Implementing Secure Hosting

Updated: April 22, 2021
Published: April 16, 2021

Linux Administrator

All around security geek, editor-in-chief and janitor.

Share This Post:

Knowing how to implement a secure network is pretty much useless if you suck at implementing secure hosting. The goal of this article from Secur is to make sure you do not suck at it. As part of this process, we are going to explore a range methods to implement secure systems designs, including:

Using different operating systems, peripherals, and hardware and firmware implementations.
Mobile device security.
Embedded systems security
Data protection methods.

Implentation of Secure Systems

Administrators need to be proactive to secure systems before deployment and keep them secure after deployment. The goal of secure systems design concepts is to ensure computing systems (servers, workstations, laptops, network devices, or mobile devices) are deployed and maintained in a secure state.

This involves implementing the concept of least functionality, which involves deploying systems with only the applications, services, and protocols they need to meet their purpose. In practice, this is referred to as “hardening“, making an operating system/application more secure from its original state, by eliminating vulnerabilities from default configurations, misconfigurations, and weak configurations. This involves disabling:

Unused services/protocols: If a service or protocol is not running on a system, attackers cannot attack it.
Unneeded software: While buggy software gets patching frequently closes these vulnerabilities, eliminating these vulnerabilities completely by eliminating unneeded applications. Additionally some applications also include backdoor accounts that could be attacked.
Unused accounts
Default passwords

Understanding Operating Systems

As any self respecting tech geek knows, there are three main computer operating systems (OSs): Linux, Windows and Apple’s operating systems, with each system having a number of subtypes.

Windows and Apple operating systems are closed source, proprietary software, so the code is not freely available to the public.
Open sourced Linux, derived from Unix, is freely available so developers have access to the code and can modify and redistribute it, leading to a large number of versions.

Usually thought of as being confined to desktops, laptops, mobile devices and servers, operating systems are ubiquitous and found on:

Network appliances
Service kiosks
Network devices

Secure Operating System Configurations

As previously discussed, operating systems aren’t secure out of the box and must be configured to be a trusted operating system that:

Involves a strong emphasis on authentication/authorization; often uses the mandatory access control (MAC) model
Ensures only authorized personnel access data in accordance with appropriate permissions.
Prevents any unauthorized modifications/movement of data
Protects against malicious software infections because as it prevents the execution of suspicious code
Meets a high level of security requirements imposed by a third party.

The Common Criteria for Information Technology Security Evaluation (or simply Common Criteria) includes requirements for a trusted OS.

Deploying Operating Systems Using Master Images

An image is a snapshot of a single system commonly used to deploy to multiple other systems; imaging streamlines/secures deployments of operating systems. Imaging provides two important benefits:

Secure starting point: As the image includes mandated security configurations, deployment of the system doesn’t require following extensive checklists to ensure new systems are set up with the proper configuration setting as the deployed image retains all the settings of the original image.
Once created, an image can be deployed relatively quickly with very little administrative effort. Imaging isn’t limited to only desktop computers, as you can image any system, including servers to deploy new servers or restore failed servers as part of a disaster recovery plan; it is much quicker to deploy an image to rebuild a failed server than it is to rebuild a server from scratch. If updated, images helps ensure the recovered server starts in a secure state.
Reduced costs: Deploying imaged systems reduces the overall maintenance costs and improves reliability as the number of operating environments is reduced to one, lowering the total cost of ownership for systems.

The imaging process steps are as follows:

Start with a blank source system: Install and configure an operating system, any desired applications, and modify security settings, testing to ensure the system works as desired and is secure. Administrators will often take a significant amount of time to configure and test the source system. Many virtualization tools include the ability to convert an image to a virtual system so, once you create the image, you can deploy it to either a physical system or a virtual system.
Create the master image: Capture the image, which is a file that can be stored on a server or copied to external media.
Deploy the image: The image installs the same configuration on the target systems as the original source system.

Resiliency and Automation Strategies

Built around automation, scripting, and templates, resiliency and automation strategies help deploy and keep systems secure. As an example, Microsoft several security templates with various levels of security that can be modified and imported into a Group Policy Object (GPO) and applied to systems within the domain.

Alternatively, you can deploy a master image to all systems, and then apply different security settings to different groups of systems using security templates.

