Lesson 4: Defending Against Threats

Lesson 4: Defending Against Threats

When talking about information security, vulnerability is a weakness in your information system (network, systems, processes, and so on) that has the greatest potential of being compromised. There might be a single vulnerability, but typically there are a number of them. For instance, if you have five servers that have the latest security updates for the operating system and applications running, but have a sixth system that is not current, the sixth system would be considered a vulnerability. Although this would be a vulnerability, it would most likely not be the only one. To defend against threats, you must identify the threats to your C-I-A triad, determine what your vulnerabilities are, and minimize them.


After this lesson, you will be able to

  • Understand the main areas of a layered information security defense

  • Understand why a secure network infrastructure is important

  • Understand why user authentication is important

  • Understand why auditing is important

Estimated lesson time: 25 minutes


Building a Defense

When building a defense, you should use a layered approach that includes securing the network infrastructure, the communications protocols, servers, applications that run on the server, and the file system, and you should require some form of user authentication. This is very similar to placing family heirlooms in a safe, in a cellar, in a house with a lock on the front door, with a large fence around the house. For someone to take the heirlooms, they would have to get past the fence, through the front door, to the cellar, and into the safe. This would be more difficult than if the heirlooms were placed just inside the fence.

When you configure a strong, layered defense (Figure 1-3), an intruder has to break through several layers to reach his or her objective. For instance, to compromise a file on a server that is part of your internal network, a hacker would have to breach your network security, break the server's security, break an application's security, and break the local file system's security. The hacker has a better chance of breaking one defense than of breaking four layers of defense.

figure 1-3 building a layered defense

Figure 1-3. Building a layered defense

Securing the Network Infrastructure

Securing the network is the first step to creating a strong defense. When securing a network, minimize the number of access points to the network. For instance, if Internet access is required, configure a single access point and put a firewall in place.

Using Secure Communication Protocols

Some protocols offer secure communications, whereas others offer none at all. When it makes sense, use the most secure communications protocol available. For instance, if you have a Web server that advertises your company on the Internet, then you would most likely require an unsecured protocol like HTTP, but if a customer were making a purchase, you would then require the Hypertext Transfer Protocol Secure (HTTPS) protocol, which uses the Secure Sockets Layer (SSL) protocol to secure communications. This provides a layer of security with an encryption mechanism for communications.

Securing Systems

There are entire books devoted to securing a system, and what you have to do to secure a system is based on the specific operating system that is running. The following are three areas that need attention:

  • System hardening.

    Includes removing unused services, ensuring that the latest security patches and service packs are installed, and limiting the number of people with administrative permissions. Hardening the system minimizes the risk of a security breach to the system.

  • Application hardening.

    Includes applying the latest security patches and enforcing user-level security if available. Applications on a system can be client applications, such as a Web browser, or server applications, such as a Web server application. Hardening the applications on a system minimizes the chance of a security breach using an application.

  • Enable local file security.

    Enabling local-level file security could include applying access control lists (ACLs) or an Encrypting File System (EFS); each would help ensure that only authorized people have access to the sensitive data stored in files on the hard disk.

Securing Applications

When you secure applications on a server, you ensure that the latest security patches and service packs are installed. You also enable any authentication methods available for the applications.

User Authentication

User authentication verifies that your company's information is being accessed only by authorized users. User authentication can take many forms, but typically employs a user name and password to access information.

Smart Card Authentication

Smart cards offer a two-factor authentication method. With smart cards, the system reads a chip that contains certain information, and then a password or personal identification number (PIN) must be provided to authenticate a user.

The information stored on a smart card is a private key, which is covered in more depth in Chapter 3, "Certificate Basics."

Certificates

One risk associated with a person providing a user name and password is that someone might be able to capture that information and then use it to impersonate that user. To encrypt the information passing between the client and server during the user authentication process, use certificates. Certificates are used to issue public and private encryption keys.

When you use encryption keys to secure communications there are a pair of keys involved, a public key and a private key. The public key is used to either encrypt or sign data, and the private key is used to decrypt the data. The private key can also be used for authentication by encrypting a digital certificate that only the private key is able to decrypt.

You get certificates from a certification authority (CA), which can be a certificate server your company creates or another company that specializes in providing certificates.

Biometric Authentication

Biometric authentication is available when you need more exotic authentication methods. With biometric authentication, a physical characteristic and knowledge are combined to provide authentication. For instance, a user's retina or thumbprint is scanned and used for authentication in concert with a PIN or password.

Enabling Auditing

Enabling auditing does not provide a method of defense through securing a system. Auditing is used to capture security-related events in a log file. You then use the log file to identify possible security breaches or attempts at breaching security. In the event of a security breach, you can use the log files to help identify and prosecute the unauthorized user.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in Appendix A, "Questions and Answers."

  1. Your company has a high-speed Internet connection that can be used to access the Internet and allows people on the Internet to access your company's Web site. Each user also has a modem that he or she can use for Internet access in case the high-speed connection fails. Users can select the Web browser they want to use and are allowed to manage their own computers. Which of the following are things you could do to defend against intrusion?

    1. Increase the number of Web browsers that can be used to make it more difficult for a hacker to identify and exploit the Web browser application.

    2. Limit the number of Web browsers that can be used to one or two so that you can better manage application updates.

    3. Have each user access the Internet using his or her modem so that hackers will be confused by the number of physical connections your company has to the Internet.

    4. Minimize the number of physical connection points to the Internet by removing the modem connections.

  2. Your company wants to make sure that users with an administrator account for the network require a more stringent form of authentication than regular users. Name three methods that can be used.

  3. Auditing is used to secure the network and systems on your network. (True or False?)

Lesson Summary

  • Secure your network infrastructure and reduce the number of intrusion points as much as possible while still providing your company's employees with the resources and capabilities they need to be productive.

  • Ensure that applications that access or communicate across the Internet have the latest security patches installed and configured to be as secure as possible and still allow your company's employees to do their jobs effectively.

  • Use some form of authentication method to validate that a user attempting to access a resource should have access to that resource. Use the strongest authentication method feasible for your infrastructure.

  • Enable auditing to identify when suspicious events occur and to provide a record of events that occur on your company's network and servers.

  • Hardening a network, systems, and applications can be described as removing as many potential security risks as possible from the system to make it less vulnerable to attack. Harden your company's network, computer systems, and the applications running on servers and user computers.



Security+ Certification Training Kit
Security+ Certification Training Kit (Pro-Certification)
ISBN: 0735618224
EAN: 2147483647
Year: 2002
Pages: 55

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net