3.0 Architecture and Design
Staging Environment
A "production-like" environment to test installation, configuration and migration scripts Performance testing Load testing Processes required by other teams, boundary partners, etc
Personal Health Information (PHI)
A category of information that refers to an individual's medical records and history, which are protected under the Health Insurance Portability and Accountability Act (HIPAA). Includes a wide spectrum of ramifications for businesses and individuals.
Human-Machine Interface (HMI)
A component of certain devices that are capable of handling human-machine interactions. The interface consists of hardware and software that allow user inputs to be translated as signals for machines that, in turn, provide the required result to the user. Has been used in different industries like electronics, entertainment, military, medical, etc. Help in integrating humans into complex technological systems.
Real-Time Operating System (RTOS)
A computer operating system designed to handle events as they occur. Commonly found and used in robotics, cameras, complex multimedia animation systems, and communications. Frequently used in cars, military, government systems, and other systems that need real-time results.
Internet of Things (IoT)
A computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices. The term is closely identified with RFID as the method of communication, although it also may include other sensor technologies, wireless technologies or QR codes.
Master Terminal Unit (MTU)
A controller that also acts as a server that hosts the control software that communicates with lower-level control devices, such as Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs), over an ICS network. In a SCADA system, this is often called a SCADA server, MTU, or supervisory controller.
Advanced Persistent Threat (APT)
A cyberattack launched by an attacker with substantial means, organization and motivation to carry out a sustained assault against a target. __________ in the sense that it employs stealth and multiple attack methods to compromise the target, which is often a high-value corporate or government resource. The attack is difficult to detect, remove, and attribute. Once the target is breached, back doors are often created to provide the attacker with ongoing access to the compromised system. __________ because the attacker can spend months gathering intelligence about the target and use that intelligence to launch multiple attacks over an extended period of time. __________ because perpetrators are often after highly sensitive information, such as the layout of nuclear power plants or codes to break into U.S. defense contractors.
Cell-Level Encryption (CLE)
A full database-level encryption. It functions at the Input/Output (I/O) level. Any data written into the database is automatically encrypted. Backups are also automatically encrypted. Data in use is decrypted by TDE as they are read by a user or application and stored, in clear text, in memory. Since the data-in-flight is decrypted; TLS or SSH (or now, "Always Encrypted") should be enabled to protect the data while in motion.
Virtual Local Area Network (VLAN)
A logical group of workstations, servers and network devices that appear to be on the same LAN despite their geographical distribution. Allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. Implemented to achieve scalability, security and ease of network management and can quickly adapt to changes in network requirements and relocation of workstations and server nodes. Higher-end switches allow the functionality and implementation. The purpose of implementation is to improve the performance of a network or apply appropriate security features.
Hardware Security Module (HSM)
A module is a secure crypto processor focused on providing cryptographic keys and also provides accelerated cryptographic operations by means of these keys. The module acts as a trust anchor and provides protection for identities, applications and transactions by ensuring tight encryption, decryption and authentication for a variety of applications. Includes protection features such as physical tamper resistance and strong authentication. Although the module is physically isolated like smart cards and back tapes, it provides a greater level of security as it does not have an operating system and is thus virtually invulnerable to attacks over a network.
Remote Terminal Unit (RTU)
A multipurpose device used for remote monitoring and control of various devices and systems for automation. It is typically deployed in an industrial environment and serves a similar purpose to programmable logic circuits (PLCs) but to a higher degree. Considered a self-contained computer as it has all the basic parts that, together, define a computer: processor memory storage Because of this, it can be used as an intelligent controller or master controller for other devices that, together, automate a process such as a portion of an assembly line.
Ad Hoc Network
A network that is composed of individual devices communicating with each other directly. The term implies spontaneous or impromptu construction because these networks often bypass the gatekeeping hardware or central access point such as a router. Many are local area networks where computers or other devices are enabled to send data directly to one another rather than going through a centralized access point.