Secure Baseline and Integrity Measurements

Organizations use secure baselines to provide known starting points for systems; the primary benefit of which is the improvement of the overall security posture of system through the elimination of weak security configuration. baselining works in three steps:

Initial baseline configuration: deployment of systems in a secure state.
Integrity measurements for baseline deviation: Monitor the systems for baseline changes
Remediation: Network access control methods can detect changes to baseline settings, automatically quarantine systems to a remediation network where the issue can be addressed.

Patch Management

As operating systems and applications include millions of lines of code, testing doesn’t find all the problems and, as a result, operating system software is not secure. While most companies test software before releasing it, as problems crop up after release, companies release patches/updates; patches must applied to keep systems protected against known vulnerabilities and is the most efficient ways to reduce operating system exposure.

Patch management involves identifying, downloading, testing, deploying, and verifying patches. Patches are not deployed manually but rather through systems management tools in a controlled manner that also verify patch deployment. They do so by periodically querying systems for a list of installed patches and updates, comparing this list with the list of deployed patches and updates and noting any discrepancies.

Change Management Policy
Random and undocumented changes to a network or system tend to invoke the law of unintended consequences. While fixing one problem, a misconfiguration can take down a server, disable a network, stop email communications, and even stop all network traffic for an entire enterprise. The goal of proper change management systems is the minimization of self inflicted system malfunctions by defining the process for any type of system modifications or upgrades, so that:

IT systems changes do not result in unintended consequences.
All changes are documented.

Prevention of the implementation of changes without consideration of the consequences is achieved by having different areas of an organization examine change requests and either approve or postpone them. The process usually approves simple changes quickly and a formal change review board reviews postponed requests to approve, modify, or reject them, provides documentation for approved changes in the process.

Automated change management systems typically create accounting logs for all change requests, tracking the request from its beginning until implementation. Later, this documentation is used for configuration management and disaster recovery as change/configuration management documentation identify how to return the system to its pre-failure conditions.

Unauthorized Software and Compliance Management

The use of unauthorized software is a common security issue with numerous consequences, including:

The introduction of malware on to a system. The most common problem is that unauthorized software often includes malware. When users install the
software, they are also installing malware
License compliance violations, leaving the organization susceptible to fines and penalties if the application developer discovers that the organization is violating the license requirements.

Application Whitelisting: A list of applications authorized to run on a system.

Application Blacklisting: A list of applications the system blocks.

The Software Restriction Policies in Microsoft Group Policy allow whitelisting and blacklisting for computers within a domain.

For a whitelist: identify the applications that can run on the system, and Group Policy blocks all other applications.
For a blacklist: identify the applications that cannot run on the system, and Group Policy allows any other applications.

Mobile device management tools use application whitelists and blacklists to allow or block applications on mobile devices.

Secure Staging and Deployment Processes

Another core component of implementing secure hosting design is staging and deployment, which include sandboxing (using an isolated area on a system and often used for testing), controlling the environment, using secure baselines, and performing integrity measurements.

Sandboxing with Virtual Machines: Sandboxing via virtualization provides a high level of flexibility when testing because the environments are easy to re-create and isolated, preventing changes from spreading. This comes in handy for testing:

Various security controls before deploying them to a live production network.
Patches and updates on multiple operating system before releasing them.

Sandboxing with Chroot: A Linux command, “chroot” change the root directory for an application, effectively isolating it. While normally the root directory of Linux is designated as “/” with all other directories can be accessed from here with users having their own home directories within the “/home” directory. Regular users won’t have access to the root directory, but only to files within their directory while a root user (or administrator) has root access and can access all files and folders on the drive.
When a root user wants to test an application within an isolated area they:

Create a testing directory as a sandbox.
Copy application files and other required directories such as the /bin and /lib into it.
Use “chroot” to create the isolated sandbox, often referred to as a chroot jail, in the testing directory.
Now, any commands entered can only access files within the testing directory and the application can only access files with the same path, so if the application is malicious or buggy, it does not access system files.

Secure Staging Environment: Includes multiple environments and different systems for each stage with parity of all run time libraries so you don’t end up hearing “Well, it worked in development”. A typical set up has the following environments,:

Development: Creation of the application and incorporates version control and change management controls to track the application development.
Test:Verifies functionality by testing use cases as well as looking for bugs. The testing environment typically doesn’t simulate a full production environment but instead includes enough hardware and software to test software modules.
Staging: Simulates the production environment; provides a complete but independent copy of the production environment.
Production: Includes everything needed to support the application and provide user access, including the live web server and back-end database server.

