SHIS 1.1

avatar
Created by
Renee

Cards (28)

    • Denial of service attacks: uses authorized access points to bombard a system with traffic, preventing legitimate traffic from reaching the computer
  • Common Types of Attacks:
    • Network Scanner: applications that probe systems for unguarded ports, which can be used to gain access to the system
    • Trojan Horse: seemingly harmless applications that contain malware which can open a connection to a remote computer enabling an attacker to run programs and store/retrieve data
    • Social Engineering: attackers obtain passwords by illicit means and use remote access technologies to access computers to compromise its data and function
  • Types of vulnerabilities:
    • Account passwords: password is either too simple or shared among users
    • Audit settings: auditing is not enabled, thus unable to detect or report an attack that has occurred
    • User rights: user rights are not restricted to the minimum requirements to perform necessary tasks
    • Services: service or application may have flaws, making the computer vulnerable to attacks
  • Key Security Principles:
    • Defence-in-Depth: provide multiple layers of protection
    • Least privilege: grant the least amount of permission necessary to perform required tasks
    • Minimized attack surface: reduce the number of vulnerable points on the network
  • Server Hardening methods:
    • Stop and/or uninstall unneeded services
    • Close unneeded ports
    • Minimize software installations
    • Keep security patches up to date
    • Use Anti-malware software
    • Run vulnerability scans
    • Disable unneeded hardware and physical ports/devices
    • Implement Intrusion Detection System
  • Vulnerability Scanning:
    • Detect and classify system weaknesses
    • Recommend fixes to be carried out
    • Recommend countermeasures
    • Scans can be done while logged in as an authorized user or externally to find security holes which can be exploited from outside the network
  • Windows Security Features
    Windows Defender Firewall with Advanced Security:
    1. a host-based firewall that protects a computer or network by allowing certain types of network traffic in and out while blocking others
    2. Uses filters to examine the contents of packets and traffic patterns to determine which packets are allowed to pass through the filter
  • Windows Security Features:
    • Security templates: contain preconfigured Windows security settings AND used to automate and enforce consistent security policy
    • User Access Control: notifies users before a program makes a system change that requires the administrator's approval AND prevents unauthorized changes to the OS without approval from administrator
  • Defence-in-depth uses a layered approach to security
    -> Reduces an attacker’s chance of success
    -> Increases an attacker’s risk of detection
  • Policies, procedures, and awareness
    Security documents, user education
  • Physical security
    Guards, locks, tracking devices
  • Perimeter
    Firewalls, network access quarantine control
  • Networks
    Network segments, IPsec, Forefront TMG 2010
  • Host
    Hardening, authentication, update management
  • Application
    Application hardening, antivirus
  • Data
    ACLs, EFS, BitLocker, backup/ restore procedures
  • Server hardening is the process of enhancing server security through a variety of means which results in a much more secure server operating environment
  • Vulnerability scanning is performed to find the vulnerabilities of systems.
  • Windows Security Features
    Secure desktop:
    1. Activated when an elevation or credential prompt is generated
    2. Prevent malware from automating a response to the prompt
    3. Suppress the operation of all other desktop controls except for the windows processes to interact with the prompt
  • Windows Security Features
    AppLocker:
    1. An application control policy used to identify software and control its execution
    2. Prevent potentially dangerous applications from running
    3. Control who is affected by the policies
    4. Configured using rule
  • Configure Windows Firewall by using:
    • Basic Firewall configuration in Control Panel → provides a simplified interface
    • Windows Firewall with Advanced Security → provide full access to firewall rules and functions
    • Group Policy → used to apply settings to multiple computers
  • What are the three main criteria used in firewalls rules?
    IP address, Protocol numbers, Port numbers
  • Firewall rules can function in two ways:
    • Admit all traffic, except those which met the applied rules
    • Block all traffic, expect those which met the applied rules
  • The default Windows Firewall settings for the 3 profiles:
    1. The firewall is turned on
    2. Incoming traffic is blocked unless it matches a rule
    3. Outgoing traffic is allowed unless it matches a rule
  • IP Tables
    Preinstalled in most Linux distribution AND
    UFW (Uncomplicated Firewall) is a firewall configuration tool for IPTables included by default within Ubuntu distributions
  • IP Tables
    Provides the following features:
    • Stateful packets inspection e.g., keeps track of each connection passing through it
    • Network Address Translation and Port Translating (NAT/NAPT)
    • Source and stateful routing and failover functions
    • System logging of network activities
    • Rate limiting feature to block some types of DoS attacks
    • Packet manipulation, e.g. altering IP header used to mark and classify packets based on rule
  • IP Tables
    When a packet is received, iptables finds the appropriate table, then runs it through the chain of rules until it finds a match
  • Tables: Tables are files that join similar actions. A table consists of several chains.
    Chains: A chain is a set of rules
    Rules: A rule is a statement that tells the system what to do with a packet
    Targets: A target is a decision of what to do with a packet: accept, drop, or reject it (return an error back to the sender)