Software-Defined Networking (SDN)
A newly emerging computer networking architecture. Its main distinguishing factor is the separation of the data plane from the control plane in routers and switches. In other words, the control is decoupled from hardware and implemented in software. Under this architecture, the implementation of the control plane is via software within the servers and is separate from networking equipment, while the data plane is implemented within networking hardware or equipment. The best example of this architecture is OpenFlow.
Electromagnetic Interference (EMI)
A phenomenon where one electromagnetic field interferes with another, resulting in the distortion of both fields. This is commonly observed in radios when switching between frequencies and static is heard, as well as on over-the-air TV when the picture becomes distorted because the signal has been distorted.
Network Address Translation (NAT)
A router function that enables public and private network connections and allows single IP address communication. While there are many public networks worldwide, there is a limited number of private networks. Introduced as an effective, timely solution to heavy network volume traffic.
Intranet
A secure and private enterprise network that shares data o application resources via Internet Protocol (IP). Refers to an enterprise's internal website or partial IT infrastructure, may host more than one private website and is a critical component for internal communication and collaboration.
Air Gaps
A security measure implemented for computers, computer systems or networks requiring airtight security without the risk of compromise or disaster. It ensures total isolation of a given system - electromagnetically, electronically, and, most importantly physically - from other networks, especially those that are not secure.
Electromagnetic Pulse (EMP)
A short burst of electromagnetic energy interference caused by an abrupt and rapid acceleration of charged particles, which can damage electronic components by short-circuiting them. Can contain many energy components of the electromagnetic spectrum, from the very low frequency waves to the ultraviolet wavelengths. One very common cause of EMP is lightning strikes, which supercharge ions in the atmosphere and cause electricity in the power lines to surge.
Infrastructure as Code (IaC)
A type of IT abstraction where professionals provision and manage a technology stack with software, rather than setting up hardware systems. Can be used to provision cloud systems and to virtualize various kinds of software environments.
Trusted Platform Module (TPM)
A type of secure cryptoprocessor, which is a specialized chip used to carry out cryptographic operations like the storing of encryption keys to secure information which is usually used by the host system to authenticate hardware. The information stored does not always have to be encryption keys; it may also include passwords and certificates.
Honeynet
A vulnerable and simulated computer network using a decoy server designed to test network security. Developed in order to help computer security experts to improve security for networks and systems. Although it may appear to a hacker as a legitimate network, it is actually hosted on a single server. Not authorized for any authentic uses. If it is accessed, a fair assumption is that the person accessing it is a hacker.
IoT: Wearable Technology
Always connected, continuously feeding information about location, habits, etc Increases the attack vector making interception of data easier
Transparent Data Encryption (TDE)
An industry methodology that encrypts database files at the file level. Microsoft, Oracle and IBM offer Transparent Data Encryption for certain types of database systems. Helps stored files to be resistant to access if they are stolen by a third party.
Extranet
An intranet mapped onto the public Internet or onto some other private network. Advantages of include: The ability to exchange large volumes of data using electronic data interchange Sharing product data or catalogs with business partners Joint company collaboration and training Sharing services such as online banking applications among affiliated banks Disadvantages are expensive implementation and maintenance if hosted internally and the potential for compromised sensitive or proprietary information. Alternately, it may be hosted by an application service provider.
Decommission
Asset is Decommissioned All Data is Migrated to New Platform Old data is no longer needed Asset is wiped/purged as per policy Asset is disposed of properly
AT-101
Attestation Standard (Attest Engagement) Created by the PCAOB (Public Company Accounting Oversight Board) SOC2 reports are based on AT-101 standard Review reports from other companies (potential partners) to understand how partnering with them could introduce risk Companies that provide "As-a-Service" products, cloud providers, etc.