Secure System Design and Peripherals

Architecting a secure hosting system needs to consider peripheral use as part of the design process and the security implication of:

Digital cameras: Include built-in storage; have the same risks as any external storage device.
Displays: Limit their view -ability by keeping them away from windows and using privacy screens. Also consider the possibility of Van Eck phreaking.
External storage devices: Any external device with memory capabilities; can plug into a system and easily copy data to and from a system, stealing data and installing malware without the user’s knowledge. As they are easy to lose, data can easily fall into the wrong hands, so as a rule, many organizations often block the use of external devices.
Printers/multi-function devices (MFDs): These typically have embedded systems and internal storage that might retain documents that they process. For example, if the device is used to copy or scan a document, a copy of the document might remain in the system’s internal memory.
Wi-Fi-enabled MicroSD cards: New MicroSD cards include wireless capabilities and these transmissions can be intercepted
Wireless keyboards/ mice: Wireless transmissions can sometimes be intercepted, so consider wired devices for sensitive information.

Hardware and Firmware Security Consideration

Secure systems design encompasses the hardware components needed to build a host and have a number of considerations.

Electromagnetic Forces

It’s important to consider electromagnetic forces when designing hosting system: This includes:

Electromagnetic interference (EMI): Comes from sources such as motors, power lines, and fluorescent lights and it can interfere with signals transmitted over wires; systems include shielding that helps prevent EMI from causing problems.

Electromagnetic pulses (EMP): Short bursts of electromagnetic energy that are potentially damaging to computing equipment and emanate from a wide assortment of sources including:

Electrostatic discharge: Use ESD wrist straps help prevent ESD damage.
Lightning: Can go through electrical wires and damage unprotected systems that lack surge protection methods
Military weapons: Can create a large EMP that can damage electronic equipment (including embedded systems) over a large area. Non-nuclear EMP has a smaller range than nuclear EMP, but can still damage equipment. The best publicly known protection is to turn equipment off, but you’re unlikely to know when one of these explosions will occur.

Disk Encryption

Full disk encryption (FDE): As the name suggests, it encrypts an entire disk and there are several applications are available to do this.
Self-Encrypting Drives (SEDs): Many hardware vendors manufacture hardware-based FDE drives also referred to as self-encrypting drives (SEDs); these includes the hardware and software to encrypt all data on the drive and securely store the encryption keys.

Basic Input/Output System

Often referred to as firmware, a hardware chip which includes software that executes code on the computer; includes software that provides a computer with basic instructions on how to start by running some basic checks and locating the operating system.

New systems use Unified Extensible Firmware Interface (UEFI) instead of BIOS; it performs many of the same functions as BIOS, but provides some enhancements such as booting from larger disks and it is designed to be CPU-independent. BIOS and UEFI can both be upgraded using a process called flashing. Flashing overwrites the software within the chip with newer software.

Trusted Platform Module

A hardware chip on a computer’s motherboard used to store cryptographic keys; while many laptop/mobile computers include a TPM, you cannot add one to a system after the fact. Once enabled, the TPM provides full disk encryption capabilities, keeping drives secured, until the system executes a verification and authentication process.
A TPM supports secure boot and attestation processes by capturing signatures of key files used to boot the computer and stores the signatures within the TPM. At boot time, the secure process checks the files against the stored signatures to ensure they haven’t changed. If a changes is detects, it blocks the boot process to protect the data on the drive.
Remote attestation, similar to the secure boot process, but uses a separate system so that when the TPM is configured, it captures the signatures of key files, sending the report to a remote system. When the system boots, it checks the files and sends a current report to the remote system, which verifies the files are the same and attests, or confirms, that the system is safe.

In general, TPM:

Uses an RSA private key for asymmetric encryption; the private key is matched with a public key, providing a hardware root of trust/known secure starting point. The private key remains private and is matched with a public key.
Can generate, store, and protect other keys used for encrypting and decrypting disks.
Uses an application within the operating system to enable it and once enable, can detect tampering with any critical operating system files/processes as part of a platform verification process.
Requires that users provide authentication, such as with a smart card, a password, or a personal identification number (PIN) so the drive remains locked until the platform verification/ user authentication processes are complete.
- In the event of system theft, the drive remains locked and protected as the thief wouldn’t have authentication credentials.
  - If the attacker modify the operating system to bypass security controls, the TPM detects the tampering and keeps the drive locked.
  - If a thief moves the drive to another system, the drive remains locked because the TPM isn’t available

Hardware Security Module (HSM): A security device you can add to a system to manage, generate, and securely store cryptographic keys. HSMs support the security methods as a TPM. They provide a hardware root of trust, secure boot, and can be configured for remote attestation. Both HSMs and TPMs provide secure encryption capabilities by storing and using RSA keys. Many high-performance servers use HSMs to store and protect keys.

