Digital Security Prevention Methods – CompTIA A+ 220-902 – 3.2

Digital security can be more important than physical security, especially if your systems access resources across the Internet. In this video, you’ll learn about some of the most important considerations for digital security.

<< Previous: Physical Security Prevention MethodsNext: Security Awareness >>

One of the most common types of security technologies is the anti-virus and the anti-malware software that’s running on our computers. When you’re in a work environment, you usually have many different devices and all of these devices have to be constantly updated with the latest antivirus and anti-malware signatures. If you have a large number of devices, this can be a scaling issue, especially if you’re pulling those updates across the internet. That’s why in large organizations you usually have some type of centralized enterprise management. That way you can download all of the updates from one source and then deploy those updates from your internal location. This also is a little bit of a challenge for your mobile devices because not only do those need to be protected with antivirus and anti-malware, but you also have to make sure that these mobile devices are updated in a timely manner as well. Another popular piece of software running on our computers is a host-based firewall. You might also hear this referred to as a personal firewall. This is usually something that comes with the operating system you’re using. So this is something you’ll see in Linux, in Mac OS, and Windows. And it’s designed to stop anybody from accessing your computer from the outside. This is a stateful firewall, which means if you’re communicating out to another device, it knows that you’ve begun the conversation so it allows any responses from the outside. What it prevents is somebody entering your computer from the outside that you’ve not previously communicated with. It also is able, since it’s running in your operating system, to track and allow this traffic based on the application that’s currently in use. In Windows, you’ll commonly see the Windows Firewall being used for this. It allows us to filter traffic by port number, by application, or any combination of those in and out of your Windows device. We also commonly rely on network based firewalls, both at our homes and our businesses, to prevent somebody from accessing our internal network. We’ve traditionally used these firewalls to allow and disallow traffic based on a TCP or UDP port number, but these newer, more modern firewalls can identify applications that may be going over the network and allow you to set priorities and permissions based on the application type itself. You can often use network-based firewalls to encrypt traffic between two firewalls. So if you have two locations, you can send data back and forth between those locations, but encrypt everything going between one side and the other. It’s also common to see these network-based firewalls use a proxy function. So you would make queries to the firewall, the firewall would then continue the query out to the internet, receive the response, examine that response, and if everything looked OK, provide you with the answer to your query. You’ll also find that most firewalls are what we call layer 3 devices, which means they’re routers. This means we’re able to put this firewall on the edge of our network and also use it to route traffic into and out of our environment. Another digital technique that we rely on for security is authentication. This is when we’re adding a username and a password to gain access to a resource. It’s usually something unique as well. Only you know your username and password and nobody else is going to have that information. In Windows, there’s something called a security identifier, or an SID, and this is what’s going to identify you uniquely in that Windows environment. You’ll generally provide a number of different credentials: certainly there will be a username and password, but you might also be asked for a smart card or personal identification number as well. There’s usually a profile associated with this username that you’re using and once you authenticate with the proper username and password, these credentials then allow you access to just the resources that are specific for you. These authentication credentials are very important. If somebody was to gain access to your username and password, they would effectively have access to all of the resources associated with your login. That’s why we want to prevent someone from gaining access to that information, either indirectly or by performing some type of brute force attack, either online or through an offline brute force form. That’s why we want to protect these credentials by making sure that our password is as complex as possible. That way if somebody is performing an online or offline brute force attack, they’ll have to go through many more iterations to ever come across what your password might be. Not only do our passwords need a level of complexity, but we also need to make sure that they’re updated often. That way if somebody does come across a set of hashes or gets access to your password, that information would only be valid for a certain amount of time. If you were ever wondering what a bad password might be, you might want to look at one of the many studies done by Splash Data. They examine password files every year. And here’s an example of some of the passwords that they’ve been able to find. The number one password in use: one two three four five six. The number two password in use is the word password. And you can see even gets worse from there. You don’t want to use any of these types of passwords with any of your user credentials. You need to add complexity and you want to be sure these are changing all the time. Another way to add some complexity to this authentication process is to ask you for a username, a password, and then something else. The something else means that you’re using a multi-factor authentication. It might be something you are, something you have, something you know, somewhere you are, or something you do. It’s very common to see this multi-factor authentication provided through an external key fob that happens to have a pseudo random number that changes every 30 seconds or so. That way when you log in, you’re providing a username, and a password, and then the latest number that might be identified on that key fob. You can also do this through applications on a mobile device. Here’s an example of a mobile authenticator through where I log in with a username, a password, and then I reference this application to know what the latest code is and in 30 seconds this code changes to something else. If I have to log in again, I have to provide my username and password and they go back to the authenticator to get the latest code. Another form of digital security is protecting files are stored in a file system. In Windows, the popular file system NTFS is a very common way to do this. This has very granular security permissions built in as part of the file system itself. And allows you to really focus and lock down certain files in certain resources to particular users in that file system. We can also provide access to these files through the username that you happen to be using. Your username will be associated with particular