Security Automation
Automating the process of implementing rules, enforcing policies and making changes Based on triggers or policy violations Can reduce time to remediate Mitigate risk by human error Can be exploited as well, to shut things down, DDoS, etc
Baselining
Baselines with Cl (aka CI/CD) should be committed to every day Reduces variation and time required to resolve feature conflicts Every commit to the baseline should be built Automated build process that monitors for revisions
Measured Launch
Boot components have been "measured" Identified cryptographically Cryptography hashes are checked at boot to validate each component Part of Intel Trusted Execution Technology (Intel TXT) Detailed log of everything that happens before load of the actual antimalware software Aids in troubleshooting and analysis
Motor Vehicles
Can be compromised and customer data stolen Sabotage / vehicle impairment Theft of customer data Disruption in services Representational damage / consumer confidence 2015 - Jeep Hack Security researchers were able to hack Jeep and commanding it into a ditch
Layered Security
Can involve security protocols at the system or network levels, at the application level, or at the transmission level, where security experts may focus on data in use over data at rest. Efforts attempt to address problems with different kinds of hacking or phishing, denial of service attacks and other cyberattacks, as well as worms, viruses, malware and other kinds of more passive or indirect system invasions.
System on a Chip (SoC)
Combines the required electronic circuits of various computer components onto a single, integrated chip (IC). A complete electronic substrate system that may contain analog, digital, mixed-signal or radio frequency functions. Its components usually include a graphical processing unit (GPU), a central processing unit (CPU) that may be multi-core, and system memory (RAM). Because it includes both the hardware and software, it uses less power, has better performance, requires less space and is more reliable than multi-chip systems. Most come inside mobile devices like smartphones and tablets.
Immutable Systems
Comprised of components that are replaced every deployment Built from a common image Decreases dependencies State becomes siloed Layers that store state are siloed from layers that don't
Administrative Controls
Control type that focuses on people Risk assessments Planning Policies Mandatory vacations Separation of duties
Secure Devops
Coordination between development and operations teams to provide rapid deployment of software, features, capabilities, etc., through quick feedback loops and iterative testing
Sarbanes-Oxley Act (SOX)
Created in 2002 to address the fraud/accounting scandals associated with major companies like Enron, WorldCom and Tyco Security requirements for any systems processing financial data (access management, IT controls, entity-level controls) Public companies / IPO
Data In-Use
Data not "at rest" and only on one particular node on a network Could be memory resident, swap/temp space, etc.
Data At-Rest
Data sitting on a hard drive or removable media, either local or remotely on SAN or NAS storage.
Data In-Transit
Data that is being sent over a wired or wireless network VPN connection will encrypt the data while moving.
Spiral Development Model
Developed to address the shortcomings of the waterfall method Planning Risk analysis Engineering Coding and implementation Evaluation Risks are still present if the initial risk analysis was poor. Expertise at this stage helps mitigate the risk.
Waterfall Method Risks and Concerns
Developers can't revisit design stage if security issues are discovered Developers may end up with software that is no longer needed or security compliant Security is more likely to be an afterthought primarily due to time constraints
Systems Hardening
Disable/uninstall unnecessary services Use secure protocols Use least permissive/least privilege principles Set up monitoring/alerting Establish baselines Periodically audit
Secure Coding Techniques: Encryption
Encrypting the data mitigates the risk of compromise should the computers or drives housing the data be lost or stolen
Secure Coding Techniques: Normalization
Ensure database integrity and optimization of data
Secure Coding Techniques: Code Signing
Ensure validated, trusted code is used and mitigate risk from unsigned code being allowed to run
General Change Management
Essential to structuring growth Should cover: Hardware / Software OS Configurations Migrations Commission/decommission Security changes/patches Proper change management ensures no change collisions and unintended impacts
Federal Risk and Authorization Program (FedRAMP)
Federal Risk and Management Program Provides security assessment, authorization, and continuous monitoring for cloud products and services Reusable approach to provider assessments Government agencies utilize FedRAMP to make decisions on feasibility of specific cloud-based solutions Cloud solution providers who market to federal government agencies
National Institute Of Standards And Technology (NIST) NIST Cyber-Security Framework
Federal agency within the U.S. Chamber of Commerce Controls/frameworks that span industries to manage cybersecurity risk Adherence is voluntary Impact varies by compliance level Usually larger organizations and government agencies Consists of three parts Framework Core Framework Profile Framework Implementation Tiers
Trusted OS
Framework to ensure an operating system meets a minimum level of security Security evaluation performed known as "Common Criteria" or "CC" Evaluation Assurance Levels are assigned (1-7) Most commonly accepted as secure for most commercial applications is EAL 4
Production Environment
Fully functioning live environment Most costly when errors are encountered Changes can be rolled out completely or in phases Should go through change management with a holistic view of all potentially competing changes taking place Avoid "change collisions" aimed at the same systems
VPN Connection
Generally established through a _____ manager (client/server) that utilizes networking protocols such as Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). Typically exists between the client and server device. It creates a tunnel between both the local and remote device, and ensures a secure communication between them. The _____ connection is only established when the client device authenticates itself on the _____ server or gateway.