High-performance HSMs: External devices connected to a network using TCP/IP.
Smaller HSMs: Expansion cards you install within a server, or as devices you plug into computer ports.

Cloud Computing & Security

When working with cloud platforms, there are 4 deployment models, based on who has access to the cloud infrastructure:

Public Cloud: Available from third-party companies, such as Amazon, Google, Microsoft, and Apple.

Private Cloud: Set up for organizations that choose to host its own servers and make these servers available to internal employees through the Internet.

Community: Communities with shared concerns can share cloud resources within a community cloud.

Hybrid: Combination of two or more clouds that retain separate identities to help protect resources in private clouds but bridged together transparently.

Cloud applications come in three main flavors that impact how security responsibilities are divided between to the cloud service provider and the customer.

Software as a Service (SaaS): Cloud applications like email. The primary responsibility for maintaining the app and ensuring it is available. The user still have responsibility for passwords.
Platform as a Service (PaaS): A fully managed platform so the provider has the responsibility to ensure it remains available, with patches and security protection, such as firewalls, malware content filters, and intrusion detection systems.
Infrastructure as a Service (IaaS): Provides customers with access to hardware in a self- managed platform and the least responsibility for security from the solution provider.

Security as a Service: As a SaaS, it includes services like antivirus software; once installed, the software downloads virus definitions to keep systems up to date with limited user involvement. Another key benefit is that it outsources the administrative tasks associated with implementing the service to professionals with specific security expertise. A cloud access security broker, a software tool sitting between an organization’s network and its cloud provider, provides additional security by monitoring all network traffic and enforcing security policies.

Secure Mobile Device Deployment and Management

It is an understatement to say that mobile devices represent significant challenges for organizations today. You can think of a mobile device as a smartphone or tablet with:

At least one wireless network interface
Local data storage
a specialized operating system
The ability to install additional applications.
Optional features including:
- Networking options such as Bluetooth, near field communication, cellular access for voice communications, GPS a digital camera, a microphone, and the ability to transfer data to another system.

Laptops are not considered mobile devices as they have full operating systems and many security controls not in smartphones and tablets

Basic cell phones and digital cameras are not included in this definition because they cannot access networks and aren’t susceptible to the same risks associated with smartphones and tablets.

Mobile Device Deployment Models: A device connected to an organization’s network represents a potential risk. An infected device on a network might be able to infect other devices on the network. To limit this risk, organizations take steps to monitor and manage mobile devices. Common deployment models for mobile devices include:

Corporate-owned: In this traditional deployment model, the organization purchases devices and issues them to employees.
Corporate-owned, Personally enabled (COPE): Similar to the traditional corporate-owned model, but employees are free to use the device as if it was their personally owned device, allowing the use of devices for personal activities in addition to connecting them to the organization’s network.
Bring your own device (BYOD): Referred to as bring your own disaster, some organizations allow employees to bring their own mobile devices to work as long as they comply with a BYOD policy when connecting their device to the network. The IT department is now responsible for supporting, monitoring, and managing any possible device owned b. In order to avoid the challenges of BYOD, organizations create a list of acceptable devices along with a CYOD policy.

It’s also possible to deploy a virtual desk infrastructure that users can access with their mobile device, allowing users to access any applications installed on their desktop and when combined with a virtual private network users can access the mobile VDI from anywhere if they have Internet access.

