working instructions that describe what,
when, how and by whom something should be done. Procedures are
obligatory
Guideline – Provides advice, direction and best practice. Not
mandatory
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
61
STANDARDS AND PROCEDURES
All documents should be:
Clearly written and to the point
Endorsed by senior management
Have clear ownership
Realistic
Enforceable
Consistent
Compliant with law
Regularly reviewed
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
62
SECURITY POLICY
A Security Policy is a strategic statement of the organisational
approach to IA. A policy should contain statements on:
How the enterprise will manage IA
How to protect information assets
Compliance with legal and regulatory obligations
How users are made aware of IA and processes to deal with breaches
and/or weaknesses
Support of the board and CEO
Detailed guidance on security policies can be found in
recognised standards such as ISO/IEC 27000 and ISF Standard of
Good Practice (Information Security Forum)
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
63
SECURITY POLICY
When necessary, Security Policies will need to be extended to
3rd parties.
ISO/IEC 27000 and ISF also provides good guidance on the
considerations of including 3rd party agreements within an
organisation.
Care should be taken to ensure that the 3rd party contract is
water tight in the agreement of handling sensitive information
and non-disclosure of information. All policies, standards,
procedures and guidelines should be applied.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
64
SECURITY POLICY
Guidance could be diverse but should include:
Management of changes
Right to audit/monitor
Notification of investigation of incidents/breaches
Recruitment of personnel
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
65
END USER CODE OF PRACTICE
The high level security policy should be supported by an enduser code of practice or Acceptable Usage Policy (AUP).
This should be published to all users who need to access the
information management systems and applicable to all
employees (full and part time), contractors and 3rd parties.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
66
END USER CODE OF PRACTICE
AUP may include the following elements:
User password/pin protection
Log on/off procedures
Clean desk policies
Use of personal devices
Reporting procedures
Internet use
General behaviour in the workplace
Compliance with legal and regulatory obligations
Disciplinary action for non-enforcement
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
67
GOVERNANCE
What is governance?
The continual monitoring and scrutiny of security by an approved
external accreditation body
This could be government or an approved body such as BSI (British
Standards Institution)
Policy should be under continual review and evaluation
Legislation and regulations must be complied with
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
68
REVIEWING/AUDITING
Regular reviews should be carried out
The review has to be independent and impartial
Can be carried out either internally or by external bodies
The review should examine all aspects such as policies, processes and
procedures
With any review or audit the scope must be established prior to the
audit
The audit should examine compliance with all aspects of policy
This should include the processes, people and use of technology
Audits should be carried out by suitably qualified personnel
Stuart Miles, 2021. Audit Character. [image] Available at: <https://jooinn.com/audit-character-means-validation-auditor-or-scrutiny.html> [Accessed 22 February 2021].
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
69
COMPLIANCE
There are a range of industry bodies that set standards and
require compliance:
GDPR (General Data Protection Regulation)
ISO 27001
PCI-DSS (Payment Card Industry – Data Security Standard)
SOX (Sarbanes Oxley – US) Auditing and Financial regulations for public
companies
Basel (III) (Global banking regulation)
Data Protection Act
HIPAA (Health Insurance Portability and Accountability Act – US)
IASME – Information Assurance for Small Medium Enterprises
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
70
COMPLIANCE
PCI, 2021. PCI Logo. [image] Available at: <https://www.pcisecuritystandards.org/> [Accessed 22 February 2021].
UK Government, 2018. Data Protection Act 2018. [image] Available at: <https://www.legislation.gov.uk/ukpga/2018/12/introduction/enacted>
[Accessed 22 February 2021].
IASME, n.d. IASME Logo. [image] Available at: <https://iasme.co.uk/about/> [Accessed 22 February 2021].
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
71
INCIDENT MANAGEMENT
What is an Incident?
An incident is anything that may compromise security, for
example:
Physical breach
Malicious software
Data breach
Denial of Service
Criminal activity
Countered by creating an Incident Response Plan (IRP) and
Incident Response Team (IRT).
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
72
MANAGING AN INCIDENT
Incident management can be broken down into 5 stages:
Reporting
Investigation
Assessment
Corrective Action
Review
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
73
IRT RESOURCES
A Computer IRT (CIRT) should take the following steps/actions:
Preparation – Understand roles, responsibilities and the company IRP
Identification – What type of incident?
Escalation and Notification – Snr. Management, Law Enforcement, PR
Mitigation – Containment and eradication
Lesson Learned/Reporting
Recovery – Systems, Data
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
74
LEGAL FRAMEWORK
Inconsistency may exist between legislative systems making
compliance difficult.
ISO/IEC 27000 Series provides organisation with guidance
regarding legal requirements and covers the following:
Intellectual Property Rights (IPR)
Protection of organisational records
Data Protection and Privacy of Personal Information
Prevention of misuse of information processing facilities
Regulation of cryptographic controls
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
75
UK LAW
A Law is a high-level rule which must be followed by everyone.
A distinction is made between public law, which governs the
relationship between individual citizens and the state, and
private law, which governs relationships between individuals
and private organisations.
For practical purposes, the most significant distinction is
between civil law and criminal law.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
76
UK LAW
Civil law covers such areas as contracts, negligence, family
matters, employment, probate and land law.
Criminal law, which is a branch of public law, defines the
boundaries of acceptable conduct. A person who breaks the
criminal law is regarded as having committed an offence
against society as a whole.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
77
LAW AND REGULATIONS
International Laws and Regulations which cover the movement
of data include:
The Digital Millennium Copyright Act 1998
International Traffic in Arms Regulations (ITAR)
Safe Harbour (between the EC and US)
US Patriot Act
GDPR
Network and Information Security Directive (NIS)
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
78
LEGAL FRAMEWORK
Protection of personal data:
Data Protection Act (DPA) 2018
HIPAA (US Health Insurance Portability and Accountability Act 1996)
Gramm Leach Bliley (US Financial Services)
Employment issues and Employee Rights:
DPA
Computer Misuse:
Computer Misuse Act 1990
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
79
LEGAL FRAMEWORK
Retention Records:
DPA
Intellectual Property:
Copyright
Trademarks
Patents
Contractual Safeguards:
Service Level Agreements (SLA)
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
80
LEGAL FRAMEWORK
Five sections covered in Computer Misuse Act (CMA) 1990
Offences:
1. Unauthorised Access to Computer Material
2. Unauthorised Access With Intent to Commit or Facilitate Commission
of Further Offences
3. Unauthorised Acts with intent to impair, or with recklessness as to
impairing, operation of computer etc.
3ZA. Unauthorised acts causing, or creating risk of serious damage
3A. Making, supplying or obtaining articles for use in offence under
section 1, 3 or 3ZA
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
81
CMA CONVICTIONS
Guilty convictions – maximum sentences:
1. 2 years/fine or both
2. 5 years/fine or both
3. 10 years/fine or both
3ZA. Life/fine or both
3A. 2 years/fine or both
http://www.computerevidence.co.uk/cases/cma.htm
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
82
COLLECTION OF EVIDENCE
Police and Criminal Evidence Act (PACE).
NPCC (National Police Chiefs' Council) guidelines:
(The NPCC replaced the ACPO (Association of Chief Police Officers) in 2015)
Principle 1 – No action taken by law enforcement agencies, persons
employed within those agencies or their agents should change data
which may subsequently be relied upon in court
Principle 2 – In circumstances where a person finds it necessary to
access original data, that person must be competent to do so and be
able to give evidence explaining the relevance and the implications of
their actions
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
83
COLLECTION OF EVIDENCE
Principle 3 – An audit trail or other record of all processes applied to
digital evidence should be created and preserved. An independent 3rd
party should be able to examine those processes and achieve the same
result
Principle 4 – The person in charge of the investigation has overall
responsibility for ensuring that the law and these principles are
adhered to
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
84
SECURITY STANDARDS
Security standards are produced by recognised standards
bodies to enable organisation to demonstrate a requisite level
of technical, operational or administrative competency.
Standards may be international, domestic or extend to a
specific industry sector.
Many provide certification or accreditation schemes.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
85
SECURITY STANDARDS
Not mandatory however failure to comply with accepted
standards may have an adverse impact on an organisation.
