CHAPTER 3COUNTERMEASURE IN CYBERSECURITY97
CHAPTER 3COUNTERMEASURE IN CYBERSECURITY3.1 TYPES OFIT INFRASTRUCTURES3.2 TYPES OFINFRASTRUCTURE SECURITY3.3 MALICIOUS SOFTWARE PROTECTION PROGRAM3.4 PROTECTION FOR PHYSICAL EQUIPMENT3.5 APPLICATION SECURITY HARDWAREHARDENING3.6 TOOLS IN CYBERSECURITY AND INFORMATIONSECURITY3.7 EXERCISES98
Support Business OperationEnsure Reliability and AvailabilityFacilitate CommunicationEnhance ScalabilitySecurity and ProtectionEnable Innovation3.1 TYPES OFIT INFRASTRUCTURESWHAT IS IT INFRASTRUCTURE?IT infrastructure refersto the collection of hardware,software, and networksthat maintain the operation and delivery of IT-managed services.THE PURPOSE OFIT INFRASTRUCTURECLASSIFICATION OFINFRASTRUCTURESCLASSESDATAAPPLICATION(SOFTWARE)PHYSICAL(HARDWARE)NETWORK99
DataDefinition: All components related to datastorage, management, and processing. Itencompasses databases, data warehouses, datalakes, and storage systems. Data Centersfacilities used to house computer systems andassociated components.Example: Files and records stored in a databaseor data warehouse.Application(Software)Definition: Application refers to the programsand software that run on your hardware.Software components are what bring yourhardware to life, helping you perform variousbusinesstasks.Example: Operating systems, applications, andproblem management tools.Physical(Hardware)3.1 TYPES OFIT INFRASTRUCTURESCLASSIFICATION OFINFRASTRUCTURES (CONT.)100
NetworkDefinition: Network refers to the infrastructurethat enables communication between yourhardware, software, and internet services. Itcomprises routers, switches, and cables. A wellstructured network infrastructure ensures thatdata flows smoothly and securely within yourbusiness.Example: Physical components include routers,switches, and cables. Technologies includewireless(Wi-Fi).Physical(Hardware)Definition: It includes the physical componentsthat support IT operations and house the otherinfrastructure components. Proper hardwareselection and maintenance are essential. It'sabout choosing hardware that aligns with yourbusiness needs and ensuring they are wellmaintained for optimal performance.Example: It includes servers, computers, datacenters, switches, hubs, routers, powersupplies, and cooling systems.3.1 TYPES OFIT INFRASTRUCTURESCLASSIFICATION OFINFRASTRUCTURES (CONT.)101
TEST YOUR KNOWLEDGEA key purpose of IT infrastructure is to ensure continuousoperation and access for users and services. This objective isbest described as:A. Security and ProtectionB. Ensure Reliability and AvailabilityC. Enable InnovationD. Enhance ScalabilityWhich combination accurately lists the fourprimary classes of IT infrastructure componentsmentioned in the diagram?A.Cloud, Network, Hardware, and DevicesB. Network, Physical, Data, and SecurityC. Data, Network, Devices, and MediaD. Data, Network, Physical, and Application102
ANSWERSA key purpose of IT infrastructure is to ensure continuousoperation and access for users and services. This objective isbest described as:A. Security and ProtectionB. Ensure Reliability and AvailabilityC. Enable InnovationD. Enhance ScalabilityWhich combination accurately lists the fourprimary classes of IT infrastructure componentsmentioned in the diagram?A.Cloud, Network, Hardware, and DevicesB. Network, Physical, Data, and SecurityC. Data, Network, Devices, and MediaD. Data, Network, Physical, and Application103
3.2 TYPES OFINFRASTRUCTURE SECURITYCLASSIFICATION OFINFRASTRUCTURE SECURITYCLASSIFICATION OFINFRASTRUCTURESECURITYDEVICESMEDIASECURITYTOPOLOGIESINTRUSIONDETECTIONSECURITYBASELINEAPPLICATIONHARDENING104