Secure Systems Design: Kiosk
Hardening, remove unnecessary services Restrict user accounts, Imaging
Secure Systems Design: Server
Hardening, remove unneeded services User accounts, least permissive
Agile Development Model
Highest priority is to satisfy the customer. Development is an iterative and incremental approach Quick feedback loop Changes made as the product is developed Security concerns: Security testing may be inadequate New requirements may not be fully vetted for security impact Security may be ignored if it would cause substantial delays to the project
Programmable Logic Controller (PLC)
Industrial computer control system that continuously monitors the state of input devices and makes decisions based upon a custom program to control the state of output devices. Almost any production line, machine function, or process can be greatly enhanced using this type of control system. However, the biggest benefit is the ability to change and replicate the operation or process while collecting and communicating vital information.
Systems Development Lifecycle (SDLC)
Initiate Acquire Deploy Operate Dispose
Development Environment
Initiation and requirements gathering Developers can work independently of each other Intent is to eventually merge work streams into a combined system
Mobile Device Management
Insecure access to websites Insecure Wi-Fi connectivity Lost / stolen devices housing corporate data Geolocation services Missing upgrades/security patches Unauthorized downloads, applications, games, etc.
SDLC Security Concerns
Introduction of Risk Impact to CIA of systems/data Downstream impacts to third-party systems Additional security controls required? Confidentiality. Integrity. Availability.
Sandbox Environments
Isolates code, upgrades and testing from the production environment Test code changes Rollback changes quickly Regression test against various applications Execute and observe malware
Waterfall Development Model
Linear model that moves in sequential order. The team moves onto the next phase only when the previous phase is complete Requirements and analysis Design Coding System Integration Testing and debugging Delivery Maintenance
Secure Coding Techniques: Proper Error Handling
Making sure errors don't crash the system, allow for elevated privileges or expose unintended information
Continuous Integration
Merging developer updates continuously (daily) to avoid integration challenges Waiting too long to integrate can cause codebase to get out of sync Multiple developers working at the same time Integrate early and often Testing automation and replica of production is critical to success
Virtualization
Method of Segmenting or Isolating Can keep host in a "sandboxed" isolated environment Allows for snapshots to quickly revert changes Separates guest(s) from host hypervisor Other devices can be virtualized as well Infrastructure (routers, switches, load balancers, firewalls, etc)
Baseline
Minimum or starting point used for comparison and to understand when things change; either via anomaly or intended alternation
Commission
New Asset is Installed End of Service Date Security Scans MOP for Daily Operations Periodic Auditing
Camera Systems
Open and Compromised: Many systems are installed with default admin username and passwords. 1,000's are viewable with a simple search Routine Patching and Updating: Patch vulnerabilities and update drivers/firmware just like any other OS or embedded system Attack Vector: Compromised devices can be a way into a network to get a foothold elevate privileges and gain persistence into the systems Secure Disposal Policies: Encrypt communication, drives and securely wipe before disposing
Integrity Measurement Architecture (IMA)
Open source alternative that creates a measured runtime environment Creates a list of components that need to load Anchors that list to the TPM chip to prevent tampering
Integrity Measurement
Open source alternative that creates a measured runtime environment Creates a list of components that need to load Anchors that list to the T PM chip to prevent tampering Prevent sophisticated or targeted persistent attacks Roots of Trust (RoTs) Measurement Storage Reporting
Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard Protects cardholder data Various levels of controls depending on how company interacts with credit card data Self-assessments, on-site audits, quarterly network scans Merchants, banks, CC processors, and others
