Home
Product Directory
Product Installation
Product Activation
Buy

Products > Security+ > Cram Notes
   

Security+ (SY0-401) Cram Notes

Previous        Next      

4. Application, Data and Host Security

4.1 Explain the importance of application security

Fuzzing (fuzz testing) is the automated insertion of random data into a computer program. It is used to find vulnerabilities by the people who developed the program and by attackers.

Cross-site scripting prevention: XSS attack an attacker inserts malicious scripts into a web page in the hopes of gaining elevated privileges and access to session cookies and other information stored by a userís web browser. This code (often JavaScript) is usually injected from a separate "attack site." It can also manifest itself as an embedded JavaScript image tag or other HTML embedded image object within e-mails (that are web-based.)

Cross-site Request Forgery (XSRF): This attack (also known as a one-click attack), the userís browser is compromised and transmits unauthorized commands to the website. The chances of this attack can be reduced by requiring tokens on web pages that contain forms, special authentication techniques (possibly encrypted), scanning .XML files (which could contain the code required for unauthorized access), and submitting cookies twice instead of once, while verifying that both cookie submissions match.

Application hardening: It is is the securing of an application, disabling of unnecessary services, disabling unused accounts, removal of unnecessary applications, and so on.

Application configuration baseline: Baselining is the process of setting up the common, minimum requirements of an enterprise. This could be for a group of computers or all the computers in the network. When a new computer is added to the domain, the common minimum requirements are installed and applied automatically. This saves a lot of time and effort for the administrators. A typical configuration baseline would include cahnging any default settings (like Guest account), removing unwanted softwares, services, games and enabling operating system security features like enabling Firewall.

Application patch management: Any software is inherently prone to vulnerabilities. Therefore, software manufacturers provide updates or patches to the software from time to time. These updates usually take care of any known vulnerabilities. Therefore, it is important to apply these updates. Additional functionality is also one of the reasons for applying software updates. However, many times, it is not the compelling reason to apply the updates.

4.2 Carry out appropriate procedures to establish host security

In addition to protecting the hardware, the operating system on the host must also be protected. This can be achieved through a five-step process:

  • Develop the security policy.

  • Perform host software baselining.

  • Configure operating system security and settings.

  • Deploy the settings.

  • Implement patch management.

Operating system software has continued to add security protections to its core set of features. In addition, there are third-party anti-malware software packages that can provide added security.

Anti-Virus: This software can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus this action is performed when files are opened, created, or closed. If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected fire, or deleting the file. Anti-virus scan files by attempting to match known virus patterns or signatures against potentially infected files. Software contains a virus scanning engine and a regularly updated signature file. The Anti-virus software vendor extracts a sequence of bytes found in the virus as a virus signature. Signatures from all the different computer viruses are organized in a database, which the virus scanning engine uses to search predefined areas of files.

Anti-Spam: Spammers can distribute malware through their e-mail messages as attachments and use spam for social engineering attacks. Different methods for filtering spam exist on the host to prevent it from reaching the user. One method of spam filtering is to install separate filtering software that works with the e-mail client software. Host e-mail clients can be configured to filter spam, such as creating or downloading a list of senders from which no e-mail is to be received (blacklist), create a list from which only e-mail can be received,or block e-mail from entire countries or regions.

Pop-up Blockers and Anti-Spyware: A pop-up is a small Web browser window that appears over the Web site that is being viewed. Most pop-up windows are created by advertisers and launch as soon as a new Web site is visited. A pop-up blocker can be either a separate program or a feature incorporated within a browser that stops pop-up advertisements from appearing. As a separate program, pop-up blockers are often part of a package known as anti-spyware that helps prevent computers from becoming infected by different types of spyware.

Host-based firewalls: A firewall can be software-based or hardware-based. A host-based software firewall runs as a program on a local system to protect it against attacks.

Hardware security: Hardware security is the physical security that involves protecting the hardware of the host system, particularly portable laptops, netbooks, and tablet computers that can easily be stolen.

  • A cable lock can be inserted into a slot in the device and rotated so that cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or chair.

  • When storing a laptop, it can be placed in a safe, which is a ruggedized steel box with a lock. The sizes typically range from small (to accommodate one laptop) to large (for multiple devices).

  • Locking cabinets can be prewired for electrical power as well as wired network connections. This allows the laptops stored in the locking cabinet to charge their batteries and receive software updates while not in use.

Secure Mobile Devices

  • Screen lock. Uses a password to lock the device. This prevents a thief from using a stolen device.

  • Proximity lock. Automatically locks your mobile device or smart-phone when you are away from the phone. It uses a proximity sensor that you may personally carry such as a blue tooth device. Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Data encryption. Encryption protects the confidentiality of data and smart-phone security includes device encryption to protect the data against loss of confidentiality. Itís possible to selectively encrypt some data on a system, an entire drive, or an entire device.

  • Remote wipe. Remote wipe capabilities are useful if the phone is lost. The owner can send a remote wipe signal to the phone to delete all the data on the phone. This also deletes any cached data, such as cached online banking passwords, and provides a complete sanitization of the device, ensuring that all valuable data is removed.

  • Voice encryption. Itís possible to use voice encryption with some phones to help prevent the interception of conversations Global positioning system (GPS) tracking. A GPS pinpoints the location of the phone. Many phones include GPS applications that you can run on another computer. If you lose your phone, GPS can help you find it. If the data is sensitive, you use remote wipe feature to erase the data on the mobile. This is useful to know before you send a remote wipe signal.

  • Cable locks can secure a mobile computer. They often look about the same as a cable lock used to secure bicycles. Locked cabinet. Small devices can be secured within a locked cabinet or safe. When they arenít in use, a locked cabinet helps prevent their theft.

  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols.

Previous        Next      

 
FAQ
Contact Us
Disclaimer