Information Systems Hardware

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there and welcome to
00:00
our next lesson, Information Systems Hardware.
00:00
In this lesson, we'll be covering hardware components,
00:00
some of the hardware devices,
00:00
that you're likely to encounter,
00:00
universal serial bus,
00:00
commonly known as USB,
00:00
risks and controls, and RFID.
00:00
Let's begin. Hardware components and architecture.
00:00
Now, I probably have
00:00
mentioned this previously in a lesson here,
00:00
is that the size qualification
00:00
is not necessarily a technical qualification,
00:00
but it does have
00:00
some requirements to actually know what you're auditing.
00:00
If you're coming from an IT
00:00
or a systems engineering background,
00:00
then this area should be easy for you.
00:00
If you're coming from an auditing
00:00
or more of a business background,
00:00
this might be a little bit more
00:00
challenging, but rest assured,
00:00
as long as you have an idea or the general overview of
00:00
how things fit together and generally what they do,
00:00
it might get a little much more technical than that.
00:00
In terms of hardware components and architecture,
00:00
we're looking at a couple of key things.
00:00
Processing components, so CPUs basically and
00:00
the CPU breaks down and consists
00:00
of elements such as arithmetic logic unit,
00:00
control unit, and internal memory.
00:00
We've got other key components that you encounter,
00:00
such as motherboard, RAM,
00:00
ROM, permanent storage devices,
00:00
and the power supply unit,
00:00
as well as the input output components.
00:00
In terms of enterprise devices,
00:00
there's a number that you're likely to encounter.
00:00
Print servers, which essentially
00:00
manage the printing requirements,
00:00
file servers, main file storage
00:00
for the organization, any application servers.
00:00
These can be at service that
00:00
will provide the applications for the organization.
00:00
Web servers, which I'm sure we're all
00:00
familiar with being Internet users,
00:00
supercomputers depending upon the type of organization.
00:00
Certainly in science and engineering areas,
00:00
this might be quite common.
00:00
Mainframes which are still used quite heavily in
00:00
the financial industry and
00:00
high-end and mid-range servers.
00:00
Some additional enterprise devices you'll
00:00
encounter will be just referred to as appliances.
00:00
These can be Internet of things,
00:00
they could be everything from the
00:00
building alarm system controls,
00:00
access controls,
00:00
or any network or Internet connected device,
00:00
such as the Internet of things.
00:00
Database servers, these are obviously
00:00
key for organizations and they're your data stores.
00:00
Proxy servers, which is security mechanism which
00:00
enables you to obfuscate
00:00
the requests out to the Internet for example.
00:00
Smartphones, tablets, or any other
00:00
handheld devices which are quite common,
00:00
laptop computers, think like
00:00
computers and personal computers.
00:00
Universal serial bus or USB.
00:00
It's serial bus standard that interfaces with the host.
00:00
It's a way for you to connect a device,
00:00
to talk to and to gain
00:00
services and transfer information data,
00:00
or even power from the device to the workstation.
00:00
It's basically designed to allow
00:00
connection of a large number of peripherals.
00:00
Its current standard is USB 3.1 and that's capable of
00:00
transfer speeds of up to 10 gigabits per
00:00
second and in the enterprise,
00:00
it's the most common portable storage
00:00
that you'll often find,
00:00
whether, that be in the form of
00:00
thumb drives or portable hard drives.
00:00
Given the other means of secondary storage,
00:00
such as floppy drives and even CD ROMs,
00:00
these days are becoming less common.
00:00
Risks related to USB.
00:00
Viruses and other malware.
00:00
These can be basically transferred from
00:00
a unsuspecting users machine to
00:00
the corporate environment or in some cases,
00:00
they can even be embedded in the actual firmware
00:00
of the USB device on the production line.
00:00
Data theft is another key thing.
00:00
The portability or/and the utility of
00:00
the USB thumb drive makes
00:00
its own worst enemy to a large degree.
00:00
Data and media loss,
00:00
the lifespan of USB is
00:00
not as significant as other forms of storage.
00:00
Often cases, if you're using
00:00
a USB thumb drive for a large amount of read and writes,
00:00
the lifespan could very well decrease and that leads to
00:00
obviously corruption of data
00:00
and obviously the loss of confidentiality.
