Now, this list of virtual ization systems controls
again, whether your virtualized environment or not, these controls are valid and not just valid but necessary. You know, to me, the principal
of security is isolation. If you were to say, Kelly will pay you a whole lot of money, come out to our office and give a presentation on security. But you only get five minutes. You know, I'd come out and say, Isolate,
keep your protected. Keep your valuable resource is away from untrusted into these.
Thank you for having me give me my check.
And that's what I'd say if all I had was one thought to import isolation.
You have. What's yours? Your resource is
you're valuable resource. Is that air helpful to you? They mean something to your organization. Keep that away from untrusted entities, right? Don't allow access from the Internet end. That's unfettered, er unprotected. So always separate, trusted from untrusted.
The way we do that is we do sub nets. We give various networks, you know, we got one network is a whole, and we submit our network
and we used those a security salts
villains essentially right. We used to think about doing the sub knitting with routers. Now we do it with the lands. We do it with their virtual switches. Find isolation. Are DMC is a different area of trust. You know that's not fully trusted cause we're gonna allow its external users there. But
it is two degree trusted cause Our configuration controls access.
So making sure that any type of movement from one network to another, uh differently or trust ghost or an inspection process physical segmentation. What's the best way to secure network computer? Pull it off the network. All right. Encryption? Yes.
Secure images with data loss prevention systems,
firewalls, auto generated logs. We talked about data loss prevention systems early on in the first chapter, we just talked about how, uh, DLP systems evaluate ex filtration of certain data types. So are we seeing
certain types of information like credit card numbers or,
you know, any sort of file format being pulled off the network we want? We want to know about those
the biggest issues for networking making sure we're using secure protocols and that our cloud service provider is using secure protocols to protect data on the network.
Our protocols haven't traditionally been designed for security, just for function. So we have to make sure that we use secure protocols.
Um, separate management playing? Yes, detective controls goes back to layer defense. We don't just have preventive
right, because if we just have preventive controls, that's like saying no one can ever compromise us because our controls air so good. Well, we have detective controls in case they do compromise, because the key is to be able to detect that as quickly as possible. We just read about a compromise with, um
ah, hotel change. And they have a massive compromise of customer accounts and, ah, piece of customer information that went on over a period of years. Saw that at a department store as well and never surprised that an organization as a compromise compromise has happened.
But I'm always stunned that we have an ongoing compromise across four years, three years, one year,
three weeks, you know, where was our detection piece missing? And I'll guarantee that those organizations that are victimized will go back. And the first question asked is, How did we not detect this sooner? Right. So detective controls intrusion detection systems and intrusion prevention systems
analyze traffic on the network. But I'll tell you the one thing honestly, that's not here for controls,
work on training your people not to fall for social engineering attack. Stop clicking on links and email. Stop giving people passwords. Stop revealing information that might be essential to get onto a system. And that's this clears. I can say it. You go back and look. Att, all of thes preaches.
every single breach started somewhere along the line with the social engineering attack and the easy answers will train your people.
I can't train people anymore to stop clicking on links and e mail. I get sick of saying it and I say it 20 times a day. Even when I'm not in class. How much more training to people need? We all know we're not supposed to click on links and e mails, and everybody still doesn't. So
I will step off my high horse there. I just want to get that out of their intrusion. Detection and prevention systems
are helpful for detecting malicious trap
Here's a server. If you're looking to do something malicious, look, isn't this server appealing that's called the Honey Pot It's a distracter. It's a decoy. There is a fine line, though, between enticement entrapment, and we need to make sure that our system, though it may be enticing, does not entrapped.
Click here to download free music and then be trying to prosecute you for clicking there. That's entrapment. I've persuaded you to do something right. Enticement. Well, you're looking around. How about over here? Doesn't this look good? Very different,
All right. We talked about secure erasure of data, of information, making sure that we've cleared of remnants and something that's very, very helpful. Another huge benefit of virtual ization is the feature for snapshots.
Take a click an image of your system as it is very quick and very easy to do. That's a great way to restore your system to how it was before an event. It's also good for investigative purposes,
so conducting snapshots, backups, re imaging of the system or or taking images of the system on a regular basis
certainly helpful with virtual ization