Review the following summary points before proceeding to the “Review Questions” and “Exam Questions” sections at the end of this chapter to make sure you are comfortable with each concept. After completing the review, answer the review questions to verify your knowledge of the material covered in Part II.
Now that you have completed this review chapter, once again use your portfolio to record your new observations for the Security Challenge Scenarios presented at the beginning of the chapter. Afterward, create a short comparison of your original assessment to the information you acquired through the chapter and its associated lab procedures.
In this section, you will compare your observations to those of a working security specialist—in this case, Philip Craig, the founder of BlackByte Cyber Security—to improve your understanding of cybersecurity.
The most basic activities you’ll face in everyday cybersecurity include the challenges of securing the devices within your networked or distributed environments. Part II is focused on the host, so this will account for any of the security controls that will be implemented on any particular host computer for which you are responsible. Many of these security controls have centralized management features, but in some cases they may not be part of an overall managed environment. An example may be a remote sales force that uses their own devices, or your company may be implementing cost reductions by implementing bring-your-own-device (BYOD) programs. Here you have to assume that you’re dealing with completely unsecure devices.
This solution will focus on the constraints listed in the scenarios, which are very common to a personal computer used in any business.
You have been assigned to develop a local security policy and configuration specifications for the desktop computers used by in-house employees at your firm. These PCs are mounted in special openings under the desk in each cubicle. The computers are physically identical, and they all run the same operating system. However, they may have different types of job-specific company software installed. These computers are equipped with the following:
Although these recommendations aren’t specified down to the NIST level, they can be used to provide the basis for selection. Based on risk of loss, selecting Low-Risk=Low implementation, Med-Risk=Medium implementation, and, of course, High-Risk=Hi-Implementation of the selected security control is appropriate. As an example, simple USB locking devices, shown in Figure 10.1, are available. Certainly, they can be defeated, but in order to do so, combined with disabling the port in firmware, you have a pretty nefarious insider threat at this point—or, you may just have an indignant employee. Either way, your company will likely take action upon your discovery of the compromised system.
First, you need to quantify the problems you might experience by simply diagramming them, as shown in Figure 10.2.
A significant programmatic approach is necessary to address the issues that are identified in the Red portion of the figure. No approach you take will completely alleviate vulnerability, nor address all existing (or zero-day) attack vectors. As a professional, you should utilize the NIST Special Publication 800 series guidance documents to define the security posture necessary.
Those guidelines are summarized in the following steps.
The physical walk-down can be broken down into the following areas of concern:
Because you did such an outstanding job of creating the security policies and configurations for the company’s desktop computers, you have been tasked to produce the same type of materials for the notebook computers used by the organization’s sales people.
Obviously, these computers are portable PCs that work in the office and at different locations on the road. These computers are equipped with the following:
Without completely repeating the previous scenario, let’s just say that there are many different methods to deal with the same problem. Focusing on a mobile computer (laptop, tablet, iPad, etc.) is more difficult based on what the user is tasked to do with it from a business perspective, and what you can control with electronic policy and written policy. It is very likely that removable devices will be used frequently. Remote connectivity, hotel/kiosk connectivity, and physical control of the device itself may offer unique challenges. In such cases, many companies simply utilize virtualization (or a business sandbox, as it is sometimes referred) to isolate the user and their interaction with the business. In the case of the laptop, you will want to at minimum ensure the following:
The following questions test your knowledge of the material presented in Part II.
Answer: For the most part, it is not practical to lock up desktop and portable personal computer (PC) systems that may be used by different users and, in many cases, are portable. In many cases, a given computer station may routinely be used by different personnel—such as a day shift employee and a night shift employee. In such applications, administrative security measures must be in place to guarantee proper authentication and access control. One of the main functions of a docking station is to provide a lockable attachment to the desktop to prevent unauthorized users from picking up the portable unit while it is not in use and simply carrying it away.
Answer: In both computing and intelligent control devices, there are three general locations where individuals typically gain access to programs and data: while it’s in memory, while it’s in storage on devices (such as hard drives and flash drives), and when it is being transferred from one place to another.
Answer: User Password
Answer: The No Execute (NX) bit or the eXecute Disable (XD) bit feature.
Answer: Access control lists (ACLs)
Answer: User Names and Passwords
Answer: The users account database stored on the local computer
Answer: Password lockout policy settings
Answer: The audit daemon
Answer: Encrypting data involves taking data and processing it with a key code (or encryption key) that defines how the original version of the data has been manipulated. Anyone who is given the encryption key can use it to decode the message through a decryption process using a decryption algorithm (or decryption key).
Answer: Port 110 – POP3
Answer: SSL links are always identified as HTTPS://
sites instead of simply HTTP://
.
Answer: In addition to installing antispyware applications, users can fight spyware in a number of other ways, including:
Answer: The capability to load and run scripts in a browser can be controlled through the browser’s Security feature.
Answer: An attacker may alter existing code to create a condition in the computer’s memory known as a buffer overflow, which results in erratic behavior, memory access errors, and/or system crashes. The system is effectively disabled to the point where the user cannot use it. This type of attack is referred to as a Denial of Service or DOS attack.
Answer: A
Answer: C
Answer: B
Answer: C
Answer: A
Answer: D
Answer: B
Answer: C
Answer: A
Answer: C