Fund IS Section 5 Physical and Network Security

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Physical Concerns for Data

Adverse conditions can harm the integrity of physical media. Each physical media has its own strengths and weaknesses.

Deep Packet Inspection

Analyzes content of network traffic to block attacks. Raises privacy concerns because the person in control can ready every message, web page visited, and listen in on IM conversations.

Equipment Environmental Conditions

Can be crucial to operating. Large areas/quantities of equipment can be hard to maintain. Generators and Head and AC help but are expensive.

Network Attack Impacts

Can devastate your business. Outages are a result of technical issue or DDos attacks

Sniffers

Can examine traffic that is entering/leaving firewalls presuming you can get it in place at a network location that will enable you to see the traffic.

Tcpdump

Command line tool packet sniffer for filtering network traffic. Windows: WinDump

Signature-based IDS

Compares incoming traffic to a database of attack signatures.

Physical Media Concerns: Technical Obsolescence

Consideration for long-term data storage.

Physical Access Controls

Core security efforts using deterrent, detective, and preventative controls. The more layers you use the more secure you are.

Virtual Private Networks (VPNs)

Creates encrypted connections for secure data transfer.

Wi-Fi Protected Access (WPA3)

Current standard with strong encryption for wireless networks.

Physical Media Concerns: Flash Media

Data storage on nonvolatile memory chips. Designed to survive conditions that would destroy other media.

Physical Media Concerns: Magnetic Media

Data storage using magnetically sensitive material. Magnetic fields harms it and jolting while in motion.

Residual Data

Data that needs to be rendered unusable when not needed.

Honeypots

Deliberately configure a vulnerable network to attract attackers. Can detect, monitor and tamper with attacker activities without them knowing. You can learn what attackers and or malware do in the wild. Can be set up to provide early warning for a corporation.

Two ways to protect your network

Designing a Secure Networks and Firewalls

Anomaly-based IDS

Detects abnormal traffic patterns by comparing to baseline.

Physical Security Controls

Devices, systems, and methods ensuring physical security when in conjunction with each other. Deterrent, Detective, Preventative, Access.

Deterrent Controls

Discourage violators, indicate presence of security measures.

Network Segmentation

Dividing networks into subnets to control traffic flow and boost performance.

Accessibility of Data

Ensuring data integrity and availability when needed.

Packet Filtering

Examines individual packets to allow or disallow based on IP, port, and protocol. Attackers can send attack traffic that spans more than one packet.

Physical Concerns for Equipment

Extreme Temperatures, Liquids (Corrosion), Living Organisms, Movement, Energy Anomalies, and Smoke and Fire.

Nmap

Famous port scanner identifying hosts, services, identify the OS of that the hosts are running, and detect versions of the services on any open ports.

Scapy

Firewall Tool for constructing Internet Control Message Protocol packets to evade/test firewalls, manipulate network traffic, and how firewalls/IDS respond.

Proxy Servers

Firewalls for applications providing security and performance features. Provides layer of security for devices by serving as choke points and allows traffic logging for later inspection. Used to keep employees from visiting undesirable sites.

Physical Media Concerns: Optical Media

Fragile media like CDs and DVDs, sensitive to scratches. Extremely temperature sensitive.

Wireshark

Full-featured sniffer with graphical interface.

Secure Shell (SSH)

Great for securing communications because you can send many types of traffic over it. It does file transfers, terminal access, and secures traffic like when connecting to remote desktop, communicating over VPN, and mounting remote file systems.

Scanners

Hardware or software tools that enable you to interrogate devices and networks for information. Used for discovering networks and systems in an environment. Two types: port scanners and vulnerability scanners.

Optiveiw Portable Network Analyzer

Hardware tool for network analysis. Expensive.

Insecure Protocols

Have secure equivalents, just look for one for the type of traffic you carry. Telnet (Insecure) -> Secure Shell (Secure) FTP -> Secure File Transfer Protocol

Wireless Protection Tools

If you don't protect against unauthorized attackers with access to your network via wireless devices you could leave a hole in your carefully laid security plans and network and never know it. Kismet is a great tool.

