WEBVTT 00:00.169 --> 00:02.789 >> After we've hardened the facility, 00:02.789 --> 00:05.175 the next step is to harden the network. 00:05.175 --> 00:08.655 Now, we've already talked about every item listed here. 00:08.655 --> 00:11.145 I'll just remind you of the basic things. 00:11.145 --> 00:14.385 Make sure your network devices are physically secure. 00:14.385 --> 00:16.890 Make sure the doors are locked for access. 00:16.890 --> 00:19.245 If you're going to allow remote administration, 00:19.245 --> 00:22.170 makes sure you're forcing a protocol that's secure. 00:22.170 --> 00:25.995 Don't allow rlogin or Telnet or FTP. 00:25.995 --> 00:30.075 Instead, use SSH or SSL to connect. 00:30.075 --> 00:33.615 Then there's also SNMP for network monitoring. 00:33.615 --> 00:35.460 If you're going to do that, make sure 00:35.460 --> 00:37.505 you were using Version 3. 00:37.505 --> 00:39.470 Separate your network. 00:39.470 --> 00:42.440 Isolate trusted from untrusted. 00:42.440 --> 00:44.870 Make sure all your sensitive info 00:44.870 --> 00:47.105 is going across the network encrypted. 00:47.105 --> 00:49.015 That doesn't happen by default, 00:49.015 --> 00:53.270 so you need to put something in place like SSL or SSH, 00:53.270 --> 00:55.670 or perhaps even IPSec. 00:55.670 --> 01:00.860 Using HTTPS means you are using TLS SSL. 01:00.860 --> 01:03.360 Scan your network. We're going to talk 01:03.360 --> 01:06.310 about that in a bit, monitor your network. 01:06.860 --> 01:09.510 Limit remote access. 01:09.510 --> 01:11.510 Obviously, we can't get along today 01:11.510 --> 01:13.670 without allowing remote access. 01:13.670 --> 01:15.110 But limit this as much as you 01:15.110 --> 01:17.840 can and make it as strong as you can. 01:17.840 --> 01:20.810 Make sure you have strong authentication with 01:20.810 --> 01:24.335 at least two factors of authentication. 01:24.335 --> 01:27.940 If it's not necessary, get rid of it. 01:27.940 --> 01:30.960 That being said, we don't just make changes 01:30.960 --> 01:34.050 haphazardly to a system or a system baseline. 01:34.050 --> 01:36.110 But when we determine that we aren't 01:36.110 --> 01:38.270 using a system or service anymore, 01:38.270 --> 01:39.770 we need to act to make sure 01:39.770 --> 01:42.545 that system or hardware can be removed. 01:42.545 --> 01:43.580 It needs to go through 01:43.580 --> 01:46.044 >> the proper change control process. 01:46.044 --> 01:48.590 >> It's like IPV6. 01:48.590 --> 01:50.090 Many people don't think they are 01:50.090 --> 01:52.325 using IPV6 on their network. 01:52.325 --> 01:54.530 But they may be because there are a lot of 01:54.530 --> 01:56.705 name resolution services and 01:56.705 --> 01:59.530 other services that require IPV6, 01:59.530 --> 02:01.930 so it may be in use. 02:02.000 --> 02:04.710 To make sure the system is secure, 02:04.710 --> 02:06.665 always apply the latest updates, 02:06.665 --> 02:08.870 service packs, and patches. 02:08.870 --> 02:11.300 Be sure to change your default settings and 02:11.300 --> 02:13.280 configurations because those are 02:13.280 --> 02:16.385 so easy for an attacker to find and exploit. 02:16.385 --> 02:18.380 Make sure the security tools that 02:18.380 --> 02:20.480 are there are being used. 02:20.480 --> 02:23.970 Turn on auditing and firewall tools. 02:24.190 --> 02:26.480 Don't forget physical security 02:26.480 --> 02:27.819 >> like we already discussed. 02:27.819 --> 02:30.400 >> Make sure you have captured an image of your system, 02:30.400 --> 02:31.730 so you have a baseline of 02:31.730 --> 02:34.710 the system in case you need to reinstate it. 02:35.890 --> 02:38.420 We talked about how people often 02:38.420 --> 02:40.505 don't create secure applications. 02:40.505 --> 02:43.010 We need to start planning for a secure product from 02:43.010 --> 02:44.720 the beginning instead of trying to 02:44.720 --> 02:47.305 secure one after it's already been developed. 02:47.305 --> 02:49.485 How do we do this? 02:49.485 --> 02:52.780 Secure the software development lifecycle. 02:52.780 --> 02:55.010 Start talking about security from 02:55.010 --> 02:56.480 the beginning and continue 02:56.480 --> 02:58.805 all the way to the product's end of life. 02:58.805 --> 03:02.005 Implement security in the design. 03:02.005 --> 03:04.850 One of the most important security features 03:04.850 --> 03:07.490 in software development is to validate input. 03:07.490 --> 03:11.030 That way you don't have garbage in, garbage out. 03:11.030 --> 03:13.940 The garbage tends to come in through your web forms, 03:13.940 --> 03:15.230 which allows people to enter 03:15.230 --> 03:17.765 directly into your back-end database. 03:17.765 --> 03:20.420 Validation will return an error if 03:20.420 --> 03:21.740 the user enters something that 03:21.740 --> 03:23.634 >> doesn't meet requirements. 03:23.634 --> 03:25.650 >> Sanitation will clean up when 03:25.650 --> 03:28.275 a person enters to fit the rules. 03:28.275 --> 03:30.910 Fuzzing tests are tests that determine 03:30.910 --> 03:33.530 whether a proper input validation is occurring. 03:33.530 --> 03:35.840 But an attacker can also use fuzzing to 03:35.840 --> 03:38.375 determine vulnerabilities in the application. 03:38.375 --> 03:39.950 It's best to use it in an 03:39.950 --> 03:42.540 offensive matter to prevent that. 03:42.890 --> 03:45.830 Certification and accreditation 03:45.830 --> 03:47.120 >> ensures that software has 03:47.120 --> 03:48.545 >> been built to the requirements, 03:48.545 --> 03:51.480 including security requirements.