IoT: Home Automation
Personal data can be compromised Additional entry points into a user's network and ultimately their life Social engineering becomes easier the more a hacker knows
Secure Systems Design: Appliance
Physical access, embedded systems Updates/patches, firmware, monitoring
Secure Systems Design: Network
Placement, policies, IDS/IPS NAC, MAC Filtering, VLANs, Port Mirroring
Medical Devices
Pose a risk on multiple levels They can be hacked an adversely affect a person's health Produce massive amounts of data Often contain embedded systems that aren't routinely patched/updated Hospitals typically have 3x-4x more medical devices than IT equipment
Secure baseline
Pre-configured hardened systems: Servers and systems are pre-built with hardened configurations Baseline created after OS or Application is deployed and hardened: Once deployed, baselines are created to quickly identify when things change Periodically updated, if appropriate, when there is a "new normal": Keeping baselines current enables quick detection and avoids false positives
VPN Concentrator
Primarily adds the capabilities of a VPN router by adding advanced data and network security to the communications. It has the ability to create and manage a large quantity of VPN tunnels. Typically used for creating site-to-site VPN architectures. It can: Establish and configure tunnels Authenticate users Assign tunnel/IP addresses to users Encrypt and decrypt data Ensure end-to-end delivery of data
Demilitarized Zone (DMZ)
Primarily implemented to secure an internal network from interaction with and exploitation and access by external nodes and networks. Can be a logical sub-network, or a physical network acting as a secure bridge between an internal and external network. Network has limited access to the internal network, and all of its communication is scanned on a firewall before being transferred internally. If an attacker intends to breach or attack an organization's network, a successful attempt will only result in the compromise of the network - not the core network behind it. Considered more secure, safer than a firewall, and can also work as a proxy server.
Printers/MFDs
Printers and MFDs can contain sensitive information Patch / update regularly Use static IP address (DNS cache poisoning) Firewalls Access control Centralized printer pools Hard drive encryption where possible Proper disposal / sanitization processes
Systems/Software Development Lifecycle (SDLC)
Process to produce high-quality systems that capture all customer requirements and meet or exceed expectations Systematic approach to delivering a product or system Repeatable and iterative Can align to traditional project management or agile processes
Asset Disposal
Proper asset disposal is critical to maintain security and ensure confidential data is removed Data wiping/purging 3-pass wipe (3 as per DOD 5220.22-M) Physical destruction of drives
Health Insurance Portability And Accountability Act (HIPAA)
Protects/secures Personal Health Information (PHI) Controls need to be in place to secure PHI during the collection, storing or processing of data Any organization collecting, storing or processing PHI (hospitals, medical providers, insurance companies, etc.)
Bring Your Own Device (BYOD)
Refers to employees who bring their own computing devices - such as smartphones, laptops and tablet PCs - to work with them and use them in addition to or instead of company-supplied devices. People increasingly own their own high-end mobile computing devices and become more attached to a particular type of device or mobile operating system. May occur under the radar, or become part of a specific corporate policy in which an organization agrees to support personal mobile devices or even provides a stipend to employees to purchase a device.
Supervisory Control and Data Acquisition (SCADA)
Refers to industrial control systems (ICS) that are employed to control and keep track of equipment or a plant in industries like water and waste control, telecommunications, energy, transport, and oil and gas refining. A computer system used to gather and analyze real-time data. This data is processed by the computer and is presented on a regular basis. Also saves and make logs for every event into a log file that is saved on a hard drive or is sent to a printer. Gives warnings by sounding alarms if situations develop into hazardous scenarios.