International Organization for Standardization (ISO) is the
largest developer of standards which works in collaboration
with other standards organisations (International
Electrotechnical Commission (IEC) and the International
Telecommunication Union (ITU)).
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
86
SECURITY STANDARDS
The main standards are ISO 27001(Information security
management systems — Requirements) and 27002
(Recommendations for those who are responsible for selecting,
implementing and managing information security) however
others do exist:
ISO 27005 – Risk Management
ISO 27033 – Network Security
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
87
PRODUCT CERTIFICATION
Certification of security products provide customers with the
assurance that the security features offer the level of
protection claimed by the vendor.
Differences in testing organisations and evaluation criteria
have resulted in a standardisation known as “Common Criteria
for Information Technology Security Evaluation” (CC).
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
88
PRODUCT CERTIFICATION
ISO 15408 specifies a number of functionality and assurance
classes using a 7 level assurance model (Evaluation Assurance
Level – EAL).
Within the UK, security certification is managed by CESG (Part
of the GCHQ); the CESG Tailored Assurance Service (CTAS).
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
89
PRODUCT CERTIFICATION
Mead, N., 2006. Common Criteria Evaluation Assurance Levels. [image] Available at: <https://us-cert.cisa.gov/bsi/articles/best-practices/requirements-engineering/thecommon-criteria> [Accessed 22 February 2021].
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
90
KEY TECHNICAL STANDARDS
IETF – Internet Engineering Task Force
RFC – Request for Comments
FIPS – Federal Information Processing Standards
ETSI – European Telecommunication Standards Institute
IETF, n.d. IETF Logo. [image] Available at: <https://www.ietf.org/> [Accessed 22 February 2021].
NIST, n.d. NIST Logo. [image] Available at: <https://www.nist.gov/> [Accessed 22 February 2021].
ETSI, 2021. ETSI Logo. [image] Available at: <https://www.etsi.org/index.php> [Accessed 22 February 2021].
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
91
CTAS
NCSC Tailored Assurance Standard.
Provides a view of assurance on IT Security attributes of a
system, product or service. NCSC manage a number of
certification schemes:
CAS – Independent Evaluation for Assured Services
CAP – Commercial Product Assurance
CAPS – Certified Assisted Products
Cyber Essentials
NCSC, 2016. NCSC Logo. [image] Available at: <https://www.ncsc.gov.uk/blog-post/active-cyber-defence-tackling-cyber-attacks-uk> [Accessed 19 February 2021].
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
92
EXERCISE
Create and discuss the contents of an Acceptable Usage Policy
for Users.
23/02/2021
Module 3
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
93
MODULE 4
PROCEDURAL AND PEOPLE
SECURITY CONTROLS
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
94
SECURITY CONTROLS
People are a major part of the security of Information
Assurance and as such need to be trained, kept aware and
regulated.
This is done via multiple controls which fall into these main
categories:
Physical – Locks, secure containers
Procedural – Recruitment procedures
Product/technical – Passwords, encryption
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
95
SECURITY AWARENESS
Security and awareness training
programs should:
Be part of a new joiner induction
Relevant and interesting
Regular
For all employees
Recorded
Brandley, A., 2016. Security. [image] Available at:
<http://epicecommercetools.com/2016/09/14/do-you-offersecurity-awareness-training/> [Accessed 22 February 2021].
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
96
PERSONNEL SECURITY
Security Policies which affect employees include:
Contracts of employment
Codes of Conduct
Acceptable Use Policies
Segregation/Separation of Duties Policy
Mandatory Vacation Policy
BYOD/Removable Media Policy
Disciplinary procedures
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
97
USER ACCESS CONTROLS
Authentication:
Username and Password (something that you know)
Smartcard/Token (something that you have)
Biometric (something that you are)
Bi-Factor/Multi-Factor (two or more protocols)
Smart Card + Pin
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
98
ACCESS CONTROLS
Authorisation:
Access control
Discretionary Access Control (DAC)
Role Based Access Control (RBAC)
Mandatory Access Control (MAC)
Permissions
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
99
FILE/FOLDER PERMISSIONS
Permissions may be set at the file/folder or directory level.
Directory/folder permissions are inheritable and cumulative
Permissions are set by the owner to individual or group accounts
Permissions may be explicit or implicit
Read
Write
Execute
Deny (explicit or implicit)
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
100
FILE/FOLDER PERMISSIONS
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
101
PROTECTION OF DATA
Need to Know (and Hold) principle
Principle of Least Privilege
Classification of data
Handling caveats
Applies to all types of media
Applies to waste material
UK Government, 2018. Government Security Classifications. [image] Available at:
<https://assets.publishing.service.gov.uk/government/uploads/system/uploads/att
achment_data/file/715778/May-2018_Government-Security-Classifications-2.pdf>
[Accessed 22 February 2021].
23/02/2021
Module 4
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
102
MODULE 5
NETWORK SECURITY
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
103
NETWORKING
A network may be defined as two or more computers which
are connected in order to share data or communications.
CIA is an essential element of any network
AAA is an essential element of any network
Threat, Risk and Vulnerability is an essential element in the design of
any network
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
104
OSI MODEL
The Open Systems Interconnection Model (OSI) is the primary
architectural model for networks.
It describes how data and network information are
communicated from an application on one computer through
the network media to an application on another computer.
The OSI reference model breaks this approach into 7 layers.
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
105
OSI MODEL
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
106
DOD – TCP/IP MODEL
The Department of Defense (DOD) – TCP/IP Model
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
107
EXERCISE 1
Examples of networks - Home
network.
Working in a pair/small group describe
a typical domestic network
Things to consider:
Types of computer devices
Typical usage
Types of connection devices
Administration of network security
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
108
NETWORK DEVICES
Router:
A router is a Layer 3 Networking Device
Routes network traffic between one IP Subnet to another
May route traffic from a Private to a Public network
Routes traffic on the internet
Filters traffic based on multiple characteristics
Routers “map” networks based on Routing Tables
Trejos, D., 2010. Router. [image] Available at: <http://www.clker.com/clipart-router-ok.html> [Accessed 22 February 2021].
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
109
NETWORK DEVICES
Switch:
A switch is a Layer 2 Networking Device
Switches connect devices together by using their physical
MAC address
Switches may be “managed” or “unmanaged”
Modern switches may also be able to incorporate a Router
PNGITEM, n.d. Switch Logo. [image] Available at: <https://www.pngitem.com/so/switch-logo/> [Accessed 22 February 2021].
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
110
NETWORK DEVICES
Firewall:
Firewalls work at multiple layers of the OSI or TCP/IP
model
Firewalls may be physical or software based
Firewalls allow or deny traffic based on a series of rules
and access control lists (ACL)
Firewall rules may be based on Application Protocols, Ports,
IP Addresses or content
CleanPNG, n.d. Firewall. [image] Available at: <https://www.cleanpng.com/png-firewall-computer-network-computer-security-comput2251546/> [Accessed 22 February 2021].
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
111
EXERCISE 2
Describe a small office network.
Working in a pair/small group describe
a typical SOHO network
Things to consider:
Types of computer devices
Typical usage
Types of connection devices
Administration of network security
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
112
NETWORK DEVICES
In your pair/groups briefly discuss the placement of Network
Devices for the security of a network.
Things to consider:
How many devices are required?
Where should they be placed to optimise security?
How could each device be securely configured?
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
113
NETWORK DEVICES
Later in the course we will build on our knowledge of network
devices and look at more advanced devices and locations.
Layers of defence may be included into a network using these
devices and techniques. This would form part of adopting a
practice called “Defence in Depth”
Each layer/device will help secure against different types of
threats and vulnerabilities and therefore mitigate the risk.
23/02/2021
Module 5
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
114
MODULE 6
TECHNICAL SECURITY CONTROLS
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
115
SECURITY CONTROLS
Protection from Malicious Software. Malware represents one of
the largest threats to users and information systems.
What is “Malware”?
