2.1 Security Concepts in Enterprise Environment

Configuration Management

Keeping up with all the changes happening in your configuration settings within your system. - document all updates, identify and document

Diagrams - network diagrams (documents the physical wire and devices) (physical/logical diagrams) - device diagrams

Baseline configurations - firewall settings, patch levels, OS file versions - drawing a baseline to compare it with the future changes of the systems

Protecting Data

Data sovereignty = data that resides in a country is subject to the laws of that country, legal monitoring | court orders | GDPR (data collected on EU citizens must be stored in EU)

Data obfuscating = making the data difficult to read | protects PII (personally identifiable information) other sensitive data - substituting, shuffling, masking, encrypting

Data encryption = encode information into unreadable data

Data at-rest = the data that resides in a storage device like hard drive, SSD, or flash drive - encrypt the data, whole disk encryption, file or folder-level encryption

Data in-transit = data going between devices over the network - protect data with network-based IDS/IPS - provide transport layer encryption like TLS, IPsec

Data in-use = data is actively processing in memory, system RAM, CPU registers and cache - data is always decrpyted because it needs very quick access

Tokenization = replace sensitive data with a non-sensitive placeholder. this is commonly being used in credit card numbers

Information Rights Management (IRM) = control how data is used in documents which restricts data access to unauthorized persons - prevents copy and paste | control screenshots | manage printing | restricts editing

Data Loss Prevention

Set of policies, procedures, and technologies designed to prevent sensitive data from being accessed, shared, or transmitted improperly or without authorization.

The goal of DLP is to protect sensitive and confidential information, such as intellectual property, financial data, personally identifiable information (PII), and trade secrets, from unauthorized disclosure or loss - can identify and block the transmission of sensitive data across the network

Managing Security

Geographical consideration - legal implications between different countries - offsite backup, which party has access to the data

Manage the response and recovery controls - documentation and identification | limit the impact of an attacker, limit data exfiltration, limit access to sensitive data

With SSL/TLS inspection, we put ourselves in the middle of the conversation and use specialized tools to understand the encrypted communicated between two endpoints. - your browser doesn't trust a website unless a CA (certificate authority) has signed the web server's encryption certificate

Site Resiliency

The ability to maintain critical business functions and IT operations in the face of disruptions, disasters, or unexpected events that impacts its primary business site or data center.

Hot Site (backup site) = a copy of a data center with all of your hardware and software running concurrently with your primary site - duplicates everything in the infrastructure, applications and software are constantly updated - set up and ready to go -- one can arrive and continue to work immediately

Cold Site = opposite of hot side, room with no equipment in it - you need to set up the equipment first, make all connections, load the software - not used to mission-critial data

Honeypots and Deception

Detects and defends against cyber threats by luring attacker into controlled environments or misdirecting them away from critical systems

Honeypot purpose: Honeypots are decoy systems or assets intentionally deployed within an organization's network to attract and trap attackers. The primary purpose of honeypots is to gather information about attackers' tactics, techniques, and motivations.

Deception purpose: Deception technologies are a broader category of security solutions that include not only decoy assets (like honeypots) but also tactics such as misinformation, misdirection, and fake credentials. Their primary purpose is to confuse, mislead, or redirect attackers away from valuable assets.

DNS sinkhole = security mechanism that redirects malicious traffic away from its intended targets to a controlled environment (the sinkhole server), where it can be analyzed or discarded