Mobile Device Connection Methods

There are several methods that mobile devices can use to connect to networks and other devices. They include:

Cellular: Smartphones connect to a cellular network, with the type of network connection dependent on the cellular provider. Network connections include:
- Third generation (3G)
- Long- term-evolution (LTE)
- Fourth generation (4G)
- 4G LTE network.
Wi-Fi: Mobile devices usually have a wireless network interface that you can configure to connect to a wireless network, which require you to enter:
- The service set identifier (SSID)
- The pre-shared key or password to access the network. More secure networks use Enterprise mode with an 802.1x server.
SATCOM: Some mobile devices connect using satellite communications (SATCOM).
Bluetooth: Most mobile devices support Bluetooth, a wireless protocol commonly used with personal area networks.
Near Field Communication/NFC: Commonly used as a payment gateway, allowing you to make payments by waving your phone in front of an NFC reader, you can also create a peer-to-peer network between two devices with NFC.
ANT/ANT+: Proprietary wireless protocols used by some mobile devices.
Infrared: A line-of-sight wireless technology used by some mobile devices and most audiovisual remote controls.
USB/(Universal Serial Bus): Mobile devices typically connect to a desktop PC or laptop via a USB cable.

Mobile Device Management Security Technologies

System management tools ensure systems are kept up to date with current patches, have antivirus software installed with up-to-date definitions, and are secured using standard security practices. Mobile Device Management (MDM) applications provide administrators with the following tools:

Application management: Restrict applications that can run on mobile devices using whitelists to prevent unapproved applications from being installed.
Biometrics: Mobile devices support biometrics for authentication instead of entering a password or PIN.
Containerization: Running an application in a container isolates and protects the application and its data; useful in a BYOD situation as it is possible to encrypt the container without encrypting the entire device.
Content management: Used in conjunction with storage segmentation as it’s important to ensure that appropriate content is stored in the segmented space. An MDM system ensure that content retrieved from specific source, such as a corporate server, is stored in an encrypted segment as well as force the user to authenticate again when accessing data within this encrypted segment.
Context-aware authentication: Uses multiple elements to authenticate a user and a mobile device to prevent unauthorized users from accessing apps or data.
Full Device Encryption: Provides device security, application security, and data security. Not always possible when employees use their own devices.
Geolocation Capabilities: Mobile devices commonly include Global Positioning System (GPS) capabilities that can be used for geolocation applications to identify the location of the devices as well as:
- Geofencing: Creating a virtual fence or geographic boundary using geofencing technologies allowing applications to respond/work/send an alert when they enter or leave the area of the virtual fence.
- Geotagging: Adds geographical information to files.
Passwords and PINs: Mobile devices often use passwords or personal identification numbers (PINs) similar to the password policies used in desktop systems.
Push notification services: Send messages to mobile devices from apps. Software developers can configure the notifications to appear even if the device is in screen lock mode and even if the app is not running.
Remote wipe: Useful if the phone is lost, an MDM can send a remote signal to the device to wipe or erase all the data, including any cached data, such as passwords, in order to sanitize the device.
Screen locks: Most devices support the use of a passcode or password to lock the device that automatically locks the device after a period of time; often combined with an erase function so if the phone is stolen and enters the incorrect passcode often enough, the device automatically erase all data on the phone.
Storage segmentation: In some mobile devices, it’s possible to isolate data using storage segmentation. Users would store corporate data within an encrypted segment and personal data elsewhere on the device.

Mobile Device Enforcement and Monitoring

MDM tools often manage devices differently depending on who owns them.

If the organization owns the device, the MDM download and install all required applications, ensuring they are kept up to date.
If the device is employee-owned, MDM tools monitor them for compliance and block access to the network if they are not.

Managing and enforcing mobile device security involves dealing with the following situations:

