3.1 Enterprise Security Areas Part 1
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
2 hours 41 minutes
and welcome to the next model in cyber security architecture, fundamentals,
enterprise security areas.
Today we shall cover three men areas which is network security
and endpoint security.
I would go true what the areas are in enterprise security areas and then go through each of these specific areas covering common tools, common methods and things. To look out for
the eight men areas that I would go true would be network security
application security, endpoint security, identity and excess management, data protection, patch management, availability, management and supply trains. Security
in this table, you can see the typical stakeholders for those security areas to give you a sense off the people did you have to deal with to cover all the eight areas.
Let's start with network security.
Network security is the most fundamental security area to address.
Traditionally, cybersecurity was restricted to network,
and it's very common to have cyber security professionals that have a background or roots in networking.
Now, network security is not deaths about firewalls, right? It consists off the policies practice adopted to prevent and monitor unauthorized access, misuse, modification or denial for computer network and net look accessible. Resource is
It's about securing communications between components in a system
it could be system the system. It could be component to component
and, in some cases, even human to computers such as your Bluetooth connectivity and so on.
Let me start by going through some of the common issues in network security.
WiFi has always been a very common target among criminals because it is usually not well protected, and people do not pay too much attention to it.
do not forget other wireless protocols like Bluetooth, NFC. Those are also part off your network
in terms off protocols. There are some protocols which I've been deprecating over the years and should not be used. For example, use sshh instead of tell Net are https instead of http and so want
theater aspect off network security would be the physical address Mac address are often spoofed in an attack.
Now, thinking about what you know what you have read.
Can you list up anymore? Network security issues give a few minutes to think about. This
will cover the answer's in the next slide.
Now pieing back to the earlier lesson on threat modeling.
What are some of the common threats in the network security areas.
Well, we usually look at them from two perspective. Passive tread are active trip
passive treads are things like wiretapping
Traffic analysis for information gathering
in an active trek could be my wear a denial of service attack D. N s Moving men in the middle or E l. P. Poisoning.
These are various ways in which people compromise the network.
Two's use for network security includes blocking tools like firewall intrusion. Prevention systems are network access control systems.
Inspection tools could be network capture or packet capture systems.
And obviously there's the monitoring part, which is locked, locked analysis, network, visibly tools and so on
in terms of techniques, their security policies and force mint can be done in various ways. It could be a rail time enforcement, such as using firewalls and i ps.
It could be passive technology assessment like an ideas intrusion detection,
which just alerts you instead of blocking.
It could be human audits doing non technical compliance check, and it could be a simple as using contractor compliance, having appropriate use policies for your employees.
Knicks will touch on applications security
application Security refers to the hardening of an application to prevent it from being misused or exploited. Now it is not just caught scanning.
Most more than applications run on a platform could be a doctor container. It could be a J two ee EP server. So therefore, application security also depends on your platform security,
and we need to consider the security off your configurations, secrets, passwords and logging.
Some very common application security traps
Again we look at them in passive and active treats. Impassive traps. It could be wiki management.
are things like plain text communication and plain tech storage of credentials.
Active treads could be
across like scripting sequel injection, brute force Attack Men in the middle and session replace
applications. Security. It's a very large topic
and extremely in demand skill today, or just briefly cover some of the ways that applications security can be in force.
We can look at it from inside out from the court. Weaken do coat scanning like white box scanning, peer reviews, all tracing functions to requirements,
systems Testing's. We could do black box penetration tests or the employees use often application firewall.
In terms of availability, we can make sure that we do sufficient look, testing's performing testings and also the dependent systems
for the platform. In terms of the database, we can look at database activity monitoring limited access channels only. Allow certain applications to top 27 databases and make sure that the configuration management this well managed
on containers. We have to make sure that we do the proper isolation and the use of see groups are set calm. If you're developing on a lyrics platform
on the lower right hand side, I put a little diagram on fuss testing. Fuss Testing is employed on a lot of applications, including Web applications on mobile applications to test various inputs to see if we can get unexpected results from systems
moving onto endpoint security. Endpoint security covers the end device of A systems usually concerns with service computers, your desktops,
but also extends to mobile tablets, wearables and so on.
It is one of the most difficult areas to control
due to the sheer volume and the diversity off devices.
Very good way to look at endpoint security that the use of locket, Martin's cyber kill chain.
It goes to this various stages off how malware can be weaponized and used in an attack on end points.
There is a lot off materials available online about cyber cute chain. I encourage you to look for it and start reading a little bit about it
as the end point in something very familiar to most people.
I think the treads are also fairly familiar.
It could be the virus ransomware advanced persistent threat, malware, key loggers, phishing attacks and so on.
Other than the typical binary mall where there is an increased use off scripts like Power Shell Script, for example, to infect computers, some off the more common and points agree tools with the anti virus used the use of white listing
off for both application and devices.
Some advanced type of protection would be your 80 hour, which is en Pointe Detection and response, and the LP security
on. Lately, there's been an increase in deep learning Edie Oh, solutions like silence, deep instinct and so on.
are designed to learn your behavior and block anything that is abnormal.
OK, it's now time for another exercise following on from the last exercise. See if can identify some threats and mitigation countermeasures around network application and end point in the diagram
that you managed to identify additional controls, which you did not understand before.
And did you understand more threats now with more understanding off the subject?
So these are some off the potential treads and mitigation that I have it. It's not complete, but this is how I would begin.
OK. In summary, we briefly covered the tree areas off network security applications, security and endpoint security.
Hopefully, this gives your better idea off the different tools and techniques available for each area
in the next lesson. Who will cover more areas
that identity in excess management
and data protection?
If you have time, please join me in a next session. Thank you.