reflection 3

profiletamerrabee3
sy0-601-12v1.0.pptx

Implementing Host Security Solutions

Lesson 12

1

Implement Secure Firmware

Topic 12A

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

2

2

1.2 Given a scenario, analyze potential indicators to determine the type of attack

3.2 Given a scenario, implement host or application security solutions

5.3 Explain the importance of policies to organizational security

Syllabus Objectives Covered

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

3

Hardware Root of Trust

Hardware root of trust/trust anchor

Attestation

Trusted Platform Module (TPM)

Hardware-based storage of cryptographic data

Endorsement key

Subkeys used in key storage, signature, and encryption operations

Ownership secured via password

Screenshot used with permission from HP.

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

4

4

Boot Integrity

Unified extensible firmware interface (UEFI)

Secure boot

Validate digital signatures before running boot loader or OS kernel

Measured boot

Use TPM to measure hashes of boot files at each stage

Attestation

Report boot metrics and signatures to remote server

Screenshot used with permission from HP.

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

5

Drive Encryption

Full disk encryption (FDE)

Encryption key secured with user password

Secure storage for key in TPM or USB thumb drive

Self-encrypting drives (SED)

Data/media encryption key (DEK/MEK)

Authentication key (AK) or key encrypting key (KEK)

Opal specification compliant

Screenshot used with permission from Microsoft.

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

6

USB and Flash Drive Security

BadUSB

Exposes potential of malicious firmware

Malicious USB cable

Malicious flash drive

Sheep dip

Sandbox system for testing new/suspect devices

Isolated from production network/data

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

7

Third-party Risk Management

Supply chain and vendors

End-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer

Could malicious actors within supply chain introduce backdoor access via hardware/firmware components?

Most companies must depend on governments/security services to ensure trustworthiness of market suppliers

Consider implications of using second-hand equipment

Vendors versus business partners

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

8

End of Life Systems and Lack of Vendor Support

Support lifecycles

End of life (EOL)

Product is no longer sold to new customers

Availability of spares and updates is reduced

End of service life (EOSL)

Product is no longer supported

Lack of vendor support

Abandonware

Software and peripherals/devices

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

9

Organizational Security Agreements

Memorandum of understanding (MOU)

Intent to work together

Business partnership agreement (BPA)

Establish a formal partner relationship

Non-disclosure agreement (NDA)

Govern use and storage of shared confidential and private information

Service level agreement (SLA)

Establish metrics for service delivery and performance

Measurement systems analysis (MSA)

Evaluate data collection and statistical methods used for quality management

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

10

Secure Firmware

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

11

Review Activity

Implement Endpoint Security

Topic 12B

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

12

12

3.2 Given a scenario, implement host or application security solutions

Syllabus Objectives Covered

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

13

Host Hardening

Reducing attack surface

Interfaces

Network and peripheral connections and hardware ports

Services

Software that allows client connections

Application service ports

TCP and UDP ports

Disable application service or use firewall to control access

Detect non-standard usage

Encryption for persistent storage

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

14

Baseline Configuration and Registry Settings

OS/host role

Network appliance, server, client, …

Configuration baseline template

Registry settings and group policy objects (GPOs)

Malicious registry changes

Baseline deviation reporting

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

15

Screenshot used with permission from Microsoft.

15

Patch Management

All types of OS, application, and firmware code potentially contains vulnerabilities

Patch management essential for mitigating these vulnerabilities as they are discovered

Update policies and schedule

Apply all latest – auto-update

Only apply specific patches

Third-party patches

Scheduling updates

Managing unpatchable systems

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

16

Endpoint Protection

Antivirus (A-V)/anti-malware

Signature-based detection of all malware/PUP types

Host-based intrusion detection/prevention (HIDS/HIPS)

File integrity monitoring and log/network traffic scanning

Prevention products can block processes or network connections

Endpoint Protection Platform (EPP)

Consolidate agents for multiple functions

Combine A-V, HIDS, host firewall, content filtering, encryption, …

Data loss prevention (DLP)

Block copy or transfer of confidential data

Endpoint protection deployment

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

17

Endpoint detection and response (EDR)

Visibility and containment rather than preventing malware execution

User and entity behavior analytics driven by cloud-hosted machine learning

Next-generation firewall integration

Use endpoint detection to alter network firewall policies

Block fileless threats and covert channels

Prevent lateral movement

Next-Generation Endpoint Protection

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

18

Signature-based detection and heuristics

Malware identification and classification

Common Malware Enumeration (CME)