Unauthorized Software: Organizations only want installed apps obtained from approved sources as these source test applications for malware. An application from a source that is not approved, don’t undergo the same level of scrutiny and represent a higher risk. This is more problematic with android devices
Jailbreaking: Removal of software restrictions a proprietary device. After jailbreaking a device, users can install software from any third-party source.
Rooting: Modification of an Android device to give the user root-level (or full administrator) access to the device.
- Rooting/jailbreaking introduce risks to the device and network, so it’s common for an MDM to block access to a network after detecting a rooted/jailbroken device has either been rooted or jailbroken.
Firmware Updates: keep the device up to date: Mobile devices typically have the operating system stored in onboard memory such as flash memory, which retains data even without power. Because the operating system is the software and the memory is hardware, this is commonly called firmware. Updates to the operating system overwrite the firmware using over-the-air (OTA) techniques.
- It’s also possible to overwrite the firmware with custom firmware. Some people do this as another method of rooting Android devices. The process is typically complex and fraught with risks. However, some people find downloadable images and copy them onto their devices to overwrite the firmware.
Sideloading: Copying an Application Packet Kit (APK) to a device and then activating it. While useful for developers testing apps, but considered risky when installing apps from third parties.
Short Message Service and Multimedia Messaging Service: SMS, a basic text messaging service and MMS, an extension of SMS, allows users to include multimedia content and presents two risks:
- They send text in plaintext, allowing the information to be intercepted and read by others.
- Attackers can send an MMS message to a phone number and gain remote code execution privileges on the user’s phone.
Hardware Control: An organization can use an MDM to control the use of the hardware on mobile devices, like cameras and microphones, which can present significant risks for an organization as attackers have successfully remotely connect to the phone, snap pictures, record audio, and much more.
- An MDM can also prevent the use of external media and Universal Serial Bus On-The-Go (USB OTG) cables as connecting to external devices resents additional risks. It could contain malware. It might also allow a malicious insider to copy a massive amount of data. USB OTG cables allowyou to connect just about any device to your mobile device, including another mobile device. This includes a mouse, keyboard, Musical Instrument Digital Interface (MIDI) keyboard, and external media. Many people find this very useful to transfer photos from digital cameras to their mobile device. Again, though, because this allows connections to external media, an organization might choose to disable the feature using MDM tools.
Unauthorized Connections: An organization might want to limit a mobile device’s connection. While most smartphones support tethering, employees can use it to bypass security such as firewalls and proxy servers. Additionally, Wi-Fi Direct, a standard that allows devices to connect without a wireless access point, or wireless router using single radio hop communication. In other words, none of the devices in a Wi-Fi Direct network can share an Internet connection. However, systems in a wireless ad hoc network use multihop wireless communications and can share an Internet connection.

Understanding the Basics of Embedded Systems

Embedded systems are devices with a computer system dedicated to performing specific functions using CPUs, operating systems, and one or more applications. Printers as do systems, medical devices, smart televisions, automobiles, and household appliances like refrigerators, microwave ovens, and burglar alarm systems make use of embedded systems with different CPU, operating systems, and applications depending on the specific function.

Security Implications and Vulnerabilities of Embedded Systems

Keeping embedded system up to date with security fixes is fraught with challenges for a number of reasons:
Embedded systems vendors are not as aggressive in identifying vulnerabilities and creating patches to fix them.
While patch management is a regular and ongoing IT function that involve reviewing, testing and applying patches, when was the last time you patched a home appliance
Embedded systems are often deployed with default configurations. If default settings are discovered, they can be exploited.

Comparing Embedded Systems: Everyday, we are exposed to a range of embedded systems, including:

Internet of things (IoT): Made up of smart devices, like wearable technology and home automation systems; for example, a smart television is one of many smart devices you can connect to your home’s network and use it to access the Internet. Many people use it to stream TV shows and movies to their TV. This is possible because these smart TVs have embedded systems giving them additional capabilities.
Wearable technology: Any device you can wear or have implanted that can interact with other devices, such as a smartphone; veterinarians recommend implanting microchips in pets and animal shelters look for these to help return the pets to their owners.
Home automation: Includes Internet-connected devices, such as wireless thermostats, lighting, coffee makers, and more. When connected to the home’s network and gaining Internet access, it allows people to access or control these devices remotely.
Systems on a chip (SoC): Integrated circuits found in many mobile devices that include all the functionality of a computing system within the hardware typically including an application contained within onboard memory (read-only memory/electrically erasable programmable ROM/flash memory.
Industrial control system (ICS): Typically found in large facilities such as power plants or water treatment facilities and is controlled by a supervisory control and data acquisition (SCADA) system.
Real-time operating system (RTOS): An operating system that reacts to input within a specific time and if not, it doesn’t process the data and throws an error. Heating, ventilation, and air conditioning (HVAC) systems keep computing systems at the proper temperature and with the proper humidity by leveraging RTOSs.

Data Protection

Data breaches are frequent and they affect millions of people. While often just a nuance to most individuals, in the worst-case thieves use the stolen data to empty bank accounts, rack up fraudulent charges on credit cards, and steal individuals’ identities. From an organizational perspective, losing control of data impacts botth its reputation financial performance.

Protecting Confidentiality with Encryption: As by definition, more difficult for an attacker to view encrypted data than it is to view unencrypted data. The primary way you can prevent the loss of confidentiality is by: encrypting data:

At-rest no matter what type of device it is stored on
In-transit no matter what type of transmission media is used.

