ITOP 2204: Computing Security

Architecture
Module 8 – Host, Application, Data and
Cloud Security
Host Security
 4

List the steps for securing a host

computer

Define Application Security

Objectives
Discuss Data Loss Prevention (DLP)

Define Cloud Security and its methods

 5

• Three important elements to secure

• Host (network server or client)
Cybersecurity • Applications
• Data
 6

• Securing the host involves:

• Protecting the physical device
Securing the • Securing the operating system
software
Host • Using security-based software
applications
• Monitoring logs
 7
• Physical security
• Restricting access to equipment
areas
• Hardware locks
• Standard keyed entry lock
Securing Devices
provides minimal security
(cont’d.)
• Deadbolt locks provide additional
security
• Keyed locks can be compromised if
keys lost, stolen, or duplicated
 8

Residential
keyed entry lock

Locks

Deadbolt lock
 9
• Recommended key management
procedures
• Change locks after key loss or
theft
Securing • Inspect locks regularly
• Issue keys only to authorized
Devices users
(cont’d.) • Keep records of who uses and
turns in keys
• Keep track of issued keys
• Master keys should not have
identifying marks
 10

• Recommended key management

procedures (cont’d.)
• Secure unused keys in locked
safe
Securing • Set up key monitoring procedure
Devices • Mark duplicate master keys with
“Do not duplicate”
(cont’d.) • Wipe out manufacturer’s
serial number to prevent
duplicates from being
ordered
 • Cipher lock
11
• More sophisticated alternative to
key lock
• Combination sequence necessary
to open door
Securing • Can be programmed to allow
Devices individual’s code to give access at
only certain days or times
Cipher lock • Records when door is opened
and by which code
(cont’d.) • Can be vulnerable to shoulder
surfing
• Often used in conjunction with
tailgate sensor
 12

Cipher Locks
 • Alternative access method: physical token
• ID badge may contain bearer’s photo
• ID badge emits a signal identifying the
Securing owner
Devices • Proximity reader receives signal

(cont’d.) • RFID tags

• Can be affixed inside ID badge
• Read by an RFID proximity reader
• Badge can remain in bearer’s
pocket

• Access list
RFID tag • Record of individuals who have
permission to enter secure area
• Records time they entered and left 13
 14

Securing Devices
Mantrap (cont’d.)

• Mantrap
• Separates a secured area
from a non-secured area
• Device monitors and controls
two interlocking doors
• Only one door may open at
any time
 15

Video surveillance

• Closed-circuit television (CCTV)

• Video cameras transmit signal to
limited set of receivers
Securing • Cameras may be fixed or able to move
Devices • Ring.com Safety Doorbell

(cont’d.) Fencing

• Barrier around secured area

• Modern perimeter fences are equipped
with other deterrents
ANTI-CLIMB COLLAR

ROLLER BARRIER

ANTI-CLIMB PAINT

ROTATING SPIKES

16
17
 18
Securing Devices
Hardware Security
(cont’d.)
• Hardware security
• Physical security protecting host system
hardware
• Portable devices have steel bracket security slot
• Cable lock inserted into slot and
secured to device
• Cable connected to lock secured to desk
or immobile object
• Laptops may be placed in a safe
• Locking cabinets
• Can be prewired for power and network
connections
• Allow devices to charge while stored
 19

How do we secure
Mobile Devices
 Mobile device security 20
• Fingerprints
• Face ID
Securing • Phone Lock Numeric
Devices • Password
Mobile • Mobile devices’ unique security
Device features
• Remote wipe / sanitation
Security • Data can be remotely
(cont’d.) erased if device is stolen
• GPS tracking
• Can pinpoint location to
within 100 meters
 21

Securing Devices
(cont’d.)

