Securing Software, Data and End Points

Course 4: Securing Software, Data and End PointsWelcome to Course Four. As we know, most attacks against systems involve exploiting vulnerabilities in software that powers hardware. Additionally, attackers may exploit vulnerabilities in the underlying hardware, especially when that hardware is for the protected against being stolen or accessed with unauthorized use, but their real target and all the tax is data. Therefore, it’s so critical, the total set of software powering an organization’s business logic and processes must be kept secure. As we’ll see in this chapter, the software provides a layered environment. Building from a core or kernel of trustworthy functions up through to the mobile code and executable content. This enables and empowers all web apps and remote data access. Security professionals need to appreciate securing software covers two very different, but closely related major tasks. They need to ensure that the Security Posture of that software is known and understood, as well as ensure the software is installed, maintained, and used in ways consistent with Security Posture or improve it over time. As we discussed in the previous chapter, Security Posture is the set of risks, vulnerabilities controls, and residual risks pertaining to an asset or system. We summarize the safety or risk of using an asset and the degree of reliance that can be placed on the results from a specific context or situation. In this course, we’ll build on that foundation by looking more closely at how the data can be the target of an attack and part of exploiting other vulnerabilities in the system. We’ll explore what security professionals, as non-programmers, can do to reduce the risk of such malformed input attacks. In course two, we also discussed the non-human user concept as a general way to view management and security of devices and software entities to protect those entities from threats to their integrity and to protect the overall system and individual assets from unauthorized behavior by those non-human users. In this chapter, we’ll build on those concepts, as we dive into Endpoint Security Issues and Approaches.

Course 4 Learning Objectives

After completing this course, the participant will be able to: 

L4.1 - Discuss software systems and application security. L4.2 - Recognize data security concepts and skills.  L4.3 - Identify malicious code and countermeasures.   L4.4 - Evaluate mobile device management (MDM) and security issues with mobile and autonomous endpoints. L4.5 - Review attacks and countermeasures for virtual machines.

Course Agenda

Module 1: Securing Software (Domain 1 - Security Operations and Administration, Domain 3 - Risk Identification, Monitoring and Analysis , Domain 7 - Systems and Application Security ) Module 2: Securing Data (Domain 1 - Security Operations and Administration, Domain 7 - Systems and Application Security ) Module 3: Identify and Analyze Malicious Code and Activity (Domain 7 - Systems and Application Security) Module 4: Implement and Operate Endpoint Security (Domain 7 - Systems and Application Security ) Module 5: Operate and Secure Virtual Environments (Domain 7 - Systems and Application Security , Domain 6 - Network and Communications Security)   

Who Should Take This Course: Beginners

Experience Required: No prior experience required

None

Syllabus

Syllabus - What you will learn from this course
Week 1
Module 1: Securing Software
Software presents the largest attack surface of nearly every organization’s information systems, and its creation is often poorly managed. The vast majority of software vulnerabilities are accidental but repeat offenses. Repeats and reprises of classic design and programming errors, being made over and over again by each new generation of programmers.  And when they’re not exploiting those kinds of software vulnerabilities, attackers take advantage of poorly maintained, often under-protected software, and thus exploit other operational and procedural vulnerabilities as they travel along their attack vector to their desired targets. 
Module 2: Securing Data
We are not going to do a deep dive into the common weaknesses of software, nor how they get put in by designers and programmers. You won’t need to learn programming or how to read code to help your organization dramatically improve the security of its software or the supply chains that bring that software to the organization’s end users.
Week 2
Module 3: Identify and Analyze Malicious Code and Activity
Whether you are using the CIA triad, CIANA+PS or any other set of security characteristics as your analysis framework, you’ll find that they all meet their stress test case when considering databases and data warehouses. This is the “data at rest” part of the three-state model of data; applications and endpoints make up the environment in which we consider data in use, and networks and communications systems are where data is in motion, of course. 
Module 4: Implement and Operate Endpoint Security
Business and organizational data, personal data such as personally identifiable information (PII) or protected health information (PHI), and metadata about all of that data are collected, collated, linked together and stored in databases and data warehouses, whether on-premises, in the cloud or in hybrid architectures.  It’s the information in those architectures that requires the right set of protections and controls, if the organization is to meet or exceed its information security, data protection and systems safety needs. 

Many different forms of attacks on data happen every day. Ransom attacks encrypt the target’s data while demanding payment to provide the decryption key and tool; this is extortion, a crime everywhere.  Other attacks attempt to corrupt existing data or put false data into the system as an act of sabotage or fraud.  

Copying of data without disturbing it is theft, and such data breaches, or data exfiltration attacks, can target data that is in simple files, such as poorly protected lists of usernames and related credentials, systems log files or applications data in documents, spreadsheets and other files. Attacks that net millions of stolen copies of customer records, however, have more than likely been targeted against databases and data warehouses. These attack vectors can be categorized in many ways, and the next section will look at the most common.
Week 3
Module 5: Operate and Secure Virtual Environments
The term “malicious code” refers to the many types of malware in use today. In many cases, people use the term “virus” incorrectly to include all types of malware. In fact, a virus is only one form of malware. 
Module 6: Chapter 4 Review
Malware is the joining of the two terms “malicious” and “software.” It is often used to discuss the various forms of malicious software code that have been written to cause damage or perform unauthorized activity on a system. Malware is not used to describe a software bug or logic flaw in a system because those are not written to intentionally perform unauthorized actions. There are many forms of malware in use today, and over the years it has evolved as malware authors have had to discover new ways to compromise a system and to achieve its goals. 

It’s important to differentiate between malware and potentially unwanted programs (PUPs). Many adware and spyware programs are viewed as having legitimate business and organizational uses; in fact, the trade groups that represent advertisers, workplace employee performance monitoring and vendors of these programs argue that when used legitimately, the organization clearly wants them installed and in use, even if some of their employees are hesitant.  This is why many threat intelligence services, anti-malware and security systems vendors and others refer to programs with no demonstrably hostile or malicious intent as separate from programs that are clearly hostile by design and use. 

Some malware (also called malcode) is overt and obvious, doing extensive damage to systems and data within a short time of its introduction, while other malware is hidden and can lie dormant on a system for months or years undetected, just waiting to respond to a call from the implementer of the malware. 

Early versions of malware were either a virus or a worm and often spread by passing floppy disks from person to person (like the Brain computer virus) or exploiting a network connection (e.g., Morris worm). The infected floppy disk would contain a (boot sector) virus that overwrote the boot sector on the hard disk. When the disk was inserted into a system, the system would read the boot sector to determine what data was on the disk and load the virus sitting in the boot sector. With this means of transmission, it took years for such a virus to spread around the world. Other virus types included the macro virus that would exploit the macro language used in some office productivity products, or the various forms of malware that would spread as email attachments or through links in an email.

FAQ

When will I have access to the lectures and assignments?

Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

What will I get if I subscribe to this Certificate?

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

Reviews