00:00
Data can be transferred very simply from the network into
00:00
the USB device and
00:00
that can often have confidentiality issues.
00:00
A couple of security controls that are in
00:00
place in organizations for USB or USB thumb drives.
00:00
Encryption is a big thing that's primary,
00:00
that can either be basically hardware
00:00
or software based encryption.
00:00
There's granular control.
00:00
Often cases, a lot of organizations will permit
00:00
certain types of USB devices and not allow others,
00:00
or even down to the individual device,
00:00
and specific device itself.
00:00
Security personnel education, that's obviously key,
00:00
so people have an idea of
00:00
exactly what the issues
00:00
are around the use of these devices.
00:00
Desktop blocking, policy enforcement is a key,
00:00
if the desktops are locked,
00:00
then people have less chance
00:00
to ex-filtrate data with the USB drive.
00:00
Antivirus policy is very key.
00:00
Ensure that if any malware does exist on the USB devices,
00:00
they can't do too much damage on the system.
00:00
Use of secure USB devices only, in other words,
00:00
ensuring that only encrypted devices can be plugged
00:00
in and the inclusion of return information.
00:00
If found, please return to your organization address.
00:00
Now, radio-frequency identification,
00:00
or RFID, is another device.
00:00
And what this does is basically use
00:00
radio waves to identify tagged objects.
00:00
Now these is usually in a very
00:00
small radius, limited radius,
00:00
which vary depending upon the type and model
00:00
of the RFID chip
00:00
itself and the microchip
00:00
stores information about the tagged product.
00:00
It has also built in antenna that will
00:00
transmit information to an RFID reader.
00:00
What are the applications of RFID?
00:00
Key one is asset management.
00:00
Large warehouses will often
00:00
tag all the stock to keep track
00:00
of it within the warehouse or
00:00
as it leaves and enters a warehouse.
00:00
Tracking of devices.
00:00
Often cases for asset tracking
00:00
within an organization, for example,
00:00
there might be RFID devices placed on
00:00
laptops or portable devices so
00:00
they can determine where they are in the organization.
00:00
Authenticity verification.
00:00
An RFID tag can be used as a form of authentication.
00:00
We also have process control,
00:00
access control, and supply chain risk management.
00:00
Risks associated with RFID.
00:00
One could be business process.
00:00
If RFID is key to the asset tracking and management,
00:00
then basically the process of tracking has to be still
00:00
mature and robust enough
00:00
regardless of the technology will do for.
00:00
Business intelligence risk, the transmission of
00:00
RFID signals can often be picked up by
00:00
competitors who might be able to
00:00
gain some competitive advantage.
00:00
That lays under privacy risks,
00:00
so it is a transmitter,
00:00
so it is transmitting information
00:00
which could be picked up by
00:00
adversaries and externality risks.
00:00
It can basically provide
00:00
information outside of the organization which can
00:00
produce an unknown risks to threat
00:00
actors who might be looking at your business.
00:00
Now there's three main security controls: management,
00:00
operational, and technical.
00:00
Management is basically at
00:00
the policy level to ensure that the use
00:00
of the RFID tags are used judiciously and appropriately,
00:00
and so that the information that they are transmitting,
00:00
it has been reviewed and is determined to be not
00:00
sensitive or sufficiently protected by the organization.
00:00
Operational, ensuring that
00:00
the technical implementation of
00:00
the RFID controls actually support
00:00
these management policies and
00:00
obviously the technical things such as ensuring
00:00
that the footprint of
00:00
an RFID transmitter doesn't exceed the warehouse,
00:00
that it's stored in for example.
00:00
That's our lesson. Basically we've covered
00:00
hardware components and again, as a stress,
00:00
if you don't have a technical background,
00:00
don't worry too much,
00:00
it really is a case of getting
00:00
a very general understanding of
00:00
how devices sort of fit together.
00:00
You won't be asked to come
00:00
translate binary in this type of course.
00:00
We've covered some of the devices,
00:00
USB's risks and controls, and RFID tags.
00:00
I hope you enjoyed the lesson
00:00
and I will see you at the next one.
Up Next