This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: Authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: - how various encryption algorithms and techniques work and their benefits and limitations. - various authentication systems and types. - the difference between authentication and authorization. At the end of this course, you’ll be able to: - evaluate potential risks and recommend ways to reduce risk. - make recommendations on how best to secure a network. - help others to understand security concepts and protect themselves.
Software Patch Management
Loading...
来自 Google 的课程
IT Security: Defense against the digital dark arts
243 评分
从本节课中
Defense in Depth
In the fifth week of this course, we're going to go more in-depth into security defense. We'll cover ways to implement methods for system hardening, application hardening, and determine the policies for OS security. By the end of this module, you'll know why it's important to disable unnecessary components of a system, learn about host-based firewalls, setup anti-malware protection, implement disk encryption, and configure software patch management and application policies.
与讲师见面
Google
While some parts of software features are exposed,
a lot of attacks depend on exploiting bugs in software.
This triggers obscure and unintended behavior which can
lead to a compromise of the system running the vulnerable software.
These types of vulnerabilities can be fixed through
software patches and updates which correct the bugs that the attackers exploit.
As an IT support specialist,
it's critical that you make sure that you install software updates and
security patches in a timely way in order to defend your company's systems and networks.
Software updates don't just improve software products by
adding new features and improving performance and stability,
they also address security vulnerabilities.
There are some software bugs that are present in
the core functionality of the software in question.
This means, that the vulnerability can't be
mitigated by disabling the vulnerable service, not good.
An example of this was the Heartbleed vulnerability.
A bug in the open source TLS library Open SSL.
This was discovered in widely publicized in April of 2014.
The bug showed up in how the library handled TLS heartbeat messages.
They're special messages that allow one party in a TLS session to
signal to the other party that they like the session to be kept alive.
This works by sending a TLS heartbeat request message,
a packet that has a text string and the length of the string.
The receiving end is supposed to reply with the same tech string and response.
So, if the heartbeat requests message contains
the text "I am still alive" and the length of 15,
the receiving end would reply back with the same text, "I am still alive."
But, the bug in the Open SSL library was that
the replying side would allocate
memory space according to the value in the received packet.
This was based on the specified length of the string like it's defined in the packet.
Not based on the actual length of the string.
The value was not verified.
This meant that an attacker can send
a malformed heartbeat request message with
a much larger length specified than what was allowed.
The reply would contain the original text message
but would also include bits of memory from the replying system.
So, an attacker can send a malformed heartbeat request message containing the text,
"I'm still alive", but with a length of 500.
Because the length value wasn't verified.
this means that the response back would be, "I'm still alive",
followed by the next 485 characters in memory.
So it was possible for an attacker to read up the 64 kilobytes of a target's memory.
This memory was likely used before by Open SSL library,
so it might contain sensitive information regarding other TLS sessions.
This bug meant that it was feasible for an attacker to recover
the private keys used to protect TLS sessions.
This would allow them to decrypt
TLS protected sessions and recover details like log in credentials.
This is a great example of a mistake in the code
leading to a very high profile software vulnerability.
It could only be fixed through a software update or
switching to a different TLS library entirely.
While the heartbeat functionality is enabled by default,
it's possible to disable it in
the Open SSL library but it wasn't a simple argument to pass to an application.
Disabling this functionality required compiling
the library with a flag that was specified to disable heartbeats.
Then, you had to replace the installed version with the custom compiled one.
That's not something most people would do.
This was also a library widely used by both server applications and client applications.
This means, that it may not be possible to replace
the Open SSL library with a customized version or a different library.
The only way to address the vulnerability in client software that implemented Open SSL,
was to wait for a patch from the software vendor. What a mess!
Here's the bad news, with software continuing to grow more complex over time,
these types of bugs are likely to become more commonplace.
Attackers will be looking for exactly this type of vulnerability.
The best protection is to have a good system and policy in place for your company.
The system should be checking for,
distributing and verifying software updates for software deployment.
This is a complex problem when considering
a large organization with many machines to
manage that run a variety of software products.
This is where management tools can help make this task more approachable for you.
Solutions like Microsoft's SCCM or Puppet Labs puppet in fact and
tools allow administrators to get an overview of
what software is installed across their fleet of many systems.
This lets a security team analyze what specific software and versions are installed,
to better understand the risk of vulnerable software in the fleet.
When updates are released and pushed to the fleet,
these reporting tools can help make sure that the updates have been applied.
SCCM even has the ability to force install updates after a specified deadline has passed.
Patching isn't just necessary for software,
but also operating systems and firmware that run on infrastructure devices.
Every device has code running on it that might have
software bugs that could lead to security vulnerabilities,
from routers, switches, phones even printers.
Operating system vendors usually push
security related patches pretty quickly when an issue is discovered.
They'll usually release security fixes out of cycle from
typical OS upgrades to ensure a timely fix because of the security implications.
But, for embedded devices like networking equipment or printers,
this might not be typical.
Critical infrastructure devices should be approached carefully when you apply updates.
There's always the risk that a software update will introduce
a new bug that may affect the functionality of a device,
or if the update process itself would go wrong and cause an outage.
I hope you can see the importance of applying
software patches and firmer updates in a timely fashion.
It would be pretty embarrassing if you wind up being compromised
by a vulnerability that could have been easily fixed with a software update.
