reflection 3
Implementing Host Security Solutions
Lesson 12
1
Implement Secure Firmware
Topic 12A
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
1.2 Given a scenario, analyze potential indicators to determine the type of attack
3.2 Given a scenario, implement host or application security solutions
5.3 Explain the importance of policies to organizational security
Syllabus Objectives Covered
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
Hardware Root of Trust
Hardware root of trust/trust anchor
Attestation
Trusted Platform Module (TPM)
Hardware-based storage of cryptographic data
Endorsement key
Subkeys used in key storage, signature, and encryption operations
Ownership secured via password
Screenshot used with permission from HP.
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
4
Boot Integrity
Unified extensible firmware interface (UEFI)
Secure boot
Validate digital signatures before running boot loader or OS kernel
Measured boot
Use TPM to measure hashes of boot files at each stage
Attestation
Report boot metrics and signatures to remote server
Screenshot used with permission from HP.
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
Drive Encryption
Full disk encryption (FDE)
Encryption key secured with user password
Secure storage for key in TPM or USB thumb drive
Self-encrypting drives (SED)
Data/media encryption key (DEK/MEK)
Authentication key (AK) or key encrypting key (KEK)
Opal specification compliant
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
USB and Flash Drive Security
BadUSB
Exposes potential of malicious firmware
Malicious USB cable
Malicious flash drive
Sheep dip
Sandbox system for testing new/suspect devices
Isolated from production network/data
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
Third-party Risk Management
Supply chain and vendors
End-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer
Could malicious actors within supply chain introduce backdoor access via hardware/firmware components?
Most companies must depend on governments/security services to ensure trustworthiness of market suppliers
Consider implications of using second-hand equipment
Vendors versus business partners
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
End of Life Systems and Lack of Vendor Support
Support lifecycles
End of life (EOL)
Product is no longer sold to new customers
Availability of spares and updates is reduced
End of service life (EOSL)
Product is no longer supported
Lack of vendor support
Abandonware
Software and peripherals/devices
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
9
Organizational Security Agreements
Memorandum of understanding (MOU)
Intent to work together
Business partnership agreement (BPA)
Establish a formal partner relationship
Non-disclosure agreement (NDA)
Govern use and storage of shared confidential and private information
Service level agreement (SLA)
Establish metrics for service delivery and performance
Measurement systems analysis (MSA)
Evaluate data collection and statistical methods used for quality management
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
Secure Firmware
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
Review Activity
Implement Endpoint Security
Topic 12B
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
12
3.2 Given a scenario, implement host or application security solutions
Syllabus Objectives Covered
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
Host Hardening
Reducing attack surface
Interfaces
Network and peripheral connections and hardware ports
Services
Software that allows client connections
Application service ports
TCP and UDP ports
Disable application service or use firewall to control access
Detect non-standard usage
Encryption for persistent storage
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
Baseline Configuration and Registry Settings
OS/host role
Network appliance, server, client, …
Configuration baseline template
Registry settings and group policy objects (GPOs)
Malicious registry changes
Baseline deviation reporting
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
Screenshot used with permission from Microsoft.
