Network Security - Chapter 9

System on a chip (SoC)

A SoC is an integrated circuit that includes all components of a typical computer system, including digital, analog, mixed-signal, and radio frequency functions. The Raspberry Pi is a common device that uses a SoC. Because of their relatively low cost, SoCs are often used by hobbyists.

Field Programmable Gate Array (FPGA)

A Field Programmable Gate Array is an integrated circuit manufactured and then later configured by the customer. The configuration happens through a hardware description language (HDL), similar to application-specific integrated circuit (ASIC).

Real-time operating system (RTOS)

A RTOS is an operating system that serves real-time applications without buffer delays. They are generally used in systems that require a response within a strict time constraint. Because RTOS are often used as critical components of an application, a successful attack on the RTOS can harm an entire system, including physical machinery.

Subscriber identity module (SIM) card

A SIM card encrypts data transmission and stores information.

Windows Intune

MDM solution is Windows Intune, which provides cloud-based mobile device management that allows you to remotely manage and secure mobile devices (as well as standard desktop systems starting with Windows 7 or later). Intune cannot by used to manage Windows Server.The table below shows which operating systems Windows Intune currently supports:

Multi-function display (MFD)

An MFD is a screen surrounded by configurable buttons that can be used to display information in a variety of ways. MFDs are often used on airplanes, helicopters, and ships.

Unified endpoint management (UEM)

An all-in-one device management solution. UEM allows a system administrator to manage local and mobile devices, including Internet of Things devices. UEM is the next step in device management. These solutions provide a single point for all types of devices, including: Workstations Printers Mobile devices IoT devices Wearable devices UEM is the joining together of traditional device management and enterprise mobility management solutions.

Software-defined networking

An architecture that allows network and security professionals to manage, control, and make changes to a network. The idea is that network engineers are able to use software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device. SDN uses a controller to manage the devices. The controller is software that is able to inventory hardware components in the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device.

Arduino

Arduino is an open-source hardware and software company. They design and manufacture single-board microcontrollers as well as kits to build digital devices.

Advantages of Cloud Computing

Flexible access Ease of use Self-service resource provisioning API availability Service metering The ability to try software applications in cloud computing service models

Infrastructure as a Service (IaaS)

IaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment.

securing cloud storage

Implement security controls in the same way as in a physical datacenter. Use data classification policies. Assign information into categories that determine storage, handling, and access requirements. Assign security classification based on information sensitivity and criticality. Use specialized tools to securely dispose of data when it is no longer needed.

Corporate owned, personally enabled

In a COPE system, the company provides a list of approved devices for an employee to choose from. The company owns the device; the employee uses and manages the device.

Choose your own device

In a CYOD system, the company provides a list of approved devices for an employee to choose from. The ownership and management of devices varies by organization.

Displays

In the past, display devices had a single use as a monitor for a computer. Today's monitors and other display devices are increasingly embedded with smart features and have wireless connections.

Sideloading

Installing an app on a mobile device via a method other than the manufacturer's app repository.

Application Security

It's critical to use security best practices when adding each new application or tool. Each additional has the potential to create a network vulnerability. Application security best practices include: Verify the application is correctly configured. Secure APIs and interfaces through encryption and multifactor authentication with limited authorization.

Virtual switch (vSwitch)

Software that facilitates the communication between virtual machines by checking data packets before moving them to a destination.

Virtual firewall appliance (vFA)

Software that functions as a network firewall device. A virtual firewall appliance provides packet filtering and monitoring functions.

Virtual router (vRouter)

Software that replicates the functionality of a physical router.

Cloud computing

Software, data access, computation, and storage services provided to clients through the internet. characteristics: Delivery of common business applications that are accessed from a web service or software (like a web browser). The cloud connection can exist over the internet or a LAN. Cloud computing does not require end-user knowledge of the physical location and configuration of the system that delivers the services.

Virtual machine monitor (VMM)/hypervisor

Software, firmware, or hardware that creates and runs virtual machines.

Network fencing

Location compliance, known as network fencing, allows you to keep devices outside your corporate network from accessing network resources.

