Professional Documents
Culture Documents
CISSP Session 03
CISSP Session 03
the CISSP
Bootcamp
Your instructor:
Michael J Shannon
CISSP #42221 / #524169,
CCNP-Security, PCNSE7,
AWS Certified Security – Specialty, Class will begin at 10:00
OpenFAIR, and A.M. Central Standard
ITIL 4 Managing Professional Time (CST)
• Alerts
• Verbose dumps
• Drops
• Resets
• Blocking (shun)
• SNMP traps
• Logging to SIEM or other systems
• True – accurate
• False – error
• Positive – action taken
Endpoint
Security
• Endpoint detection & response (EDR) – traditionally
lightweight sensors look for malicious code and rogue
applications using a combination of behavioral analytics,
heuristics and threat intelligence (i.e. Palo Alto Traps)
• Aggregation
• Correlation
• Automated alerting
and triggers
• Normalization
• Time synchronization
• Event deduplication
• Logs/WORM
• Serve as enterprise-wide message transfer agents
(MTAs)
• Control and secure e-mail leaving and entering the
organization
• Can perform anti-spam, anti-virus, encryption, Mail
DLP, and more
Gateways
• Physical, virtual, and hybrid solutions
• Example: Cisco Email Security Appliance (physical or
virtual)
Mail Gateways: Ingress Monitoring
Mail Gateways: Egress Monitoring
Egress Monitoring DLP
Data Loss Prevention (DLP
• Financial, health, and educational sectors must prevent data leakage and
breaches
• GDPR, PCI-DSS, SOX, HIPAA, Euro-Sox European Union
• Systems can be standalone MITM systems to analyze and intercept data leakage
and data loss from inside to outside
• Can be integrated into web security and e-mail security solutions (also cloud-
based) to scan e-mail, IM, SMS, and webmail for the presence of protected and
sensitive data
• Can also perform USB blocking and more
Data Loss Prevention (DLP
• A wide variety of appliances and devices can decrypt and re-encrypt voice and
data as encryption proxies
• SSL/TLS, IPsec, web gateways, e-mail gateways, and authentication proxy services
• VPN gateways will proxy Suite B Cryptography and IKEv2 to TLS and vice versa
• Cloud encryption gateways like Cisco Umbrella and Secure Internet Gateway (SIG)
are common technologies
Encryption Gateways
HAIPE and INE Devices
Unprotected
Network
Networks
accelerate the delivery of web content and rich media to internet-
connected devices
(CDN) • The primary technique that a content distribution network (CDN) uses to
speed the delivery of web content to end users is edge caching
• Largest CDN is owned and operated by Akamai and spans more than
216,000 servers in over 120 countries and within more than 1,500
networks around the world.
• Amazon CloudFront is a global content delivery network service that
securely delivers data, videos, applications, and APIs to your viewers with
low latency and high transfer speeds (ElastiCache with Redis and Edge
Locations)
CDN Security at AWS
• All API calls are authenticated with HMAC-SHA
• No guarantee of durability at Edge Locations
• Private Content Feature and Geo-restriction
• Origin Access Identities with S3 ACLs
• WAF can be associated with a CloudFront distribution
• Open Networks
• Initial event is to associate client with AP
• Equivalent to plugging device into physical hub or switch
• Client identifies itself as an 802.11 capable device
Types of • No encryption
Wireless • No per-packet authentication
• No message integrity
Networks
• Pre-shared key wireless
• Also known as personal authentication
• A pre-shared key is configured (AP and wireless devices)
• Adds a challenge and a response between client and AP
Types of
• Enterprise wireless
Wireless • Also known as 802.1x or RADIUS wireless authentication
Networks • Client provides credentials to AP
• AP contacts RADIUS server and provides client credentials
• RADIUS server verifies credentials in database
• RADIUS server notifies AP if client is allowed
• AP allows or denies client
• WPA
• A temporary fix to WEP shortcomings (2003)
• Uses TKIP for encryption and integrity
• Supports PSK and Enterprise authentication
WPA and • Deprecated (should not be used)
• Still available on products for SOHO deployments
WPA2
• WPA2
• Replacement for WPA (2004)
• Devices require testing and certification from Wi-Fi Alliance
(2006)
• Uses CCMP for encryption
• Supports PSK and Enterprise authentication
• PSK (personal)
• Shared secret key is a static key is used to add challenge and
response during AP and client association
• Manually configured on devices and AP
• Local access controls
WPA 2 • AES used for encryption (replaced WPA TKIP)
• Sodium vapor
• Soft yellow light
• Great in fog
• Quartz
• Bright white light (high visibility)
• Turns on immediately
• LED
• Cost effective
• Photoelectric – break in a light beam
Motion • Passive infrared – infrared light
Detection • Vibration – change in the level of vibration
• Acoustic – change in sound waves
• Microwave – change in radio waves
• Electromechanical – break in an electrical
circuit
• Electrostatic – change in an electrostatic field
• Electrical junctions and boxes should be surrounded
by gates and locked fences/enclosures
• Lines to electrical and Internet providers are
protected
Protecting • Cameras and sensors should be used
• False negative
• When there is a malicious event, and an
alarm is not triggered
• True negative
• When there is no malicious event, and no