3.2 TYPES OFINFRASTRUCTURE SECURITYCLASSIFICATION OFINFRASTRUCTURE SECURITY (CONT.)DEVICESDEFINITIONDevicesinclude all physical andvirtual componentsthat makeup an organization'sinfrastructure,such asservers,routers,switches, firewalls,computers, mobile devices, andIoT devices. Devices help toprotect endpoints andconnected devicesfrom beingexploited by attackers.SECURITY MEASUREFirewalls:Control incoming and outgoingnetwork traffic.Routers and Switches: Ensure securerouting and switching of data.Endpoints(e.g., computers, mobiledevices): Protected with antivirussoftware,encryption, and accesscontrols.IoT Devices: Secured through strict accesscontrols, regular firmware updates, andnetwork segmentation.DEFINITIONRefersto storage devices andmedia used to store andtransfer data. Media helpstoprevent unauthorized access ortheft ofsensitive data fromstorage media.MEDIASECURITY MEASUREEncryption: Protects data stored on media.AccessControls: Restrict who can read or writedata on the media.Data Sanitization: Ensuresthat data ispermanently removed from media beforedisposal or reuse.Backup Solutions: Regular backups withencryption and secure storage to prevent dataloss.105
3.2 TYPES OFINFRASTRUCTURE SECURITYDEFINITIONInvolvessystems and tools designed to detectunauthorized access or anomaliesin a networkSECURITY MEASUREIDS (Intrusion Detection System): Monitors network traffic forsuspicious activities andpotential threats.Network-based IDS: Monitorsthe entire network forsigns of intrusion.Host-based IDS: Monitorsindividual devicesfor unauthorized activities.IPS (Intrusion Prevention System): Similar to IDS but also actively prevents detectedthreats by blocking malicioustraffic.Behavioral Analysis: Uses machine learning to detect anomaliesthat might indicate athreat.INTRUSIONDETECTIONCOMMON SECURITY TOPOLOGIESDMZ (Demilitarized Zone): A physical or logicalsubnetwork thatseparates anorganization'sinternal network from untrusted external networks.VPNs(Virtual Private Networks): Provide secure communication over publicnetworks by encrypting data.Network Segmentation: Divides a network into smaller, isolated segmentstominimize the spread of threats.Zero Trust Architecture: Assumes no implicit trust within the network andrequirescontinuous verification of devices and users.DEFINITIONStructured layouts and architectures used tosecure a networkSECURITYTOPOLOGIESCLASSIFICATION OFINFRASTRUCTURE SECURITY (CONT.)106
DEFINITIONProcessthat involvessecuring applications byreducing vulnerabilitiesTECHNIQUESCode Review: Analyzing application code forsecurity flaws.Patching and Updates: Keeping applications up to date with security patches.Input Validation: Ensuring that all inputsto an application are validated to preventattackslike SQLinjection.Least Privilege Principle:Limiting application permissionsto only what is necessary forit to function.Disabling Unnecessary Features: Turning off or removing features and servicesthat arenot needed to reduce the attack surface.APPLICATIONHARDENINGCOMPONENTSA Configuration Management: Ensuressystems are configured securely by default.Patch Management: Regular updates and patchesto fix security vulnerabilities.AccessControls: Defining and enforcing who can access what within theinfrastructure.Compliance: Ensuring that the security measures meet industry standards andregulations.DEFINITIONA set of minimum security standardsthat mustbe implemented to safeguard systems and dataSECURITYBASELINE3.2 TYPES OFINFRASTRUCTURE SECURITYCLASSIFICATION OFINFRASTRUCTURE SECURITY (CONT.)107
