Skip to content
Shadow Cipher

Defence in Depth

Disabling Unnecessary Componets

  • 0-day vulnerablity

  • Attack vectors
    The method or machanism by which an attacker or malware gains access to a network or system

  • Attack surfaces
    The sum of all the different attack vectors in a given system

  • The less complex something is, the less likely there will be undetected flaws

  • Another way to keep things simple is to decuver your software deployments.

  • Telnet access for a managed switch has no business being enabled in a real-world environement.

Host-Based Firewall

Protect individual hosts from being compromised when they’re used in untrusted, potentially malicious environments.

  • A host-based firewall plays a big part in reducing what’s accessible to an outside attacker.

  • Bastion nhosts, or network

  • If the users have system have a administrators rights, then they have the ability to change firewall rules and configurations.

Logging aand Auditing

  • Security informative adn event management systems

  • Normalization

  • Once logs are centralized and standardized, you can write automated alerting based on rules.

  • ryslog

  • Splunk Enterprise security

  • IBM Security Qradar

  • RSA security Analytics

Antimalware Protection

Lots of unprotected systems would be sompromised in a matter of minutes if directly connected to the internet without any safeguards or protections in place.

  • Antivirus software will monitor and analyze things, like new files being created or being modified on the system, in order to watch for any bbehavior thayt matches a kn own malware signatures

  • It protects against the most common attacks out there on the internet.

  • Antivirus software is just one piece of our anti-malware defences.

  • Binary whistelisting software

Disk Encyption

  • Full-disk encryption(FDE)
    Works by automatically converting data on a hard drive into a form that cannot be understood by anyone who doesn’t have the key to “undo” the conversion

  • Secure Boot Protocol

  • Platform key

  • input -> Encryptrion Algorithm -> Decryption Algorithm -> Output

  • When you implement a full disk encryption solution at scale, it’s super important to think how to jandle cases where passwords are forgotten.

  • key Escrow
    Allows the encryption key to be securily stored for later retrival by an unathorized party.

  • home directory or file-based encryption only guarantees confidentiality and integrity of files protected by encryption

Software Patch Management

  • As an IT support specialist, it’s critical that you make sure that you install software updated and security patches in a timely way, in order to defend your company’s system and networks.

  • The best protection is to have a good system and policy in place for your company.

  • critical infrastruture devices should be approched carefully when you apply updates. there’s always the risk that a software update will introduce a new bug that might affect the functionality of the device.

Application Policies

  • A common recommendation, or even requirements, is to only support or require the latest version of a pieces of software.

  • It’s generally a good idea to disallow risky classes of software by policy. Things like file sharing software and piracy-related software tend to be closely associated with malware infections.

  • Undertanding what your users need to do their jobs will help shape your approach to software policies and guidelines.

  • Helping your users accomplish tasks by recommending or supporting specific software makes for more secure environment.

  • Extensions that require full access to web sites visited can be risky, since the extension developer has the power to modify pages visited.