Other tools like Microsoft New Technology File System (NTFS) allow you to configure permissions within access control lists (ACLs), setting permissions on files and folders to restrict access. Having said that, if a thief steals a laptop with NTFS-protected files, they can move the drive to another system as an extra drive, logs on as the administrator, and takes ownership of the files.

Database Security: Although it’s possible to encrypt the entire database, it’s more common to encrypt specific data elements (columns) with the database that protects the sensitive data, but doesn’t waste valuable processing power encrypting data that isn’t sensitive.

File System Security: Many operating systems provide file/folder encryption, a benefit of which is that you can encrypt individual files without encrypting an entire disk.

Linux systems support GNU Privacy Guard (GnuPG or GPG), a command- line tool used to encrypt and decrypt files with a password.
Microsoft NTFS includes the Encrypting File System (EFS), available in most Windows operating systems.

Permission Issues and Access Violations: A common security issue with user permissions is giving users more permissions than they need; users are given only the rights and permissions they need to do their job, and no more. When the opposite occurs, user can cause problems, such as an access violation.

Linux Permissioning Scheme
The image below summarizes Linux’s permissioning scheme. Overall, there are three primary entities that you can assign permissions to within Linux:

Owner: User who owns the file or directory and the owner is typically granted all permissions for the file or directory.
Group: The file can also be owned by a named group. Members of this group are granted specific permissions for the file or directory. These permissions are typically less than the permissions applied to the owner.
Others: You can think of this as everyone else. Permissions applied here do not override the Owner or Group permissions.

In addition to knowing who you can assign permissions to, it’s also important to understand the basic Linux permissions. These may be represented as letters (r, w, and x) or as numbers. They are:

Read (r): View the file; represented with the number 4 when using the “chmod” command to modify permissions in octal notation.
Write (w): This allows you to modify the file and is represented with the number 2 when using the “chmod” command to modify permissions in octal notation.
Execute (x): This allows you to run the file (assuming it is an
application) and is represented with the number 1 when using the “chmod” command to modify permissions in octal notation.

If not assigned, you’ll see a permission represented as a dash. As seen in the table below, it is possible to assign multiple permissions to files for each of the different entities on a Linux system

Binary	Octal	rwx Permissions	Meaning
000	0	—	No permissions
001	1	–x	Execute only
010	2	-w-	Write only
011	3	-wx	Write/Execute
100	4	r–	Read only
101	5	r-x	Read/Execute
110	6	rw-	Read/Write
111	7	rwx	Read/Write/Execute

Windows File Permissioning: Windows file and folder permissions are assigned by just pointing and clicking within File Explorer, selecting the Security tab, and modify the basic Windows permissions:

Read. Users granted read permission can view the contents of a file or folder.
Read & Execute. Users granted the Read & Execute permission have Read permission and they can also run or execute programs.
Write. Users can create new files and folders, and they can also make changes to existing files and folders. This would typically be assigned with Read permission.
Modify. When granted the Modify permission to a file or a folder, a user can read, execute, write, and delete files and folders. The primary addition is the ability to delete files and folders.

Data Loss Prevention

There are a range data loss prevention (DLP) techniques and technologies organizations can implement to decrease the risk of data loss.
Removable Media: Any storage system that you can attach to a computer and easily copy data. Users can plug them into a system and easily copy data to and from a system. It’s common for an organization to include security policy statements to prohibit the use of USB flash drives and other removable media. Some technical policies block use of USB drives completely. A more elegant DLP solution is more selective and can be used to prevent the copying or printing of specific files as well as logging these events and alert security administrators of the event.

Data Exfiltration: The unauthorized transfer of data outside an organization and is a significant concern. This can be managed with:

Unified threat management (UTM) devices to monitor incoming data streams looking for malicious code
Network-based DLP monitors outgoing data looking for sensitive data, specified by an administrator, scanning the text of all emails and the content of any attached files, including documents, spreadsheets, presentations, and databases.

Many organizations classify and label data using terms such as Confidential, Private, and Proprietary. It is easy to include these search terms in the DLP application, or any other terms considered important by the organization. Network-based DLP systems are not limited to scanning only email. Many can scan the content of other traffic, such as FTP and HTTP traffic. Sophisticated data exfiltration attacks often encrypt data before sending it out, making it more difficult for a DLP system to inspect the data. However, a DLP system can typically be configured to look for outgoing encrypted data and alert security administrators when it is detected.

