Domain 7 - Systems and Application Security

---

Goals

• [ ]
• [ ]
• [ ]

Malware

• Malware
• Logic Bomb
• Backdoors and Remote Access Trojans
• Rootkit
• Fileless Malware
• Code Signing

Understanding Attackers

• Attributes of Threat Actors
• Types of Threat Actors
• Threat Vectors
• Zero-Day Vulnerabilities

Social Engineering

• Social Engineering
• Impersonation
• Phishing
• Pretexting
• Watering Hole Attack
• Shoulder Surfing
• Dumpster Diving
• Tailgating and Piggybacking

Web Application Attacks

• OWASP Top 10
• SQL Injection
• Cross-Site Scripting (XSS)
• Forgery Attack
  • Cross-Site Request Forgery (CSRF)
  • Server-Side Request Forgery (SSRF)
• Directory Traversal
• Buffer Overflow
• Cookies
• Web Beacon
• Clickstream
• Arbitrary code execution

Host Security

• Operating System Hardening
• anti-malware software
• Endpoint Detection and Response (EDR)
• Sandbox
• Benchmarks and Secure Baselines
• Firewall
  • network firewall
  • host firewall
• Implicit Deny
• Security Groups and Security Lists
• Next-Generation Firewall (NGFW)
• Intrusion Detection Systems (IDS)
  • File Integrity Monitoring (FIM)
    • required by PCI DSS and other compliance regulations
• Intrusion Prevention System (IPS)
• Data Loss Prevention (DLP)
• Endpoint monitoring
  • monitor processor, memory, and file system activity
• Security Information and Event Management (SIEM)
• User and Entity Behavior Analytics (UEBA)

Hardware Security

• Disk and File Encryption
• Hardware Security Module (HSM)
• Trusted Platform Module (TPM)
• BIOS and UEFI
• Boot Passwords and Secure Boot
• Peripheral security
  • secure wireless protocols
  • update peripheral firmware and drivers
  • printer security (multi-function printers)
    • patch the operating system
    • secure the printer’s webserver
    • encrypt print traffic
    • securely wipe printer hard drives

Mobile Device Security

• Cellular Data Networking
• Satellite Technologies
• Near-Field Communication (NFC)
• Bluetooth
• Network Data Transmission
• Mobile Hotspots and Tethering
• Mobile device security
  • use device passwords
    • biometric authentication
  • full disk encryption
  • remote wipe
  • auto-lock
  • MicroSD HSMs
  • Security-Enhanced Linux in Android (SEAndroid)
• Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
    • whitelisting
    • blacklisting
    • use strong credential management for applications
    • rely upon central authentication
    • encrypt sensitive information
    • practice strong key management
• Asset Management
• Geofencing
  • Geotagging
    • may disclose sensitive locations
    • camera applications auto add location information
    • set location permissions
• Sideloading, Rooting, and Jailbreaking

Embedded System Security

• Industrial Control Systems (ICS)
• Internet of Things (IoT)
• Air-Gapped Isolation
• place embedded systems in a segmented network (DMZ)!
• use application firewalls
• embedded systems security controls work for mainframe systems too

Cloud Computing

• Cloud Computing
• ISO 17789 – Cloud Computing Reference Architecture
• Cloud Deployment Models
• Cloud Service Models
• Serverless Computing (aka Function as a Service)
• Cloud Shared Responsibility Model
• Hypervisor
• Virtualization Security
  • VM escape
  • VM sprawl
• Cloud Storage
• Container Virtualization
• Data Sovereignty and Geographical Considerations
• Cloud Access Security Broker (CASB)