COMMON INFRASTRUCTURE SECURITY3.2 TYPES OFINFRASTRUCTURE SECURITYThese components are crucial for building a secure IT environment,protecting networks,systems, and data from variousthreats.Protecting data and resources, preventing cyber attacks, maintainingsystem integrity, ensuring availability, compliance and regulatoryrequirements, and keep the trust of customers and partners by securingtheir data and operations.PURPOSE OFINFRASTRUCTURE SECURITYCOMMONINFRASTRUCTURESECURITYFIREWALLSVPNDMZNETWORK MONITORING/ DIAGNOSTICHONEYPOTSIDS108
COMMON INFRASTRUCTURE SECURITY (CONT.)FIREWALLSDEFINITIONFirewalls act as a barrierbetween a trusted internalnetwork and untrusted externalnetworks(like the internet).They monitor and controlincoming and outgoing networktraffic based on predefinedsecurity rules.TYPESPacket-Filtering Firewalls: Examine packets andallow or block them based on IP addresses,ports, or protocols.Stateful Inspection Firewalls: Track the state ofactive connections and make decisions based onthe context of the traffic.Next-Generation Firewalls(NGFW):Combinetraditional firewall features with additionalfunctionslike intrusion prevention, deep packetinspection, and application awarenessDEFINITIONA VPN creates a secure,encrypted connection over alesssecure network, typicallythe internet. It allowsremoteusersto access a privatenetwork securely.VIRTUAL PRIVATENETWORK (VPN)TYPESSite-to-Site VPN:Connects entire networkstoeach other, typically used between branchoffices.Remote Access VPN: Allowsindividual userstoconnect to a private network from remotelocations.SSL/TLS VPN: Uses SSL/TLS protocolsto secureconnections and is often used for remoteaccess.3.2 TYPES OFINFRASTRUCTURE SECURITY109
DEFINITIONAn IDS monitors network traffic forsuspicious activities and potentialthreats, alerting administrators when anomalies are detected.TYPESNetwork-based IDS (NIDS): Monitorsthe entire network for malicious activities.Host-based IDS (HIDS): Monitorsindividual devices orserversfor unauthorizedchanges or actions.Signature-based IDS: Detectsthreats by comparing network traffic against adatabase of known attack signatures.Anomaly-based IDS: Detectsthreats by identifying deviationsfrom normalnetwork behavior.INTRUSION DETECTIONSYSTEM (IDS)DEFINITIONA honeypot is a decoy system ornetwork setup to attract andanalyze attackers. It mimicsrealsystemsto lure cybercriminals,allowing security teamstostudy their behavior withoutrisking actual assets.HONEYPOTSTYPESLow-Interaction Honeypots: Simulate services andsystems with limited interaction, mainly used forgathering information.High-Interaction Honeypots: Provide more realisticenvironments, allowing attackersto fully engagewith the system. This approach collects detailedinformation but also carries higher risk.Honey Nets: A network of honeypots used tosimulate a complete network environment.COMMON INFRASTRUCTURE SECURITY (CONT.)3.2 TYPES OFINFRASTRUCTURE SECURITY110
DEFINITIONA DMZ is a physical or logicalsubnetwork thatseparates an organization'sinternal network from untrusted external networks. It hosts public-facingservices while protecting the internal network.TYPESWeb Servers: Host public websitesin the DMZ to allow external access withoutcompromising internal networks.Mail Servers: Positioned in the DMZ to handle incoming and outgoing emailtrafficsecurely.Proxy Servers:Can be placed in the DMZ to act asintermediaries betweeninternal users and external resources.DEMILITARIZED ZONE(DMZ)DEFINITIONNetwork monitoring toolscontinuously oversee network traffic, performance, andsecurity. They help detect issues, optimize performance, and ensure compliance.NETWORK MONITORING/ DIAGNOSTICTYPESSNMP (Simple Network Management Protocol): Used to collect and organizeinformation about managed devices on IP networks.NetFlow/IPFIX: Provides data about IP traffic, allowing for detailed traffic analysis.SIEM (Security Information and Event Management):Combinesreal-timemonitoring with the analysis ofsecurity alerts generated by hardware andsoftware.Packet Analyzers(e.g., Wireshark):Capture and analyze packetstraveling acrossthe network, useful for diagnosing network issues.COMMON INFRASTRUCTURE SECURITY (CONT.)3.2 TYPES OFINFRASTRUCTURE SECURITY111
