SECURITY+
CERTIFICATION
Omar AL Mahmoud
AGENDA
Introduction​
Course Primary goals
​Course Timeline
Course Materials
​Summary​
Security+ Certification
INTRODUCTION
Today's job market demands individuals with demonstrable
skills, and the information and activities in this course can help
you build your cybersecurity skill set so that you can confidently
perform your duties in any entry-level security role.
3
PRIMARY GOALS
Security+ Certification
THE HOW-TO KNOWLEDGE?
●
Compare security roles and security controls
●
Explain threat actors and threat intelligence
●
Perform security assessments and identify social engineering attacks and malware types
●
Implement identity and account management controls
●
Implement secure network designs, network security appliances, and secure network protocols
●
Implement secure cloud solutions
●
Explain data privacy and protection concepts
5
Security+ Certification
6
COURSE TIMELINE
week
Sunday
Monday
Tuesday
Wednesday
Thursday
1
Lesson 1-2
Lesson 3-4
Lesson 5-6
Lesson 7-8
Lesson 9-10
2
Lesson 11-12
Lesson 13-15
Lesson 16-18
Lesson 19-21
Practice Exam
7
“NO TECHNOLOGY THAT’S CONNECTED TO THE
INTERNET IS UNHACKABLE .”
Abhijit Naska
8
LESSON 1: COMPARING SECURITY
ROLES AND SECURITY CONTROLS
Information security refers to the protection of data resources from unauthorized access, attack, theft, or damage.
CIA Triad
Confidentiality means that certain information should only be known to certain people.
Integrity means that the data is stored and transferred as intended and that any modification is authorized.
Availability means that information is accessible to those authorized to view or modify it.
9
CYBERSECURITY FRAMEWORK
10
INFORMATION SECURITY COMPETENCIES
⮚ Participate in risk assessments and testing of security systems and make recommendations.
⮚ Set up and maintain document access control and user privilege profiles.
⮚ Monitor audit logs, review user privileges, and document access controls.
⮚ Create and test business continuity and disaster recovery plans and procedures.
⮚ Participate in security training and education programs.
11
INFORMATION SECURITY ROLES AND RESPONSIBILITIES.
INFORMATION SECURITY BUSINESS UNITS.
.
12
SECURITY CONTROL CATEGORIES
13
SECURITY CONTROL FUNCTIONAL TYPES
14
NIST CYBERSECURITY FRAMEWORK
A cybersecurity framework (CSF) is a list of activities and objectives undertaken to mitigate risks.
▪ ISO 31K
▪ Cloud Security Alliance
15
BENCHMARKS AND SECURE CONFIGURATION GUIDES
Center for Internet Security (CIS)
Open Web Application Security Project (OWASP)
REGULATIONS, STANDARDS, AND LEGISLATION
National, Territory, or State Laws
Payment Card Industry Data Security Standard (PCI DSS)
16
LESSON 2: VULNERABILITY, THREAT, AND RISK
Vulnerability is a weakness that could be triggered accidentally or exploited intentionally to cause a security breach.
Examples of vulnerabilities include improperly configured or installed hardware or software, delays in applying and
testing software and firmware patches, untested software and firmware.
Threat is the potential for someone or something to exploit a vulnerability and breach security. A threat may be
intentional or unintentional. The person or thing that poses the threat is called a threat actor or threat agent.
Risk is the likelihood and impact (or consequence) of a threat actor exploiting a vulnerability. To assess risk, you
identify a vulnerability and then evaluate the likelihood of it being exploited by a threat and the impact that a
successful exploit would have.