“An Authorised piece of code that installs and runs itself on a computer
without the knowledge or permission of the owner. It then conducts
data processing and other operations that benefit the originator,
usually at the expense of the system users or the recipient of the
output from the malware” (CISMP), or
“Malware or malicious code is any element of software that performs
an unwanted function from the perspective of the legitimate user or
owner of a computer system”
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
116
SECURITY CONTROLS
Types of Malware:
Virus
Worm
Trojan (Horse)
Rootkit
Back Door
Spyware
Adware
Ransomware
Logic Bomb
Bot/Botnet
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
117
MALWARE
Virus – Malware which requires a host (file/boot sector) to
propagate. Examples include:
Polymorphic – Alter themselves to avoid detection
Macro – Exploit scripts to hide in documents/applications
Stealth – Mask or hide activity to avoid detection
Armored – Difficult to detect or remove
RetroVirus – Attack AV systems
Phage – Infect multiple parts of the system to regenerate easier
Companion – Takes the root filename of an executable in order to launch itself instead
of the legitimate program
Multipart/Multipartite – Perform multiple tasks or infect in multiple ways
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
118
MALWARE
Worm – Malware which is self-replicating (unlike a virus).
Exploits vulnerabilities in the system/application to spread.
May be used to deposit Virus, Trojan, Logic Bomb, Bots or
perform malicious activity themselves.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
119
MALWARE
Trojan Horse/Trojan – Malware
which is disguised as something
useful or legitimate.
Often introduced into systems
through illegal downloads, games,
screensavers or system software.
Used to install DDoS Zombies/Bots.
23/02/2021
Module 6
Yang, H., 2021. Windows Defender Detected Threats. [image]
Available at: <http://www.herongyang.com/WindowsSecurity/Windows-8-Defender-Full-Scan-DetectedThreats.html> [Accessed 23 February 2021].
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
120
MALWARE
Rootkits – Malware which embeds itself in the heart of the
Operating System and “cons” the system to accept it.
Once infected the system normally has to be completely
reinstalled.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
121
MALWARE
Backdoor/Trapdoor – May be installed “legitimately” into code
by developers who do not wish to negotiate security.
May be installed maliciously through Trojan, Virus, Code
Download or manually to enable a remote-access client.
Examples include:
Back Orifice
NetBus
Sub7
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
122
MALWARE
Syware – Malware which collects information about users
without their knowledge or permission.
May be used in conjunction with Adware.
May be used in serious attacks of identity theft or hijacking.
May be introduced through Key Logging software or techniques.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
123
MALWARE
Adware – Displays unwanted pop-up advertisements based on
user activity or sites visited.
Used to target potential customers.
Nagornov, R., 2014. Adware. [image] Available at:
<https://www.kaspersky.com/blog/adwaretoolbar/5513/> [Accessed 22 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
124
MALWARE
Logic Bomb – Malware which may lay dormant until triggered by
an event or scheduled task.
Normally associated with insider attacks from disgruntled
employees.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
125
MALWARE
Botnets – Botnet/Robot Network describes a series of malware
which infects numerous systems that are controlled by a
hacker.
Used in DoS/DDoS attacks.
Bots (Zombies) are controlled directly or indirectly by the
Hacker (Handler, Bot Herder, Master).
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
126
MALWARE
Ransomware – Malware which
takes over a system or
application and demands
payment or action to be
removed or unlocked.
Bridewell Consulting, 2016. Crypto Ransomware. [image]
Available at: <https://www.bridewellconsulting.com/cryptoransomware> [Accessed 22 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
127
MALWARE
Zero Day Exploits – Hackers take advantage of exploiting
applications or software in its early stages of launch when
vulnerabilities may not have been properly patched.
Anti-Virus signatures may not have been updated to include
the latest vulnerabilities or the vulnerabilities are not known.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
128
ROUTES OF INFECTION
Infected Media – optical media, USB sticks, mobile devices
Networking – wireless, Bluetooth, IR
Internet downloads
Email attachment
Smartphones
Macro
Kio-Lawson, S., 2018. Hacked by Anonymous. [image] Available
at: <https://shesecures.org/protect-wordpress-hackers/>
[Accessed 23 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
129
TYPES OF ATTACK
Man in the Middle (MitM):
Communication Eavesdropping Attack. Normally involves “spoofing”
or “poisoning” name resolution systems:
DNS
ARP
NetBIOS
WINS
May be conducted against ongoing/existing communications – Session
Hacking. Hacking tools include:
Cain
Ettercup
Juggernaut
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
130
TYPES OF ATTACK
Denial of Service (DoS):
A type of attack which has the primary objective of preventing target
systems from performing properly or responding at all. Two main
avenues of attack:
Exploit vulnerabilities/weaknesses to consume system resources to the point
where the target system freezes or crashes
Flooding communication to/from/between the target system to reduce or
remove legitimate traffic to/from the target
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
131
TYPES OF ATTACK
Distributed Denial of Service (DDoS):
Have the same objectives as DoS attacks but generally seek to
infiltrate intermediate systems to provide launch platforms
May use Trojans, Bots, Zombies or Botnets as secondary victims to
launch the attack from
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
132
TYPES OF ATTACK
Common types of DoS attack:
Smurf – Using ping packets against the broadcast address so the
replies return to the victim causing an overload
Fraggle – Similar principal to the Smurf but using UDP packets against
the broadcast address so the ICMP reply returns to the victim
Land attack – The packets received by the victim contain identical
source and destination addresses, generating confusion of the target
Ping of Death – Sending a ping packet that is too large, causing a
crash
SYN Flood – Exploits the TCP three-way handshake process
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
133
TYPES OF ATTACK
Spoofing – Falsification of network data to undermine a
system. May be used for the following:
DoS/DDoS
Replay Attacks
SPAM
WAP Attacks
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
134
TYPES OF ATTACK
SPAM – Unsolicited/unwanted Email. May be used for the
following:
Transportation of Malware
Social Engineering
DoS
May be countered by:
SPAM filters
User training and awareness
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
135
TYPES OF ATTACK
SPIM – Spam over Instant Messaging
(IM).
Unwanted messages or contacts
transmitted through some type of
instant message service (also
includes SMS).
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
136
TYPES OF ATTACK
Phishing Attacks – The attempt to obtain sensitive information
by masquerading as someone trustworthy (usually via Email).
Types of Phishing Attacks include:
Spear Phishing – Targets a named individual or group
Whaling – Targets the “big fish”; normally the high ranking officials of
an organisation
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
137
TYPES OF ATTACK
Vishing – Using voice to attempt Phishing Attacks (via
telephone or VOIP systems). A particularly effective way of
social engineering a target.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
138
TYPES OF ATTACK
Pharming – Malicious redirection of website requests to fake
sites in order to conduct Phishing attacks.
May use DNS Spoofing or Poisoning attacks initially.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
139
TYPES OF ATTACK
DNS Poisoning – Falsification of DNS data to create DoS or
redirect a client to a rogue site.
There are many ways to exploit DNS on a client:
Rogue DNS server
DNS Poisoning
IP Configuration Corruption
Proxy Corruption
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
140
TYPES OF ATTACK
ARP Poisoning – Used to falsify
IP-MAC resolution.
Commonly used in active
sniffing attacks and Man in the
Middle type attacks.
Beaver, K., 2015. ARP Poisoning. [image] Available at:
<https://docplayer.net/60468836-Hacking-5th-edition-by-kevin-beavercissp-foreword-by-richard-stiennon-chief-research-analyst-it-harvestauthor-of-there-will-be-cyberwar.html> [Accessed 23 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
141
TYPES OF ATTACK
Malicious Insider – Probably one of the biggest risks to an
organisation comes from the inside. May conduct a variety of
attacks. Protected by:
Policies
Auditing
Stringent background/security checks
Prohibiting external storage devices/mobile devices
Application Whitelisting
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
142
PASSWORD ATTACKS
Usernames and passwords are the most common form of
authentication.
Passwords should be secured by policies which maintain:
Length of password
Complexity of password
Expiration of password
History of passwords
Passwords may be “cracked” by a variety of means.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
143
PASSWORD ATTACKS
Brute Force – Attempts very valid combination for a password
Dictionary Attack – Attempts to break the password based on pre-built
lists of words/passwords
Birthday Attack (Brute Force) – Based on the probability theory
Rainbow Tables – Uses large pre-calculated databases of hashes to
crack captured password hashes
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
144
PASSWORD ATTACKS
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
145
ATTACK TYPES
Transitive Access uses the
notional means that if 2 parties
have a common point of trust –
then they logically both trust
each other.