alarm is triggered
Enterprise Facility
Physical Security
• Know all ingress and egress points
• Implement protective barriers
• Have redundant and monitored
support systems
• Power conduits
• Water lines
• Have visibility into high-security
compartmentalized areas
Wiring Closets and
Intermediate
Distribution Areas
• Door locks to wiring closets and access
to main and intermediate distribution
frame (MDF and IDF) areas
• No windows, or security windows
• Protected wiring infrastructure and
cable runs
• Security cameras and intrusion
detection system (IDS)
• Hardened management stations
• HVAC and environmental controls
Wiring Closets and Distribution Areas
Physical access should be strictly
Server controlled
Rooms and • Access control both at the perimeter and at room ingress
Data Centers points, by professional security staff using video
surveillance, intrusion detection systems, and other
electronic methods
• Authorized staff should pass two-factor authentication a
minimum of two times to access data center floors
• Biometric multifactor authentication (MFA) is highly
recommended
• All visitors and contractors should show identification and
be signed in and continually escorted by authorized staff
Physical access should be strictly
Server controlled
Rooms and • When an employee no longer has a business need for data
Data Centers center privileges, access must be immediately revoked,
even if they continue to be an employee
• Automatic fire detection and suppression equipment
• The electrical power systems should be fully redundant
and maintainable without impact to operations 24/7
• Uninterruptible power supply (UPS) units can provide back-
up power for critical and essential loads in the facility in
the event of an electrical failure
• Data centers often use generators to provide back-up
power for the entire facility
Physical access should be strictly
Server controlled
Rooms and • Climate control is required to maintain a constant
Data Centers operating temperature for servers and other hardware
• Data centers should be conditioned to maintain the
atmosphere at optimal levels
• Personnel and systems should monitor and control
temperature and humidity at appropriate levels
Protected systems are top priority
Server
Rooms and • Airgap is the physical separation of the control network
Data Centers and the other networks
• Separate the highly secure networks from the unsecured
networks with physical or logical compartmentalization
• Log and audit all devices and objects entering and exiting
facility
• Stop malicious and privileged users from having individual
access
• Use private clouds, sandboxes, detonation chambers
Mantraps
• A system that routes personnel through
two interlock-controlled doors into an
area
• The design specifies that the inner door
will not unlock if the outer door is open,
or vice versa
• In most cases, a person must produce
some type of authentication to enter the
second door
• Can also prevent “piggybacking” and
tailgating”
Secure Enclosures
• The corporate safe may be the highest
value asset in the organization based on
the contents
• Safes are used to protect valuable items
such as currency, deeds, securities,
policies, precious metals, cybercurrency
cold storage devices, and failsafe
passwords
Safes
• The Underwriters Laboratory (UL) provides
safe classifications that specify the degree
to which safes can withstand attack
• For example, a safe that takes 30 minutes to
break into using various tools and torches is
classified as a Tool Resistant safe class - TL30
• Evidence room facilities are only as secure as the honesty of the staff
• Separation of duties and dual operator (two-person rules) are helpful policies
• Same stringent security as data center
• Chain of custody must be maintained for incident response, forensics, and law
enforcement
• Contents of evidence room may have higher street value
• Walls should be made of materials like cinder blocks or concrete instead of drywall
Evidence Storage
• All walls should extend from ceiling to floor, with no ability to access over the walls or
through a false ceiling
• Doors must be solid, preferably steel, with no glass
• Preferably, there should be no doors leading directly to the exterior of the building
from the evidence room
• Modern digital evidence management software should be used
Environmental HVAC
Controls
• Poor Heating, ventilation, and air conditioning
(HVAC) leads to extreme heat, extreme cold,
extreme humidity, and/or extreme dryness
• Needs proper monitoring and ongoing
maintenance (e.g. pressurization and
temperature)
• Physical security of all components and
controllers is a concern
• Location options may be limited by the facility
• Environmental control can also include the
possibility of chemical and biological leaks or
attacks
Environmental Controls
• Prevention
• Fire-rated construction materials, training,
and safety
• Be prepared
• Detection
• Smoke and fire detector and sensors
• Control quickly, minimize damage
• Suppression
• Contain and extinguish a fire
Fire Suppression
• Create barriers
• Firewalls to prevent the spread of fire
• Use portable fire extinguishers
• Locate in strategic places throughout building
• Use automatic water sprinkler systems
• Common, but can cause water damage and
worsen electrical fires