17
ATTRIBUTES OF THREAT ACTORS
Internal/External
Intent/Motivation
Level of Sophistication/Capability and Resources/Funding
18
HACKERS, SCRIPT KIDDIES, AND HACKTIVISTS
Hackers
Script Kiddies
Hacker Teams and Hacktivists
19
CRIMINAL SYNDICATES AND COMPETITORS
INSIDER THREAT ACTORS
ATTACK SURFACE AND ATTACK VECTORS
‫مثال توضيحي‬
‫‪20‬‬
‫مقدمة عن النظام‬
‫نظام الدارة البيانات الصحية‬
‫يقوم مستشفى ب استخدام النظام الدارة البيانات الصحية بيى المرضى‪.‬‬
‫يستخدة األطباء هذا النظام لكى يتكمنو من عرض سجالت المرضى ومتابعة الحاالتى العامة ‪.‬‬
‫جميع االطباء يستخدمون حساب موح ىد‪ ،‬وهو حساب مدير النظام لكى يتمكنو من اجراء التحديثات والتعديالت عىل‬
‫سجالت المرضى‪.‬‬
‫يقوم مالك المستشفى من متابعة النظام عبى حساب مستقل وهو حساب المالك‪.‬‬
‫يعتبى حساب المالك مخول لمتابعة سجالت المرضى واألطبا ىء‪ ،‬مع تمكنه ايضا لالطالع عىل تاري خ العمليات فى النظام‪.‬‬
‫يجدر بالذكر أن المستشفى يطمح إىل اجراء تحسينات لجميع االنظمة الداخلية بما فى ذلك نظام ادارة البيانات الصحية‪.‬‬
21
THANK YOU
SEE YOU SOON
22
LESSON3: ASSESS ORGANIZATIONAL SECURITY WITH NETWORK
RECONNAISSANCE TOOLS
IPCONFIG, PING, AND ARP
ROUTE AND TRACEROUTE
IP SCANNERS AND NMAP
CONT…
NETSTAT AND NSLOOKUP
OTHER RECONNAISSANCE AND DISCOVERY TOOLS: The Harvester & dnsenum
23
24
PACKET CAPTURE AND TCPDUMP: PACKET ANALYSIS & PROTOCOL ANALYSIS
EXPLOITATION FRAMEWORKS: A REMOTE ACCESS TROJAN (RAT) AN EXPLOITATION FRAMEWORK
25
SOFTWARE VULNERABILITIES AND PATCH MANAGEMENT:
Operating system (OS)—an application exploit will run with the permissions of the logged-on user, which will
hopefully be limited.
Firmware—vulnerabilities can exist in the BIOS/UEFI firmware that controls the boot process for PCs. There
can also be bugs in device firmware, such as network cards and disk controllers..
26
CONT..
• WEAK HOST CONFIGURATIONS
• Default Settings:
Relying on the manufacturer default settings when deploying an appliance or software applications is
one example of weak configuration.
• Unsecured Root Accounts
• Open Permissions
CONT..
▪ IMPACTS FROM VULNERABILITIES
▪ Vulnerabilities can lead to various data breach and data loss scenarios.
▪ Data Breaches and Data Exfiltration Impacts
27
28
CONT..
• Identity Theft Impacts
• A privacy breach may allow the threat actor to perform identity theft or to sell the data to
other malicious actors.
• Data Loss and Availability Loss Impacts
• THIRD-PARTY RISKS
29
SECURITY ASSESSMENTS
Network Vulnerability Scanner
A network vulnerability scanner, such as Tenable Nessus (tenable.com/products/nessus) or OpenVAS
(openvas.org), or tools such as Nikto (cirt.net/Nikto2) look for known web exploits, such as SQL.
CONT…
• Common Vulnerabilities and Exposures (CVE) is a dictionary of vulnerabilities in published
operating systems and applications software (cve.mitre.org).
• CREDENTIALED VERSUS NON-CREDENTIALED SCANNING
• THREAT HUNTING
30
31
PENETRATION TESTING
A penetration test—often shortened to pen test—uses authorized hacking techniques to discover
exploitable weaknesses in the target's security systems.
Exploit vulnerabilities—prove that a vulnerability is high risk by exploiting it to gain access to data
or install backdoors.
