Chapter 8 Hardware and Systems Security
To manage your IT infrastructure security activities you need:
-Incident characterization and warning data, in real time. -Traffic, systems utilization, and systems health and status information, updated in near real time. -Status of open vulnerabilities, planned resolution efforts, and affected systems. *These options go from real-time indications and warnings, to health and status monitoring in real or near-real time, to mitigation plans and status.
The limitations of mobile device management (MDM) when it comes to security needs are
-Most systems can handle only market-leading mobile phones and laptops and cannot support wearable computing, smart watches, and so forth. -MDM systems, by themselves, cannot make up for shortcomings in organizational policies or plans for risk management.
Secure browsing and private browsing are:
-different in that private browsing may not effectively mask your identity or the identity of your system but secure browsing can. -the only truly secure and private browsing is what you do on a sterile, sandbox system, with no PII or company data made available to the browser or sites you browse, and no files transferred from the sterile sandbox system into your protected systems.
Bring your own infrastructure (BYOI) affects information security planning by
-potentially opens the organization's infrastructure up to previously unknown connections with other people, organizations, and so forth; the potential for new and surprising risks is very great. -often uses consumer-grade services, particularly for cloud services, which are not compatible with typical enterprise systems. -brings the potential for dynamic subnets of people and organization becoming part of your infrastructure, and for loosely coupled cloud storage and processing to impact your business logic's use of enterprise systems.
Malware attacks can corrupt or infect device-level firmware through
-remote or onsite device management (or mismanagement) attacks that allow a hacker to initiate a firmware update using a hacked firmware file. -phishing or misdirection attacks that fool operators or users into initiating an upload of a hacked firmware file.
True or False: Encryption solves all of your endpoint security problems
False/NO; a. many endpoints may still allow users to create covert paths that move information across security boundaries or aggregate information in ways they should not.
Yes or No: SSCP have a role in IT supply chain security issues?
Yes, because the SSCP can and should advise on all potential security considerations affecting purchase, installation, use, maintenance, and disposal of IT equipment and systems.
Zero day exploit is
conducted against a newly discovered vulnerability before it becomes known to the cyber security community or the system's vendor or owners.
Small business can incur losses even if one
employee;s or customer's PII is compromised, or if critical data is lost.
To improve endpoint security is most effective by
ensuring that identity management and access control systems will not allow unauthorized users or processes access to system resources, regardless of what device they are from.
Host-based firewalls can
filter, restrict, or block connection attempts by programs running on the host computer to external networks.
firewalls play a role in countering or preventing a malware infestation from striking a system because
firewall can restrict or filter connections by outside devices to the network, and block connections to ports or the use of protocols or services that may be attempts to infiltrate your systems and possibly bring malware with them.
Malware is detected when it has infected a target systems and users
notice abnormal behavior of their systems, ranging from sluggish response, to strange crashes, to unusual warning messages or pop-ups. Malware scanner programs look for signatures in program files that match known malware, or look for pattens of behavior that are suspicious.
Email scanning for malware may be 100% effective at stopping malware from entering your systems directly, but it will not help with
phishing, whaling, or other such attack vectors.
Email and malware for most enterprise systems are a
server that scans for all incoming email and attachments, before email is sent to its addresses, should be used.
Malware has the ability to
shut off safety features in computer or destroy hard disk drives.
To protect virtual machines, as compared to protecting your physical hardware systems because
t's so easy to create (and destroy) VM's, you may need policy and procedural controls over who can do this and what protections need to be in place.
Malware is best classified and understood by
the capabilities it grants the exploiter, and the impacts it has on the target system. This combines purpose, intent, design, and effect and is arguably the more important characterization to use.
Trusted platform modules provides benefits to an organization's IT infrastructure as a
trust root, a TPM can make hierarchies of trust more reliable. Trusted Platform Modules (TPMs) are special, sealed hardware modules added to the motherboards of computers or phones by their manufacturers.
Malware can be introduced into your protected systems by
watching a streaming video or listening to streaming music or audio files. In almost all cases, using a media player built into your browser will not allow malware to be stored on your computer
When choosing your countermeasures and tactics to protect hardware and systems software, you should start
your organization's IT vulnerabilities assessment.
