9 hours 49 minutes
the next topic and access control is the power of administrative controls. When we see administrative controls, these are the policies that come down from management and leadership.
We've already talked about these in several different sections, but it's worth just emphasizing the importance of controls for management and the importance of enforcement policy is only good as its enforcement. I really believe in that if there's ever a certain space along the highway robbery hit the brakes, slow down, make sure you're just going 55 miles an hour. Chances are pretty good.
It's because you've seen somebody pulled over there.
Enforcement is what it's all about.
Enforcement encourages others to follow the rules. When we put policies in place, like acceptable use policy or privacy policies or security policies, we have to enforce them.
Also important, of course, on boarding and off boarding procedures. We've discussed the importance of nondisclosure agreements of making sure employees know our privacy policies. If we're going to monitor phone calls or intercept emails, whatever that is, making sure that folks are notified.
Separation of duties is a really important control internally.
Part of the job there for separation of duties is to mitigate fraud and make sure that there are checks and balances in place that no one person goes undetected.
Along with that, we monitor administrative accounts privileges, and that's part of the audit function.
Good changing the figuration management or administrative controls their prevent things like users bringing additional software onto the network.
The reason they prevent it is there's a good part of change. Management strategy puts policy out there. It is impossible for a user to install an application, or we can say users can install applications from this folder only
you've got to take control of our network and find the ways to technically enforced policies. In addition to just relying on, the user is doing the right thing or following the employee Hamburg and the rules. People are easy to trick. They can be easily bypassed if there's ever control that we have in place where a person is responsible, think about adding an automated backup,
things like entrance and egress from the building.
Maybe I have a security guard who is monitoring that access, but I also have a weight plate in front the door so that two people can come in at once or backing up that human element with some technical controls. Because humans can always be tripped,
Humans can always make poor decisions with different motivations. So adding some technical controls as well.
Speaking about enforcing security with technical controls, Let's talk about hashes, digital signatures and encryption.
We're going to spend plenty of time and security, plus talking about the specifics of these. But for now, I want you to know that hashing is there to verify the integrity of a file or of a document.
When I say verifying the integrity, I mean providing assurance that the file hasn't changed.
Hashing produces a digital representation of a file that may be done before I send you the email message. When you receive the email message on your end, your application also hashes a document.
As long as our two hashes match, we can assume that there has been no modification.
That's integrity when I take a hash, which gives me integrity, and that's then encrypts that hash of my private key as a center that becomes something known as a digital signature.
The fact that I've used my private key proves the message came from me. The fact that I've used that to encrypt the hash guarantees integrity.
So the two of those combined give me non repudiation.
You can get an assurance that the message came from me and that the message has not been modified
when we're talking about things like spoofing and impersonation, these are two really important tools for encryption. Of course, you know that we want to take our plaintext data. That's a sensitive nature, and we want to encrypt it before we put it back on the network cable.
Obviously, the goal there is to abdicate the data
an attacker can see. The data is being transported, but if they're able to access the data, they can't read it.
It doesn't mean anything to them. Encryption is a huge step towards privacy. Hashing gives us integrity. Digital signatures gives us non repudiation.
When we look at those things together, we really have a much more secure communication.
You see all three of these things combined with email quite a bit.
Another form of access control as access control us and A. C L is a generic term. We have access control us for files for routers and firewalls as well.
The access control is for a file. If you right, click on a file and go to its properties, then you'll see the various users. There's administrators who have full control, and the permissions are what we associate with file permissions. That's one set.
Another set of access control. Us are the ones you're going to see on firewalls and routers. They're essentially a rule set.
If traffic is coming from the 10 network, then allow it. If traffic is coming from the 172.16 network, then block it.
Access control lists on routers and firewalls usually inspect traffic, looking for things like i P address, port number protocol or even certain types of activities. They follow the standard. If then logic.
Honey pots and honey nuts or other tools are detective. We could add on intrusion, detection and choosing professional systems here as well.
These are detective in nature. The idea is, if an attacker is going to compromise a particular system or a group of systems, we give them what appears to be a vulnerable system. So that way they're distracted.
They work on attacking the honeypot because it looks like an easy target. While they're working on that system activity is being tracked.
The detective tools in the honeypot will help us come back after the fact and see what they were doing and give us an idea of their purpose and skill set
if we take a collection of these honey pots and put them together they referred to as Honey Nut. This term honeypot dates back to the days of the Romans.
There was a specific pathway that Roman soldiers would travel on a regular basis because it was a lengthy pathway. Soldiers would get very hungry and dehydrated. Some of them would even drop from dehydration of hunger.
Their enemies placed pots of honey along the path throughout the trail. Roman soldiers would then see these pots of honey and eat them, and but their enemies had added poison to the concoction, so it wound up just killing numerous soldiers on the pathway.
It was something that looked appealing but ultimately had a separate purpose. That's why the name honeypot
again. Intrusion detection systems and intrusion prevention systems are all part of what keeps our network safe