32
CONT…
Attack Profile
Attacks come from different sources and motivations. You may wish to test both resistance
to external (targeted and untargeted) and insider threats. You need to determine how much
information about the network to provide to the consultant:
Black box (or unknown environment)—the consultant is given no privileged information
about the network and its security systems. This type of test would require the tester to
perform a reconnaissance phase. Black box tests are useful for simulating the behavior of an
external threat.
CONT…
White box (or known environment)—the consultant is given complete access to
information about the network. This type of test is sometimes conducted as a follow-up to
a black box test to fully evaluate flaws discovered during the black box test. The tester
skips the reconnaissance phase in this type of test. White box tests are useful for
simulating the behavior of a privileged insider threat.
Gray box (or partially known environment)—the consultant is given some information;
typically, this would resemble the knowledge of junior or non-IT staff to model particular
types of insider threats
33
‫‪34‬‬
‫‪EXERCISE‬‬
‫تقوم شركة االبطال السيبرانية بالتحري عن مشكلة واجهت الشرطة المحلية‬
‫قام فريق الشرطة المحلية باعطاء معلومات اولية عن النظام وعن اعدادات‬
‫‪.‬‬
‫الشبكة الداخلية لكي يتمكنوا من تحليل الهجوم السيبراني المحتمل‬
‫يقوم االن فريق شركة االبطال بالتحليل بناء على المعلومات‬
‫‪.‬‬
‫َ للسابق‬
‫والمعطيات السابقة في نظرك أي نمط هجوم تم استخدامه وفقا‬
CONT…
35
Bug Bounty
EXERCISE TYPES:PASSIVE AND ACTIVE RECONNAISSANCE
Open-Source Intelligence (OSINT)—using web search tools, social media, and sites that scan for
vulnerabilities in Internet-connected devices and services (securitytrails.com/blog/osint-tools) to obtain
information about the target.
OSINT aggregation tools, such as the Harvester (github.com/laramies/the Harvester), collect and organize
this data from multiple sources.
CONT…
36
Social Engineering
Footprinting—using software tools, such as Nmap (nmap.org), to obtain information about a host
or network topology.
Drones/unmanned aerial vehicle
37
LESSON4: IDENTIFYING SOCIAL ENGINEERING AND MALWARE
SOCIAL ENGINEERING PRINCIPLES
IMPERSONATION AND TRUST
DUMPSTER DIVING AND TAILGATING
IDENTITY FRAUD AND INVOICE SCAMS
CONT…
PHISHING, WHALING, AND VISHING
SPAM, HOAXES, AND PREPENDING
PHARMING AND CREDENTIAL HARVESTING
INFLUENCE CAMPAIGNS
38
ANALYZE INDICATORS OF MALWARE-BASED ATTACKS
MALWARE CLASSIFICATION
39
CONT…
COMPUTER VIRUSES
COMPUTER WORMS AND FILELESS MALWARE
SPYWARE AND KEYLOGGERS
BACKDOORS AND REMOTE ACCESS TROJANS
RANSOMWARE AND LOGIC BOMBS
40
CONT…
MALWARE INDICATORS:
▪
▪
▪
▪
Antivirus Notifications
Sandbox Execution
Resource Consumption
File System
PROCESS ANALYSIS:
Sysinternals (docs.microsoft.com/en-us/sysinternals) is a suite of tools designed to assist with troubleshooting
issues with Windows.
41
42
LEESON 5: CRYPTOGRAPHIC CONCEPTS
Plaintext (or cleartext)—an unencrypted message.
Ciphertext—an encrypted message.
Cipher—the process (or algorithm) used to encrypt and decrypt a message.
Cryptanalysis—the art of cracking cryptographic systems.
CONT.
ENCRYPTION CIPHERS AND KEYS
SYMMETRIC ENCRYPTION
STREAM AND BLOCK CIPHERS
ASYMMETRIC ENCRYPTION
43
CONT.