SDN Advantages and Disadvantages

Some advantages of SDN include: Centralized management More granular control Lower overall cost and labor Give new life to old networking hardware Gather network information and statistics Facilitate communication between hardware from different vendors Some disadvantages of SDN include: Is currently a new technology Lack of vendor support Standards are still being developed Centralized control opens a new target for security threat

Physical layer

The Physical layer, also known as the Infrastructure layer, communicates to the Control layer through the southbound interface. The individual networking devices use southbound APIs to communicate with the control plane and vice versa. Even though this layer is called the Physical layer, it is where both physical and virtual network devices sit.

Mobile application management

The administration of applications on a mobile device. MAM software allows a system administrator to remotely install or remove organizational apps and to disable certain functions within the apps.

Mobile device management

The administration of mobile devices. MDM software generally allows for tracking devices; pushing apps and updates; managing security settings; and remotely wiping the device.

Segmentation

The division of a network into smaller networks through a virtual local area network (VLAN) and firewalls.

Sandboxing

The isolation of an app so that it can't affect other areas of a computer or network.

Internet of Things

The network of physical devices such as vehicles, home appliances, etc., that are embedded with electronics, software, sensors, actuators, and connectivity that enable them to connect, collect, and exchange data through the internet.

Physical machine

The physical computer with hardware, such as the hard disk drive(s), optical drive, RAM, and motherboard.

Bring your own device (BYOD)

The practice of having employees use their own personal mobile devices for business related tasks.

Geotagging

The process of embedding GPS coordinates within mobile device files, such as image or video files created with the device's camera.

App whitelisting

The process of identifying apps that users are allowed to have on mobile devices.

Jailbreaking

The process of removing inherent protections placed by the device manufacturer.

Data exfiltration

The unauthorized copy, transfer, or retrieval of data from a computer, server, or network.

Unmanned aerial vehicles (UAV)

UAVs are used for military campaigns, search and rescue, weather monitoring, and recreation. UAVs use embedded computers for collecting and transmitting data and for receiving commands.

Virtual desktop infrastructure

VDI is a technology that uses virtual machines and virtual desktops.

Virtual networks

Virtual machines and devices connected through software.

Voice over IP (VoIP)

Voice over IP is a protocol optimized for the transmission of voice data (telephone calls) through a packet-switched IP network. VoIP routes phone calls through an IP network, including the internet. VoIP solutions can integrate with the public switched telephone network (PSTN) to allow VoIP customers to make and receive external calls.

BYOD Security Issues

difficult to secure such a device: need to protect both types of data. need a policy for when a device is sold or traded

Hybrid cloud

hybrid cloud is composed of a combination of public, private, and community cloud resources from different service providers. The goal behind a hybrid cloud is to expand the functionality of a given cloud service by integrating it with other cloud services.

SaaS Simple multi-tenancy

in which each customer has its own resources that are segregated from other customers.

Cloud access security broker (CASB)

is an on-premises cloud-based software tool or service that sits between an organization and a cloud service provider. CASBs: Monitor communication for compliance with an organization's security policies and procedures. Can offer malware protection and encryption. Can give more specific protection and monitoring capabilities than secure web gateways (SWGs) and enterprise firewalls.

Community cloud

is designed to be shared by several organizations. Access is restricted to users within the organizations who are sharing the community cloud infrastructure. Community clouds can be hosted internally or on-premise, with each organization sharing the cost of implementation and maintenance. Because of the expense and expertise required, community clouds are commonly hosted externally, by a third party.

Private cloud

provides resources to a single organization. Access is restricted to the users within the organization. Private clouds can be hosted internally. Because of the expense and expertise required to implement, clouds are typically hosted externally, by a third party. An organization commonly enters into an agreement with a cloud service provider, which provides secure access to cloud-based resources. The organization's data is kept separate and secure from any other organization using the same service provider.

Mobile Device Management (MDM)

remotely controls smartphones and tablets, ensuring data security

Public cloud

an be accessed by anyone. Cloud-based computing resources, such as platforms, applications, storage, or other resources, are made available to the general public by a cloud service provider. The service provider may or may not require a fee for using these resources. For example, Google provides many publicly-accessible cloud applications, such as Gmail and Google Docs.

SaaS Fine grain multi-tenancy

segregates customers, but resources are shared.

Virtual area network (VAN)

A virtual LAN running on top of a physical LAN.