This may provide a “back door”
through authentication/access
control to allow for
unauthorised access.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
146
TYPES OF ATTACK
Typo Squatting/URL Hacking – Capturing or luring users onto
websites which are commonly mistyped or spelled.
Watering Hole Attack – Monitoring users activities over a period
of time to ascertain where multiple users frequent or to lure
users to a particular site.
Malware is then planted within the site to infect the multiple
users.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
147
SOCIAL ENGINEERING
Social Engineering – Where the attacks exploits human
behaviour and human nature – “hacking the human”.
People are encouraged to part with information through the
process of convincing them that the attacker is a genuine
person like an administrator who is doing them a service.
Typically fooling the victim through email or telephone calls
into parting with logon information.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
148
SOCIAL ENGINEERING
Attackers may pretend to be engineers or technicians to gain
access to premises by using plausible stories.
Social Engineering targets a human weakness or trust and
multiple techniques may be employed to mount a successful
attack.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
149
SOCIAL ENGINEERING
Techniques include:
Authority
Intimidation
Scarcity
Urgency
Familiarity
Trust
Flattery
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
150
SOCIAL ENGINEERING
Shoulder Surfing – Looking over someone’s shoulder when they enter
their password on a computer or their PIN number at an ATM. They
may look for the pattern being entered into digital locks controlling
access to secure areas
Dumpster Diving – The process of sifting through rubbish bins and
waste containers looking for useful information, discarded documents
and sticky notes etc. Another useful source is the recycling paper bin
near the printer
Hoax emails – Encouraging users to carry out activity on their
computer that could be damaging but is totally unnecessary
Impersonation – Taking on the identity of another with the purpose of
fooling a genuine employee
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
151
WIRELESS ATTACKS
Rogue Access Points – The practice of setting up an access point that
appears to be part of a legitimate network to encourage users to
connect so their information and traffic can be sniffed
Evil Twin – An access point that has the same SSID and credentials as a
genuine one but is used as part of a Man in the Middle attack to
capture traffic
Interference – The practice of jamming wireless networks with “noise”
rendering them unusable
WAR Driving – Using monitoring software to look for the presence of
wireless networks with the intention of looking for vulnerable access
points
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
152
WIRELESS ATTACKS
WAR Chalking – The outdated practice of marking buildings with
graffiti to indicate the presence of wireless networking
Bluejacking – Using Bluetooth technology to send an unsolicited
messages to another Bluetooth device without the owner’s permission
Bluesnarfing – Unauthorised accessing of data from a device using a
Bluetooth connection
CBR, 2021. Bluetooth Logo. [image] Available at: <https://www.cbronline.com/what-is/what-is-bluetooth-4900836/> [Accessed 23 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
153
WIRELESS ATTACKS
XSS/Cross-site scripting – XSS exploits the trust a browser has in the
web server. Hackers inject malicious code into websites in a variety of
forms. Attacks may result in:
Identity Data Theft
Financial Loss
Key Logging
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
154
APPLICATION ATTACKS
SQL Injection – Use unexpected input into web applications to
gain unauthorised access to backend databases.
Exploits vulnerabilities in scripts between the front end and
back end database.
Protection against SQL Injection is provided by:
Input validation – Limiting the amount/type of data used in forms
Limit Account Privileges – Service accounts used by the database
should have the least amount of privilege
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
155
APPLICATION ATTACKS
LDAP injection – LDAP is the protocol used for directory services such
as Microsoft Active Directory. LDAP Injection attacks directory services
rather than SQL databases
Directory Traversal – The process of trying to get beyond the web
content and gain access to other parts of the file system
Buffer Overflow – Submitting more data to an application than it is
expecting or more than it can handle with a view to overwriting data
areas and crashing the application
Header Manipulation – Modifying the headers submitted to a web
server which could lead to defacement or cookie manipulation etc.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
156
APPLICATION ATTACKS
Forms tampering – Changing hidden values within web page source
code to try and change values on shopping web sites
URL tampering – Changing the paths in URLs to try and gain access to
unauthorised content, maybe to avoid payment on a pay site
Cookie tampering – Stealing or modifying cookies to gain session
tokens to provide access
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
157
OTHER ATTACKS
Telephone systems:
Interception
DoS
WAR Dialling – Dialling random numbers to locate MODEMs
Mitigation:
Separate VLAN
Encryption
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
158
SCADA
Supervisory Control and Data Acquisition System (SCADA) is
also referred to as Industrial Control Systems (ICS).
Large scale DoS (National Infrastructure)
Industrial/State sponsored espionage
Terrorism
Mitigation:
Segregation of business and real time networks
Segregation from the internet
Zetter, K., 2014. Stuxnet. [image] Available at:
Restricted access
<https://www.wired.com/2014/11/countdown-tozero-day-stuxnet/> [Accessed 23 February 2021].
VPN/Remote Access solutions
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
159
CCTV SYSTEMS
CCTV systems are extensively used in the security of
industrial, government and domestic environments. Types of
attacks which may pose a threat are:
Unauthorised access to feeds
Unauthorised access to stored data
Modification to camera feeds
DDoS
Access to webcams
Sheridan, K., 2017. New IoT Botnet. [image] Available at:
<https://www.darkreading.com/attacks-breaches/new-iotbotnet-discovered-120k-ip-cameras-at-risk-of-attack/d/did/1328839> [Accessed 23 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
160
CCTV SYSTEMS
Threat countermeasures:
Secure links
Access controls on stored data
Disabling unnecessary services
Patch management
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
161
INSTANT MESSAGING
Risks from instant messaging and associated
application/technology:
Unmonitored activity
Download of malware
Phishing type attacks
Grooming
Bullying
Reputational damage
SPIM
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
162
INSTANT MESSAGING
Instant messaging countermeasures include:
Block IM in the workplace
Audit IM
User training and awareness
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
163
EMAIL
Email is one of the largest conduits for Malware and Social
Engineering attacks.
Risks of use include:
Interception
Impersonation
Phishing
Malicious attachments
SPAM
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
164
EMAIL
Email countermeasures include:
User training and awareness
Boundary controls
AV and SPAM filtering
Secure email (Encryption/Digital signatures)
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
165
WEB ACTIVITY
Web activity is numerous and covers areas such as financial
transactions, social media and surfing the internet.
The risks and threats are numerous:
Unauthorised access to data
Defacing
Fraudulent transactions
Interception
Illegal downloading/sharing
Hacking
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
166
WEB ACTIVITY
Countermeasures include:
User training and awareness
Acceptable Usage Policy
Access controls
Authentication where required
Encryption
Pen testing
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
167
MALWARE COUNTERMEASURES
User training and awareness
Content scanning
Checking software
Firewall
“Sheep Dip” software
Network Intrusion Detection Systems/Intrusion Prevention System
(NIDS/NIPS)
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
168
ATTACK MITIGATION
System Logs – Security Policy defines the logging and auditing
of a system and retention methods of logs.
The main types of logs are:
Event Logs – On a Microsoft system these cover all aspects of the
systems but the most important logs are:
Security Log
System Log
Application Log
Audit Logs – Used to log User/Machine activity such as logons, object
access and special privilege actions
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
169
ATTACK MITIGATION
Security Logs – Used on network devices (IDS, Routers and Firewalls
etc.) to gather data
Access Logs – Logging access to sensitive data and resources
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
170
ATTACK MITIGATION
Hardening is conducted at OS, system, network and
application level.
All systems should be well maintained and patched.
All systems should have all unnecessary applications or
services removed.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
171
SECURITY POSTURE
A Security Posture is the level at which an organisation can
withstand an attack. The plan includes:
Security Policies
Procedures
Training
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
172
SECURITY POSTURE
Baselines should be taken of all IT systems after hardening.
Continuous Security Monitoring:
Should always be on
Should include all user accounts
Should include all IT infrastructure systems and devices
Remediation must be:
Planned
Documented
Rehearsed
Revised regularly
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
173
ASSESSMENT TOOLS
There are a range of tools available that can be used to
establish the existence of vulnerabilities or to evaluate
network security. These include:
Protocol Analyser/Sniffer
Vulnerability Scanners
IDS/HoneyPots/HoneyNets
Port Scanners
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
174
ASSESSMENT TOOLS
There are dozens of scanner
products available.
