Hardening the System Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> After we've hardened the facility,
00:00
the next step is to harden the network.
00:00
Now, we've already talked about every item listed here.
00:00
I'll just remind you of the basic things.
00:00
Make sure your network devices are physically secure.
00:00
Make sure the doors are locked for access.
00:00
If you're going to allow remote administration,
00:00
makes sure you're forcing a protocol that's secure.
00:00
Don't allow rlogin or Telnet or FTP.
00:00
Instead, use SSH or SSL to connect.
00:00
Then there's also SNMP for network monitoring.
00:00
If you're going to do that, make sure
00:00
you were using Version 3.
00:00
Separate your network.
00:00
Isolate trusted from untrusted.
00:00
Make sure all your sensitive info
00:00
is going across the network encrypted.
00:00
That doesn't happen by default,
00:00
so you need to put something in place like SSL or SSH,
00:00
or perhaps even IPSec.
00:00
Using HTTPS means you are using TLS SSL.
00:00
Scan your network. We're going to talk
00:00
about that in a bit, monitor your network.
00:00
Limit remote access.
00:00
Obviously, we can't get along today
00:00
without allowing remote access.
00:00
But limit this as much as you
00:00
can and make it as strong as you can.
00:00
Make sure you have strong authentication with
00:00
at least two factors of authentication.
00:00
If it's not necessary, get rid of it.
00:00
That being said, we don't just make changes
00:00
haphazardly to a system or a system baseline.
00:00
But when we determine that we aren't
00:00
using a system or service anymore,
00:00
we need to act to make sure
00:00
that system or hardware can be removed.
00:00
It needs to go through
00:00
>> the proper change control process.
00:00
>> It's like IPV6.
00:00
Many people don't think they are
00:00
using IPV6 on their network.
00:00
But they may be because there are a lot of
00:00
name resolution services and
00:00
other services that require IPV6,
00:00
so it may be in use.
00:00
To make sure the system is secure,
00:00
always apply the latest updates,
00:00
service packs, and patches.
00:00
Be sure to change your default settings and
00:00
configurations because those are
00:00
so easy for an attacker to find and exploit.
00:00
Make sure the security tools that
00:00
are there are being used.
00:00
Turn on auditing and firewall tools.
00:00
Don't forget physical security
00:00
>> like we already discussed.
00:00
>> Make sure you have captured an image of your system,
00:00
so you have a baseline of
00:00
the system in case you need to reinstate it.
00:00
We talked about how people often
00:00
don't create secure applications.
00:00
We need to start planning for a secure product from
00:00
the beginning instead of trying to
00:00
secure one after it's already been developed.
00:00
How do we do this?
00:00
Secure the software development lifecycle.
00:00
Start talking about security from
00:00
the beginning and continue
00:00
all the way to the product's end of life.
00:00
Implement security in the design.
00:00
One of the most important security features
00:00
in software development is to validate input.
00:00
That way you don't have garbage in, garbage out.
00:00
The garbage tends to come in through your web forms,
00:00
which allows people to enter
00:00
directly into your back-end database.
00:00
Validation will return an error if
00:00
the user enters something that
00:00
>> doesn't meet requirements.
00:00
>> Sanitation will clean up when
00:00
a person enters to fit the rules.
00:00
Fuzzing tests are tests that determine
00:00
whether a proper input validation is occurring.
00:00
But an attacker can also use fuzzing to
00:00
determine vulnerabilities in the application.
00:00
It's best to use it in an
00:00
offensive matter to prevent that.
00:00
Certification and accreditation
00:00
>> ensures that software has
00:00
>> been built to the requirements,
00:00
including security requirements.
Up Next