Fund IS Section 5 Physical and Network Security
Physical Concerns for Data
Adverse conditions can harm the integrity of physical media. Each physical media has its own strengths and weaknesses.
Deep Packet Inspection
Analyzes content of network traffic to block attacks. Raises privacy concerns because the person in control can ready every message, web page visited, and listen in on IM conversations.
Equipment Environmental Conditions
Can be crucial to operating. Large areas/quantities of equipment can be hard to maintain. Generators and Head and AC help but are expensive.
Network Attack Impacts
Can devastate your business. Outages are a result of technical issue or DDos attacks
Sniffers
Can examine traffic that is entering/leaving firewalls presuming you can get it in place at a network location that will enable you to see the traffic.
Tcpdump
Command line tool packet sniffer for filtering network traffic. Windows: WinDump
Signature-based IDS
Compares incoming traffic to a database of attack signatures.
Physical Media Concerns: Technical Obsolescence
Consideration for long-term data storage.
Physical Access Controls
Core security efforts using deterrent, detective, and preventative controls. The more layers you use the more secure you are.
Virtual Private Networks (VPNs)
Creates encrypted connections for secure data transfer.
Wi-Fi Protected Access (WPA3)
Current standard with strong encryption for wireless networks.
Physical Media Concerns: Flash Media
Data storage on nonvolatile memory chips. Designed to survive conditions that would destroy other media.
Physical Media Concerns: Magnetic Media
Data storage using magnetically sensitive material. Magnetic fields harms it and jolting while in motion.
Residual Data
Data that needs to be rendered unusable when not needed.
Honeypots
Deliberately configure a vulnerable network to attract attackers. Can detect, monitor and tamper with attacker activities without them knowing. You can learn what attackers and or malware do in the wild. Can be set up to provide early warning for a corporation.
Two ways to protect your network
Designing a Secure Networks and Firewalls
Anomaly-based IDS
Detects abnormal traffic patterns by comparing to baseline.
Physical Security Controls
Devices, systems, and methods ensuring physical security when in conjunction with each other. Deterrent, Detective, Preventative, Access.
Deterrent Controls
Discourage violators, indicate presence of security measures.
Network Segmentation
Dividing networks into subnets to control traffic flow and boost performance.
Accessibility of Data
Ensuring data integrity and availability when needed.
Packet Filtering
Examines individual packets to allow or disallow based on IP, port, and protocol. Attackers can send attack traffic that spans more than one packet.
Physical Concerns for Equipment
Extreme Temperatures, Liquids (Corrosion), Living Organisms, Movement, Energy Anomalies, and Smoke and Fire.
Nmap
Famous port scanner identifying hosts, services, identify the OS of that the hosts are running, and detect versions of the services on any open ports.
Scapy
Firewall Tool for constructing Internet Control Message Protocol packets to evade/test firewalls, manipulate network traffic, and how firewalls/IDS respond.
Proxy Servers
Firewalls for applications providing security and performance features. Provides layer of security for devices by serving as choke points and allows traffic logging for later inspection. Used to keep employees from visiting undesirable sites.
Physical Media Concerns: Optical Media
Fragile media like CDs and DVDs, sensitive to scratches. Extremely temperature sensitive.
Wireshark
Full-featured sniffer with graphical interface.
Secure Shell (SSH)
Great for securing communications because you can send many types of traffic over it. It does file transfers, terminal access, and secures traffic like when connecting to remote desktop, communicating over VPN, and mounting remote file systems.
Scanners
Hardware or software tools that enable you to interrogate devices and networks for information. Used for discovering networks and systems in an environment. Two types: port scanners and vulnerability scanners.
Optiveiw Portable Network Analyzer
Hardware tool for network analysis. Expensive.
Insecure Protocols
Have secure equivalents, just look for one for the type of traffic you carry. Telnet (Insecure) -> Secure Shell (Secure) FTP -> Secure File Transfer Protocol
Wireless Protection Tools
If you don't protect against unauthorized attackers with access to your network via wireless devices you could leave a hole in your carefully laid security plans and network and never know it. Kismet is a great tool.
Network Security Tools
Improve network security, is also used by attackers to create better attacks. You can use them to locate holes to keep out attackers. Only find known issues, zero-day attacks are still an issue.
Wired Equivalent Privacy (WEP)
Legacy encryption standard for wireless networks.
Securing Physical Access
Like Defense in Depth, the more layers the better secured. Locks, Landscaping, Biometrics, Guards, Receptionists.
Choke Points
Locations like routers or firewalls to filter and control network traffic.
Firewalls
Maintain control over traffic flow in and out of networks. If rendered unusable there's not much you can do to stop it. Come up with short term solutions while creating long ones.
Stateful Packet Inspection
Monitors traffic at a connection level to allow only legitimate traffic.
Network IDS
Monitors traffic flow at a specific network location.
Site Selection Impact
Natural disasters, civil unrest, or unstable utilities can destroy facilities.
Honeynet
Network of honeypots for large-scale malware analysis.
Evacuation Procedures
Planning where, how, and who for safe evacuations. Prioritize human lives first always. Practice makes perfect and move quick.
Business Continuity Planning
Plans ensuring critical business functions continue in emergencies.
Disaster Recovery Planning
Plans preparing for disasters, actions during and after.
Administrative Controls
Policies, regulations, and rules protecting people. background tests, drug tests, exit interviews, making sure company property stays with the company and NDAs.
DMZs
Protection layer separating devices from the network with multiple firewalls. Creates a zone that allows public-facing servers to be accessed from the outside while providing protection for them and restricting traffic from those servers from penetrating sensitive parts of the network. Prevents attackers from compromising the public facing server then using it to attack the rest of the servers while posing as it.
Equipment Protection
Safeguarding facilities and equipment, equipment is the easiest to replace. Your systems should be working shortly after disaster but may take a while to be pristine.
Protecting Data
Second safety priority, encrypting data for protection.
Physical Security
Security measures to protect people, equipment, and facilities.
Detective Controls
Sense and report undesirable events like alarms and cameras.
Connection
The source and destination IP addresses, the ports being used, and the already existing network traffic.
Physical Threats
Threat categories like extreme temperature, gases, liquids, etc.
Firewall Tools
Tool that maps topology of firewalls to locate vulnerabilities in them
Kismet
Tool to detect wireless devices and access points.
Intrusion Detection Systems
Tools monitoring networks for unauthorized activity, classified by detection methods. Due to large amount of traffic may only do cursory glances at packets, may miss attack especially those designed to do so.
Rogue Access Points (RAP)
Unauthorized devices connected to wireless networks.
Packet crafting attacks
Use packets designed to evade detection by security devices.
Preventative Controls
Use physical means to to keep unauthorized entities from breaching your physical security.
Port and Vulnerability scanners
Used to look at firewalls from the outside to find any ports open or running services that make you vulnerable to attacks.
Computer Network
a group of computers or other devices that are connected to facilitate the sharing of resources. Without networks daily conveniences would be much harder.
RAID Arrays
a method of copying data to more than one storage device to protect the data if any one device is destroyed.
Packet Sniffers
listens for any traffic that your computer or device's network interface can see, whether you were intended to receive it or not. It intercepts (or sniff) traffic on a network. You have to place it so you see the traffic you want to sniff which isn't useful in segmented networks unless you use higher level network switches and/or specialized equipment/configurations to access the target network.
Redundancies
mitigate issues