The best know one is the
open-source tool “nmap” and
the Windows equivalent
“Zenmap”.
nmap.org, n.d. zenmap. [image] Available at:
<https://nmap.org/download.html> [Accessed 23 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
175
ASSESSMENT TOOLS
Protocol Analysers – these can
be used to sniff and capture
traffic on a segment for either
real-time or off-line analysis.
The most common protocol
analyser is “Wireshark”.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
176
ASSESSMENT TOOLS
Vulnerability Scanners – tools
used to scan for known
weaknesses and vulnerabilities
then produce a report with
findings.
One of the best known
products in this area is
“Nessus”.
espincorp, 2012. Nessus. [image] Available at:
<https://espincorp.wordpress.com/2012/08/03/tenable-network-securityunveils-nessus-5-0-vulnerability-scanner/> [Accessed 23 February 2021].
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
177
ASSESSMENT TOOLS
When carrying out security assessments it is important to
consider the following:
Baseline – The current security implementation
Code Reviews – Looking for flaws in program code
Physical architecture – Assessing the physical security
Attack surface – What is visible to the outside world
Design reviews – Regular reviews of security implementation
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
178
PENETRATION TESTING
Penetration testing (pen test) is the process of evaluating the
security footprint of a computer system by simulating the
activities of a hacker attempting to gain access, using exactly
the same tools a hacker may use to try attempt a break-in to
the network.
A pen test can either be an automated process using a suite of
tools or a manual process where the test(s) are chosen and run
by the pen tester.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
179
PENETRATION TESTING
Pen testing can be used to confirm the presence of
vulnerabilities and whether they could be exploited.
A pen test should reveal any weaknesses in the security
posture, both known and unknown vulnerabilities can be
detected.
Vulnerability scanning is the part of the pen test which
identifies weaknesses in the system. This type of scanning
should be carried out on a regular basis by sys admins without
waiting for a pen test.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
180
PENETRATION TESTING
Types of penetration test include:
Black Box – The tester has no knowledge of the target other than a
domain name. This would apply to external and internal tests
Grey Box – The tester has partial knowledge of the target, typically
used for application testing
White Box – The tester has full knowledge of the target, network
diagram etc.
23/02/2021
Module 6
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
181
MODULE 7
CLOUD COMPUTING
23/02/2021
Module 7
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
182
CLOUD COMPUTING
Cloud computing is a generic term used to describe ondemand, offsite, location independent computing services.
Typically being accessed via the internet. There are several
models of cloud computing:
Public – Services provided to the subscriber by a commercial provider
Private – Services provided on premise (in-house) or off site for use by
a single organisation
Community – Services used and paid for by a group of users or
organisations for the shared benefit, such as collaboration and data
exchange
Hybrid – Combination of Public, Private and/or Community services
23/02/2021
Module 7
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
183
CLOUD COMPUTING
Services commonly used are:
Software as a Service (SaaS)
Platform as a Service (PaaS)
Storage as a Service (STaaS)
Security as a Service (SECaaS)
Monitoring as a Service (MaaS)
Infrastructure as a Service (IaaS)
23/02/2021
Module 7
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
184
CLOUD COMPUTING
Benefits of Cloud Computing:
Lower total cost of ownership (TCO)
Scalability/Elasticity
Transfer of skills
Availability
23/02/2021
Module 7
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
185
CLOUD COMPUTING
Considerations:
How is data stored
Where is data stored
Responsibilities
Availability
Data retention and destruction
Backups/Replication
Auditing
Exit strategy
23/02/2021
Module 7
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
186
MODULE 8
SOFTWARE DEVELOPMENT
AND LIFE CYCLE (SDLC)
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
187
SDLC
When designing any
application system or network,
security must form part of the
overall design.
It is essential that security and
assurance requirements are
included at the start of any
project and have high level
support and sign off.
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
188
SDLC
Security aspects within an application would allow for:
Defence against unauthorised access
Only valid and accurate data is processed
Proper functional testing
Backups
Assurance of availability
Compliance
Security of data transmission/communications
Auditing and recording
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
189
SDLC
Every product (software/application etc.) should be carefully
considered for its potential effects on CIA.
Potential issues may include:
Hidden rogue code
Bugs which cause system hangs or downtime
Licenses (illegal copies/downloads)
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
190
SDLC
Once software has been developed it must be tested against
the functional test plan.
This is to ensure that the software works properly (as
intended) and does not have any unintentional adverse impact
on any other business process or business area.
A risk assessment should be included in the design and
development life cycle.
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
191
SDLC
Final acceptance testing should be carried out (and signed off)
by the following:
The project team
End users
Managers
The assurance team
The accreditation team
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
192
SDLC
Change to software must be formally managed to ensure the
following:
Benefits of the requested change
Risk
Accepted downtime
Development time
Training needs (if required)
Recording
Clipart Art, n.d. Itil. [image] Available at:
<https://clipartart.com/wallpaper/getimg.html>
[Accessed 23 February 2021].
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
193
SDLC – USING 3RD PARTIES
Software development may be outsourced to 3rd party
companies however care should be taken with regard to:
3rd parties going out of business/changing hands
Intellectual Property/Trade Secrets
Data Protection
Rogue code
Crefovi, 2020. Escrow. [image] Available at: <https://crefovi.com/articles/doyou-need-to-put-in-place-an-escrow-agreement/> [Accessed 23 February 2021].
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
194
SDLC – USING 3RD PARTIES
The risks may be mitigated by:
Data Protection Act
Contracts
Testing and evaluation
Using certified products (Common criteria)
Using Escrow to safeguard source code
23/02/2021
Module 8
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
195
MODULE 9
SECURING THE INFRASTRUCTURE
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
196
SECURING THE NETWORK
Defence in Depth involves using multiple security elements to
protect data and systems. More advanced networking
technologies allow for the layers to include:
Separation of systems:
Physical separation
Logical separation (virtualisation)
Firewalls
DMZ
Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)
23/02/2021
Module 9
Honeypots
Honeynets
Load balancer
Proxies
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
197
SECURING THE NETWORK
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
198
SEPARATION OF SYSTEMS
Separation may take many forms and may be incorporated for
the following reasons:
To segment a secure compartment facility (either standalone or
controlled access)
To zone specific security areas
To zone vulnerable areas from the internal network
To control network traffic between departments
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
199
NETWORK DESIGN ELEMENTS
VLANs – Virtual Local Area Networks
are created by segmenting switch
ports on managed switches (layer 2
devices) and allocating them to
different logical networks
This allows for networks to remain
separate from each other whilst
sharing other access to resources
(such as router)
Traffic between each department
network is controlled through the
switch and router
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
200
NETWORK DESIGN ELEMENTS
Demilitarized Zone (DMZ):
Acts as a buffer network between the internet (untrusted) and a
private LAN (trusted)
Sometimes referred to as a “Transitional Subnet”
Implemented between 2 firewalls or a Multi-honed device
Incorporates part of the Layered Security/Defence in Depth approach
to network security
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
201
NETWORK DESIGN ELEMENTS
Honeypot/Honeynet
Used to monitor intrusion/attacks and conduct intelligence gathering
Used to deflect potential attacks
HONEYPOT
DMZ
IDS
INTERNET
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
202
NETWORK DESIGN ELEMENTS
Intrusion Detection Systems (IDS) are placed on segments of a
network so they can detect unauthorised activity or malicious
traffic.
IDS are passive devices in that they can detect the presence of
malicious traffic and raise an alert but they do not prevent the traffic
from reaching its destination
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
203
IDS/IPS
IDS can be network based (NIDS) where it monitors segments
for malicious traffic.
Or, it can be host based (HIDS) where it is installed on a host
and monitors traffic coming into the host, and also local
activity on the host.
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
204
IDS/IPS
IDS uses several methods:
Signature based – IDS has a database of the signatures of known
malicious traffic, a bit like anti-virus
Anomaly based – IDS can be trained to know what is normal traffic so
when different traffic patterns are seen it raises an alert
Behaviour based – IDS reacting to activity above/below baseline
behaviour
Heuristics – The ability to make an “educated guess” as to whether
traffic is malicious or not
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
205
SPECIALISED DEVICES
Specialised network devices like a Load Balancer provide fault
tolerance and/or redundancy.