44
‫‪DIGITAL SIGNATURES‬‬
‫‪45‬‬
‫‪DIGITAL CERTIFICATES‬‬
‫على سبيل المثال‪ ،‬وقع أحمد اتفاقية لبيع المنتج باستخدام مفتاحه الخاص‪ .‬تلقى المشتري المستند‪.‬‬
‫المشتري الذي يتلقى المستند أيضا حصل نسخة من المفتاح العام ألحمد‪.‬‬
‫إذا لم يتمكن المفتاح العام من فك تشفير التوقيع (عبر التشفير الذي تم إنشاء المفاتيح منه)‬
‫فهذا يعني أن التوقيع ليس توقيع أحمد‪ ،‬أو تم تغييره منذ توقيعه‪ .‬ثم يعتبر التوقيع باطال‪.‬‬
DIGITAL SIGNATURES
46
47
CIPHER SUITES
AUTHENTICATED MODES OF OPERATION:
-AUTHENTICATED ENCRYPTION
-AUTHENTICATED ENCRYPTION WITH ADDITIONAL DATA
CRYPTOGRAPHY SUPPORTING CONFIDENTIALITY
CRYPTOGRAPHIC PERFORMANCE LIMITATIONS
CRYPTOGRAPHIC SECURITY LIMITATIONS
LONGEVITY AND CRYPTOGRAPHIC ATTACKS
48
CONT…
MAN-IN-THE-MIDDLE AND DOWNGRADE ATTACKS
SALTING AND KEY STRETCHING
COLLISIONS AND THE BIRTHDAY ATTACK
49
BLOCKCHAIN
50
Blockchain is a concept in which an expanding list of transactional records is secured using cryptography. Each
record is referred to as a block and is run through a hash function.
Steganography (literally meaning "hidden writing") is a technique for obscuring the presence of a message.
Typically, information is embedded where you would not expect to find it; a message hidden in a picture, for
instance
51
LESSON 6: CERTIFICATES AND CERTIFICATE AUTHORITIES
PUBLIC AND PRIVATE KEY USAGE
CERTIFICATE AUTHORITIES
REGISTRATION AUTHORITIES AND CSRS
CERTIFICATE ATTRIBUTES
52
CERT EXAMPLE
53
OTHER CERTIFICATE TYPES
Machine/Computer Certificates
Email/User Certificates
Code Signing Certificates
54
CERTIFICATE AND KEY MANAGEMENT
▪ KEY RECOVERY
▪ CERTIFICATE EXPIRATION
▪ CERTIFICATE REVOCATION LISTS
▪ OPENSSL
▪ CERTIFICATE ISSUES
55
56
THANK YOU AND SEE YOU SOON
LESSON 7: SUMMARIZE AUTHENTICATION DESIGN CONCEPTS
IDENTITY AND ACCESS MANAGEMENT :
Identification—an account or ID that uniquely represents the user
Authentication—proving that a subject is who or what it claims to be Authorization— what rights subjects
should have on each resource Accounting— tracking authorized usage of a resource .
