Security+: Mitigating Security Risks in Static Environments (SY0-401)
Please note: this article is based on information about the previous version of the Security+ exam (SY0-401), which expired in May of 2018. For updated information, please see our up-to-date Security+ listing.
A static environment is a system that does not change considerably after installation and deployment, in contrast with a dynamic environment.
In a static environment, security risks can be averted by taking the appropriate measures. These risks are diverse and to prevent them effectively, one should first know the related threats, which, while not different from other environments’ threats, are more difficult to address.
In this article are different static environments to consider for the Security+ exam and the methods used to effectively be protected against them.
Static environments you need to know for the Security+ exam
SCADA (Supervisory Control and Data Acquisition)
SCADA systems are usually found in industrial settings. They are built with static versions of operating systems and software, resulting in a fixed system. They are operated by coded signals that are transmitted from a computer-based control system through channels and allows control and monitoring of remote equipment of the system or physical devices such as manufacturing machines, oil, gas, water and power distribution and other environmental controls. These systems are embedded, because they generally contain several software layers. It is consequently difficult to fix potential security vulnerabilities.
Embedded (Printers, Smart TVs, HVAC control)
They are generally small computers integrated to machines including other hardware and mechanical components. They have a support function such as controlling TV channels or controlling the number of copies to print, and they allow this use in a safe way. Access to embedded systems is difficult and security updates, control and monitoring is consequently not simple.
HVAC (Heating, Ventilation and Air Conditioning)
HVAC systems allows the control and monitoring of temperature and relative humidity of electronic equipment. Indeed, extreme heat and cold or sudden changes in humidity or temperature can cause damage to the hardware if the HVAC system does not work properly.
iOS and Android
A mainframe is a large scale and powerful computer generally found in the data centers of large organizations. They can be used simultaneously by many users, which is possible thanks to microprocessors that can support a greater number of programs than supercomputers, although they can be slower.
Security upgrades in mainframes need to be planned for during downtime, and since it is expensive to maintain and to shut down mainframes, it makes this type of environment subject to new threats when used for a certain time lapse.
CompTIA Security+ exam and risk mitigation in a static environment
To mitigate risk in a static environmentCompTIA Security+ exam requires you to know the following security measures:
Network segmentation is a process that consists of splitting the computer network into at least two: one network layer and one network segment. It aims at increasing the network’s system performance as well as security by separating information, though it depends on the organization’s security standards.
This measure is considered one of the best ways to protect a network against potential intrusions, especially when it involves sensitive information. It can be achieved through firewalls, by limiting communication between systems to specific ports and protocols and by using virtual local area networks or VLANs. When segmented, SCADA systems can communicate with each other exclusively, which ensures an optimal protection by avoiding connection to external networks.
Security layers are added between networks to avert infected data to be transmitted from one network to another and to be able to control that to some extent. In practice, they are represented mainly by user authorization access control and authentication procedures. Authorization access control determines who has access to a specific system by identifying authorized users.
Authentication procedures in general consist of a user ID and password, the complexity of which is correlated with the risk level. In fact, higher risk implies more security layers that can be translated by elaborate passwords (using numbers, capitals, other special characters and long and incoherent words), temporary passwords and PINs, biometrics and multifactor access control. It is also important to close unused accounts to avoid security breaches.
Application firewalls are especially effective in a static environment with a limited number of protocols, otherwise it is quite difficult to implement. These firewalls are specific and can be installed to increase the security of the network connection. In contrast with other firewalls, this type acts on protocols such as HTTP and FTP, and consequently on user data instead of connection routing. It also protects connections from malicious threats and unauthorized access, such as session hijacking, and allows a detailed auditing since they can recognize authentication steps, user data and so forth.
To some extent, and depending on their specificities, some application firewalls can also fix bugs, act as a proxy and speed up response time, allow unsupported upgrades for old versions of databases or displace functions to a public cloud for instance but still in a controlled way.
In contrast with automatic updates, manual updates are chosen and installed selectively. They are the only way to secure the system in some cases, for instance, when the data is sensitive and the system is fragmented, when a remote access is needed for a third party for diagnosis or maintenance and there is no secure communications channel available, or in other cases where automatic updates are not available.
Manual updates are often more secure since they do not need constant internet access, in contrast with automated updates. They can consequently be downloaded in a different environment and tested for validity before being applied to the static environment.
Security+ exam requires you to be familiar with three types of updates:
- Hotfixes, the most common type, are small and have a specific purpose. Their role is to modify to some extent the behavior of applications installed in the system.
- Service packs, the least common, include the full package of prior packs, patches and hotfixes and require deep testing to prevent potential failures during their installation. Their role is to substantially modify the function or operation of the application installed in the system.
- Patches, just like hotfixes, have a specific purpose that consists of adding functionality, extending application capability or updating running code operation.
Firmware version control
Firmware version control consists of setting a policy to make periodic copies of the firmware or the “function software” to keep track of the firmware security updates. Indeed, when updates are missing or their last date is unknown by the organization, serious risks can occur. For instance, embedded devices with unused components can be exploited. In addition, firmware updates are not always efficient to control vulnerabilities for game consoles, in which case firmware version control are needed unless a new console is available.
A wrapper is an entity encapsulated in another entity whose purpose is to simplify its use through specific interfaces. For instance, it can allow the conversion of a specific format to a format recognized by the complex entity.
When it comes to risk mitigation, wrappers can be used in diverse ways. Code wrappers are effective for protecting against web-based attacks by limiting requests to port 80 or requiring appropriate HTTP requests. TCP wrappers together with firewalls can add another security layer. In smart grids, which are used to supply power by means of digital communication technology, wrappers serve to add new hardware to extend the system to new devices. In SCADA systems, legacy data protocol transmissions are also secured by wrappers.
Control redundancy and diversity
Redundancy is an important means to protect systems such as servers, networks, storage, power or sites against potential failures. Indeed, when a redundant component is part of a system, it attributes an excess capacity that is supposed to reduce the recovery time of the system when a failure occurs. In other words, control redundancy allows the system to continue working in this case. Diversity is the use of different security controls to maximize the protection of the system. It is usually achieved by using controls from different vendors that secure various aspects.
Security risk mitigation in a static environment requires a wide range of methods that should be known for the Security+ exam. In general, these methods are used in combination with one another in order to increase their effectiveness, but this depends on the context in which they are applied and particularly the type of static environment.