As it is common for personnel within organizations to store data in the cloud, a cloud-based DLP solution allows an organization to implement policies for data stored in the cloud and can be configured to take one or more actions such as logging the attempt, blocking attempts to save the data in the cloud, and notifying administrators.

Summary: Implementing Secure Hosting

Least functionality is a core security principle stating that systems should be deployed with the least amount of applications, services, and protocols.
A trusted operating system meets a set of predetermined requirements, such as those identified in the Common Criteria. It uses the mandatory access control (MAC) model.
A master image provides a secure starting point for systems. Administrators sometimes create them with templates or with other tools to create a secure baseline. They then use integrity measurements to discover when a system deviates from the baseline.
Patch management ensure operating systems and applications are up to date with current patches, protecting systems against known vulnerabilities.
Change management is the process and accounting structure for handling system modifications and upgrades in order to reduce risks related to unintended outages and documenting all changes.
An application whitelist is a list of authorized software and it prevents users from installing or running software that isn’t on the list. An application blacklist is a list of unauthorized software and prevents users from installing or running software on the list.
Sandboxing is the use of an isolated area and it is often used for testing. You can create a sandbox with a virtual machine (VM) and on Linux systems with the chroot command. A secure deployment environment includes development, testing, staging, and production elements.
Secure systems design considers electromagnetic interference(EMI) and electromagnetic pulse (EMP). EMI comes from sources such as motors, power lines, and fluorescent lights and can be prevented with shielding. Systems can be protected from mild forms of EMP (a short burst of electromagnetic energy) such as electrostatic discharge and lightning.
A Trusted Platform Module (TPM) is a hardware chip included on many laptops and mobile devices. It provides full disk encryption and supports a secure boot process and remote attestation. A TPM includes a unique RSA asymmetric key burned into the chip that provides a hardware root of trust.
A hardware security module (HSM) is a removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Many server-based applications use an HSM to protect keys.
Corporate-owned, personally enabled (COPE) devices are owned by the organization, but employees can use them for personal reasons. A bring your own device (BYOD) policy allows employees to connect their own personal devices to the corporate network. A choose your own device (CYOD) policy includes a list of approved devices. Employees with a device on the list can connect them to the network. A virtual desktop infrastructure (VDI) is a virtual desktop and these can be created so that users can access them from a mobile device.
Remote wipe sends a signal to a lost or stolen device to erase all data. Geolocation uses Global Positioning System (GPS) and can help locate a lost or stolen device. Geofencing creates a virtual fence or geographic boundary and can be used to detect when a device is within an organization’s property. GPS tagging adds geographical data to files such as pictures. Context-aware authentication uses multiple elements to authenticate a user and a mobile device.
Mobile device management (MDM) tools help enforce security policies on mobile devices. This includes the use of storage segmentation, containerization, and full device encryption to protect data. They also include enforcing strong authentication methods to prevent unauthorized access
Jailbreaking removes all software restrictions from an Apple device. Rooting modifies an Android device, giving users root-level access to the device. Overwriting the firmware on an Android device with custom firmware is another way to root an Android device. Sideloading is the process of installing software on an Android device from a source other than an authorized store.
Tethering is the process of sharing a mobile device’s Internet connection with other devices. Wi-Fi Direct is a standard that allows devices to connect without a wireless access point, or wireless router. MDM tools can block access to devices using tethering or Wi-Fi Direct to access the Internet.
An embedded system is any device that has a dedicated function and uses a computer system to perform that function. It includes any devices in the Internet of things (IoT) category, such as wearable technology and home automation systems. Some embedded systems use a system on a chip (SoC).
A supervisory control and data acquisition (SCADA) system has embedded systems that control an industrial control system (ICS), such as one used in a power plant or water treatment facility. Embedded systems are also used for many special purposes, such as medical devices, automotive vehicles, aircraft, and unmanned aerial vehicles (UAVs).
Data exfiltration is the unauthorized transfer of data out of a network. Data loss prevention (DLP) techniques and technologies can block the use of USB devices to prevent data loss and monitor outgoing email traffic for unauthorized data transfers. A cloud- based DLP can enforce security policies for data stored in the cloud, such as ensuring that Personally Identifiable Information (PII) is encrypted