Privacy Shield
Replaced the US-EU Safe Harbor standard Safeguards data being transferred between the EU and US Enables US companies to more easily receive personal data from the EU / comply with EU privacy laws Self-certification process that the company complies with EU data protection standards Any company that collects, stores or processes personal data between EU and US companies
Secure Coding Techniques: Proper Input Validation
Sanitize data to mitigate cross-site scripting and cross-site forgery requests
Secure Systems Design: Workstation
Screensavers, passwords, policies Monitoring/auditing, remote wiping
Statement on Standards for Attestation Engagements (SSAE) SSAE 16
Statement on Standards for Attestation Engagements No. 16 Monitors and enforces controls dealing with financial reporting applications and associated infrastructure Mandatory compliance as part of SOX compliance (public companies) SOCI reports are reviewed by stakeholders Companies that typically receive SOCI reports or ones that process financial information/impact financial statements
International Organization for Standardization (ISO)
Sub-frameworks depending on goals and industry IT security references controls in ISO 27000 Used as a framework to monitor, report and improve Information Security Management Systems (ISMS) Any organization type or size
Technical Controls
Systems that are put in place to detect or prevent attacks NIDS/NIPS UTM Provide automated actions and responses Training of users to recognize threats Security is everyone's responsibility
Test Environment
Testing can take different forms and can be integrated throughout all phases Testing environment is an area typically prior to, or "lower than" staging Code usually runs on single systems or isolated environments Bugs are identified, processes/systems modified and resolved Process can be iterative
Full-Disk Encryption (FDE)
The encryption of all data on a disk drive, including the program that encrypts the bootable OS partition. It is performed by disk encryption software or hardware that is installed on the drive during manufacturing or via an additional software driver. Converts all device data into a form that can be only understood by the one who has the key to decrypt the encrypted data. An authentication key is used to reverse conversion and render the data readable. Prevents unauthorized drive and data access.
Encryption
The process of using an algorithm to transform information to make it unreadable for unauthorized users. This cryptographic method protects sensitive data such as credit card numbers by encoding and transforming information into unreadable cipher text. This encoded data may only be decrypted or made readable with a key. Symmetric-key and asymmetric-key are the two primary types.
Defense In Depth
The use of multiple layers of defense placed throughout an information system. With multiple layers the outermost layers are the first line of defense and work well against the smallest and most common attacks. More powerful and unconventional attacks get past the first few layers but will be stopped by the deeper, more concentrated layers. The concept was conceived by the National Security Agency (NSA) as a comprehensive approach towards information and electronic safety.
Hardware Root of Trust
Trust begins with the systems that are inherently trusted Secure by design Perform security-critical functions Boot-firmware is one example
Secure Boot
UEFI feature that allows only signed boot software to load. When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system.
Aircraft / UAV
Unmanned aircraft can be compromised Hackers Terrorists Organized Crime Take control or intercept communications Disperse weapons Spy/snoop on targets GPS Spoofing Encrypted GPS mitigates threat
Peripherals security
Update / Patch: Make sure to keep all systems/peripherals patched and updated Physically Secure Devices: Treat peripherals like any other asset, could contain sensitive data Require Credentials to Access: Printers, copiers Encrypt Data When Possible: Require encryption of removable devices, external storage, WiFi
High Altitude EMP Attack (HEMP)
Usually a nuclear attack detonated above 25 miles. It will disable all unprotected electronic equipment over a wide area depending on the size of the pulse. A nuclear weapon detonated at an altitude of 200 miles could affect all unprotected electrical equipment within the continental United States.
Secure Coding Techniques: Stored Procedures
Utilize vetted, secure procedures vs. writing new code on the fly
Unified Extensible Firmware Interface (UEFI)
Works like BIOS, but with enhanced control, security and manageability of the system booting process. Programmable and allows for the addition of boot-time applications and services by original equipment manufacturer (OEM) developers. Provides secure boot services that prevent the loading of malware into the rootkit by evaluating and authenticating the certificate of each boot loader driver from the firmware that is stored on the system's motherboard. Thus, only certified applications and services can execute on boot.