TEST YOUR KNOWLEDGEThe infrastructure security classification known asSECURITY BASELINE is most closely related to:A. Using VPNs and DMZsto encrypt and isolate traffic.B. Hardening devices and implementing Zero Trust Architecture.C. Establishing minimum security requirementsforsystems and configurations.D. Protecting stored data using Encryption and Data Sanitization.Which of the following components acts as a defensemechanism by providing a secure, encrypted connectionover public networksto protect data in transit?A. DMZ (Demilitarized Zone)B. IDS (Intrusion Detection System)C. VPN (Virtual Private Network)D. NETWORK MONITORING / DIAGNOSTIC112
ANSWERSThe infrastructure security classification known asSECURITY BASELINE is most closely related to:A. Using VPNs and DMZsto encrypt and isolate traffic.B. Hardening devices and implementing Zero Trust Architecture.C. Establishing minimum security requirementsforsystems and configurations.D. Protecting stored data using Encryption and Data Sanitization.Which of the following components acts as a defensemechanism by providing a secure, encrypted connectionover public networksto protect data in transit?A. DMZ (Demilitarized Zone)B. IDS (Intrusion Detection System)C. VPN (Virtual Private Network)D. NETWORK MONITORING / DIAGNOSTIC113
ANTIVIRUSSOFTWAREFunction: Antivirus programs scan files andsystems for known malware signatures andbehaviors. They detect, quarantine, and removemalware to prevent infection.Example: Norton Antivirus, McAfee TotalProtection, Bitdefender Antivirus PlusANTIMALWARESOFTWAREFunction: While antivirus software often focuseson older types of threats, antimalware programsare designed to combat more modern,sophisticated threats like spyware,ransomware, and adware.Example: Malwarebytes, SUPERAntiSpyware,Spybot Search & DestroyMALICIOUS SOFTWARE PROTECTION PROGRAMS3.3 MALICIOUS SOFTWARE PROTECTIONPROGRAM114
ENDPOINTPROTECTIONPLATFORMS(EPP)Function: EPP solutions offer comprehensiveprotection for endpoints such as laptops,desktops, and mobile devices. They combineantivirus, antimalware, firewall, and othersecurity featuresinto a single solution.Example: Symantec Endpoint Protection,Sophos Endpoint Protection,CrowdStrike FalconENDPOINTDETECTION ANDRESPONSE(EDR)Function: EDR solutions provide real-timemonitoring, detection, and automated responseto threats. They are designed to detect advancedpersistent threats (APTs) and provide detailedforensic data for incident response. likespyware, ransomware, and adware.Example: Carbon Black, Microsoft Defender forEndpoint, SentinelOneMALICIOUS SOFTWARE PROTECTION PROGRAMS (CONT.)3.3 MALICIOUS SOFTWARE PROTECTIONPROGRAM115
FIREWALLFunction: Firewalls act as a barrier betweeninternal networks and external threats. Modernfirewalls can inspect traffic at a deep level toblock maliciouscode from entering a network.Example: Cisco ASA, Palo Alto Networks NextGeneration Firewall,FortinetFortiGateINTRUSIONDETECTION ANDPREVENTIONSYSTEMS (IDPS)Function: IDPS tools monitor network traffic forsuspicious activity that may indicate thepresence of malware. They can detect and blockmalicious traffic before it reaches criticalsystems.Example: Snort (open-source IDS/IPS), Suricata,IBM QRadar3.3.1 MALICIOUS SOFTWARE PROTECTION PROGRAMS(CONT.)3.3 MALICIOUS SOFTWARE PROTECTIONPROGRAM116