57
58
CONT…
AUTHENTICATION FACTORS
AUTHENTICATION DESIGN: CIA
MULTIFACTOR AUTHENTICATION
AUTHENTICATION ATTRIBUTES
CONT…
59
LOCAL, NETWORK, AND REMOTE AUTHENTICATION
Windows Authentication
Linux Authentication
Single Sign-On (SSO)
60
61
CONT…
PASSWORD ATTACKS & Crackers
AUTHENTICATION MANAGEMENT
PAP, CHAP, AND MS-CHAP AUTHENTICATION
IMPLEMENT AUTHENTICATION TECHNOLOGIES
SMART-CARD AUTHENTICATION
KEY MANAGEMENT DEVICES
TOKEN KEYS AND STATIC CODES
2-STEP VERIFICATION
62
IMPLEMENT AUTHENTICATION TECHNOLOGIES
63
BIOMETRIC AUTHENTICATION
FINGERPRINT RECOGNITION
FACIAL RECOGNITION
64
LESSON 8: IDENTITY AND ACCOUNT MANAGEMENT CONTROLS
IDENTITY MANAGEMENT CONTROLS
BACKGROUND CHECK AND ONBOARDING POLICIES
PERSONNEL POLICIES FOR PRIVILEGE MANAGEMENT
SECURITY ACCOUNT TYPES AND CREDENTIAL MANAGEMENT
65
CONT…
ADMINISTRATOR/ROOT ACCOUNTS
SERVICE ACCOUNTS
ACCOUNT ATTRIBUTES AND ACCESS POLICIES
ACCOUNT RESTRICTIONS, Permission & Audit
66
CONT…
67
CONT…
68
CONT…
DISCRETIONARY AND ROLE-BASED ACCESS CONTROL
FILE SYSTEM PERMISSIONS
RULE-BASED ACCESS CONTROL
69
CONT…
70
CONT…
71
CONT…
CONDUCT POLICIES
DIVERSITY OF TRAINING TECHNIQUES
72
LESSON 9: IMPLEMENT SECURE NETWORK DESIGNS
SECURE NETWORK DESIGNS
NETWORK APPLIANCES
ROUTING AND SWITCHING PROTOCOLS
73
NETWORK APPLIANCES
74
NETWORK APPLIANCES
75
ROUTING PROTOCOLS
76
CONT…
MAN-IN-THE-MIDDLE AND LAYER 2 ATTACKS
PHYSICAL PORT SECURITY AND MAC FILTERING
ROUTE SECURITY
77
CONT…
WIRELESS NETWORK INSTALLATION CONSIDERATIONS
WI-FI AUTHENTICATION METHODS
JAMMING ATTACKS
78
CONT…
DISTRIBUTED DENIAL OF SERVICE ATTACKS
LOAD BALANCING & CLUSTERING
QUALITY OF SERVICE (QOS)
79
80
LESSON 10: IMPLEMENT FIREWALLS AND PROXY SERVERS
PACKET FILTERING FIREWALLS
IPTABLES: iptables -I INPUT 2 -p tcp -s 10.1.0.0/24 --dport 22 -j ACCEPT
ACCESS CONTROL LISTS
VIRTUAL FIREWALLS
CONT…
81
NETWORK SECURITY MONITORING
NETWORK-BASED INTRUSION DETECTION SYSTEMS
SIGNATURE-BASED DETECTION
HOST-BASED INTRUSION DETECTION SYSTEMS
82
NETWORK SECURITY MONITORING
83
NETWORK SECURITY MONITORING
84
MONITORING SERVICES
Packet Capture
Network Monitors
Logs
85
CONT…
CAT : cat -n access.log access2.log
GREP : Enables you to search the entire contents of a text file for a specific pattern within each line and display that pattern
on the screen
grep -F 192.168.1.254 access.log
86
87
EXAM QUESTION
DRAG & DROP
Protocol
Default port
Ports
FTP
161
Telnet
22
SMTP
21
SNMP
69
SCP
25
TFTP
23
LESSON 11: SECURE NETWORK OPERATIONS PROTOCOLS
DOMAIN NAME RESOLUTION
DNS POISONING
DNS SECURITY
SECURE DIRECTORY SERVICES :LDAP
88
CONT…
TRANSPORT LAYER SECURITY
API CONSIDERATIONS
EMAIL SERVICES
VOICE AND VIDEO SERVICES
89
TLS
90
REMOTE ACCESS ARCHITECTURE
91
CONT…
SECURE SHELL
VPN CLIENT CONFIGURATION
REMOTE DESKTOP
92
LESSON 12: HOST SECURITY SOLUTIONS
HARDWARE ROOT OF TRUST
BOOT INTEGRITY
USB AND FLASH DRIVE SECURITY
END OF LIFE SYSTEMS
93
CONT…
94
CONT…
HARDENING
PATCH MANAGEMENT
ENDPOINT PROTECTION
ANTIVIRUS RESPONSE (Advanced Sysinternals)
95
EMBEDDED SYSTEMS
96
An embedded system is a complete computer system that is designed to perform a specific, dedicated
function. These systems can be as contained as a microcontroller in an intravenous drip-rate meter or as
large and complex as the network of control devices managing a water treatment plant
LOGIC CONTROLLERS FOR EMBEDDED SYSTEMS
System on Chip (SoC)
Field Programmable Gate Array (FPGA)
Real-Time Operating Systems (RTOS)
97
EMBEDDED SYSTEMS COMMUNICATIONS CONSIDERATIONS
Operational Technology (OT) Networks
Cellular Networks
Z-Wave and Zigbee
98
INTERNET OF THINGS
Hub/control system.
