Pass your certification exam. Faster. Guaranteed.

Preventative Measures Transcription

Welcome to our Implementing Preventative Measures Module. It is important that you put controls in place to protect your critical resources. You will need to determine the most appropriate controls for your equipment and your resources and then define appropriate policies. Your resources are your assets which you are responsible for protecting to prevent losing your confidentiality, integrity, or availability.

The level of protection you put in place will depend on the type of asset that you have and the value of that asset. You will need to use both logical and physical controls to protect your assets. The assets that you need to protect could be tangible, like a server that you could physically touch, or could be intangible, such as an idea or other type of information that you have stored on a computer.

That you can't physically see. It is important that you use a multifaceted solution to protect from a variety of different attacks. This is known as a defense in depth strategy, and you should be familiar with the defense in depth for the CISSP examination. It basically means using multiple layers of protection to ensure that your assets are protected.

As you can see at the bottom here, our level of confidence moves up from the bottom, with our firewall providing us with the least amount of confidence. And the intrusion detection system providing us with the highest amount of confidence. We can see that the level of defense for each item moves from right to left as it increases.

So our firewall provides us with a certain level of defense, anti-virus software provides a bit more and so on. When we combine all of these protection mechanisms, you can see the integration we have here gives us the highest level of confidence and the highest level of defense by using all four of these technologies together.

And this is a good example of a layered or defense in depth strategy. Malware is malicious software, and it is important that you prevent malware from getting into your systems. You can provide situational awareness in order to mitigate these types of attacks. You should make sure that all of the hosts on your network are protected by good anti-malware and anti-virus solutions.

It is important that you update definition files frequently in order to block attacks. Antivirus software works like a vaccine in that it can only protect you from specific viruses that the system is familiar with just like a vaccine until the system is updated. Or until you receive the vaccine it will not protect you from any new attacks or diseases.

So it is important to keep this software up to date at all times. It is also important to make sure that your users receive training in order to prevent malicious software from getting on your computers. If you visit non-trustworthy sites, you will most likely pick up malicious software. A lot of infections occur by social engineering attacks where an individual is persuaded to click on a link by reading an email message. Or perhaps they receive a phone call where a alleged IT person tells them to click on a specific link or go to a certain website.

So it's important that your employees know that they should not click on links and emails or listen to individuals on the phone that they are not personally familiar with. Trojans are very common as well so you should not risk downloading illegal software in order to save money. A lot of the software that can be downloaded illegally for free is actually malicious software that is disguised to appear to be a legitimate software package that people are interested in downloading.

You should always follow the principle of least privilege and only provide your users with the minimum amount of privileges that they need to do their job. Your users should not have administrative privileges, and therefore, they should not be able to install any software on your systems. It is important to make sure that your business can survive an incident to make sure that you have trusted recovery in place.

It will help you to maintain your security and your functionality and your most important confidentiality, integrity, and availability. With a trusted system, you will not be able to compromise your protection mechanisms or bypass them. And it's important to prepare your systems before an incident occurs for any failure, so that you can easily recover the system and the data when an incident occurs.

If you do fail the system should not leave you vulnerable to a security breech. You should make sure that you're backing up systems frequently, and snapshots are helpful because they are point in time backups that can be used to return your system to a known secure state before an infection occurred for example.

It is also important that you keep an eye on your network traffic. Traffic analysis or monitoring with thresholds will keep an eye on your traffic and its patterns. And determine what normal network activity looks like. Traffic monitoring systems can notice anomalies or other patterns on your network that could indicate malicious activity.

For example, if there's a lot of traffic all of the sudden between two military units this could indicate that an attack is being planned. And if you have a lot of traffic between your human resources and your headquarters office, this could indicate that there could be lay offs coming.

So these type of traffic patterns can be analyzed to determine if there's a malicious attack or some other legitimate reason why your traffic increased. Traffic padding is where you add spurious, or fake, traffic to your network which can be used as a counter measure to prevent individuals from analyzing your traffic.

Generating illegitimate data in the traffic will make it harder for an attacker to try to footprint and attack your network, because they are not able to determine what is the real traffic and what is the fake traffic that you've added to the network. Ideally you should try to keep your traffic constant so that no individuals are able to obtain information about your network.

An example of this is Google Analytics which can analyze traffic in order to establish patterns. In order to prevent malicious traffic on your network, you can use white listing which means that only certain applications that you authorize will be able to be accessed by your users. If a program is not on the white list, it would not be permitted to be run.

This can be used in two different modes of operation. Enforcement mode and audit mode. Enforcement mode as it sounds enforces the white list. It prohibits all applications that are not on the white list from being run. But this could cause problems when you're trying to update or patch your systems with your host based security systems.

Audit mode is where you log instances of non white list applications that are being run by your users. But there is no attempts to stop the activity from occurring. It simply notifies the user of the violation. For the CISSP examination, you should be familiar with white listing and the two different modes, audit mode, which simply notifies the administrator.

And enforcement mode which actually prevents the user from running the program. You should also be familiar with sand boxing, which is where you run an application in an isolated environment, separate from all of the other applications running on the system. It can restrict access to memory in the file system and other system resources.

And JAVA script and JAVA applets commonly run in sandboxes. Which provide an isolated memory area in the system's random access memory to prevent them from interfering with other programs. For the CISSP examination you should remember that java script and java applets are commonly run in a sandbox to protect the system.

This concludes our implementing preventative measures module. Thank you for watching.