Time
10 hours 32 minutes
Difficulty
Beginner
CEU/CPE
11

Video Transcription

00:00
Welcome to Cyber Res Video. Siris on the Company, a Security Plus 5 +01 Certification and Exam.
00:07
I'm your Instructor, Round Warner.
00:10
This is the fourth video associated with Domain three on architecture and design.
00:15
In this video, I'll explain important the importance of secure staging deployment concepts.
00:22
The following are all important part of application development to ensure that the code is staged put into production without issues or security challenges.
00:33
Concepts will be covering in this video include secure base lining
00:37
environment
00:39
and integrity management.
00:41
Let me start with secure base line.
00:44
Establishing a secure base line is an important concept in securing networking.
00:48
Essentially, this is the process whereby you find a baseline for any system. So I talked about baselines in an earlier video.
00:56
Find the baseline for the system application or service that it needs to be secure.
01:02
Certainly, absolute security is not possible, so the goal is secure enough
01:07
based on your organization, security needs and risk appetite
01:11
by establishing a secure base line. Any change can then be compared to that baseline to see if the change is is within your security parameters.
01:23
Once a baseline is to find the next step is to monitor that system,
01:27
whether it's a single service computer or an application
01:32
to ensure that has not been changed
01:34
and that the baseline state system stays within the baselines.
01:38
This process is also defined as integrity measurement. For example, nest SP 801 55 Defined standards for testing the integrity of a system BIOS to ensure it has not changed. You can use software also to manage integrity
01:57
for bass lines. For example, trip wire provides hashing
02:00
of operating system components.
02:04
Review the topics of base lining integrity measurement within your study notes.
02:09
Next, we'll talk about environment
02:13
when you're deploying anything, whether it's an application operating system, a patch or new device,
02:20
the manner in which you deploy it can have a significant impact on the security of your network.
02:25
The first and most common way to address this is to enable separate environments. I'll talk about the separate environments.
02:35
The first is that development environment.
02:38
This is where the application is developed. This is used for both desktop applications and server or Web applications.
02:46
With proper testing, security flaws can be found while the application is in the development environment
02:53
for applications, operating systems and environ and other devices. There should also be a test
03:00
environment. This replicates the production environment as much as possible.
03:05
Think of it as a mini network
03:07
the most more closely, the test environment mimics the real world. More likely, you'll find an address, security and quality issues within your testing
03:17
next to staging.
03:20
Normally, any new addition to the network is deployed in stages, not simply put out to the entire network.
03:27
This is particularly important with applications or even patches for existing applications and operating systems.
03:35
Roll the new software out in sections of the network within a period of time between each new stage to be able to catch flaws, errors or other types of issues.
03:47
This provides you chance to fix those issues
03:51
in the staging environment before it is moved to production.
03:54
Production environment is where you do business.
03:59
It's where your company makes their money and therefore it should be restricted. And you shouldn't be running tests within your production environment.
04:08
I'll talk about sand boxing on the next life, basically within staging environment. It's completely isolated. Test network review these types of environments, see how they're used within your organization and be prepared for this topic on the security plus exam.
04:24
Sand boxing is a test environment. It's completely isolated from other applications or other parts of your network
04:31
when a new items, such as a patch or an application is being tested. Wanted to be in an isolated place such as this hand box.
04:41
You can also run sandboxes within an operating system and allows for programs and processes to be run in isolation
04:48
to limit access to other resource is files or system components on the host computer,
04:57
for example, Web pages. They run within your Web browser and are not supposed to be leaking out the other applications.
05:06
Sandbox is a nice security feature that reduces your risk.
05:12
In this video, I discussed how to design and implement a network in such a way is to enhance its security by enabling different environments.
05:21
Let's practice on a sample quiz Question.
05:25
Alice is a C. I. S. O for a financial institution.
05:29
She's looking for an environment used for testing that is completely off of their network.
05:33
Which do you recommend?
05:36
The answer is a a sandbox network
05:41
completely segregated.
05:44
This concludes the video for section three dot for where I explained the importance of secure staging deployment concepts.
05:51
Please refer to your study notes for more information on this topic.

Up Next

CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By

Instructor Profile Image
Ron Woerner
CEO, President, Chief Consultant at RWX Security Solutions LLC
Instructor