Smart devices—IoT.
Wearables—devices are designed as personal accessories, such as smart watches.
Sensors—IoT devices need to measure all kinds of things, including temperature, light levels, humidity,
pressure.
99
SPECIALIZED SYSTEMS
SPECIALIZED SYSTEMS FOR FACILITY AUTOMATION
SPECIALIZED SYSTEMS IN IT
SPECIALIZED SYSTEMS FOR VEHICLES AND DRONES
SPECIALIZED SYSTEMS FOR MEDICAL DEVICES
100
SPECIALIZED SYSTEMS
101
SECURITY FOR EMBEDDED SYSTEMS
Network Segmentation
Wrappers
Firmware Code Control and Inability to Patch
102
LESSON 13: MOBILE DEVICE MANAGEMENT
MOBILE DEVICE DEPLOYMENT MODELS:
Bring your own device (BYOD)
Corporate owned, business only (COBO)
Corporate owned, personally-enabled (COPE)
Choose your own device (CYOD)
103
CONT…
ENTERPRISE MOBILITY MANAGEMENT:
Mobile device management (MDM)
Mobile application management (MAM)
104
CONT..
IOS/Android in the Enterprise
MOBILE ACCESS CONTROL SYSTEMS
LOCATION SERVICES
APPLICATION MANAGEMENT
CONTENT MANAGEMENT
105
CONT..
106
CONT..
107
CONT..
108
SECURE MOBILE DEVICE CONNECTIONS
CELLULAR AND GPS CONNECTION METHODS
WI-FI AND TETHERING CONNECTION METHODS
BLUETOOTH CONNECTION METHODS
INFRARED AND RFID CONNECTION METHODS
109
CONT..
110
LESSON 14: SUMMARIZING SECURE APPLICATION CONCEPTS
APPLICATION ATTACKS
OVERFLOW VULNERABILITIES
MEMORY LEAKS AND RESOURCE EXHAUSTION
111
CONT..
APPLICATION PROGRAMMING INTERFACE ATTACKS
STRUCTURED QUERY LANGUAGE INJECTION ATTACKS
XML AND LDAP INJECTION ATTACKS
112
PASS THE HASH ATTACK
113
SQL INJECTION ATTACK
114
SECURE CODING TECHNIQUES
Input Validation
Normalization and Output Encoding
115
WEB APPLICATION SECURITY
Secure Cookies
Response Headers
116
CONT…
DATA EXPOSURE AND MEMORY MANAGEMENT
SECURE CODE USAGE
117
SCRIPTING
PYTHON SCRIPT ENVIRONMENT:
POWERSHELL SCRIPT ENVIRONMENT: Cmdlets and Functions
MALICIOUS CODE INDICATORS: Credential dumping
BASH AND PYTHON MALICIOUS INDICATORS:
commands such as whoami and ifconfig/ip/route to establish the local context.
118
119
APPLICATION DEVELOPMENT, DEPLOYMENT, AND AUTOMATION
Automation
Scalability
Elasticity
120
PROVISIONING, DEPROVISIONING, AND VERSION CONTROL
Provisioning
Deprovisioning
Version Control: Git (git-scm.com)
LESSON 15: SECURE CLOUD AND VIRTUALIZATION SERVICES
CLOUD DEPLOYMENT MODELS
CLOUD SERVICE MODELS
VIRTUALIZATION TECHNOLOGIES
121
BARE METAL TYPE 1 VS TYPE 2 HYPERVISOR..
