Wireless Security Now, in addition to the standards, we talked about security protocols that are necessary in order to safely implement wireless technologies, we need to talk about important measures that you can take to secure wireless communication and the different options. The first one is wired equivalent privacy. WEP It was the first security measure used with 800 and 211. It was an algorithm in the original specification that could authenticate the device as well as encrypt the data between the AP and the device. The problem with Web…

Host Hardening Another one of the ongoing goals of operation security is to make sure that all the systems have been hardened to the extent that it’s possible while still providing functionality. Hardening is just simply the process of securing a system so that we have a level of functionality and nothing more. Essentially a living example of the concept of least privilege from a logical perspective this means is we go in and we get rid of any unnecessary applications. Applications utilize services which utilize ports so we can…

Chapter Introduction In this chapter, we’re going to be looking at implementing security for systems, applications and storage. We’re going to start with security for host devices, cover topics like the trusted OS and endpoint security software, as well as host hardening and some of the protections that we have for bootloader mechanisms. Then we’ll look at mobile device security. Of course, mobile devices are heavily in use in today’s enterprise environments. We need to make sure that these mobile devices are connecting in a secure fashion. So we’ll be…

Storage and Document Collaboration Storage and document collaboration tools are going to allow teams and entire companies to share documents no matter what location they are working from, where the team members are. These are excellent tools from a business perspective and many organizations are using them. A lot of smaller and organizations are just using Google Drive, but larger organizations typically have gone towards Microsoft SharePoint. Those are just a couple of examples of this type of tool. In most cases these tools allow live updates to all the…

Dial-Up Access Even though they are rarely used these days, with the exception of particular scenarios, people in remote areas and whatnot that don’t have access to high speed Internet. We still want to just understand the basics of dial up. Okay? A dial up connection uses the PSTN, the public switch telephone network, and is a connection over analog phone lines. Because it’s over analog phone lines, the computer communicates in digital. Then you need a modem, a modulator demodulator that converts the digital data to analog. There’s a…

Security Considerations All right, so there are security considerations. We’ve already alluded to some of them. When you’re moving from placement of resources in an on premise environment into a hosted environment, then we’ve got some issues because on prem, these resources are deployed in our data center, they’re on our network. And a hosted environment, it’s managed by a third party, it’s deployed on their resources. And so there just have to be security implications of those two models in addition to the single tenant versus multitenant. So let’s…

Cloud-Augmented Security Services All right, so cloud computing is very popular. We’ve talked about that. And everybody’s kind of falling all over themselves to put all their data in the cloud. But there are security issues that arise when you do this. Where is the data residing physically? Is it mingled with other people’s data? How secure is it actually? And it is quite scary to trust the security of your data to others. And so now let’s take a little bit further look at some issues surrounding cloud security…

Chapter Introduction In this chapter, we’re going to be looking at implementing security for cloud technologies and virtualization technologies. Cloud technologies are all the rage today. It’s what everybody’s talking about. Operating systems are built for it and it’s utilized just about everywhere. As security professionals, though, the introduction of cloud technologies brings about new set of challenges. Data ownership, data retention, data recovery, confidentiality, integrity, and availability. But new ways of looking at those security fundamentals as it relates to cloud technologies. Because in many cases when we talk…

Exploit Kits Exploitation tools. Sometimes we’re just referred to as exploit kits are groups of tools that are used to exploit security holes they’re created for a large number of applications. These tools attack an application essentially in the same way that a hacker would. So they can be used for good or evil. Some of them are free. Others are quite expensive. This kind of depends on which one you choose. But an exploit framework does help to provide a consistent environment to create and run exploit code against…

Public Information Much of what an attacker can determine in the reconnaissance phases before an attack is going to be based on public information. And so we’ve mentioned this a couple of times, but organizations need to now evaluate the amount of public information that’s available and we should just be going through various technical sources. So we’re going to talk about a couple of these. Who is is a protocol that’s used to query databases that have information about the owners of Internet resources. This includes domain names, IP…