hello and welcome to another penetration testing execution Standard discussion Today we're going to discuss
the identification of protection mechanisms at different levels within our network, said this is going to be, ah, high level discussion about some things we should look for or do or be aware of with respect to those protections.
And we're not going to get into how we bypassed those protections or anything of that nature in this particular discussion.
Now the Pee test videos do cover tools and techniques that could be used for system hacking. Any tools discussed or used during any demonstrations should be researched and understood by the user.
Please research your applicable laws and regulations in your given area to ensure that the use of such tools is legal or that you're not violating any laws by using said tools.
today's objectives, as we said, or really to just look at some things we should be doing or should have implemented at each of these levels in order to protect systems or that could be used to protect systems that we're gonna look ATT network based protections, host based protections. We're gonna look at application level protections,
storage protections and user protections. We're not going to get into detail about any particular area. We're not again looking at bypass mechanisms or anything of that. Nature were purely just building awareness of some things that are mentioned within the pee test standard that we should be looking for or aware of with respect to each of these layers.
Now, some network based protections on things that we can implement. So simple packet filtering definitely beneficial there. So that's also known as, like access control this. Or if you've got a firewall between the different network segments, you could do some packet filtering there as well,
and that would just mean if the if the information is allowed, it would be accepted. If it is not, it would be blocked or denied and wouldn't be allowed to traverse the network.
You can implement traffic shaping devices the LP system, so deal data loss prevention systems were great.
If you're in a compliance based environment, you need to ensure that health information or protected information isn't mishandled or signal accidentally. These systems aren't perfect, but they're definitely their toe Adam extra layer of protection just in case the human element kind of slips up
encryption and tunneling or tunneling is also beneficial. As we discussed,
I had a client that was using an SQL database,
said Daddy. Base was supposed to be sending information encrypted across the network upon doing some packet sniffing on the network. We found that the database information was being sent and received in plain text.
And so, you know, perception and and the way we think something is implemented is one thing. The way it looks in reality is another. And so being aware of how to test these tools or test these, these different areas like packet filtering, ordeal P or encryption is going to be beneficial and validating that risk reduction
tools and techniques are actually helping to reduce risk.
Now let's talk about some host based protections. Eso we've got stack, and he protections that we can implement application white listing so anything that shouldn't be installed on the system should otherwise be blocked or blacklisted.
We can implement things like a V filtering and behavioral analysis in the form of detection and response systems or an of ours that's either behavioral based or signature based in nature.
You can also implement host based deal P systems, which that in tandem with network based Deal P systems, could be really beneficial in reducing the ability of a person to accidentally or maliciously sin
protected data sets out of the network.
One of these things in itself will reduce risk, but it's best to look at each of these protection areas and then implement them in a way that dovetails with your security policies and your overall goal for risk reduction.
Now some application level protections that we can implement. We can identify certain application protections that are native to the application, So if the application has built in protections, we'd want to identify what those protections are. We wanna look at encoding options,
potential bypass avenues for the applications and
whether or not we can do white listing of particular pages and things of that nature.
One of the areas within applications that we may want to look at protections would definitely be with respect to like buffer. Overflow definitely would need some skill sets there to understand how memory works and how the different protections within memory
allowed us to prevent buffer overflow and also how to test for that and debunk applications
that's a completely different discussion. And if you're interested in getting into the details of buffer overflow attacks and how those work and how to prevent those and protect against them, there are definitely some additional courses out there that can assist you and understanding how that looks and how to properly code applications to protect against buffer overflow.
Now some storage level protections that we should take into account h B A. At the host level, we can do unmasking. You know how we set up the storage controller as far as protecting that infrastructure.
And then we can implement a chap secret so that if you don't have that information, you can't just connect to the
particular storage device
and then user base protections are pretty much the old school areas here with respect to a B and spam filtering that we would implement those particular Softwares. And so software configurations, which limit exploit ability, could also be considered anti spam and anti virus type protections.
Something that we don't have listed here. That's kind of up for debate would be end user training, which in my mind, is a user protection. We're training the populace with respect to how to identify and avoid attacks,
but that would be up for debate. But at its core, if we're talking about Softwares and we'd be looking at anti spam and anti virus type implementations to protect end users and the end user devices.
Now let's do a quick check on learning which of the following is a network based and host based protection mechanism that we mentioned.
So which of the following his host based and network based is far
mentioning those protections?
So traffic shaping devices were not mentioned in two categories. White listed pages were not mention that was only in one area stack. He protections were only mentioned in one area, but we did mention that there is network based and host based DLP
systems. It could be implemented again deal P systems or beneficial when trying to protect health care information
or other forms of sensitive data sets that otherwise could be controlled by compliance requirements or just in general. If the organization is trying to protect its proprietary information, it's intellectual property deal P systems can be very beneficial in protecting those systems.
we looked at and discussed network based protections we looked at and discussed host based protections, application level protections, storage protections and usual protections.
There are plenty of other resource is out there where you can get into the nitty gritty of bypassing these protections as well as implementing them, and I encourage you to go out and look at any of the given areas
that you would have an interest in. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.