WEB FILTERINGAND SECUREWEBGATEWAYS(SWG)Function: Web filtering solutions prevent usersfrom accessing malicious websites that mayhost malware. Secure web gateways providemore advanced features like inspectingencrypted traffic for threats.Example: Websense, Zscaler Internet Access,Blue Coat ProxySGEMAILSECURITYSOLUTIONSFunction: Email security solutions scan incomingand outgoing emails for malicious attachments,links, and phishing attempts. They help preventmalware from spreading via email.Example: Proofpoint Email Protection, MimecastSecure Email Gateway, Barracuda Email SecurityGateway3.3 MALICIOUS SOFTWARE PROTECTIONPROGRAMMALICIOUS SOFTWARE PROTECTION PROGRAMS (CONT.)117
PATCHMANAGEMENTTOOLSFunction: Patch management tools help keepsoftware and systems up to date by applyingthe latest security patches. Regular patchinghelps prevent exploitation of vulnerabilities bymalware.Example: Microsoft WSUS (Windows ServerUpdate Services), SolarWinds Patch Manager,ManageEngine Patch Manager PlusBACKUP ANDRECOVERYSOLUTIONSFunction: Regular backups ensure that data canbe restored in case of a ransomware attack orother malware incidents. Backup solutions ofteninclude featureslike versioning and encryption.Example: Veeam Backup & Replication, AcronisCyber Backup, Barracuda BackupSECURITYINFORMATIONAND EVENTMANAGEMENT(SIEM)Function: SIEM systems collect and analyzesecurity data from across the organization,providing real-time alerts and helping toidentify potential malware incidents quickly.Example: Splunk Enterprise Security,LogRhythm, IBM QRadar SIEM3.3 MALICIOUS SOFTWARE PROTECTIONPROGRAMMALICIOUS SOFTWARE PROTECTION PROGRAMS (CONT.)118
TEST YOUR KNOWLEDGEWhich security solution provides comprehensiveprotection for endpoints (like laptops and mobiledevices) by combining antivirus, antimalware, andfirewall featuresinto a single, unified solution?A. Email Security SolutionsB. Endpoint Protection Platforms(EPP)C. Intrusion Detection and Prevention Systems(IDPS)D. Security Information and Event Management (SIEM)The primary function of an Intrusion Detection andPrevention System (IDPS) is best described as:A. Scan emailsfor maliciouscontentB. Monitor and Block accessto harmful websitesC. Monitor network traffic forsuspicious activityD. Provide real-time threat response119
ANSWERSWhich security solution provides comprehensiveprotection for endpoints (like laptops and mobiledevices) by combining antivirus, antimalware, andfirewall featuresinto a single, unified solution?A. Email Security SolutionsB. Endpoint Protection Platforms(EPP)C. Intrusion Detection and Prevention Systems(IDPS)D. Security Information and Event Management (SIEM)The primary function of an Intrusion Detection andPrevention System (IDPS) is best described as:A. Scan emailsfor maliciouscontentB. Monitor and Block accessto harmful websitesC. Monitor network traffic forsuspicious activityD. Provide real-time threat response120
3.4 PROTECTION FOR PHYSICAL EQUIPMENTPHYSICALCOMPUTER AND NETWORK EQUIPMENTPROTECTION METHODSPhysical security is vital for businesses to protect assets such as employees,inventory, trade secrets, and information systems from theft, tampering,and environmental damage through measures like locks, alarms, safes,guards, and accesscontrols, ensuring profitability and long-term survival.PROTECTION PHYSICAL EQUIPMENTACCESS CONTROLPHYSICALBARRIERS /BARRICADESBIOMETRICSENVIRONMENTWIRELESSCELLSLOCATIONSHIELDINGFIRESUPPRESSION121