groups and those particular groups would have access to certain files and resources in that file system. In fact, it’s very common for organizations to constantly audit their list of user permissions. That way they can be assured that the person logging in has access to the correct files. We often have sensitive information that we keep in our organization, but a lot of our users work outside the building. One way to provide secure access for those users is through a virtual private network. We often use a virtual private network concentrator to be able to facilitate this communication. The VPN concentrator itself is often a piece of hardware that has specialized encryption technology within it that’s able to quickly encrypt and decrypt the information. And it becomes a central point for everyone on the outside to be able to communicate with. If your requirements are relatively low and you don’t need a dedicated piece of hardware, there’s also software-based VPN concentrators available as well. And most client operating systems these days I already have VPN software built in. So you may not even need to install additional software to be able to securely communicate to this VPN concentrator. Here’s an example of how this VPN concentrator works. You have all of your corporate data here on the private corporate network and there’s a VPN concentrator between the corporate network and the rest of the world. Well you might be at a coffee shop, you launch VPN software and it creates an encrypted tunnel from your laptop to the VPN concentrator. The VPN concentrator’s in charge of decrypting that information and passing it through to the internal network. To be able to send information back to you, that information is sent to the concentrator, which then encrypts the information, sends it through the tunnel and back to your laptop. The obvious benefit here is that everything that is going across the internet from the coffee shop to the VPN concentrator at your headquarters is all going to be encrypted information. If anybody does gain access to the communication flow between these two devices, they won’t be able to know what is inside of this information. All of that data is secure and encrypted. The type of data that we send in and out of our network can very often be very sensitive. It might include social security numbers or credit card numbers. There might be medical information or other types of sensitive information that are transferred. When this type of sensitive information is communicated over the network, it is almost always sent in encrypted form. That way if somebody does see this network traffic, they won’t be able to see this sensitive social security numbers, credit card numbers, or anything else. But if somebody is sending this information in the clear, whether it’s accidentally or on purpose, you could be notified with this through devices that provide data loss prevention, or DLP. We usually implement data loss prevention on a network by using many different types of components: these might be software components on a server, it might be a custom built appliance on the network, or it might be built into the firewall that we’re using. If you walk into an office building, you may find that there are many places where you could potentially plug-in and gain access to the network. Because of that it’s a good idea to administratively disable any interfaces that are not currently in use. This way you’re able to be sure that nobody can walk into an empty desk plug-in and gain access to your internal network. This is obviously going to take some time to identify what switch interfaces need to be administratively disabled and then you might want to perform audits to make sure that none of these interfaces happen to be re-enabled in the meantime. Once you have this initial list of exactly what interfaces should be enabled and disabled, it shouldn’t take too long to perform these ongoing audits. An access control list is a very broad term that describes the permissions that are associated with an object. You may hear these referred to as ACLs or “ackles” and you’ll see them used in file systems, network devices, firewalls operating systems, and much more. The implementation of the access control list is different depending on where it happens to be. If it’s in a file system, the access control list may simply say that Bob can read files; if it’s on a network device it may say that Fred can access the network; or if you’re in a firewall it may be very specific, it may say the James can access network slash 24 using TCP port 80, port 443, and port 8088. If you’re communicating to a file server, through an operating system, or over the network, then there’s probably some device in each one of those places that has inside of it an access control list. One common form of digital security that requires a physical object is a smart card. The smart card usually contains a digital certificate and we usually insert it into a laptop or smart card reader in order to use it for authentication. We’re often using the smart card with some other factor of authentication. So we might be adding a username, a password, we might put in a personal identification number, and then also use the smart card. We rely on email to perform our day to day tasks, but we’re also concerned from a security perspective, of what may be going through our email systems. One of these concerns revolves around unsolicited email or what we call spam. There are many ways to filter out this spam. One way is to stop it at the mail gateway before it even gets into the organization and seen by the users. There are many different solutions for this, you can either filter out the spam on the inside of your network, there are also a number of cloud-based services to do this as well. Email can also be used to send malicious software so we always need to have some type of filter in place that can evaluate everything sent through the email system and then allow or disallow that information based on what’s inside of that mail message. We should always be concerned with the applications that we’re installing our computer as these applications have access to our personal information and of course have access to the operating system. In a perfect world, we would be able to read all of the source code for a particular application, audit it, and to make sure that it’s trustworthy. But of course we don’t always have access to the source code and even if we did, we don’t have enough time to audit every bit of source code but we might be installing onto our computer. Because of that we generally categorized the software that we’re installing as coming from a trusted source or an untrusted source. A common trusted source might be an application you’re developing in house, maybe it’s coming from a well-known publisher. You know, if you’re installing an application from Microsoft then it’s an application that you can generally trust. Or it might be an application that has been digitally signed by a source that you can also trust. An example of an untrusted source might be a third party site that you’ve never worked with before, that you’re downloading and installing software from; maybe it’s links that you’re following in an email; or a very common untrusted source is one that is a pop-up or drive-by download that tries to install software onto your computer.