Manual remediation advice

Advanced malware tools

Manually identify file system changes and network activity

Sandboxing

Execute malware for analysis in a protected environment

Antivirus Response

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

19

Endpoint Security

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

20

Review Activity

Assisted Lab

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

Implementing Endpoint Protection

21

Lab Activity

Explain Embedded System Security Implications

Topic 12C

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

22

22

2.6 Explain the security implications of embedded and specialized systems

Syllabus Objectives Covered

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

23

Embedded Systems

Computer system with dedicated function

Static environment

Cost, power, and compute constraints

Single-purpose devices with no overhead for additional security computing

Crypto, authentication, and implied trust constraints

Limited resource for cryptographic implementation

No root of trust

Perimeter security

Network and range constraints

Power constrains range

Emphasize low data rates, but minimize latency

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

24

Logic Controllers for Embedded Systems

Programmable logic controller (PLC)

System on chip (SoC)

Processors, controllers, and devices all provided on single package

Raspberry Pi

Arduino

Field programmable gate array (FPGA)

End customer can configure programming logic

Real-time operating system (RTOS)

Designed to be ultra-stable

Prioritizes real-time scheduling

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

25

Embedded Systems Communications Considerations

Operational Technology (OT) networks

Serial data and Industrial Ethernet

Cellular networks/baseband radio

Narrowband-IoT (NB-IoT)

LTE Machine Type Communication (LTE-M)

4G versus 5G

Subscriber identity module (SIM) cards

Encryption and backhaul

Z-Wave and Zigbee

Low-power wireless over ~900 MHz and 2.4 GHz

Encryption and pairing

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

26

26

Availability, integrity, confidentiality (AIC triad)

Workflow and process automation

Industrial control systems (ICSs)

Plant devices and embedded PLCs

OT network

Electromechanical components and sensors

Human machine interface (HMI)

Data historian

Supervisory Control and Data Acquisition (SCADA)

Runs on PCs to gather data and perform monitoring

Manage large-scale, multiple site installations over WAN communications

Industrial Control Systems (1)

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

27

Energy

Power generation and distribution

Industrial

Mining and refining raw materials

Fabrication and manufacturing

Creating components and assembling them into products

Logistics

Moving things

Facilities

Site and building management systems

Heating, ventilation, and air conditioning (HVAC)

Industrial Control Systems (2)

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

28

Internet of Things

Machine to Machine (M2M) communication

Hub/control system

Communications hub

Control system for headless devices

Smart hubs and PC/smartphone controller apps

Smart devices

IoT endpoints

Compute, storage, and network functions and vulnerabilities

Wearables

Sensors

Vendor security management

Weak defaults

Patching and updates

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

29

Specialized Systems for Facility Automation

Building automation system (BAS) 

Smart buildings

Process and memory vulnerabilities

Credentials embedded in application code

Code injection

Smart meters

Surveillance systems

Physical access control system (PACS)

Risks from third-party provision

Abuse of cameras

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

30

Specialized Systems in IT

Multifunction printer (MFP)

Hard drives and firmware represent potential vulnerabilities

Recovery of confidential information from cached print files

Log data might assist attacks

Pivot to compromise other network devices

Voice over IP

Shodan

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

31

Screenshot used with permission from shodan.io.

Unmanned Aerial Vehicles (UAV)/drones

Computer-controlled or assisted engine, steering, and brakes

In-vehicle entertainment and navigation

Controller area network (CAN) serial communications buses

Onboard Diagnostics (OBD-II) module

Access via cellular or Wi-Fi

Specialized Systems for Vehicles and Drones

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

32

Specialized Systems for Medical Devices

Used in hospitals and clinics but also at home by patients

Potentially unsecure protocols and control systems

Use compromised devices to pivot to networks

Stealing Protected Health Information (PHI)

Ransom by threatening to disrupt services

Kill or injure patients

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

33

33

Security for Embedded Systems

Network segmentation

Strictly restrict access to OT networks

Increased monitoring for SCADA hosts

Wrappers

Use IPSec for authentication and integrity and confidentiality

Firmware code control

Supply chain risks

Inability to patch

Inadequate vendor support

Time-consuming patch procedures

Inability to schedule downtime

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

34

Embedded System Security Implications

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

35

Review Activity

Applied Lab

Securing the Network Infrastructure

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

36

Lab Activity

Summary

Lesson 12

CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

37

37