Please enable JavaScript.

Coggle requires JavaScript to display documents.

Module 3. Mitigating Threats - Coggle Diagram

- - - - Vital for network security professionals to understand the reasons for network security. They must also be familiar with the organizational requirements for network security as embodied by the 14 network security domains.
        
        Domains provide a framework for discussing network security and understanding the operational needs that should be addressed by each organization.
        
        There are
        
        14 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC). Described by ISO/IEC 27001, these 14 domains serve to organize, at a high level, the vast realm of information and activities under the umbrella of network security. These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification.
        
        Domains are
        
        Operations Security
        
        Cryptography
        
        Communications Security
        
        Access Control
        
        System Acquisition, Development, and Maintenance
        
        Asset Management
        
        Supplier Relationships
        
        Human Resources Security
        
        Infromation Security Incident Management
        
        Organization of Infromation Security
        
        Bussines Continuity Management
        
        Infromation Security Policies
        
        Compilance
        
        Physical and Enviromental Security
  - - - Inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A security policy also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.
    - - Ensures consistency in system operations, software and hardware acquisition and use, and maintenance
      - Defines the legal consequences of violations
      - Sets the rules for expected behavior
      - Gives security staff the backing of management
      - Demonstrates an organization’s commitment to security
    - - Acceptable Use Policy
      - Remote acces policy
      - Password polices
      - Network maintenance policy
      - Identification and authentication policy
      - Incident handling procedures
  - - - Guidelines that are developed by an organization to govern its actions. The policies define standards of correct behavior for the business and its employees. In networking, policies define the activities that are allowed on the network. This sets a baseline of acceptable use. If behavior that violates business policy is detected on the network, it is possible that a security breach has occurred.
        
        An organization may have several guiding policies, as:
        
        Employee polices
        
        Security polices
        
        Company polices
  - - - Bring Your Own Device
        
        This enables
        
        Employees to use their own mobile devices to access company systems, software, networks, or information. BYOD provides several key benefits to enterprises, including increased productivity, reduced IT and operating costs, better mobility for employees, and greater appeal when it comes to hiring and retaining employees.
        However, these benefits also bring an increased information security risk because BYOD can lead to data breaches and greater liability for the organization.
        
        Best practices to help mitigate BYOD vulnerabilities:
        
        Back up data
        
        Enable "Find my Device"
        
        Manually control wireless conectivity
        
        Provide antivirus software
        
        Keep updated
        
        Use Mobile Device Management (MDM) software
        
        Password protected access
        
        should be developed to accomplish the following:
        
        Identify the level of access employees are granted when using personal devices.
        
        Describe the rights to access and activities permitted to security personnel on the device.
        
        Identify which devices will be supported.
        
        Identify which regulations must be adhered to when using employee devices.
        
        Identify which employees can bring their own devices.
        
        Identify safeguards to put in place if a device is compromised.
        
        Specify the goals of the BYOD program.
- - - - Control physical access to systems.
      - Use strong passwords and change them often.
      - Encrypt and password-protect sensitive data.
      - Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, antivirus software, and content filtering.
      - Shut down unnecessary services and ports.
      - Perform security audits to test the network.
      - Keep patches up-to-date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks.
      - Perform backups and test the backed-up files on a regular basis.
  - - - One way of mitigating virus and Trojan horse attacks is antivirus software. Antivirus software helps prevent hosts from getting infected and spreading malicious code.
      - Antivirus software is the most widely deployed security product on the market today.
      - Another way to mitigate malware threats is to prevent malware files from entering the network at all. Security devices at the network perimeter can identify known malware files based on their indicators of compromise.
  - - - Four phases for mitigate
        
        Containment
        
        Involves limiting the spread of a worm infection to areas of the network that are already affected.
        
        Inoculation
        
        Runs parallel to or a subsequent to the containment phase. During this phase, all uninfected systems are patched with the appropriate vendor patch.
        
        Quarantine
        
        Involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking or removing them.
        
        Treatment
        
        Involves actively disinfecting infected systems.
  - - - Can be mitigate in this ways
        
        Implementing authentication to ensure proper access.
        
        Using encryption to render packet sniffer attacks useless.
        
        Using anti-sniffer tools to detect packet sniffer attacks.
        
        Implementing a switched infrastructure.
        
        Using a firewall and IPS.
        
        Encryption is also effective for mitigating packet sniffer attacks.
  - - - Use strong passwords - Strong passwords are at least eight characters and contain uppercase letters, lowercase letters, numbers, and special characters.
      - Disable accounts after a specified number of unsuccessful logins has occurred - This practice helps to prevent continuous password attempts
      - The network should also be designed using the principle of minimum trust.
      - Using encryption for remote access to a network is recommended.
- - - - Security specialist job roles within an enterprise include :!?:
        
        Chief Information Officer (CIO)
        
        Security Operations (SecOps)
        
        Chief Information Security Officer (CISO)
        
        Chief Security Officer (CSO)
        
        Security Manager and Network Security Engineer.
  - - - The important network security organizations :!!:
        
        SysAdmin, Audit, Network, Security (SANS)
        
        Mitre
        
        Forum of Incident Response and Security Teams (FIRST)
        
        SecurityNewsWire
        
        International Information Systems Security Certification Consortium (ISC2)
        
        CIS
  - - - Numerous certifications exist Certifications for network security professionals are offered by the following organizations
        
        Global Information Assurance Certification (GIAC)
        
        International Information System Security Certification Consortium (ISC)2
        
        Information Systems Audit and Control Association (ISACA)
        
        International Council of E-Commerce Consultants (EC-Council)
        
        Certified Wireless Security Professional (CWSP)
  - - - Confidentiality
        
        Integrity
        
        Availability
- - - - Control plane - Responsible for routing data correctly.
      - Management plane - Responsible for managing network elements.
      - Data plane (Forwarding plane) - Responsible for forwarding data.
  - - - Routing protocol authentication - Routing protocol authentication, or neighbor authentication, prevents a router from accepting fraudulent routing updates.
      - Control Plane Policing (CoPP) - CoPP is a Cisco IOS feature designed to allow users to control the flow of traffic that is handled by the route processor of a network device.
      - AutoSecure - AutoSecure can lock down the management plane functions and the forwarding plane services and functions of a router.
  - - - Login and password policy - Restricts device accessibility.
      - Present legal notification - Displays legal notices.
      - Ensure the confidentiality of data - Protects locally stored sensitive data from being viewed or copied.
      - Role-based access control (RBAC) - Ensures access is only granted to authenticated users, groups, and services.
      - Authorize actions - Restricts the actions and views that are permitted by any particular user, group, or service.
      - Enable management access reporting - Logs and accounts for all access.
  - - - Blocking unwanted traffic or users - ACLs can filter incoming or outgoing packets on an interface.
      - Reducing the chance of DoS attacks - ACLs can be used to specify whether traffic from hosts, networks, or users, can access the network.
      - Reducing the chance of DoS attacks - ACLs can be used to specify whether traffic from hosts, networks, or users, can access the network.
      - Providing bandwidth control - ACLs on a slow link can prevent excess traffic.
      - Classifying traffic to protect the Management and Control planes - ACLs can be applied on the vty lines.