122
CONT…
VM ESCAPE PROTECTION
VM SPRAWL AVOIDANCE
123
CLOUD SECURITY SOLUTIONS
CLOUD SECURITY INTEGRATION AND AUDITING
CLOUD SECURITY CONTROLS
CLOUD COMPUTE SECURITY
HIGH AVAILABILITY
CLOUD ACCESS SECURITY BROKERS
124
SERVICES INTEGRATION AND MICROSERVICES
Service-Oriented Architecture (SOA)
Microservices
Services Integration and Orchestration
125
CONT…
INFRASTRUCTURE AS CODE
SOFTWARE-DEFINED NETWORKING
126
LESSON 16: PRIVACY AND DATA SENSITIVITY CONCEPTS
Privacy versus Security
Information Life Cycle Management
127
DATA ROLES AND RESPONSIBILITIES
A data governance policy describes the security controls that will be applied to protect data at each
stage of its life cycle.
▪ Data owner
▪ Data steward
▪ Data custodian
▪ Data Privacy Officer (DPO)
▪ Data controller
▪ Data processor
128
DATA CLASSIFICATIONS & DATA TYPES
Classification:
Public
Confidential
Critical
Types:
Personally Identifiable Information (PII)
Customer Data
Health Information
Financial Information
129
PRIVACY NOTICES AND DATA RETENTION
Privacy Notices
Impact Assessments
Data Retention
130
DATA SOVEREIGNTY AND GEOGRAPHICAL CONSIDERATIONS
Data Sovereignty
Geographical Considerations
131
PRIVACY BREACHES AND DATA BREACHES
Organizational Consequences: Reputation damage
Notifications of Breaches & Escalation
Public Notification and Disclosure: Notification to the affected individuals
132
CONT…
RIGHTS MANAGEMENT SERVICES: Microsoft
PRIVACY ENHANCING TECHNOLOGIES: Data minimization
DATABASE DEIDENTIFICATION METHODS: Data Masking/ Tokenization
133
MICROSOFT PROVIDES AN INFORMATION RIGHTS MANAGEMENT (IRM) FEATURE
OFFICE PRODUCTIVITY SUITE
SHAREPOINT DOCUMENT
COLLABORATION SERVICES
EXCHANGE MESSAGING SERVER
134
LESSON 17: INCIDENT RESPONSE PROCEDURES
INCIDENT RESPONSE PROCESS
135
CONT…
CYBER INCIDENT RESPONSE TEAM
COMMUNICATION PLAN & STAKEHOLDER MANAGEMENT
INCIDENT RESPONSE PLAN: Data integrity/downtime/scope
INCIDENT RESPONSE EXERCISES: Tabletop/Walkthroughs
136
Stimulations Example
137
CONT…
INCIDENT IDENTIFICATION: Logs/errors /employee notification 1st rsponder
SECURITY AND INFORMATION EVENT MANAGEMENT:
▪ Correlation
▪ Retention
138
CONT…
TREND ANALYSIS
LOGGING PLATFORMS:
o Syslog
o Rsyslog and Syslog-ng
o Journalctl
139
INCIDENT CONTAINMENT
INCIDENT ERADICATION AND RECOVERY
FIREWALL CONFIGURATION CHANGES: Review/edit/Filter
CONTENT FILTER CONFIGURATION CHANGES : DLP/MDM/Certificate updates
ENDPOINT CONFIGURATION CHANGES: Weak-configuration/awareness
140
141
THANK YOU SO MUCH
SEE YOU TOMORROW
LESSON 18: KEY ASPECTS OF DIGITAL FORENSICS
DIGITAL FORENSICS REPORTS
E-DISCOVERY
VIDEO AND WITNESS INTERVIEWS
EVENT LOGS AND NETWORK TRAFFIC
142
CONT…
DATA ACQUISITION: Evidence/Standards
DIGITAL FORENSICS SOFTWARE: Forensics toolkit/Sleuth kit
SYSTEM MEMORY & DISK IMAGE: Live acquisition/Static acquisition
ACQUISITION: Network/Snapshot/Cache
143
EXAMPLE: MEMORY - VOLATILITY FRAMEWORK
144
LESSON 19: SUMMARIZING RISK MANAGEMENT CONCEPTS
RISK MANAGEMENT PROCESSES: Identify/analyze/response
RISK TYPES: External/Internal
QUANTITATIVE RISK ASSESSMENT VS QUALITATIVE RISK ASSESSMENT
145
TRAFFIC LIGHT IMPACT GRID (QUALITATIVE).
