SY0-501 Section 3.8 Explain the proper use of penetration testing versus vulnerability scanning.
Penetration testing It is becoming more common for companies to hire penetration testers to test their system’s defenses. Essentially, a penetration tester will use the same techniques a hacker would use to find any flaws in your system’s security. Hacking and penetration testing are areas that seem quite exciting to many people. Unfortunately, this has led to a number of unqualified (or at least underqualified) people calling themselves penetration testers. It is imperative when hiring a penetration tester that you ensure the person in question has the requisite skill set….
Interpret results of security assessment tools Similar to packet sniffing, port scanning and other “security tools”, vulnerability scanning can help you to secure your own network or it can be used by the bad guys to identify weaknesses in your system to mount an attack against. The idea is for you to use these tools to identify and fix these weaknesses before the bad guys use them against you. The goal of running a vulnerability scanner is to identify devices on your network that are open to known vulnerabilities. Different…
Monitoring system logs The general goal of monitoring is to detect suspicious behavior by external users or employees, or malfunctions. An organization can do this directly, such as by monitoring for specific events, or indirectly, such as by watching the state of a server over time and investigating anomalous behavior. Your security organization will have to determine its specific monitoring policy. Within this policy, you will have to determine your organization’s specific monitoring goals. Some questions you will have to answer are: – Are you going to baseline your server’s…
SY0-501 Section 3.5- Explain types of application attacks.
Applications such as Content Management Systems (CMS), Wikis, Portals, Bulletin Boards, and discussion forums are being used by small and large organizations. Every week hundreds of vulnerabilities are being reported in these web applications, and are being actively exploited. The number of attempted attacks every day for some of the large web hosting farms range from hundreds of thousands to even millions. All web frameworks (PHP, .NET, J2EE, Ruby on Rails, ColdFusion, Perl, etc) and all types of web applications are at risk from web application security defects, ranging from…
A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker’s bidding. An example would be responding to a phishing email, following the link and entering your banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An old adage comes to mind here, “it pays to be suspicious”. With socially engineered attacks, the opposite is also true – if you aren’t suspicious, you likely will end up paying. In addition to…
SY0-501 Section 3.2- Summarize various types of attacks.
A computer connected to a computing network is potentially vulnerable to an attack. An “attack” is the exploitation of a flaw in a computing system (operating system, software program or user system) for purposes that are not known by the system operator and that are generally harmful. Attacks are always taking place on the Internet, at a rate of several attacks per minute on each connected machine. These attacks are mostly launched automatically from infected machines (by viruses, Trojan horses, worms, etc.) without their owner’s knowledge. In rarer cases, they…
SY0-501 Section 3.1 Explain types of malware.
Malware (for “malicious software”) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission. Adware Generically, adware (spelled all lower case) is any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification…
SY0-501 Section 2.8 Summarize risk management best practices.
Business continuity concepts One of the oldest phrases still in use today is “the show must go on.” Nowhere is that more true than in the world of business, where downtime means the loss of significant revenue with each passing minute. Business continuity is primarily concerned with the processes, policies, and methods that an organization follows to minimize the impact of a system failure, network failure, or the failure of any key component needed for operation—that is, essentially whatever it takes to ensure that the business continues and that the…
SY0-501 Section 2.7 Compare and contrast physical security and environmental controls
Environmental controls The location of your computer facility is critical to its security. Computer facilities must be placed in a location that is physically possible to secure. Additionally, the location must have the proper capabilities to manage temperature, humidity, and other environmental factors necessary to the health of your computer systems. HVAC If the computer systems for which you’re responsible require special environmental considerations, you’ll need to establish cooling and humidity control. Ideally, systems are located in the middle of the building, and they’re ducted separately from the rest of…
SY0-501 Section 2.6 Explain the importance of security related awareness and training
Security Policy Training and Procedures Security awareness and training are critical to the success of a security effort. They include explaining policies, procedures, and current threats to both users and management. A security awareness and training program can do much to assist in your efforts to improve and maintain security. Such efforts need to be ongoing, and they should be part of the organization’s normal communications to be effective. Communicating with Users to Raise Awareness Communication and awareness help ensure that security information is conveyed to the appropriate people in…