Virtual machine (VM)

A virtual computer that functions like a physical computer.

Acceptable use policy

An AUP determines the rules for using corporate resources, such as internet access, computers, etc.

Virtual private cloud (VPC) endpoint

A virtual device that provides a private connection between virtual private clouds and a cloud provider's services. A VPC endpoint keeps traffic secure with a private link resource.

Enterprise mobility management (EMM)

A combination of MDM and MAM solutions in one package. EMM allows a system administrator to remotely manage hardware and applications on a mobile device. s different brands and manufacturers of mobile devices came on the market, the ability to manage them all became more difficult. Enterprise mobility management solutions address this problem by being able to manage multiple types of devices in a single package. Microsoft's Intune is one of the most popular EMM solutions. Intune is included with any Windows Enterprise agreement of at least 500 users and supports all types of devices. Intune is integrated into the organization's Azure Active Directory, which simplifies device management even more. Intune allows the system administrator to: Manage mobile devices Manage mobile apps Control data access Comply with security policies

Virtual network

A computer network consisting of virtual and physical devices.

Virtual Desktop Infrastructure (VDI)

A desktop operating system running within a virtual machine (VM) running on a server. Cloud-based services can be hosted externally by third-party service providers or internally on your own virtualization infrastructure. For example, internal private clouds are commonly used to provide a VDI. Using VDI, user desktops are virtualized, running on high-end hardware in the data center instead of on the end user's workstation hardware. The physical workstation is merely used to establish a remote connection to the user's virtualized desktop. This is sometimes called a thin client deployment because most of the computing power is provided by servers in the data center. Traditional deployments, where most of the processing load is handled by the local workstation, are called thick client deployments.

Virtual hard disk (VHD)

A file that is created within the host operating system and simulates a hard disk for the virtual machine.

Mainframe computer

A lesser known category of embedded devices are mainframe computers. A mainframe computer is a large, powerful computer that is capable of processing extremely large amounts of data. Mainframe computers typically run proprietary operating systems. Because these operating systems are rarely updated, they are considered a static environment. In addition, mainframe computers often contain large amounts of sensitive data, making them an attractive target for hackers.

Media gateways

A media gateway is a translation device that converts media streams for use by different telecommunication technologies.

Cloud

A metaphor for the internet.

Virtual private network (VPN)

A secure tunnel to another network that connects multiple remote end-points.

Security group

A security group works like a firewall to control traffic to and from network resources.

Virtual machine

A software implementation of a computer that executes programs like a physical machine.

Cloud-based firewall

A software network device that is deployed in the cloud that protects against unwanted access to a private network.

Cloud Access Security Broker (CASB)

A software tool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic, and can enforce security policies.

Container

A standard unit of software that holds the complete runtime environment including an application, all application dependencies, libraries, binaries, and configuration files.

Load balancing

A technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time.

Windows Information Protection

A technology that helps protect against data leakage on company-owned and personal devices without disrupting the user experience.

Hypervisor

A thin layer of software that resides between the guest operating system and the hardware. It creates and runs virtual machines.

Cloud Security Risk Reduction

Authenticate all users who access the service and allow users to access only the applications and data that they need. Use a Cloud Access Security Broker (CASB). A CASB is a software tool or service that sits between an organization and a cloud service provider. Its job is to make sure that all communication and access to the cloud service provider complies with the organization's security policies and procedures. Segregate each organization's centrally-stored data. Verify, test, and apply updates to the infrastructure. Establish a formal process for all facets of the service, from user requests to major data breaches and catastrophic events. Implement security monitoring for usage, unusual behavior, and other events. Implement encryption up to the point of use, such as the client's web browser. Probe for security holes with a third-party service provider. Comply with all regulatory measures, such as the Sarbanes-Oxley Act.

Advantages of Cloud Storage

Companies pay only for the storage used. This does not necessarily mean that cloud storage is less expensive, but it incurs only operating expenses. Cloud storage can cut energy consumption by up to 70% making an organization more green. Organizations can choose between off-premises and on-premises cloud storage options, or a mixture of the two options. Storage availability and data protection is intrinsic to object storage architecture. Depending on the application, you can eliminate the costs, effort, and additional technology to add availability and protection. Storage maintenance tasks, such as purchasing additional storage capacity, are the responsibility of the service provider. Cloud storage can be used for copying virtual machine images from the cloud to on-premises locations or to import a virtual machine image from an on-premises location to the cloud image library. Cloud storage can be used as natural disaster backup, since cloud storage providers' backup servers are typically located in different places around the globe.