146
CONT…
RISK MANAGEMENT STRATEGIES: Inherent risk/Risk mitigation/Risk reduction
RISK AVOIDANCE AND RISK TRANSFERENCE: Avoidance/Transference
RISK ACCEPTANCE AND RISK APPETITE: Residual risk/Control risk
147
BUSINESS IMPACT ANALYSIS
MISSION ESSENTIAL FUNCTIONS: MEF/MTD/RTO/RPO
IDENTIFICATION OF CRITICAL SYSTEMS: People/Tangible assets
SINGLE POINTS OF FAILURE:MTTR/MTTF
DISASTERS & Disaster Recovery: InteVSExt/Environmental /Site risk assessment
148
LESSON 20: IMPLEMENTING CYBERSECURITY RESILIENCE
HIGH AVAILABILITY: Scalability/Elasticity/Fault Tolerance/Redundancy
POWER REDUNDANCY: Dual power/PDUs/Battery backup/Generators
NETWORK REDUNDANCY: NIC/Router & Switch/Load balancer
DISK REDUNDANCY: Redundant Array/Multipath
149
BACKUPS AND RETENTION POLICY
BACKUP TYPES: Full/Incremental/Differential
SNAPSHOTS AND IMAGES: Imaging allows the system to be re-deployed quickly
BACKUP STORAGE ISSUES : Offsite Storage/Online vs Offline
BACKUP MEDIA TYPES: Disk/NAS/Tape/SAN
150
IMPLEMENT CYBERSECURITY RESILIENCY STRATEGIES
151
CONFIGURATION MANAGEMENT :
Ensures HW is in a trusted state that has not diverged from its documented properties.
ASSET MANAGEMENT :
A standard naming convention for hardware assets, and for digital assets such as accounts and virtual machines, makes the environment more
consistent.
CHANGE CONTROL AND CHANGE MANAGEMENT:
-
Request and approve changes in a planned and controlled way.
Consideration for how the change will affect dependent components.
For most significant or major changes, organizations should attempt to trial the change first.
CONT..
SITE RESILIENCY: Hot/Cold/Warm
DIVERSITY AND DEFENSE IN DEPTH:
Technology/Vendor/Crypto Diversity
152
153
THANK YOU SO MUCH!
YOU ARE AWESOME!
NOW GO KILL THE TEST!
LESSON 21: EXPLAINING PHYSICAL SECURITY
154
Physical access controls are security measures that restrict and monitor access to specific physical areas
or assets. They can control access to a building, to equipment, or to specific areas, such as server rooms,
finance or legal areas, data centers, network cable runs, or any other area that has hardware or information
that is considered to have important value and sensitivity
CONT…
SITE LAYOUT, FENCING, AND LIGHTING
GATEWAYS AND LOCKS
PHYSICAL ATTACKS AGAINST S.CARDS : Card cloning & skimming
ALARM SYSTEMS AND SENSORS: Circuit, Motion detection, Noise detection.
SECURITY GUARDS AND CAMERAS: CCTV
155
CONT…
SECURE AREAS
HEATING, VENTILATION, AIR CONDITIONING SYSTEMS
FIRE DETECTION SUPPRESSION
SECURE DATA DESTRUCTION: Pulverizing
156
CONT… - DATA CENTER CAGES
157
…
Thank You!
158