pirate.moo's gitbook
  • 🏴‍☠️pirate.moo's gitbook
  • WEB
    • OWASP TOP 10
    • Notes
    • Lab Write-Ups
      • SQLi in WHERE clause
  • PENTESTING
    • CHECKLIST
    • REPORTING
    • SCRIPTS
  • EXPLOITATION
    • reverse shells
    • dns/subdomain
    • ssl
    • Handy cmds
    • VULNERABILITIES
      • Log4Shell
      • Dirty Pipe
      • Pwnkit
  • CTF
    • CTF Tools
  • CERTIFICATIONS
    • PNPT
    • CPTS
      • 1. Process
      • 2. Getting Started
      • 3. NMAP
      • 4. Footprinting
        • FTP
        • SNMP
        • SMB
        • NFS
        • MySQL/MSSQL
        • Oracle TNS
    • CPTS Machines
      • Nibbles
    • OSCP
    • ISC2-cc
      • 1. Security Principles
      • 2. Incident Response
      • 3. Access Control
      • 4. Network Security
      • 5. Security Operations
  • MOBILE
    • History
    • Forensics
  • MOOSINT
Powered by GitBook
On this page
  1. CERTIFICATIONS
  2. ISC2-cc

5. Security Operations

Data Handling

Goes through a life cycle as users create, use, share, modify data

Model: create, store, use, share, archive, destroy

Process of recognizing organizational impacts if there is a compromise

  1. Dictates rules/restrictions about how info is used, stored, shared

  2. Keeps the value, importance of data, info from leaking

  3. Before attacking labels: Assessments

  4. Came from laws, regulations, contracts, business expectations

  5. Leads to better design, implementation of processes

Implementing controls to protect classified info

  1. Highly restricted: Could put future existence at risk

    • Could lead to loss of life, injury, property damage, litigation

  2. Moderately restricted: Loss of advantage, revenue, disruption

  3. Low sensitivity: Internal use, minor disruptions, delays, impacts

  4. Unrestricted public data: Published, dissemination, disclosure

Data should only be kept for as long as it's beneficial

  1. Data retention policy: No data kept beyond required life

  2. Data destruction performed when assets reach retention limits

    • Asset inventory, retention period, destruction requirements

    • Periodic review of records to reduce volume of stored info

    • Records retention policy: Length of required retention

Policies should guarantee:

  1. Personnel understand retention requirements

  2. Appropriate documentation retention requirements exist

  3. Everything retains info in accordance with schedule

Destruction: Can be done by one of several means:

  1. Clearing device, overwriting, zeroizing

  2. Purging: Reduce chance residual physical effects will be recovered

  3. Physical destruction: Mechanical shredding, etched in acid, burned

Logging & Monitoring Security Events

Captures signals generated by events

Events: Actions that take place in the environment that cause change user IDs, activities, dates/times, device/location identity

Event Logging Best Practices:

Ingress monitoring (inner): Surveillance of inbound traffic, access

  • Firewalls, gateways, remote authentication servers

  • IDS/IPS, SIEM

  • Anti-malware

Egress monitoring (outer): Regulates data leaving the environment

  • Email, portable media,

  • FTP, websites, API's: Application Programming Interfaces

Encryption

Hiding data in ways only intended recipients understand it

Protects info by keeping it secret, unintelligible and transform plaintext

  1. Confidentiality: Messages can't be understood by anyone but intended

  2. Integrity: Hash functions & digital signatures: Verify no alteration

Uses same key in both encryption/decryption processes

  • Two parties communicating need to share knowledge of key

  • Someone who compromises comms could intercept the key

  • Key distribution is difficult: MITM

  • Out-of-Band key distribution: Sending through a diff channel

    • Bulk data: Backups, HDDs, portable media

    • Messages traversing communications channels

    • Streaming large-scale, time-sensitive data

Uses one key to encrypt, different key to decrypt

  • User would need to generate key pair

  • Usually PKI: Public Key Infrastructure

  • One half of key pair kept secret

  • Other half can be given freely

Problems: Extremely slow compared to symmetric

Takes data and returns fixed-length result called hash value.

Hash function: Alg used to perform the transformation

To be useful, a hash function must demonstrate 5 things: 

  1. Easy to compute hash value

  2. Nonreversible: Infeasible to reverse process

  3. Content integrity: Infeasible to modify

  4. Unique: Infeasible to find diff messages that hash the same value

  5. Deterministic: Same input will always generate same hash with alg

Configuration Management

Only authorized changes happen

Baseline ID of a system, interfaces, documentation

Baseline: Min level of protection used as a reference point

Process for requesting changes to a baseline through its components

Verification: Validation process, may involve testing

Audit process:

  1. Validates in-use baselines

  2. Matches sum of baseline + approved changes in sequence Inventory

  3. Makes catalog of all info assets org is aware of

Common Security Policies

Appropriate use of data:

  • Defines if data for company use, is restricted by role, or made public

  • Proper classification helps comply with laws and regulations

Password Policy: Expectations of systems, users, passwords

Acceptable Use Policy: Acceptable use of network, protects from legal

  • Should detail approved use of assets, every employee signs

  • Data access, disclosure, retention, internet & device use

BYOD: Bring Your Own Device

Privacy Policy: Personnel understand handling sensitive info

  • Which info considered PII/ePHI, punitive measures for failure

Focuses on making decisions with approval

Three major activities:

  1. Deciding change

  2. Making change

  3. Confirming change accomplished

Change Management

Request For Change: Moves through various development & test stages

Assignment to proper change authorization process

Verifying rollback procedures

Previous4. Network SecurityNextMOBILE

Last updated 1 year ago