PHYSICAL BARRIERS /BARRICADESDEFINITIONThe primary defense against a majority of physical attacksisthebarricades between the assets and a potential attacker—walls, fences,gates, and doors.Barricadescan also be used to control vehicular accessto and near abuilding orstructure.EXAMPLESLocked Doors and Gates: Secured with keycards, PIN codes, or physicalkeys.Turnstiles: Allow one person to pass at a time, often used in officebuildings.Fencing and Walls: Surround facilitiesto keep unauthorized people out.Security Guards: Human personnel stationed to monitor and control entrypoints.PHYSICALCOMPUTER AND NETWORK EQUIPMENTPROTECTION METHODS (CONT.)3.4 PROTECTION FOR PHYSICAL EQUIPMENTACCESS CONTROL122
BIOMETRICSDEFINITIONA technology that uses unique physical or behavioral characteristics ofindividualsto grant access.EXAMPLESFingerprint Scanners: Require a user to place their finger on a scanner foridentity verification.Facial Recognition: Usescamerasto identify unique facial features.Iris or Retinal Scans: Examine the unique patternsin the eye.Voice Recognition: Verifiesidentity based on speech patterns.3.4 PROTECTION FOR PHYSICAL EQUIPMENTACCESS CONTROLPHYSICALCOMPUTER AND NETWORK EQUIPMENTPROTECTION METHODS (CONT.)123
ENVIRONMENTWIRELESS CELLSDEFINITIONWirelesscellsrefer to small, localized areas within a wireless networkwhere the coverage and signalstrength are controlled.EXAMPLESSignal Limiting: Adjust wireless access point (WAP) power levels toconfine coverage.Wireless Security Protocols: Use WPA3 or similar protocols to protectagainst intrusion.Access Control: Implement device authentication for connecting towireless networks.3.4 PROTECTION FOR PHYSICAL EQUIPMENTPHYSICALCOMPUTER AND NETWORK EQUIPMENTPROTECTION METHODS (CONT.)124
ENVIRONMENTLOCATIONSHIELDINGDEFINITIONLocation shielding involves using materials orstructures designed to blockor reduce electromagnetic fieldsto protectsensitive equipment fromelectromagnetic interference (EMI).EXAMPLESFaraday Cages: Enclosuresthat block external wirelesssignals or EMI.RF Shielding: Specialized materials (e.g., metallic mesh or films) to reducesignal transmission in and out of a location.Secure Building Design: Walls or infrastructure designed to contain signalswithin a specific range.3.4 PROTECTION FOR PHYSICAL EQUIPMENTPHYSICALCOMPUTER AND NETWORK EQUIPMENTPROTECTION METHODS (CONT.)125
ENVIRONMENTFIRE SUPPRESSIONDEFINITIONTo detect and control firesin their early stages, minimizing damage andprotecting both people and equipment.These systems are installed in areas where the risk of fire is a concern,such as data centers,server rooms and other facilities housing sensitiveelectronic equipment.EXAMPLESFire Detection Systems: Smoke detectors or heat sensors for early firedetection.Sprinkler Systems: Activated when a fire is detected by heat orsmoke sensors.Gas-Based Suppression Systems: These systems use inert gases (like nitrogen,argon) or chemical agentsto extinguish firesthatsustain the fire.3.4 PROTECTION FOR PHYSICAL EQUIPMENTPHYSICALCOMPUTER AND NETWORK EQUIPMENTPROTECTION METHODS (CONT.)126
TEST YOUR KNOWLEDGEA method used for the Environment classification ofphysical protection that aims to mitigate risks fromenvironmental damage (such as heat or fire) is:A. AccessControlB. Physical BarriersC.Location ShieldingD.Fire SuppressionWhat is the main purpose of physical barriers innetwork and computer equipment protection?A. To prevent data breachesthrough network encryptionB. To control vehicular and human accessto secure areasC. To detect malware in physical devicesD. To improve wireless network performance127
ANSWERSA method used for the Environment classification ofphysical protection that aims to mitigate risks fromenvironmental damage (such as heat or fire) is:A. AccessControlB. Physical BarriersC.Location ShieldingD.Fire SuppressionWhat is the main purpose of physical barriers innetwork and computer equipment protection?A. To prevent data breachesthrough network encryptionB. To control vehicular and human accessto secure areasC. To detect malware in physical devicesD. To improve wireless network performance128
