- 1. Operating System Types
- 2. Data Encryption
- 3. Hardware and Firmware Security
- 4. Peripheral Security
- 5. IT Automation
- 6. Non-Persistence
1. Operating System Types
- Desktop and laptops
- Typically Windows or OSX, sometimes Linux
- Designed for special purpose computers that provide services to others
- Usually this is Windows Server or Linux
- This is designed for smartphones and tablets
- iOS, Android or Windows mobile
- devices placed inside of specilaised furniture with limited functionality
- OS may be Windows, Linux or a mobile device like a tablet running iOS or Android
These devices require the same type of security controls as fully functioning devices.
- These devices bundle together hardware and software to achieve special function. EG: a firewall.
These devices come pre loaded with the OS and applications installed.
- They often run a full operating system but this may not be accessible by the end user
- Often requires vendor support for updates and security
- These run special purpose OS designed for networking. EG: Cisco IOS or Juniper IOS
2. Data Encryption
What is encryption?
When you encrypt a file, or other form of data, it takes its plain text form and uses a mathematical algorithm to transform it, using an encryption key, into a version that is unreadable to someone who does not have the corresponding decryption key.
This makes it possible to take sensitive information, encrypt it, and store it unsecure locations or transmit it over unsecure networks.
The most common software is the AES Crypt Software package available for Windows, Mac and Linux. This uses the US Governments Advanced Encryption Standard (AES) to encrypt files.
To encrypt a file in Linux you do the following: Aescrypt -e filename
It will prompt you for a password and save the file as filename.aes
Full Disk Encryption (FDE)
This protects an entire hard drive.
If a user loses a laptop, the person who finds it can easily bypass the OS security controls bby putting the hard drive into another machine and viewing it that way. But if the drive is encrypted they would not be able to view the contents
Trusted Platform Module (TPM)
This is a specilaised module found in many computers. It fully encrypts the entire disk in a manner that minimises the impact on system performance. Since the TPM contains the encryption keys it prevents an attacker from removing the harddrive from the computer and putting it in another computer to read the contents.As the TPM isn’t present, the decryption key wont be present and the drive will be encrypted.
This is a lot more efficient than software encryption. Encryption and decryption are mathematical complex. If running a lot of these operations it places a lot of pressure on the CPU. Then it is better to use dedicated encryption hardware.
This protects the contents of databases from attack. If an attacker gets access to a database server they may not be able to view the contents of the database if it is encrypted.
Self Encrypting Drives (SED)
These perform the encryption automatically. They contain all of the software and hardware to perform encryption independent of the operating system.
3. Hardware and Firmware Security
Some attacks target the very basic building blocks of the computing system that work eve before the OS loads.
BIOS is a lightweight operating system, stored on firmware inside the computer, that is the very first thing to load when the computer starts. BIOS contains the basic functionality necessary for the computer to access its bot disk, and then load the full operating system. If an attacker is able to gain control of the BIOS and insert malicious code into the firmware, the computer will execute the code giving the attacker full control of the device.
BIOS is now rarely used.
The Unified Extensible Firmware Interface (UEFI)
This provides a more flexible framework with more capabilities for booting an OS.
UEFI Secure Boot
One of these features is secure boot. This technology ensures that the OS being loaded is a genuine OS from a trusted source and not a version modified by an attacker.
Secure Boot works by giving UEFI access to a public key belonging to the OS vendor. How it works:
- UEFI reads the boot loader from disk
- Computes the has of the boot loader
- Decrypts the boot loaders digital signature
- Verify that the signature is accurate
This is another feature enabled by UEFI and Secure Boot. After a system completes the boot process, remote attestation sends a report to a remote server with the hash values that it calculated to provide assurance that the computer is not running malicious code.
Hardware Root of Trust (How can you trust the UEFI firmware?)
This stores the keys used to validate the UEFI firmware and hardware. It verifies that the UEFI is intact and unaltered before the boot process begins.
Electromagnetic Interference (EMI)
Computing equipment is susceptible to EMI. this can disrupt the normal operation of a device or cause it to fail. EMI may be caused intentionally or by other computing devices nearby. Copper shielding may be used to minimise EMI.
4. Peripheral Security
This was pretty much covered in other chapters.
Peripherals help us to share information, work efficiently and produce output. A lot of peripherals use wireless connections. These should be secure accordingly.
Printer Security Practices
- Patch the operating system
- Secure the prints web server
- Encrypt print traffic
- Securely wipe the printer hard drives
5. IT Automation
Automation is widely used these days in IT. One of the main areas for this is server creation. In the past administrators had to manually install and configure settings to meet their purpose. Automation uses scripts to create servers, treating infrastructure as code.
This image contains the operating system and any components settings that are deployed across the enterprise. The administrator can then pull in specific templates to fulfill common purposes. EG: you could have a script to turn the master image into a database server.
Benefits of Automating Server Builds
- Consistency: removes the human element
- Elasticity: easily add new servers
- Load balancing: add or remove servers as load increases/decreases
- Resiliency: if a server becomes corrupt it is easy to rebuild it
Exam TIP: CompTIA uses the term disruptive allocation to refer to load balancing
Automation can also be used for continuous monitoring. It is used for analysis and response to events.
Non-persistence means that servers and other IT components are designed to fail. The idea being that in any IT architecture some components will fail at some stage, and the system should be designed in such a way to work around the failure. This can be done using redundancy (spare power supply or hard drive) or by automatically rebuilding the failed component.
- Automated server builds: you can rebuild a new server easily if one fails
- System snapshots: these allow you to revert back to a moment in time
- Reversion to a known state: if the system is corrupted it can be rolled back to the last known good configuration
- Live boot media: the storage is separate from the boot media