• Mobile devices’ unique security

features (cont’d.)
• Voice encryption
• Used to mask content of
voice communication
over a smartphone
 22

Securing the Operating

System
 • Five-step process for protecting
operating system
Securing the 1. Develop the security policy
Operating 2. Perform host software baselining
System 3. Configure operating system security
and settings
Software 4. Deploy the settings
5. Implement patch management

23
 24

1. Develop the security policy

• Document(s) that clearly define
Securing the organization’s defense
mechanisms
Operating 2. Perform host software base-lining
System • Baseline: standard or checklist
against which systems can be
Software evaluated
cont. • Configuration settings that are
used for each computer in the
organization
 • Baseline: standard or checklist against
which systems can be evaluated
• Specify which operating systems
will be supported. E.g., Windows
10 and 11 will be supported but 25
Windows 7 and 8 will not be
supported.
• Specify that the latest available
Securing the month updates have been
Operating applied
• Ensure that Malware Protection
System such as Windows Defender is
turned on, or a third-party
Software Malware software protection is
cont. installed.
• Determine if the Windows
Firewall is turned on.
• Windows Defrag software is
Enabled
• Unwanted services have been
disabled
 Securing the Operating System Software cont.

3. Configure operating system security and settings

• Hundreds of different security settings can be manipulated
• Typical configuration baseline
• Changing insecure default settings
• Eliminating unnecessary software, services, protocols
• Enabling security features such as a firewall

26
 27
4. Deploy the settings
• Security template: collections of
security configuration settings
Securing the • Process can be automated
Operating • Group policy
System • Windows feature providing
centralized computer
Software management
• A single configuration may be
cont. deployed to many users
• Security patch
• General software update to cover
discovered vulnerabilities
ACTIVE
DIRECT
ORY
DOMAIN

28
 29
• Hotfix addresses specific
customer situation
• Service pack accumulates
Securing the security updates and additional
Operating features
System 5. Implement patch management
• Modern operating systems can
Software perform automatic updates
cont. • Patches can sometimes create
new problems
• Vendor should thoroughly test
before deploying
 • Automated patch update service
30
• Manage patches locally rather
than rely on vendor’s online
update service
Securing the • Advantages of automated patch
update service
Operating • Administrators can force updates
System to install by specific date
• Users cannot disable or
Software circumvent updates
cont. • Computers not on the Internet
can receive updates as soon as
they reconnect
 31
• Anti-virus
• Software that examines a
computer for infections
Securing • Scans new documents that might
contain viruses
with Anti- • Searches for known virus
patterns
Malware
Software • Challenges of anti-virus
• Vendor must continually search
for new viruses, update and
distribute signature files to users
 32
• Spammers can distribute malware
through email attachments
• Spam can be used for social
engineering attacks
Securing with • Spam filtering methods
Anti-Spam • Bayesian filtering
Methods • Local host filtering
• Blacklist
• Whitelist
• Blocking certain file attachment
types
 SPAM
• https://www.youtube.com/watch?v=O2L2Uv9pdDA

33
 34

Pop-up

• Small window appearing over Web site

• Usually created by advertisers
Pop-up Pop-up blockers
Blockers • Separate program as part of anti-spyware
and Anti- package
• Incorporated within a browser
Spyware • Allows user to limit or block most pop-
ups
• Alert can be displayed in the browser
• Gives user option to display pop-up
 35

• Firewalls
• Designed to prevent malicious
packets from entering or leaving
computers
Firewalls • May be hardware or software-
based
• Host-based software firewall runs
on the local system
 36

Host-Based
Firewalls
• Microsoft
Window’s Host
Based firewall
• Three
designations for
networks: Public,
home (Private),
or work (Domain)
• Users can
configure
settings for each
type separately
 37
• Log: record of events that occur
• Log entries
• Contain information related to a
specific event
• Audit log can track user
Monitoring authentication attempts
System Logs • Access log can provide details about
requests for specific files
• Monitoring system logs
• Useful in determining how an
attack occurred and whether
successfully resisted
 38

• Logs that record all activity from

network devices or programs:
Monitoring • Used in operations, general
audits, and demonstrating
System Logs regulatory compliance
(cont’d.) • Logs for system security
• Operating system logs
• Security application logs
 39

Microsoft system event and audit record log viewer

 40

• Benefits of monitoring system logs

• Identify security incidents, policy
violations, fraudulent activity
• Provide information shortly after
Monitoring event occurs
System Logs • Provide information to help
resolve problems
(cont’d.) • Help identify operational trends
and long-term problems
• Provide documentation of
regulatory compliance
41 2024-07-02 vcc.ca