3.1 Enterprise Security Areas Part 1

00:00

hi

00:01

and welcome to the next model in cyber security architecture, fundamentals,

00:07

enterprise security areas.

00:10

Today we shall cover three men areas which is network security

00:16

applications, security

00:18

and endpoint security.

00:22

I would go true what the areas are in enterprise security areas and then go through each of these specific areas covering common tools, common methods and things. To look out for

00:37

the eight men areas that I would go true would be network security

00:42

application security, endpoint security, identity and excess management, data protection, patch management, availability, management and supply trains. Security

00:55

in this table, you can see the typical stakeholders for those security areas to give you a sense off the people did you have to deal with to cover all the eight areas.

01:11

Let's start with network security.

01:14

Network security is the most fundamental security area to address.

01:18

Traditionally, cybersecurity was restricted to network,

01:23

and it's very common to have cyber security professionals that have a background or roots in networking.

01:32

Now, network security is not deaths about firewalls, right? It consists off the policies practice adopted to prevent and monitor unauthorized access, misuse, modification or denial for computer network and net look accessible. Resource is

01:49

It's about securing communications between components in a system

01:53

it could be system the system. It could be component to component

02:00

and, in some cases, even human to computers such as your Bluetooth connectivity and so on.

02:08

Let me start by going through some of the common issues in network security.

02:15

WiFi has always been a very common target among criminals because it is usually not well protected, and people do not pay too much attention to it.

02:27

Also,

02:28

do not forget other wireless protocols like Bluetooth, NFC. Those are also part off your network

02:37

in terms off protocols. There are some protocols which I've been deprecating over the years and should not be used. For example, use sshh instead of tell Net are https instead of http and so want

02:53

theater aspect off network security would be the physical address Mac address are often spoofed in an attack.

03:00

Now, thinking about what you know what you have read.

03:05

Can you list up anymore? Network security issues give a few minutes to think about. This

03:14

will cover the answer's in the next slide.

03:17

Now pieing back to the earlier lesson on threat modeling.

03:23

What are some of the common threats in the network security areas.

03:27

Well, we usually look at them from two perspective. Passive tread are active trip

03:32

passive treads are things like wiretapping

03:37

pot scanning.

03:38

Traffic analysis for information gathering

03:42

in an active trek could be my wear a denial of service attack D. N s Moving men in the middle or E l. P. Poisoning.

03:52

These are various ways in which people compromise the network.

03:57

Two's use for network security includes blocking tools like firewall intrusion. Prevention systems are network access control systems.

04:09

Inspection tools could be network capture or packet capture systems.

04:14

And obviously there's the monitoring part, which is locked, locked analysis, network, visibly tools and so on

04:21

in terms of techniques, their security policies and force mint can be done in various ways. It could be a rail time enforcement, such as using firewalls and i ps.

04:33

It could be passive technology assessment like an ideas intrusion detection,

04:40

which just alerts you instead of blocking.

04:42

It could be human audits doing non technical compliance check, and it could be a simple as using contractor compliance, having appropriate use policies for your employees.

04:58

Knicks will touch on applications security

05:00

application Security refers to the hardening of an application to prevent it from being misused or exploited. Now it is not just caught scanning.

05:12

Most more than applications run on a platform could be a doctor container. It could be a J two ee EP server. So therefore, application security also depends on your platform security,

05:25

and we need to consider the security off your configurations, secrets, passwords and logging.

05:33

Some very common application security traps

05:36

Again we look at them in passive and active treats. Impassive traps. It could be wiki management.

05:45

Information disclosure

05:47

are things like plain text communication and plain tech storage of credentials.

05:54

Active treads could be

05:56

across like scripting sequel injection, brute force Attack Men in the middle and session replace

06:03

applications. Security. It's a very large topic

06:08

and extremely in demand skill today, or just briefly cover some of the ways that applications security can be in force.

06:16

We can look at it from inside out from the court. Weaken do coat scanning like white box scanning, peer reviews, all tracing functions to requirements,

06:27

systems Testing's. We could do black box penetration tests or the employees use often application firewall.

06:35

In terms of availability, we can make sure that we do sufficient look, testing's performing testings and also the dependent systems

06:46

for the platform. In terms of the database, we can look at database activity monitoring limited access channels only. Allow certain applications to top 27 databases and make sure that the configuration management this well managed

07:05

on containers. We have to make sure that we do the proper isolation and the use of see groups are set calm. If you're developing on a lyrics platform

07:16

on the lower right hand side, I put a little diagram on fuss testing. Fuss Testing is employed on a lot of applications, including Web applications on mobile applications to test various inputs to see if we can get unexpected results from systems

07:35

moving onto endpoint security. Endpoint security covers the end device of A systems usually concerns with service computers, your desktops,

07:46

but also extends to mobile tablets, wearables and so on.

07:51

It is one of the most difficult areas to control

07:55

due to the sheer volume and the diversity off devices.

08:01

Very good way to look at endpoint security that the use of locket, Martin's cyber kill chain.

08:07

It goes to this various stages off how malware can be weaponized and used in an attack on end points.

08:16

There is a lot off materials available online about cyber cute chain. I encourage you to look for it and start reading a little bit about it

08:26

as the end point in something very familiar to most people.

08:30

I think the treads are also fairly familiar.

08:33

It could be the virus ransomware advanced persistent threat, malware, key loggers, phishing attacks and so on.

08:43

Other than the typical binary mall where there is an increased use off scripts like Power Shell Script, for example, to infect computers, some off the more common and points agree tools with the anti virus used the use of white listing

09:00

off for both application and devices.

09:03

Some advanced type of protection would be your 80 hour, which is en Pointe Detection and response, and the LP security

09:11

on. Lately, there's been an increase in deep learning Edie Oh, solutions like silence, deep instinct and so on.

09:22

These systems

09:22

are designed to learn your behavior and block anything that is abnormal.

09:31

OK, it's now time for another exercise following on from the last exercise. See if can identify some threats and mitigation countermeasures around network application and end point in the diagram

09:48

that you managed to identify additional controls, which you did not understand before.

09:52

And did you understand more threats now with more understanding off the subject?

09:58

So these are some off the potential treads and mitigation that I have it. It's not complete, but this is how I would begin.

10:09

OK. In summary, we briefly covered the tree areas off network security applications, security and endpoint security.

10:16

Hopefully, this gives your better idea off the different tools and techniques available for each area

10:24

in the next lesson. Who will cover more areas

10:28

that identity in excess management

10:31

and data protection?