15
Patch Management
All types of OS, application, and firmware code potentially contains vulnerabilities
Patch management essential for mitigating these vulnerabilities as they are discovered
Update policies and schedule
Apply all latest – auto-update
Only apply specific patches
Third-party patches
Scheduling updates
Managing unpatchable systems
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
Endpoint Protection
Antivirus (A-V)/anti-malware
Signature-based detection of all malware/PUP types
Host-based intrusion detection/prevention (HIDS/HIPS)
File integrity monitoring and log/network traffic scanning
Prevention products can block processes or network connections
Endpoint Protection Platform (EPP)
Consolidate agents for multiple functions
Combine A-V, HIDS, host firewall, content filtering, encryption, …
Data loss prevention (DLP)
Block copy or transfer of confidential data
Endpoint protection deployment
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
Endpoint detection and response (EDR)
Visibility and containment rather than preventing malware execution
User and entity behavior analytics driven by cloud-hosted machine learning
Next-generation firewall integration
Use endpoint detection to alter network firewall policies
Block fileless threats and covert channels
Prevent lateral movement
Next-Generation Endpoint Protection
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
Signature-based detection and heuristics
Malware identification and classification
Common Malware Enumeration (CME)
Manual remediation advice
Advanced malware tools
Manually identify file system changes and network activity
Sandboxing
Execute malware for analysis in a protected environment
Antivirus Response
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
Endpoint Security
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
Review Activity
Assisted Lab
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Implementing Endpoint Protection
21
Lab Activity
Explain Embedded System Security Implications
Topic 12C
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
22
2.6 Explain the security implications of embedded and specialized systems
Syllabus Objectives Covered
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
Embedded Systems
Computer system with dedicated function
Static environment
Cost, power, and compute constraints
Single-purpose devices with no overhead for additional security computing
Crypto, authentication, and implied trust constraints
Limited resource for cryptographic implementation
No root of trust
Perimeter security
Network and range constraints
Power constrains range
Emphasize low data rates, but minimize latency
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
Logic Controllers for Embedded Systems
Programmable logic controller (PLC)
System on chip (SoC)
Processors, controllers, and devices all provided on single package
Raspberry Pi
Arduino
Field programmable gate array (FPGA)
End customer can configure programming logic
Real-time operating system (RTOS)
Designed to be ultra-stable
Prioritizes real-time scheduling
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
25
Embedded Systems Communications Considerations
Operational Technology (OT) networks
Serial data and Industrial Ethernet
Cellular networks/baseband radio
Narrowband-IoT (NB-IoT)
LTE Machine Type Communication (LTE-M)
4G versus 5G
Subscriber identity module (SIM) cards
Encryption and backhaul
Z-Wave and Zigbee
Low-power wireless over ~900 MHz and 2.4 GHz
Encryption and pairing
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
26
Availability, integrity, confidentiality (AIC triad)
Workflow and process automation
Industrial control systems (ICSs)
Plant devices and embedded PLCs
OT network
Electromechanical components and sensors
Human machine interface (HMI)
Data historian
Supervisory Control and Data Acquisition (SCADA)
Runs on PCs to gather data and perform monitoring
Manage large-scale, multiple site installations over WAN communications
Industrial Control Systems (1)
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
Energy
Power generation and distribution
Industrial
Mining and refining raw materials
Fabrication and manufacturing
Creating components and assembling them into products
Logistics
Moving things
Facilities
Site and building management systems
Heating, ventilation, and air conditioning (HVAC)
Industrial Control Systems (2)
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28
Internet of Things
Machine to Machine (M2M) communication
Hub/control system
Communications hub
Control system for headless devices
Smart hubs and PC/smartphone controller apps
Smart devices
IoT endpoints
Compute, storage, and network functions and vulnerabilities
Wearables
Sensors
Vendor security management
Weak defaults
Patching and updates
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
Specialized Systems for Facility Automation
Building automation system (BAS)
Smart buildings
Process and memory vulnerabilities
Credentials embedded in application code
Code injection
Smart meters
Surveillance systems
Physical access control system (PACS)
Risks from third-party provision
Abuse of cameras
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
Specialized Systems in IT
Multifunction printer (MFP)
Hard drives and firmware represent potential vulnerabilities
Recovery of confidential information from cached print files
Log data might assist attacks
Pivot to compromise other network devices
Voice over IP
Shodan
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
31
Screenshot used with permission from shodan.io.
Unmanned Aerial Vehicles (UAV)/drones
Computer-controlled or assisted engine, steering, and brakes
In-vehicle entertainment and navigation
Controller area network (CAN) serial communications buses
Onboard Diagnostics (OBD-II) module
Access via cellular or Wi-Fi
Specialized Systems for Vehicles and Drones
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
32
Specialized Systems for Medical Devices
Used in hospitals and clinics but also at home by patients
Potentially unsecure protocols and control systems
Use compromised devices to pivot to networks
Stealing Protected Health Information (PHI)
Ransom by threatening to disrupt services
Kill or injure patients
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
33
33
Security for Embedded Systems
Network segmentation
Strictly restrict access to OT networks
Increased monitoring for SCADA hosts
Wrappers
Use IPSec for authentication and integrity and confidentiality
Firmware code control
Supply chain risks
Inability to patch
Inadequate vendor support
Time-consuming patch procedures
Inability to schedule downtime
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
34
Embedded System Security Implications
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
35
Review Activity
Applied Lab
Securing the Network Infrastructure
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
36
Lab Activity
Summary
Lesson 12
CompTIA Security+ Lesson 12 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
37
37