They are used to support servers such as:
Web servers
FTP servers
Remote Desktop servers
VPN servers
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
206
NETWORK DESIGN ELEMENTS
Network Address Translation (NAT):
NAT converts private “internal” IP addresses into public “external”
addresses for external routing
NAT also provides a layer of security by masquerading internal
addressing systems from public viewing
Serves as a basic Firewall
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
207
NETWORK DESIGN ELEMENTS
Port Address Translation (PAT):
PAT is similar to NAT but connects a single public IP address to
internal TCP port numbers used by the internal hosts
Variations of NAT include NAT-Transversal (NAT-T) which
supports IPSEC and other tunnelling VPN protocols and
Protocol Translation systems which allow IPv4-IPv6 networks to
use NAT in the interim between IPv4 becoming mainstream.
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
208
PROXY SERVERS
Proxy Servers may be referred to as a
“Caching NAT” service.
Proxies provide logs of activity.
Proxies may be enabled to filter activity
based on content, URL, keywords etc.
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
209
NETWORK DESIGN ELEMENTS
Remote Access/Remote Access Servers (RAS):
Support VPN/Terminal Service connections
Different technologies supported by servers or dedicated devices:
VPN
Dial-up (Modem)
Remote Desktop Connections (Terminal Services)
Wireless
Supported by local/remote Authentication, Authorisation and
Accounting (AAA) service such as:
TACACS
RADIUS
802.1x
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
210
NETWORK DESIGN ELEMENTS
Network Access Control (NAC) is a way of controlling client
access to a network that goes beyond authentication and looks
at the connecting device.
NAC is used to:
Reduce Zero Day attacks
Enforce Network Security Policies
Use identities to perform access control
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
211
NETWORK DESIGN ELEMENTS
NAC can be configured for the following examples:
Firewall policy settings
Anti-virus/Anti-spyware definitions
Updates (patches)
Computer/device identity (visiting mobile devices etc.)
23/02/2021
Module 9
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
212
MODULE 10
PHYSICAL AND ENVIRONMENTAL
SECURITY CONTROLS
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
213
SECURITY CONTROLS
There are three principle types of
control:
Physical Security – Building, room
security
Technical Security – Technological
security measures using software or
hardware
Procedural Security – Policies, Plans,
Rules, Regulations and Procedures
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
214
PHYSICAL SECURITY
Physical Security measures are numerous and will be
dependant upon the size and nature of the organisation
needing protection. However all organisations will need some
form of physical security. This may include:
CCTV systems
Signs
Lighting systems
Guards
IR Detection systems/alarms
Gates/fences/doors
23/02/2021
Module 10
Locks
Security tags/tokens (ID
cards/common access cards)
Biometric devices
Proximity readers
Turn styles
Man traps
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
215
TECHNICAL SECURITY
Technical Security Controls may include:
Firewalls
Network Device security
Anti-virus software
Cryptography
Biometrics
Group Policy
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
216
PROCEDURAL SECURITY
Procedural Security covers the following types of measures:
Staff Vetting
Hiring Policy
Dismissal Policy
Site Access
Special Area Access
Security Policies:
Acceptable Usage Policy
Password Policy
Clean Desk Policy
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
217
PROTECTING EQUIPMENT
Protection of equipment and systems may take many forms
and can be implemented to prevent:
Accidental damage
Theft
Loss of availability
Loss of data
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
218
PROTECTING SYSTEMS
Accidental damage may be prevented by:
User training and awareness
User policies (drinking/eating at desks)
Cable tidies
Cable covers/protected distribution
Routine maintenance and cleaning
Power surge protection
Environmental controls
Heating Ventilation and Air Conditioning (HVAC)
Humidity controls
Fire suppression systems
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
219
PROTECTING SYSTEMS
Theft may be prevented by:
User Training and Awareness
Vetting/Hiring Policies
Physical Building Security
Mobile Device Security
Passwords/Time out settings
Kensington locks
Encryption/full drive encryption
GPS/GSM tracking
Remote sanitization
Mobile Device Management System
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
220
LOSS OF AVAILABILITY
Making a system highly available may take several forms. These
can include:
Server Clusters:
Failover – Used to ensure connectivity to resources such as databases, file servers
and applications which are said to be “stateful” (read/writeable)
Network Load Balance (NLB) – Used to ensure connectivity to resources such as
Web servers, Remote Access Servers and services which are said to be “stateless”
(read only)
Virtualisation
Cloud
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
221
LOSS OF AVAILABILITY/DATA
Redundant Array of Independent/Inexpensive Disks (RAID).
RAID systems allow for data to be stored to provide redundancy
or fault tolerance (availability), speed (read/write access) or a
combination of redundancy and speed.
The main RAID arrays include:
RAID
RAID
RAID
RAID
RAID
RAID
23/02/2021
0
1
3
5
6
01/10 (0+1/1+0)
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
222
LOSS OF AVAILABILITY/DATA
23/02/2021
RAID
Min. Disks
Advantage
0 (Striped Array)
2
Speed
1 (Mirror)
2 only
Fault tolerance
3 (Stripe with fixed parity)
3
Speed and fault tolerance
5 (Stripe with parity
3
Speed and fault tolerance
6 (Double parity)
4
Speed and fault tolerance
10 (Mirrored Stripe)
4
Speed and fault tolerance
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
223
RAID
23/02/2021
RAID 0
RAID 1
RAID 3
RAID 5
Module 10
RAID 0+1
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
RAID 6
224
ALTERNATE SITES
Larger organisation may incorporate alternate sites within their
disaster recovery planning.
These may be:
Hot site – Ready to be operational immediately
Warm site – Ready to be operational within several hours or days
(depending upon the setup)
Cold site – Ready to be operational within several weeks
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
225
ALTERNATE SITES
It is not uncommon for some organisations to share the same
hot, warm or cold site allocations.
Virtualisation and Cloud technologies have made the
facilitation of alternate sites a lot easier and cheaper to
implement but come with their own risks and cost.
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
226
REDUNDANT SITES
Other alternate or redundancy considerations will be:
Alternate communication links (telephone/internet/leased line)
Alternate power lines
Second line
Standby generator
Uninterruptible Power Supply (UPS)
Standby equipment (network devices, computers, printers, hard drives
etc.)
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
227
PROCEDURAL SECURITY
Procedural Security covers several aspects already mentioned
throughout this module:
User Training and Awareness
Mobile devices/BYOD policies
Acceptable Usage Policy
Protection of equipment
Procedures for handling security breaches (including physical breaches)
Employment policies (Hiring and Dismissal)
Disaster Recover Plan (DRP) – covered in next module
Clear screen/desk policies
Disposal policy
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
228
DISPOSAL
There is an inherent risk in data being lost, stolen or a breach
of security during the disposal process. This may include:
Waste documents (paper/packaging)
Magnetic media (optical drives)
Magnetic media (hard drive)
Old equipment/devices recycling
3rd party data removal (cloud based)
Tedford, T., 2015. Dumpster Divers. [image] Available at: <https://www.vox.com/2015/3/10/11559968/dumpster-divers-could-be-the-next-sony-hackers> [Accessed 23
February 2021].
Paganini, P., 2016. Military Data. [image] Available at: <https://securityaffairs.co/wordpress/43641/intelligence/hard-drive-military-data.html> [Accessed 23 February
2021].
BBC, 2007. Police data details found at dump. [image] Available at: <http://news.bbc.co.uk/1/hi/england/devon/7160490.stm> [Accessed 23 February 2021].
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
229
DISPOSAL
Waste should always be handled in accordance with its security
protective markings and handling policies, options for disposal
include:
Shredding (paper/magnetic media) by an approved device
Incinerated
Deleted/wiped (data)
Formatted (drives)
Degaussed
Destroyed
Pulped
A combination of any of the above is generally the best option
23/02/2021
Module 10
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
230
MODULE 11
DISASTER RECOVERY AND BUSINESS
CONTINUITY MANAGEMENT
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
231
BCP AND DRP
Business Continuity is defined as:
“The capability of the organisation to continue delivery of
products or services at acceptable predefined levels following
a disruptive incident” – ISO 22301
Disaster Recovery is defined as:
“Activities and programmes that are invoked in response to a
disruption and are intended to restore an organisations ICT
services” – BS 2577 covered under ISO 24672
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
232
BCP AND DRP
Essentially both have the same goals:
Business Continuity Planning involves people, processes and
procedures as well as ICT
Disaster Recovery Planning is based around technology platforms and
associated technologies
Essentially Business Continuity comes 1st but if it fails then Disaster
Recovery fills the gap
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
233
BCP AND DRP
Business Continuity Planning (BCP) involves assessing the risks
to an organisation and creating policies, plans and procedures
to minimise the impact these risks might have on the
organisation if they were to occur.
