Hardening Devices

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> One of the main strategies we've talked about for
00:00
protecting data in the Cloud is hardening devices.
00:00
Now although these are
00:00
maybe virtualized devices and
00:00
servers and applications in the Cloud,
00:00
hardening is a key strategy for protecting data.
00:00
In this lesson we're going to talk about
00:00
what hardening is and why it's important.
00:00
Some of the hardening methods
00:00
and hardening best practices.
00:00
Simply put, hardening is
00:00
decreasing the attack surface. What does that mean?
00:00
The attack surface refers to any of
00:00
the components of your system that an attacker
00:00
could potentially find vulnerabilities in to access
00:00
your data and compromise your system or escalate
00:00
privilege or gain some of the
00:00
>> access they shouldn't have.
00:00
>> Hardening is really key security hygiene to ensure that
00:00
your devices have as
00:00
little opportunity for exploitation as possible.
00:00
Some of the main methods of hardening
00:00
include guest account removal.
00:00
Sometimes for maintenance reasons
00:00
or because there's very as you may have,
00:00
other third parties that have access to your system,
00:00
there may be various guest accounts.
00:00
They really should be removed or
00:00
only exist for as long as they are necessary.
00:00
Leaving these guest accounts or forgetting to
00:00
remove them after an engagement
00:00
creates an opportunity that they are maybe left
00:00
unsecure or exploited by a threat actor.
00:00
Unused ports should be closed.
00:00
Ports are essential for connecting
00:00
services on devices in the Cloud.
00:00
However if you have
00:00
a port that's open or a misconfiguration
00:00
enables an attacker to
00:00
identify a port or there's a misconfiguration,
00:00
that they are able to get some information
00:00
through a run and get access to
00:00
your system, it could be very bad.
00:00
You should use port scanning to
00:00
consistently see what ports are open to
00:00
the outside world and really make sure that
00:00
the rules are configured so that
00:00
>> the ports are shut off.
00:00
>> No default passwords.
00:00
It's often a common thing that when new
00:00
pieces of hardware or new software,
00:00
there's sometimes a default password
00:00
that comes with the system that should be changed
00:00
immediately and a strong password
00:00
of increased length and
00:00
complexity should be put in place.
00:00
That takes us to strong passwords.
00:00
The password should be long.
00:00
It should have a certain level of complexity.
00:00
There's some controversy of
00:00
whether or not alpha numeric complexity
00:00
even really matters.
00:00
But the length of the password truly
00:00
is the key for increasing
00:00
the amount of cryptographic power that's
00:00
necessary to break the password.
00:00
It may seem like a no-brainer to use strong passwords,
00:00
but over and over again,
00:00
organization show up in the news
00:00
>> and get embarrassed when
00:00
>> a weak password leads to a compromise.
00:00
The most recent solar winds compromise,
00:00
the update server had the password solar winds 1234.
00:00
The company blamed it on an intern and
00:00
although they may be
00:00
able to blame it on a person who's inexperienced,
00:00
it shows that there wasn't
00:00
necessarily effective training and
00:00
standards to enforce password strength.
00:00
That should be something you should consider in
00:00
your password policy and how
00:00
passwords are configured within your system.
00:00
Secure admin accounts with logging.
00:00
You want to know if
00:00
anyone has administrative credentials,
00:00
that their access is reviewed and
00:00
that any actions they take are logged and monitored.
00:00
As soon as a bad guy gets those admin credentials,
00:00
they really are able to do
00:00
a lot of damage in your system.
00:00
Control physical access, although
00:00
this is less applicable in the crowd,
00:00
if you're the service provider
00:00
in this case you really need to ensure that people
00:00
don't have access to workstations where
00:00
they might be able to do inappropriate things.
00:00
That also goes for Cloud customers as well.
00:00
To ensure that someone couldn't
00:00
>> physically gain access to
00:00
>> a machine of someone who had escalated privileges,
00:00
is also important in a physical sense.
00:00
Then one that's very important is patching.
00:00
Although it makes sense, oh yeah,
00:00
when vulnerabilities are being discovered all the time,
00:00
they should be patched and addressed.
00:00
But we've always talked about
00:00
>> the business needs driving
00:00
>> security and many businesses
00:00
>> are hesitant with patching.
00:00
>> Patching can break systems,
00:00
patching can disrupt the performance
00:00
of applications that customers are using.
00:00
There's always a double-edged sword
00:00
when it comes to patching and
00:00
some organizations really it's
00:00
difficult for them to find the balance.
00:00
Many well-run organizations have
00:00
patching as a completely different function,
00:00
all patches obviously be tested before being applied.
00:00
But your organization needs
00:00
to establish the appropriate patching cadence for
00:00
their risk tolerance and try to patch
00:00
major or critical vulnerabilities as soon as possible.
00:00
Let's reflect a moment.
00:00
How are hardening standards
00:00
>> enforced in my organization?
00:00
>> A lot of times people don't
00:00
necessarily think about these things,
00:00
but this really is the brushing your teeth aspect of
00:00
security and essential to protecting data in the Cloud.
00:00
You should really ask how
00:00
hardening standards are enforced.
00:00
It's important and you
00:00
might not like what you find or you might be
00:00
pleasantly surprised by how mature
00:00
your organization's approach to hardening is.
00:00
How certain am I that
00:00
hardening standards are consistently applied?
00:00
Regardless of your role,
00:00
whether you're a technician or not,
00:00
being able to see and
00:00
understand how hardening standards are consistently
00:00
applied in the Cloud is very important.
00:00
Many Cloud platforms have
00:00
machine images and Amazon has AMIs,
00:00
machine images that help you
00:00
enforce a particular hardening standard
00:00
whenever a new server has spun up in the Cloud.
00:00
But you should try to figure out how does
00:00
your organization ensure that
00:00
devices are being consistently hardened.
00:00
Then how is the hardening standard
00:00
monitored at my organization?
00:00
We talked about ports being
00:00
open to address areas
00:00
and how they should have a port scanning,
00:00
is necessary to make sure that nothing
00:00
is opened when it shouldn't be.
00:00
But how are you certain
00:00
that effective monitoring is going on to
00:00
ensure that your devices are as hardened as possible?
00:00
In summary we've talked about
00:00
the importance of hardening,
00:00
really shrinking that attack surface
00:00
to the minimum necessary.
00:00
We've talked about lots of common hardening techniques
00:00
such as strong passwords,
00:00
getting rid of administrative accounts,
00:00
closing ports, making sure that
00:00
vulnerabilities are passed in a consistent cadence.
00:00
Then we also talked about the considerations
00:00
for hardening standards and
00:00
monitoring that you really want to make sure
00:00
that whatever standard you're putting in place,
00:00
you're doing effective monitoring to ensure
00:00
that it is actually being done and carried out.
00:00
I will see you in the next lesson.
Up Next