4 hours 7 minutes
Welcome to less than 6.5 protect protective technology.
So in this video we'll cover the protect function category #5 protective technology and we'll look at how to implement protective technology.
So in looking at the final category under the protect function, um this is really focusing on technical security solutions um and utilizing them to manage to ensure the security and resilience of systems, products, services and associated data consistent with your related policies, processes, procedures and agreements.
So as you'll see here, there are four subcategories and what they're really focused on
is looking at remote removable media um and how that's protected. The principle of least functionality um that your communications and control networks are protected and then mechanisms such as fail safe load balancing and hot swap. Hot swap
are implemented to achieve resilience requirements and normal and adverse situations.
So we're going to get into each of these sub categories over the next couple of slides.
So when we're talking about removable media, how can you constrain this to ensure that you're protecting the network as well as personal data because sometimes the biggest threat can be an insider threat, so you want to make sure that you're locking down removable media or the use of removable media.
So in some companies um when you plug in a USB device into a laptop or desktop computer, the use of that can be logged
and so that may be something that you want to implement so that in the event there is an issue later, um whether that's an intellectual property issue you're able to look in those logs to see who may have access to system um in order to get access to that data, um you can also control access to the data stored on them. Um So uh
employing mechanisms within the removable media device that prevents certain access from being stored there um as well as enforcing encryption requirements for U. S. B. Drive so that in the event it's lost or stolen and there's data on it. Um It may not be a reportable um incidents since the U. S. B. Drive is encrypted
and then it does ensure as well that you're adhering to the principles of data in transit and data at rest being encrypted.
Um You can also disable auto run an auto play functions on removable media. And then lastly some companies have chosen to block USB options from working all together on any of their devices. Um So that a laptop or a desktop would prevent you from even utilizing um removable media device.
Um So just some options to think about when you're trying to think of how to constrain the use of removable media
um as a protective technology in order to protect um uh data.
And then we get into the principle of least functionality. And this is really um your applications or devices are configured in such a way that it only provides access for essential capabilities um Maybe for an everyday user and maybe um some of that functionality
is more available for say privileged users or those that have security roles or responsibilities
but being able to restrict certain functions, protocols, ports and services um does become important. And we saw an example of one of this in the uh constraining removable media slide is that if you prevent
um you know removable media from working at all on any devices, you really are restricting certain
port center services because essentially that USB board wouldn't work for a U. S. B. Drive. Um And then really limiting component functionality to a single function. Um So just some things to think about in ways to continually use um uh protective technology to ensure data protection
and then there's also a focus on communications and control networks. Um So you really want to restrict external connections and interfaces to from and between specific machines. Um There may be uh machines that have certain sensitive data on it that you may want to protect,
um that you may um enable this as well as sometimes disabling wireless access.
Um You can prevent the remote execution of privileged commands, uncertain devices and for certain functionalities as well as allowing continuously monitoring in points to detect and respond to indicators of attack. So making sure that you have um
uh protective technology in place for your in point. So for those laptops and desktops they're constantly being monitored um against any vulnerabilities or insurance, ensuring that um uh they can't be attacked that way for an attacker to gain entry through your in points.
Um As well as I ding and preventing the transfer of sensitive information through data loss prevention and protection solutions.
Um So even encrypting email um you know uh if you use something such as box or dropbox that um you you've set it up where uh
uh that people within your organization can use it. Um But using something like that does prevent the transfer of sensitive information because someone has to be given access to that box or drive folder.
Um So using something like that does help prevent it as opposed to sending it through email which can be easily shared with someone else.
Um and then finally establishing alternate telecommunications channels for business continuity. Um You want to make sure that you have alternate methods to communicate in the event you do have um a disaster or some sort of event um that puts your telecommunication channels down so have alternate lines of communication becomes vital
um That ensures that your data is still available.
Um um As we mentioned before, availability is part of the CIA triad. So you always want to make sure um that the data is readily available to um your staff as well as individuals or other organizations or service providers that may need access.
And then lastly we get into resilience requirements. You always want to make sure that you are able to basically um move on in a in an event or situation that people can continue to access.
Um The data for instance um When I'll never forget, Adele tickets went on sale a few years ago when she was touring um and ticketmaster went down um you want to make sure that you have a way to prevent that from happening. Um So as you see, we have three options here and this isn't um an exhaustive list but probably the most utilized um a fail safe that you have a design feature, practice that in the event of a specific type of failure kind of like what I was mentioning that
the system was overloaded and went down um that it responds in a way that will cause no or minimal harm to other equipment to the environment or to people um that uh you know, you're you can easily recover um and it's not going to damage anything. Um
And probably my Adele example is better suited for load balancing and not necessarily failsafe failsafe is more so looking at in the event of let's say a fire or storm um that you're able to recover um
from that type of failure without basically causing harm to
other equipment or the system, the server that this may be an um on or the environment or to people um that it doesn't make the situation worse. Whereas load balancing is the process of distributing network traffic across multiple servers to ensure a single server but uh doesn't bear too much demand. And that's where my uh
uh story about the Adele tickets does come into play here is because um apparently they didn't do that. Um Now I guess realizing the demand would be so high that it caused the system to crash. Um whereas they sort of had spread the traffic over multiple service, they may not have had that issue. Um, ticketmaster wouldn't have.
And then finally there's hot swap, which is really the replacement or addition of components to a computer system
without stopping shutting down or rebooting the system. So sometimes, you know, updates are required, whether that's of our hardware um or uh there's a software component you want to be able to keep the business running, keep things going without having to shut down your systems. Um So that's really why this is necessary, so it doesn't halt business um which could then corrupt data cause it once again to be unavailable or mess with the integrity of it. So you really want to ensure um that that is something that you can do with your hardware or applications um that your you can easily replace or
um add components without having to shut down the system.
So like I said, we've gone through the four subcategories now um and before we move on we're going to have a quick quiz.
So enforcing encryption requirements is used as a way to one constraint removable media to focus on communication and control networks. Or three disabled wireless access.
So the answer here is constrained removable media. You really want to use encryption as a way to protect data that may be on that removable media device um while it's at rest and even while it's in transit so that in the events um in the event it is stolen or lost um that there is not a reportable event because the data is actually encrypted on that device
and it protects it from unauthorized access as well.
So in this video we cover the subcategories of the protect function category number five, we looked at different ways to constrain removable media.
We looked at ways to implement the principle of least functionality.
We learned how to protect communications and control and then we looked at mechanisms to achieve resilience requirements
So I hope you'll join me as we move into Module seven.
NIST 800-53: Introduction to Security and Privacy Controls
This course will provide Executives, Assessors, Analysts, System Administrators and students with the foundational knowledge ...
2 CEU/CPE Hours Available
Certificate of Completion Offered
CIS Top 20 Critical Security Controls
CIS Controls are a prioritized set of actions that protect your organization and data from ...
4 CEU/CPE Hours Available
Certificate of Completion Offered