BCP is used to maintain the continuous operation of a business in the
event of an emergency situation
The goal of BCP planners is to implement a combination of
policies, procedures and processes to ensure that a potentially
disruptive event has as little impact on the business as
possible.
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
234
BCP AND DRP
BCP focuses on maintaining business operations with reduced
or restricted infrastructure capabilities or resources. As long as
the continuity of the organisation's ability to perform its
mission-critical work tasks is maintained, BCP can be used to
manage and restore the environment.
If the continuity is broken, then business processes have
stopped, and the organisation is in disaster mode; thus Disaster
Recovery Planning (DRP) takes over.
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
235
BCP
BCP has many facets but may be broken down into the
following steps:
Identify – Risk Assessment
Analyse – Business Impact Analysis (BIA)
Create – Strategy and Plan Development
Measure – Test, Train and Maintain
Identify
Measure
Analyse
Create
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
236
BCP METRICS
Several calculations need to be made regarding the operational
status of an organisation:
The Maximum Tolerable Downtime (MTD) is the maximum length of
time a business function can be inoperable without causing irreparable
harm to the business. (MTD may also be referred to as Maximum
Tolerable Period of Disruption (MTPD) and Maximum Acceptable
Outage (MAO))
The Recovery Time Objective (RTO) is the amount of time calculated
for each business function to be recovered in the event of a
disruption. The RTOs must always be less than the MTDs
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
237
BCP METRICS
A metric aligned with the RTO is the Recovery Point Objective (RPO).
The RPO is a measurement of how much loss can be accepted by the
organisation when a disaster occurs. This acceptable loss is measured
in time (typically since the last Backup was taken)
Maximum Tolerable Data Loss (MTDL) is maximum loss of data an
organisation can tolerate. This is could be due to age or value of data.
The RPO must be lower than the MTDL
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
238
BCP METRICS
6 hrs
12 hrs
2000hrs
4 hrs
0800hrs
1200hrs
1400hrs
Database
Recovered
MTD
RPO
RTO
Database
Backup
23/02/2021
Module 11
Database
Crash
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
239
STANDARDS
BS25999-1 – Business Continuity Management code of practice
BS25999-2 – BCM specification
BS25777 – ICT Continuity Management code of practice
ISO 22301 BCM requirements
ISO 24762 – Guide for ICT DR services
ISO, n.d. ISO Logo. [image] Available at: <https://www.iso.org/iso-name-and-logo.html>
[Accessed 23 February 2021].
BSi, n.d. BS25999-1. [image] Available at: <https://www.amazon.com/BS-25999-1Business-Continuity-Management/dp/0580509559> [Accessed 23 February 2021].
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
240
DISASTER RECOVERY PLAN
Disaster Recovery Planning consists of the following stages:
Initial risk assessment – What are the potential risks?
Business impact analysis – What is the effect on business?
Design – What can we do about it?
Implementation – This is the plan?
Test – Does it work?
Review – What didn’t work?
Maintenance and review – What changes need to be made?
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
241
DISASTER RECOVERY PLAN
Disaster Recovery Planning consists of the following stages:
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
242
DISASTER RECOVERY PLAN
The DRP should cover a range of scenarios from minor disruption to
total site destruction
The most important aspect of DRP is people come first
The plan should be tested on a regular basis and after any major
changes to the plan
The plan should be well documented with multiple copies kept off site
Change management must ensure all copies are at the latest version
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
243
DISASTER RECOVERY PLAN
Disaster Recovery must include Succession Planning:
Any disaster may affect key personnel or there may be a situation
where key personnel needed for DRP are not currently available
Succession planning identifies key personnel and their replacements in
the event of non-availability
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
244
BACKUP SOLUTIONS
Backup solutions are dependant upon several factors including:
Where are backups held (onsite/offsite/cloud)
How often to backup data (frequency)
How long are backups held (retention)
What to backup
When to backup data (time)
What media to use (storage)
How much data to backup
What type of backup to use
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
245
TYPES OF BACKUP
There are 3 main types of backups:
Full – All files on a system are backed up
Differential – All files which have changed since the last full backup
are backed up
Incremental – All files which have changed since the last full or
incremental backup are backed up
23/02/2021
Backup Type
Backup Time
Restore Time
Storage
Full
Slowest
Quickest
Large
Incremental
Quickest
Slowest
Minimal
Differential
Progressively slow
Quicker
Progressively larger
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
246
DATA RESILIENCE TECHNIQUES
The following techniques may be used to enable data availability
across a network or to facilitate quicker and easier solutions for
recovering data or systems:
Replication
Distributed File Systems
Restore/Refresh points
Shadow copies
Snapshots/Checkpoints
System Image
However, the above must not be confused with or replace proper backup
strategies.
23/02/2021
Module 11
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
247
MODULE 12
CRYPTOGRAPHY
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
248
BASIC TERMINOLOGY
Cryptography is the process of representing data in a concealed
form so that the contents are not readable:
Encryption – The process that changes the data and makes it
unreadable
Decryption – Is used to reverse the process and present the data in its
original form
Cipher – An algorithm that produces the encryption, usually
mathematical
Key – Is used to determine the result of the encryption process
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
249
CONCEPTS
Crypto systems are designed to fulfil several goals:
Confidentiality – The data remains private when stored or in transit
Integrity – The data has not been altered in transit
Authentication – Verifying the identity of both parties in
communication
Non-repudiation – The sender cannot deny having sent a signed
message
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
250
CONCEPTS
Three types of encryption processes:
Symmetric encryption – Uses a single shared key for encryption and
decryption, also called private or secret key cryptography
Asymmetric encryption – Also called public key cryptography, uses a
pair of keys consisting of a public key and a private key
Hashing – The process of taking a quantity of data and producing a
summary of the data in the form of a fixed length digest. Hashing is
not an encryption algorithm
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
251
SYMMETRIC ENCRYPTION
Uses a single shared key for the encryption process
If encrypting data on a hard drive the owner has the key
If encrypting data using a communications channel, both parties have
access to the key
Faster than asymmetric encryption which uses a key pair
Larger keys provide for stronger encryption
The single key must be kept private
When used for communications there must be a secure key exchange
process to ensure both parties have the correct key
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
252
SYMMETRIC ENCRYPTION
Symmetric Encryption (Private Key Cryptography)
Private Key must be securely exchanged (Pre-Shared Key)
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
253
SYMMETRIC ENCRYPTION
23/02/2021
Module 12
Name
Block Size
Key Size (bits)
AES
128
128/192/256
DES
64
56
3DES
64
168
DEA
64
128
BLOWFISH
64
32 – 448
TWOFISH
128
128/192/256
RC5
32/64/128
0 – 2040
RC6
128
128/192/256
CAST-128
64
40 - 128
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
254
SYMMETRIC ALGORITHMS
Common Symmetric Algorithms – Stream Ciphers.
Block Ciphers are more popular and widely used however Stream
Ciphers are also used
Instead of encrypting blocks of data – Stream Ciphers work on each
character or bit of a message at a time
Examples of Stream Cipher are:
Caesar Cipher (C3 Cipher)
One Time Pad
RC4 (which is commonly used in Wireless Encryption methods)
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
255
ASYMMETRIC ENCRYPTION
Also called Public Key Cryptography.