External storage devices

External storage devices such as USB flash drives, HDDs, and SSDs can connect to traditional computing equipment, as well as to many smart devices.

Digital cameras

Most modern digital cameras use embedded systems for processing captured images, storing images, and uploading images to a PC or other storage device.

Medical devices

Much of today's medical technology for daily monitoring and maintenance uses embedded systems. Instead of having to visit a physician every day, wearable devices can be used to collect information on heart rate, glucose levels, weight, blood pressure, and other parameters. This information can then be sent to a doctor automatically or used for self-monitoring.

Multifunction printers (MFPs)

Multifunction printers can connect to wireless networks and to the internet for additional functionality.

Platform as a Service (PaaS)

PaaS delivers everything a developer needs to build an application. The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers.

Raspberry Pi

Raspberry Pi is a low-cost device the size of a credit card that's powered by the Python programming language. It's manufactured into a single system on a chip (SoC).

Supervisory control and data acquisition (SCADA)

SCADA is an industrial computer system that monitors and controls a process.

Security as a Service (SECaaS)

SECaaS providers integrate their services into a corporate infrastructure. The applications and software are specific to organizational security. SECaaS is based on the Software-as-a-Service cloud computing model, but is limited to information security services and does not require on-premises hardware. These security services can include authentication, anti-virus, anti-malware, spyware, intrusion detection, penetration testing, and security event management. SECaaS can sometimes be much more cost effective for an organization than having to pay for all the necessary equipment and personnel to properly protect a network from viruses, malware, and instruction. However, it is still necessary to have an on-site security professional.

Software as a Service (SaaS)

SaaS delivers software applications to the client over the internet or on a local area network.

Industrial equipment

Some industrial equipment also fits into the category of a smart device. Supervisory control and data acquisition (SCADA) devices are special computer systems that gather, analyze, and manage automated factory equipment. For example, a SCADA system could be used to monitor factory pipes and automatically open valves if pressure in the pipe system reaches a specific threshold. SCADA is a subset of Industrial Control Systems (ICS), which refers to all types of industrial automation.

Application layer

The Application layer communicates with the Control layer through what is called the northbound interface. These are sometimes called northbound APIs.

Control layer

The Control layer receives its requests from the Application layer and then provides the Physical layer with its configuration and instructions.

Cloud-based firewalls

When making a decision about a cloud-based firewall, consider the following. Cost Liability and damage to your cloud applications and services. The cost of a misconfigured firewall. Misconfiguration includes ports left open and other security holes exposed. There are cloud-based firewalls available whose fees are based on usage to help lower the cost. The cost of damages and liability may be far higher than the cost of a firewall. Segmentation Implement internal segmented firewalls (ISFWs) and access control lists to control access to each segment. Use segmentation to partition networks into trust zones to limit access. Become familiar with networking methods and network segmentation tools provided by your cloud provider to optimize the cloud-based firewall for your organization. Use segmentation tools such as firewall rule sets and load balancers to regulate the IP addresses that can access network segments Secure Web Gateways SWGs and firewalls both detect malicious traffic. Firewalls work at the packet level, while SWGs work at the application level in the cloud.SWGs are a network security service which filters malware from user-side internet connections. SWGs use URL filtering, application control, data loss prevention, https inspections, and antivirus protection.SWGs are proxies between the organization and the internet. They receive requests from clients before deciding if the session is legitimate.SWGs can monitor and log all on-premises traffic, as well as traffic in public and private clouds. This helps you understand where your vulnerabilities are, which allows you to implement security and use policies intentionally.

Wi-Fi-enabled microSD cards

Wi-Fi-enabled MicroSD cards can wirelessly transfer data to and from other devices. Many of them connect directly to the internet.

Wireless keyboards and mice

Wireless keyboards and mice use Bluetooth or other proprietary radio frequency connections.

Zigbee

Zigbee is a radio protocol that creates low-rate private area networks.