3.5 APPLICATION SECURITY HARDWAREHARDENINGAPPLICATION SECURITY HARDENINGAPPLICATIONSECURITYHARDENINGSERVICE PACKSSECURITY PATCHESHOTFIXESCOLD FIXBUG FIXRefers to the process of strengthening the security of physical hardwarecomponents that run or support applications. The goal is to reduce vulnerabilitiesand protect the system from unauthorized access, malware, and other securitythreats.APPLICATION SECURITY HARDWARE HARDENING129
APPLICATION SECURITY HARDENING (CONT.)3.5 APPLICATION SECURITY HARDWAREHARDENINGDefinition: A collection of updates,fixes, and enhancements releasedby software vendors, typicallybundled together.Purpose: Service packs help toimprove the stability, security, andperformance of applications byaddressing known vulnerabilitiesand bugs.SERVICE PACKSDefinition: Updates specifically designed toaddress security vulnerabilities within anapplication or hardware.Purpose: Regularly applying security patches iscrucial to protecting systems from new threatsand exploitsthat could be used by attackers.SECURITY PATCHES130
3.5 APPLICATION SECURITY HARDWAREHARDENINGDefinition: Small, urgent patchesapplied to quickly address a specificissue, often without requiring a fullreboot.Purpose: Hotfixes are typicallyreleased to address a particularproblem or vulnerability that cannotwait for the nextscheduled update.HOTFIXESDefinition: Fixes or updates that require thesystem or hardware to be shut downcompletely for implementation.Purpose: Cold fixes are often used for criticalupdates that cannot be applied while thesystem is running, ensuring that the hardwareorsoftware issecured properly.COLD FIXAPPLICATION SECURITY HARDENING (CONT.)131
3.5 APPLICATION SECURITY HARDWAREHARDENINGDefinition: Updates to correctsoftware errors or flaws that causemalfunctions orsecurity issues.Purpose: Bug fixes improve thereliability and functionality of thesystem, reducing the risk of exploitsdue to programming errors knownvulnerabilities and bugs.BUG FIXAPPLICATION SECURITY HARDENING (CONT.)132
3.5 APPLICATION SECURITY HARDWAREHARDENINGAPPLICATION SECURITY HARDENING (CONT.)PATCHA TEMPORARY FIX ON APRODUCTOFTEN AUTOMATIC UPDATESWITH SELF-INSTALL PACKAGESUSUALLY PLANNED; BETWEENFULL RELEASES OF SOFTWAREPACKAGESHOTFIXA FIX ON LIVE, ACTIVESOFTWARE OR APPSZERO TO MINIMAL DOWNTIMEFOR USERSIMMEDIATELY FOR LIVESYSTEMSBUGFIXA FIX FOR ISSUES FOUNDTHROUGH DEVELOPMENTLIFECYCLE, BUT BEFORERELEASEZERO IMPACT ON USERSAPPLIED DURING PRODUCTIONOR TESTING PHASESCOLDFIXA FIX ON LIVE, ACTIVESOFTWARE OR APPSVISIBLE IMPACT, VIADOWNTIME OR SYSTEMRESTARTSPLANNED OUT ANDCOMMUNICATED EARLY TOUSERS133
TEST YOUR KNOWLEDGEWhich of the following best describes a patch?A. A permanent fix forsystem hardware and software packageB. A temporary fix on a product, often delivered automaticallyC. A fix that requiresfullsystem reinstallation with hardwareD. A manual update requiring no software packageWhich fix is planned out and communicated earlyto users, often involving downtime?A. PatchB. HotfixC.ColdfixD. Bugfix134
ANSWERSWhich of the following best describes a patch?A. A permanent fix forsystem hardware and software packageB. A temporary fix on a product, often delivered automaticallyC. A fix that requiresfullsystem reinstallation with hardwareD. A manual update requiring no software packageWhich fix is planned out and communicated earlyto users, often involving downtime?A. PatchB. HotfixC.ColdfixD. Bugfix135
NETWORKMAPPER (NMAP)WIRESHARKAUTOPSYFTKIMAGERTOOLS3.6 TOOLS IN CYBERSECURITY ANDINFORMATION SECURITYTHE TOOLS USED IN MITIGATE THE SECURITY ISSUES136
