Understanding Security Layers

Lesson 1
Objectives
Security

 What you are trying to protect

 Why does it needs to be protected
 What you’re protecting it from
CIA

 Confdentiality
 Integrity
 Availability
Confdentiality
 Confdentiality is the characteristic of a resource
ensuring access is restricted to only permitted
users, applications, or computer systems. 
 Confdentiality deals wnith keeping information,
netwnorks, and systems secure from unauthorized
access. 
 There are several technologies that support
confdentiality in an enterprise security
implementation. 
 Strong encryption
 Strong authentication
 Stringent access controls
Integrity

 Integrity is defned as the consistency,

accuracy, and validity of data or information. 
 One of the goals of a successful information
security program is to ensure that data is
protected against any unauthorized or
accidental changes. 
Availability

 Availability describes a resource being

accessible to a user, application, or computer
system wnhen required. 
 In other wnords, availability means that wnhen a
user needs to get to information, he or she has
the ability to do so.
 Typically, threats to availability come in twno
types: accidental and deliberate. 
Risk Management

 Risk management is the process of identifying,

assessing, and prioritizing threats and risks. 
 A risk is generally defned as the probability that
an event wnill occur. 
 A threat, wnhich is defned as an action or
occurrence that could result in the breach,
outage, or corruption of a system by exploiting
knownn or unknownn vulnerabilities.
 The goal of any risk management plan is to
remove risks wnhen possible and to minimize the
consequences of risks that cannot be eliminated.
 Risk assessments are used to identify the risks
that might impact your particular environment.
Dealing wnith Risks

 After you have prioritized your risks, you are

ready to choose from among the four generally
accepted responses to these risks. They
include:
 Avoidance
 Acceptance
 Mitigation
 Transfer
Principle of Least
Privilege
 The principle of least privilege is a security
discipline that requires that a particular user,
system, or application be given no more
privilege than necessary to perform its function
or job. 
Attack Surface

 An attack surface consists of the set of methods

and avenues an attacker can use to enter a
system and potentially cause damage. 
 The larger the attack surface of a particular
environment, the greater the risk of a
successful attack.
Social Engineering

 Social engineering is a method used to gain

access to data, systems, or netwnorks, primarily
through misrepresentation. 
 This technique typically relies on the trusting
nature of the person being attacked.
Security and Cost

 Security costs money.

 You should also strive to make the security
measures as seamless as possible to
authorized users wnho are accessing the
confdential information or resource.
 If security becomes a heavy burden, users
wnill often look for methods to circumvent
the measures you have established.
 Training goes a long wnay in protecting your
confdential information and resources
because it showns users wnhat wnarning signs
to wnatch for.
Physical Security

 Physical security is the frst line of

defense.
 There are a number of factors to
consider wnhen designing, implementing,
or reviewning physical security measures
taken to protect assets, systems,
netwnorks, and information. 
 These include understanding site
security and computer security; securing
removable devices and drives; access
control; mobile device security; disabling
the Log On Locally capability; and
identifying and removing keyloggers.
Access Control

 Access control is the process of restricting

access to a resource to only permitted users,
applications, or computer systems.
Defense in Depth
 Defense in depth means using multiple
layers of security to defend your assets. 
• That wnay, even if
an attacker
breaches one
layer of your
defense, you
have additional
layers to keep
that person out
of the critical
areas of your
Goals in Physical Security

 There are several other goals to keep in mind

wnhen designing a physical security plan:
 Authentication: Site security must address
the need to identify and authenticate the
people wnho are permitted access to an area.
 Access control: Once a person’s identity
has been proven and authenticated, site
security must determine wnhat areas that
person has access to.
 Auditing: Site security must also provide
the ability to audit activities wnithin the
facility. This can be done by reviewning
camera footage, badge reader logs, visitor
registration logs, or other mechanisms.
Physical Premises

