The document discusses various aspects of cyber security, focusing on system administration security, network security, and application security. It outlines 11 functional areas of enterprise cybersecurity that need to be organized and managed. For each of the three areas highlighted, it describes the goals, threats, and key capabilities. The overall aim is to prevent attacks, detect intrusions, and enable forensic investigation through controls across different parts of the IT infrastructure and applications.
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Cyber Security # Lec 4
1. Lec-4: Cyber Security
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY باخترپوهنتون د
2. Enterprise Cybersecurity Architecture
• There are 11 functional areas which needs to be organized and managed
enterprise cybersecurity
1. System administration
2. Network Security
3. Application Security
4. Endpoint, Server, and Device Security
5. Identity, Authentication, and Access Management
6. Data Protection and Cryptography
7. Monitoring, vulnerability and patch management
8. High availability, Disaster recovery, and Physical Protection
9. Incident Response
10. Asset Management and supply chain
11. Policy, Audit, E-Discovery and Training
4. System administration
• Provides for securing administration of
• Enterprise infrastructure
• Security infrastructure
• Secure system administration is the foundation for enterprise security
measures
5. Reasons for targeting system administration
• Consolidation in IT
• Now a days system administrator controls thousands of computers, often
from a single console
• System administration security is poor
• Systems administration technology is relatively immature with few
built-in checks and balances to detect malicious activity or prevent in
the first place
6. System administration Goals and Objectives
• Goal
• To protect the enterprise's administrative channels from being used by
adversary
• Objectives
• Preventive (make it harder for the attackers to get system control)
• Detective (detect attacks on system administration channels or malicious
systems administration activity when it occurs)
• Forensics (focus on creating detailed audit logs of all privileged systems
administration activities)
7. SA: Threat Vectors
• Keeping attackers from conducting malicious systems administration
activities in the enterprise.
• Compromise credentials of system administrator
• Compromise the computer of system administrator
• Compromise the computing infrastructure (virtualization, storage etc) and use
the computing capabilities to take control of systems
• Compromise systems administration infrastructure (computer mangt. Patch
magt. Or other systems to take control of the enterprise
• Compromise monitoring systems that have administrative access
• Use local computer administrative accounts to move from one personal
computer to another with administrative rights
8. SA: Capabilities
• SA capabilities help
• Isolate command and control networks and protocols
• Provide cryptographic protection for systems administration
• Allow for auditing of systems administration activities to detect attacks
• In this functional area, it is good to have redundancy in protection.
• For example, using network isolation along with strong authentication helps
ensure that the breach of one protection mechanism alone will not be
disastrous.
9. SA capabilities
• Bastion hosts
• Out-of-Band (OOB) management
• Network isolation
• Integrated Lights-Out (ILO), Keyboard Video Mouse (KVM), and power
controls
• Virtualization and Storage Area Network (SAN) management
• Segregation of administration from services
• Multi-factor authentication for Systems Administrators (SAs)
• Administrator audit trail(s)
• Command logging and analytics
11. Network Security
• Purpose
• To protect the enterprise network from unauthorized access
• Needs to be considered in terms of the following security controls
• Preventive control (firewall and separate sections of the network from each
other)
• Detective control (IDS: detect attacker activity that cannot be blocked)
• Monitoring control (capture activity that is input to correlation engines that
support forensics.)
12. Containment capability
• Containment involves
• isolating attacker activity in one part of the enterprise (for example, end-user
workstations or Internet-facing web servers) from other IT functions such as
financial systems in order to provide for a layered defense
13. NS: Goals and Objectives
• Block malicious traffic
• Monitor and analyze network traffic
• Log information about network traffic
14. NS: Threat Vectors
• Attackers enter the enterprise through outbound network connections from
servers or clients on the internal network.
• Attackers enter the enterprise through the network connections of Internet-
facing servers.
• Attackers use internal networks to move laterally between computers inside the
enterprise.
• Attackers use enterprise networks to extract data and remove it from the
enterprise.
• Attackers take control of network infrastructure components and then leverage
them to gain entry to the enterprise or to bypass other security measures.
15. NS: Capabilities
• Switches and routers
• Software Defined Networking (SDN)
• Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP)
• Network Time Protocol (NTP)
• Network service management
• Firewall and virtual machine firewall
• Network Intrusion Detection/Network Intrusion Prevention System (IDS/IPS)
• Wireless networking (Wi-Fi)
• Packet intercept and capture
• Secure Sockets Layer (SSL) intercept
• Network Access Control (NAC)
• Virtual Private Networking (VPN) and Internet Protocol Security (IPSec)
• Network Traffic Analysis (NTA)
• Network Data Analytics (NDA)
17. Application Security
• Application security involves security measures that are specific to
certain applications or protocols running over the network.
• By this simple definition, application security technologies and capabilities
include
• e-mail security
• application-aware firewall features
• database gateways
• forward web proxies.
• Application security operates alongside network security.
18. AS: Goal and objectives
• Goal
• to protect the enterprise applications from use or attack
• Objective
• The preventive objective is to block exploitation of applications and
application communications protocols for malicious use.
• The detective objective is to detect compromises of applications and attempts
to exploit them for malicious purposes.
• The forensic objective is to log data about application activity that can be
used for audits and investigations of incidents.
• The audit objective is for auditors to be able to collect evidence and artifacts
that suggest that applications are safe and not being used or manipulated by
attackers.
19. AS: Threat Vectors
• Initial entry by leveraging email to send malicious
messages(attachment or links) to users.
• For gaining control of end user, servers, mobile device
• Leverage vulnerabilities in web browsers and web-plugins
• For gaining control
• Exploiting vulnerabilities in enterprise server applications.
• For gaining control
• During the development of an application the attacker may find and
then exploit the flaw of software for gaining control
20. AS: Capabilities
• E-mail security
• Web-shell detection
• Application firewalls
• Database firewalls
• Forward proxy and web filters
• Reverse proxy
• Data Leakage Protection (DLP)
• Secure application and database software development
• Software code vulnerability analysis (including source code verification and
bug tracking)
21. Continued………. Next Lecture
• Endpoint, Server, and Device Security
• Identity, Authentication, and Access Management
• Data Protection and Cryptography
Integrated Lights-Out (iLO) is a remote server management processor embedded on the system boards of HP ProLiant and Blade servers that allows controlling and monitoring of HP servers from a remote location.
A KVM (keyboard, video, mouse) switch is a hardware device that allows a user to control multiple computers from a single keyboard, video display monitor andmouse. KVM switches are often found in data centers where multiple servers are placed in a single rack.
Out of band Management: This management method involves an alternate and dedicated connection to the system separate from the actual network that the system runs on. This allows an administrator to ensure the establishment of trust boundaries since there would only be a single entry point for the management interface.
NS=Network Security
AS: Application Security
Reverse Proxy: In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as if they originated from the Web server itself. It hide the identity of a server while forward proxy hide the identity of the client