NETWORKMAPPER(NMAP)Purpose: Nmap is a powerful open-source toolused for network discovery and securityauditing.Functions: Network scanning, vulnerabilitydetection,security auditsWIRESHARKPurpose: Wireshark is a popular networkprotocol analyzer used for capturing andanalyzing network traffic in real-time.Functions: Traffic analysis, protocol debugging,security auditsAUTOPSYPurpose: Autopsy is an open-source digitalforensics tool used for investigating andanalyzing disk images and file systems.Functions: File recovery, data analysis,investigation reportsFTK IMAGERPurpose: FTK Imager (Forensic Toolkit Imager) isa digital forensics tool used for creating diskimages and analyzing data on storage devices.Functions: Disk imagining, file system analysis,evidence collections3.6 TOOLS IN CYBERSECURITY ANDINFORMATION SECURITYTHE TOOLS USED IN MITIGATE THE SECURITY ISSUES(CONT.)137
TEST YOUR KNOWLEDGEWhich of the following functions is not associatedwith the tool Wireshark?A. Traffic analysis.B. Protocol debugging.C.File recovery.D. Security audits.What is the main function of FTK Imager (ForensicToolkit Imager)?A. Network scanning and vulnerability detection.B. Protocol debugging and real-time traffic analysis.C.File recovery and real-time data analysisfrom file systems.D. Disk imaging, file system analysis, and evidence collections.138
ANSWERSWhich of the following functions is not associatedwith the tool Wireshark?A. Traffic analysis.B. Protocol debugging.C.File recovery.D. Security audits.What is the main function of FTK Imager (ForensicToolkit Imager)?A. Network scanning and vulnerability detection.B. Protocol debugging and real-time traffic analysis.C.File recovery and real-time data analysisfrom file systems.D. Disk imaging, file system analysis, and evidence collections.139
CHAPTER 33.7 EXERCISES140
FUN EXCERCISE141
CHAPTER 4INFORMATION SECURITYGOVERNANCE PRINCIPLES142
CHAPTER 4INFORMATION SECURITYGOVERNANCE PRINCIPLES4.1 SECURITY POLICY4.2 SECURITY PROCEDURES4.3 PRIVILEGE MANAGEMENT4.4 EXERCISES143
4.1 SECURITY POLICYDEFINITION OF SECURITY POLICYSecurity policies are formal documentsthat outline how an organization willprotect itsinformation assets.They provide guidelines and proceduresfor managing security risks, ensuringdata protection, and maintainingcompliance with regulations.Governance: Establishes the framework andoversight for security policies, including rolesand responsibilities for policy enforcement andreview. It ensures policies align withorganizational goals and regulatoryrequirements.Management: The implementation and ongoingmanagement of security policies, includingregular updates, audits, and adherence to theestablished guidelines.DEFINITION OFINFORMATIONSECURITY POLICY GOVERNANCEAND MANAGEMENT144
4.1 SECURITY POLICYDEFINITION OFINFORMATION CLASSSIFICATIONDefinition: The process of categorizing information based on its sensitivity andimportance. This helpsin determining the level of protection required.Purpose: Ensures that sensitive information is handled and protectedappropriately, based on its classification (e.g., confidential, internal use only,public).145
4.1 SECURITY POLICYAPPLY USERNAME AND PASSWORD MANAGEMENTDefinition: The process of creating, storing, and managing usernames andpasswordsto control accessto systems and data.Best Practices:Complexity: Use strong, unique passwords.Storage: Securely store passwords using encryption.Regular Updates:Change passwordsregularly and avoid reuse.In a single day, a powerful computer can try over 100 billiondifferent password combinations. This is why having astrong, unique password is so important—it's not aboutbeing clever, it's about making your password too long andcomplicated for a computer to guess!146