Network Security Tools

Improve network security, is also used by attackers to create better attacks. You can use them to locate holes to keep out attackers. Only find known issues, zero-day attacks are still an issue.

Wired Equivalent Privacy (WEP)

Legacy encryption standard for wireless networks.

Securing Physical Access

Like Defense in Depth, the more layers the better secured. Locks, Landscaping, Biometrics, Guards, Receptionists.

Choke Points

Locations like routers or firewalls to filter and control network traffic.

Firewalls

Maintain control over traffic flow in and out of networks. If rendered unusable there's not much you can do to stop it. Come up with short term solutions while creating long ones.

Stateful Packet Inspection

Monitors traffic at a connection level to allow only legitimate traffic.

Network IDS

Monitors traffic flow at a specific network location.

Site Selection Impact

Natural disasters, civil unrest, or unstable utilities can destroy facilities.

Honeynet

Network of honeypots for large-scale malware analysis.

Evacuation Procedures

Planning where, how, and who for safe evacuations. Prioritize human lives first always. Practice makes perfect and move quick.

Business Continuity Planning

Plans ensuring critical business functions continue in emergencies.

Disaster Recovery Planning

Plans preparing for disasters, actions during and after.

Administrative Controls

Policies, regulations, and rules protecting people. background tests, drug tests, exit interviews, making sure company property stays with the company and NDAs.

DMZs

Protection layer separating devices from the network with multiple firewalls. Creates a zone that allows public-facing servers to be accessed from the outside while providing protection for them and restricting traffic from those servers from penetrating sensitive parts of the network. Prevents attackers from compromising the public facing server then using it to attack the rest of the servers while posing as it.

Equipment Protection

Safeguarding facilities and equipment, equipment is the easiest to replace. Your systems should be working shortly after disaster but may take a while to be pristine.

Protecting Data

Second safety priority, encrypting data for protection.

Physical Security

Security measures to protect people, equipment, and facilities.

Detective Controls

Sense and report undesirable events like alarms and cameras.

Connection

The source and destination IP addresses, the ports being used, and the already existing network traffic.

Physical Threats

Threat categories like extreme temperature, gases, liquids, etc.

Firewall Tools

Tool that maps topology of firewalls to locate vulnerabilities in them

Kismet

Tool to detect wireless devices and access points.

Intrusion Detection Systems

Tools monitoring networks for unauthorized activity, classified by detection methods. Due to large amount of traffic may only do cursory glances at packets, may miss attack especially those designed to do so.

Rogue Access Points (RAP)

Unauthorized devices connected to wireless networks.

Packet crafting attacks

Use packets designed to evade detection by security devices.

Preventative Controls

Use physical means to to keep unauthorized entities from breaching your physical security.

Port and Vulnerability scanners

Used to look at firewalls from the outside to find any ports open or running services that make you vulnerable to attacks.

Computer Network

a group of computers or other devices that are connected to facilitate the sharing of resources. Without networks daily conveniences would be much harder.

RAID Arrays

a method of copying data to more than one storage device to protect the data if any one device is destroyed.

Packet Sniffers

listens for any traffic that your computer or device's network interface can see, whether you were intended to receive it or not. It intercepts (or sniff) traffic on a network. You have to place it so you see the traffic you want to sniff which isn't useful in segmented networks unless you use higher level network switches and/or specialized equipment/configurations to access the target network.

Redundancies

mitigate issues


संबंधित स्टडी सेट्स

AMH 2020-Chapters: 27, 28, 29 and 30

View Set

Test Review Chapter 4: Personal Finance

View Set

Anatomy of the Hand (digits+palm+carpals)+Wrist (Distal Radius/Ulna=wrist joint)

View Set

Chapter 31: Cognitive and Sensory Alterations

View Set