Mitigating Internal Risks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> We just talked about mitigating external risk by using
00:00
firewalls and dividing our network
00:00
up into zones of trust.
00:00
Let's focus a little bit more
00:00
inside the firewalls on our internal network.
00:00
We're going to start off by talking about
00:00
protecting the end points,
00:00
so the individual client systems;
00:00
the laptops, the desktops,
00:00
perhaps even tablets and smartphones,
00:00
if they fall under our realm
00:00
of responsibility for protection.
00:00
There are just some good all-purpose rules
00:00
regardless of the type of
00:00
system that you're working with that we want to
00:00
follow in order to harden these systems.
00:00
You might hear harden,
00:00
you might hear reducing the attack surface,
00:00
but the idea is to limit the range of services, systems,
00:00
hardware, software,
00:00
on a system that would be desirable to an attacker.
00:00
So remove unnecessary services.
00:00
If you don't need it, get rid of it.
00:00
Now that being said, of course,
00:00
we have to have processes and procedures in place to make
00:00
sure that we don't just make random changes to systems,
00:00
we don't just decide, Oh,
00:00
I don't know what IP does,
00:00
let me disable that.
00:00
We want make sure that we have restrictions in
00:00
place for configuration and change management.
00:00
But what I mean in
00:00
this instance is as a security professional,
00:00
when I'm assessing
00:00
the end-user baselines for these systems,
00:00
I want to make sure that what's in
00:00
that baseline is necessary.
00:00
If it's not, I'm going to write up a change request and
00:00
see if we can't remove these unnecessary elements.
00:00
Everything you add to a system creates
00:00
a point of vulnerability
00:00
so if we don't need it, we get rid of it.
00:00
The second bullet point, patch systems.
00:00
It is written, 'Thou shall patch thy systems.'
00:00
Ninety percent of the time when we hear about these,
00:00
and I'm totally making up that statistic by the way,
00:00
but when these various
00:00
attacks by the time they get full-blown,
00:00
we start to hear about them on the news.
00:00
Many times, there has been a patch out for months
00:00
to show up the vulnerabilities
00:00
that allow these attacks to take place.
00:00
But patching gets behind,
00:00
we get further and further behind because we want to test
00:00
the patches before we roll them out
00:00
and we get a lot of systems,
00:00
a lot of patches.
00:00
Microsoft has what they call
00:00
Patch Tuesday and a lot of patches are released.
00:00
As a network admin,
00:00
having to go through those patches
00:00
requires a strong patch management system in place,
00:00
which we'll look at in just a minute.
00:00
Patch systems; rename administrative and guest accounts.
00:00
Every attacker in the world knows
00:00
Microsoft comes with those two accounts by default,
00:00
you want to make sure that they're
00:00
disabled if not in use,
00:00
obviously the administrative accounts would be in use.
00:00
The guest account is disabled by default,
00:00
but go ahead and rename those as well.
00:00
Make sure that any default settings that would
00:00
present an entryway into the system or into resources,
00:00
change those default settings.
00:00
A lot of times things are set up
00:00
for ease of use straight out of
00:00
the box and we want to make
00:00
sure that we harden our systems.
00:00
Now I'm not going to read every one of these to you,
00:00
but you can certainly see, install anti-malware.
00:00
The best way to deal with viruses and malicious code,
00:00
just don't get it, just don't get infected with it.
00:00
The best way to just don't get it is to have
00:00
anti-malware software and to keep it updated and to scan.
00:00
Make sure that our baseline images are secure,
00:00
and make sure that we verify that
00:00
the workstations are in
00:00
compliance with the baseline configuration.
00:00
Again, strong configuration,
00:00
strong change management policies
00:00
in place so that
00:00
end-users can't manipulate that baseline image.
00:00
We'll talk about configuration and
00:00
change management in just a few minutes.
00:00
Remote access tools are dangerous,
00:00
they should not be part of the baseline image,
00:00
any sort of remote access.
00:00
Encrypt your data.
00:00
Then this last bullet point, virtual desktop interface.
00:00
Ultimately, this is
00:00
an environment in which you're running
00:00
applications on a remote server in a virtual environment.
00:00
When we have that element,
00:00
we have to make sure that our server is secure,
00:00
the pathway of communication is secure,
00:00
and that the clients themselves are secure.
00:00
So protect your end-user workstations,
00:00
these initial points of connection.
00:00
I just mentioned how important patch management is,
00:00
so I just wanted to show you the phase
00:00
of the patch management life cycle
00:00
and some of the processes that are involved.
00:00
Again, I'm not going to read this whole process.
00:00
But like I said earlier,
00:00
when we hear about these,
00:00
by the time these threats make it to the TV,
00:00
to the news agencies,
00:00
and by the time they become well-known,
00:00
usually, there has already been a patch release.
00:00
Many times, months ahead of time,
00:00
we get behind in patch management,
00:00
we have to do better.
00:00
Patching our systems is one of
00:00
the biggest defenses we have
00:00
against all these different types
00:00
of malware that we hear about today.
00:00
So we got to have a way to prioritize our patches,
00:00
not all patches are created equally.
00:00
Those critical patches,
00:00
those security patches need
00:00
to get moved to the head of the line.
00:00
We also have to have a process where
00:00
we are able to test patches because
00:00
you wouldn't be the first person to
00:00
roll out a patch and have
00:00
it create difficulty in your production environment.
00:00
Sometimes patches don't play
00:00
nicely with other software that are on systems,
00:00
so we've got to test it,
00:00
and you got to build time in for that.
00:00
We roll out the patch,
00:00
we monitor and ensure that the patch is providing
00:00
the additional security that it's supposed to
00:00
while not causing problems with other operating systems,
00:00
other applications, other processes that are going,
00:00
and we continue on with this process.
00:00
We're never done with patch management,
00:00
it always continues and continues.
00:00
Now, the same idea with vulnerability management,
00:00
that's a process that doesn't stop either.
00:00
With vulnerability management, we examine our systems.
00:00
Now, this is
00:00
our information systems, but I'll tell you,
00:00
vulnerabilities are bigger than just IT vulnerabilities.
00:00
So with vulnerability management,
00:00
we have to examine our systems,
00:00
look to see if we have exploitable vulnerabilities.
00:00
Certainly, we want to focus on this definition,
00:00
focusing on the IT aspect of it.
00:00
But as security professionals
00:00
and as risk management professionals,
00:00
we know that the categories of vulnerabilities,
00:00
you can look at physical vulnerabilities,
00:00
you can look at
00:00
policy-based or administrative vulnerabilities
00:00
so don't neglect those other categories of
00:00
controls in lieu of
00:00
information security controls or the technical controls,
00:00
it all has to work together.
Up Next