Uses a key pair consisting of a freely available public key and a secure
private key stored by the owner
Not as fast as symmetric encryption
Uses much larger key lengths typically 1024 or 2048 bits
A 1024 bit asymmetric key is equivalent to a 160 bit symmetric key
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
256
ASYMMETRIC ENCRYPTION
Public/Private Key Cryptography:
In a simple scenario the message is encrypted with the recipients
Public Key and Decrypted with the recipients Private Key
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
257
ASYMMETRIC ENCRYPTION
Public/Private Key Cryptography:
In a more secure scenario both key pairs are utilised
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
258
ASYMMETRIC ENCRYPTION
Examples of asymmetric encryption algorithms include:
Rivest, Shamir & Adleman (RSA) – Currently the most widely used
across most systems
Elliptic Curve Cryptography (ECC) – Provides longer key lengths with
less compute power and is increasingly popular
El Gamal – Devised in the mid 80’s however has the disadvantage of
doubling the size of encrypted messages and increasing bandwidth
Diffie-Hellman – Devised in the mid 70’s but still in use today, uses a
series of one-way functions and non-shared secrets to generate the
shared Symmetric key between two parties
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
259
TRANSPORT ENCRYPTION
Used to secure information while being transmitted between
two endpoints. These can be used for a variety of purposes:
Virtual Private Networks (VPNs)
Secure Web sessions using Secure Sockets Layer (SSL) or Transport
Layer Security (TLS)
Secure remote administration using Secure Shell (SSH)
Email security using Pretty Good Privacy (PGP) or Secure Multipurpose
Mail Extensions (S/MIME)
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
260
TRANSPORT ENCRYPTION
A VPN is a secure channel between two endpoints, it allows
secure communication over an untrusted network.
VPN protocols include:
Point-to-Point Tunnelling Protocol (PPTP)
Uses port 1723
Layer 2 Tunnelling Protocol (L2TP)
Uses port 1701
Internet Protocol Security (IPSec) – May be used with L2TP
Uses port 500
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
261
REMOTE ACCESS PROTOCOLS
Dependant upon the VPN/RAS solution there are many different
types of authentication methods, these include:
PAP – Password Authentication Protocol (Cleartext)
SPAP – Shiva PAP
CHAP – Challenge Handshake Protocol
MSCHAP/MSCHAPv2 – Microsoft CHAP
EAP – Extensible Authentication Protocol – widely used by smartcards
and WAPs
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
262
IPSEC
IPSec is a standard architecture for setting up a secure
channel.
Consists of a modular framework
Supports multiple protocols
Uses public key cryptography
Relies upon security associations
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
263
IPSEC
The two main components:
Authentication Header (AH) – Provides message integrity, nonrepudiation, authentication and access control
Encapsulation Security Payload (ESP) – Provides confidentiality and
integrity of contents through encryption
IPSec may use AH and ESP together or separately depending upon the
circumstance
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
264
IPSEC
The two modes of operation:
Transport Mode – Only the payload is encrypted (normally for internal
communications only)
Tunnel Mode – The entire packet, header included, is encrypted (for
external/VPN communications)
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
265
SECURE SOCKETS LAYER (SSL)
Used to provide a secure connection for client/server traffic over the
internet
HTTPS uses an encrypted session over port 443
Relies upon the exchange of digital certificates
Uses a combination of asymmetric and symmetric cryptography
Creates a secure asymmetric channel for the exchange of a symmetric
key
Now being replaced with Transport Layer Security (TLS) which works in
a similar way that is transparent to the user
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
266
SECURE SHELL (SSH)
SSH is a secure connection that provides end-to-end
encryption.
It is designed to replace insecure clear-test protocols such as
Telnet, Remote shell (RSH), rlogin, rcp etc.
SSH v1 has now been replaced by version 2.
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
267
SECURE EMAIL
Two solutions:
S/MIME – Secure Multipurpose Internet Mail Extensions
PGP – Pretty Good Privacy (open source variant is GPG)
S/MIME encrypts mail and adds as an attachment.
PGP is a public/private key system.
PGP supports a variety of algorithms
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
268
NON REPUDIATION
The sender of a message cannot deny they sent it.
Achieved by using the sender’s private key to encrypt or sign the
message – it must have come from them as only they have the private
key
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
269
DIGITAL SIGNATURES
A digital signature is used to prove the integrity of a message –
that it wasn’t changed in transit, and also provides for nonrepudiation.
Digital signatures are used in a variety of ways:
Signing Code
Signing Emails
Signing Data
Signing Applications
Signing Device Drivers
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
270
HASHING
Although hashing is a type of cryptography it is not true
encryption, in that it cannot be decrypted.
It is a one-way function that produces a fixed length digest or unique
identifier for a piece of data
Also known as message digest, checksum, hash, fingerprint
Used to prove the integrity of data
The input can be any length – a word, document, file or entire disk
The output is always a fixed length based upon the hashing algorithm
used
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
271
HASHING
Basic requirements for hashing:
The input can be of any length
The output is always a fixed length
The hash function cannot be reversed
The function is fairly simple to compute
The hash should be collision free – no
two pieces of data should produce the
same hash
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
272
HASHING
Common hash algorithms in current use:
23/02/2021
Module 12
Name
Hash Value Length
SHA-1
160
SHA-224
224
SHA-256
256
SHA-384
384
SHA-512
512
MD5
128
MD4
128
MD2
128
RIPEMD
160
HMAC
Variable
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
273
HASHING
A fixed block of data will always produce the same hash value.
Change one character in the block and the hash changes
completely.
Theoretically, Hashes may Collide (Collisions) when two
different files return the same hash value.
The longer the Hash Value Length the less likely a collision will
happen.
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
274
HASHING
Virtually all computer systems store user passwords in a
hashed format.
Password cracking usually consists of trying to crack the stored
hash of the plain text password. Hashes are cracked by:
Brute Force
Rainbow Tables
Birthday Attacks
Dictionary Attacks
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
275
KEY MANAGEMENT
Key Escrow:
Storage process whereby copies of the private keys are retained by
centralised management systems and/or 3rd parties
Key Recovery
Key Recovery Agent (KRA) is able to recover an accounts Private Key
Data Recovery Agent (DRA) is able to recover an accounts encryption
key
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
276
STEGANOGRAPHY
The concept of hiding data
inside an innocent looking
format such as a graphic image
or an audio file.
Can also require passwords to
gain access to the hidden data.
Used to protect documents
with digital watermarks.
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
277
PKI
Public Key Infrastructure (PKI) is the
framework for deploying asymmetric
cryptography systems.
Uses digital certificates as a means of
authenticating entities and distributing public keys
Certificates are issued by Certificate Authorities
(CA) that are trusted 3rd parties so if two users have
certificates issued by a CA they trust each other
PKI is the basis of e-commerce with websites being
issued with digital certificates to validate their
identity
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
278
PKI TRUST MODELS
Certification Authority – Trust Models. There are many
“models” for CA. The more common are Hierarchical and
Bridge.
ROOT CA
ROOT CA
INTERMEDIATE
CA
LEAF
CA
23/02/2021
Module 12
INTERMEDIATE
CA
LEAF
CA
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
279
PKI
Obtaining a certificate:
Client requests certificate from CA. The client provides their public
key and proof of identity. This may take the form of a Certificate
Signing Request (CSR)
The CA validates the client identity
CA produces certificate and signs with CA private key
Certificate is issued to the client
The certificate can be validated by any other client because their
browser contains the CA public key to validate CA signature
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
280
PKI
Certificates may be revoked for a number of reasons:
Compromised
Expired
No longer valid
Change of affiliation
Updated
Revoked certificates must be made publicly available to ensure
that they are no longer trusted.
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
281
PKI
Revoked certificates are published to the:
CRL (Certificate Revocation List)
The CRL is made available through the following:
CRL Distribution Point (CDP) – A publicly available resource
(folder/website) which allows for the CRL to be downloaded or queried
when certificates are offered
Online Certificate Status Protocol (OCSP) – A web based application
which allows for a direct query based on the receipt of a certificate.
The OCSP is quicker and more reliable than CDP
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
282
PKI
23/02/2021
Module 12
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
283
COURSE FEEDBACK
We would love to hear your thoughts on your overall Firebrand experience.
Without it we can’t improve.
“How likely is it that you would recommend Firebrand to a friend or colleague?”
0
1
0=Not at all likely
2
3
4
5
6
7
8
9
10
10=Extremely likely
After this question there is the opportunity to explain why you have given us that score.
23/02/2021
Course feedback
This content is copyright of Firebrand Training Ltd – 2020. All rights reserved. For full terms and conditions
please refer to https://firebrand.training/uk/terms-and-conditions
284
Download