Security Controls and Countermeasures for the CISSP Exam
Various security controls and countermeasures that should be applied to security architecture, as appropriate, include defense in depth, system hardening, implementation of heterogeneous environments, and designing system resilience.
Defense in depth
Defense in depth is a strategy for resisting attacks. A system that employs defense in depth will have two or more layers of protective controls that are designed to protect the system or data stored there.
An example defense-in-depth architecture would consist of a database protected by several components, such as:
- Screening router
- Intrusion prevention system
- Hardened operating system
- OS-based network access filtering
All the layers listed here help to protect the database. In fact, each one of them by itself offers nearly complete protection. But when considered together, all these controls offer a varied (in effect, deeper) defense, hence the term defense in depth.
Defense in depth refers to the use of multiple layers of protection.
Most types of information systems, including computer operating systems, have several general-purpose features that make it easy to set up the systems. But systems that are exposed to the Internet should be “hardened,” or configured according to the following concepts:
- Remove all unnecessary components.
- Remove all unnecessary accounts.
- Close all unnecessary network listening ports.
- Change all default passwords to complex, difficult to guess passwords.
- All necessary programs should run at the lowest possible privilege.
- Security patches should be installed as soon as they are available.
System hardening guides can be obtained from a number of sources, such as:
- The Center for Internet Security
- Information Assurance Support Environment, from the U.S. Defense Information Security Agency.
Software and operating system vendors often provide their own hardening guides, which may also be useful.
Rather than containing systems or components of a single type, a heterogeneous environment contains a variety of different types of systems. Contrast an environment that consists only of Windows 2016 servers and the latest SQL Server and IIS Server, to a more complex environment that contains Windows, Linux, and Solaris servers with Microsoft SQL Server, MySQL, and Oracle databases.
The advantage of a heterogeneous environment is its variety of systems; for one thing, the various types of systems probably won’t possess common vulnerabilities, which makes them harder to attack. However, the complexity of a heterogeneous environment also negatively impacts security, as there are more components that potentially can fail or be compromised.
The weakness of a homogeneous environment (one where all of the systems are the same) is its uniformity. If a weakness in one of the systems is discovered, all systems may have the weakness. If one of the systems is attacked and compromised, all may be attacked and compromised.
You can liken homogeneity to a herd of animals; if they are genetically identical, then they may all be susceptible to a disease that could wipe out the entire herd. If they are genetically diverse, then perhaps some will be able to survive the disease.
The resilience of a system is a measure of its ability to keep running, even under less-than-ideal conditions. Resilience is important at all levels, including network, operating system, subsystem (such as database management system or web server), and application.
Resilience can mean a lot of different things. Here are some examples:
- Filter malicious input: System can recognize and reject input that may be an attack. Examples of suspicious input include what you get typically in an injection attack, buffer-overflow attack, or Denial of Service attack.
- Data replication: System copies critical data to a separate storage system in the event of component failure.
- Redundant components: System contains redundant components that permit the system to continue running even when hardware failures or malfunctions occur. Examples of redundant components include multiple power supplies, multiple network interfaces, redundant storage techniques such as RAID, and redundant server architecture techniques such as clustering.
- Maintenance hooks: Hidden, undocumented features in software programs that are intended to inappropriately expose data or functions for illicit use.
- Security countermeasures: Knowing that systems are subject to frequent or constant attack, systems architects need to include several security countermeasures in order to minimize system vulnerability. Such countermeasures include
- Revealing as little information about the system as possible. For example, don’t permit the system to ever display the version of operating system, database, or application software that’s running.
- Limiting access to only those persons who must use the system in order to fulfill needed organizational functions.
- Disabling unnecessary services in order to reduce the number of attack targets.
- Using strong authentication in order to make it as difficult as possible for outsiders to access the system.