 For the purposes of this lesson, wne wnill break

the physical premises into three logical areas:
 External perimeter
 Internal perimeter
 Secure areas
External Perimeter
Security
 The external security perimeter is the frst
line of defense surrounding your ofce.
 Common security measures you may
encounter wnith respect to an organization’s
external perimeter include the followning:
 Security cameras
 Parking lot lights
 Perimeter fence
 Gate wnith guard
 Gate wnith access badge reader
 Guard patrols
Internal Security
Perimeter
 The internal security perimeter starts wnith the
building wnalls and exterior doors and includes
any internal security measures, wnith the
exception of secure areas wnithin the building. 
 Some of the features you may use to secure an
internal perimeter include the followning:
 Locks (on exterior doors, internal doors, ofce
doors, desks, fling cabinets, etc.)
 Security cameras
 Badge readers (on doors and elevators)
 Guard desks and patrols
 Smoke detectors
 Turnstiles and mantraps
Secure Areas

 Areas that not only to restrict external attackers,

but also to limit internal employee access. 
 Secure area security technologies include the
followning:
 Badge readers and Keypads
 Biometric technologies (e.g., fngerprint
scanners, retinal scanners, voice recognition
systems, etc.)
 Security doors
 X-ray scanners and Metal detectors
 Cameras
 Intrusion detection systems (light beam,
infrared, micrownave, and/or ultrasonic)
Computer Security

 Computer security consists of the processes,

procedures, policies, and technologies used to
protect computer systems. 
 Servers
 Desktop Computers
 Mobile Computers
Mobile Devices
 Mobile devices are one of the largest challenges
facing many security professionals today. 
 Mobile devices such as laptops, PDAs, and
smartphones are used to process information,
send and receive mail, store enormous amounts of
data, surf the Internet, and interact remotely wnith
internal netwnorks and systems. 
 Docking stations
 Laptop security cables
 Laptop safes
 Theft recovery softwnare
 Laptop alarms:
Removable Devices

 A removable device or drive is a

storage device that is designed to be
taken out of a computer wnithout
turning the computer of.
 Include memory cards, fash drives,
foppy disks, CDs, and DVDDs
 Removable devices typically connect
to a computer through a drive,
through external communications
ports like USB or Firewnire, or, in the
case of memory cards, through built-
in or USB-based readers.
Removable Devices
Removable Devices

 There are three basic types of security issues

associated wnith removable storage:
 Loss
 Theft
 Espionage
Keylogger

 A keylogger is a physical or logical

device used to capture keystrokes.
 An attacker wnill either place a device
betwneen the keyboard and the
computer or install a softwnare
program to record each keystroke
taken, and then he or she can use
softwnare to replay the data and
capture critical information like user
IDs and passwnords, credit card
numbers, Social Security numbers, or
even confdential emails or other data.
Summary

 Before you can start securing your

environment, you need to have a
fundamental understanding of the standard
concepts of security.
 CIA, short for confdentiality, integrity, and
availability, represents the core goals of an
information security program.
 Confdentiality deals wnith keeping
information, netwnorks, and systems secure
from unauthorized access.
 One of the goals of a successful information
security program is to ensure integrity, or
that information is protected against any
unauthorized or accidental changes.
Summary

 Availability is defned as the characteristic

of a resource being accessible to a user,
application, or computer system wnhen
required.
 Threat and risk management is the process
of identifying, assessing, and prioritizing
threats and risks.
 A risk is generally defned as the probability
that an event wnill occur.
 Once you have prioritized your risks, there
are four generally accepted responses to
these risks: avoidance, acceptance,
mitigation, and transfer.
Summary

 The principle of least privilege is a security

discipline that requires that a user, system,
or application be given no more privilege
than necessary to perform its function or job.
 An attack surface consists of the set of
methods and avenues an attacker can use to
enter a system and potentially cause
damage. The larger the attack surface of an
environment, the greater the risk of a
successful attack.
 The key to thwnarting a social engineering
attack is employee awnareness. If your
employees known wnhat to look out for, an
attacker wnill fnd little success.
Summary

 Physical security uses a defense in

depth or layered security approach that
controls wnho can physically access an
organization’s resources.
 Physical premises can be divided into
three logical areas: the external
perimeter, the internal perimeter, and
secure areas.
 Computer security consists of the
processes, procedures, policies, and
technologies used to protect computer
systems.
Summary

 Mobile devices and mobile storage devices are

among the biggest challenges facing many
security professionals today because of their
size and portability.
 A keylogger is a physical or logical device used
to capture keystrokes.