Is an action device procedure or technique that reduces a threat a vulnerability or an attack by eliminating or preventing it?

The type of hardening you carry out depends on the risks in your existing technology, the resources you have available, and the priority for making fixes.

1. Audit your existing systems: Carry out a comprehensive audit of your existing technology(you can use). Use penetration testing, vulnerability scanning, configuration management, and other security auditing tools to find flaws in the system and prioritize fixes. Conduct system hardening assessments against resources using industry standards from NIST, Microsoft, CIS, DISA, etc.

2. Create a strategy for systems hardening: You do not need to harden all of your systems at once. Instead, create a strategy and plan based on risks identified within your technology ecosystem, and use a phased approach to remediate the biggest flaws.

3. Patch vulnerabilities immediately: Ensure you have an automated and comprehensive vulnerability identification and patching system in place. Systematically identify vulnerabilities and prioritize remediation. In some instances, vulnerabilities cannot be patched. In these instances, ensure there are other mitigations in place, such as removing admin rights—which many exploits need in order to exploit a vulnerability, and/or have cyber insurance in place.

4. Network hardening: Ensure your firewall is properly configured and all rules are regularly audited; secure remote access points and users; block any unused or unneeded open network ports; disable and remove unnecessary protocols and services; implement access lists; encrypt network traffic.

5. Server hardening: Put all company hosted servers in a secure datacenter; never test hardening on production servers; always harden servers before connecting them to the internet or external networks; avoid installing unnecessary software on a server; segregate servers appropriately; ensure superuser and administrative shares are properly set up, and rights and access are limited in line with the principle of least privilege. With cloud environments, it is also particularly important to reduce port exposure so data is not inadvertently leaked, or backdoor access provided to infrastructure.

6. Endpoint hardening: Remove local admin rights on all Windows and macOS endpoints. Ensure no workstations, laptops, or IoT have default passwords. Remove any unneeded software and block any unnecessary communications.

7. Application hardening: Remove any components or functions you do not need; restrict access to applications based on user roles and context (such as with application control); remove all sample files and default passwords. Application passwords should then be managed via an application password management/privileged password management solution, that enforces password best practices (password rotation, length, etc.). Hardening of applications should also entail inspecting integrations with other applications and systems, and removing, or reducing, unnecessary integration components and privileges.

8. Database hardening: Create admin restrictions, such as by controlling privileged access, on what users can do in a database; turn on node checking to verify applications and users; encrypt database information—both in transit and at rest; enforce secure passwords; introduce role-based access control (RBAC) privileges; remove unused accounts;

9. Operating system hardening: Apply OS updates, service packs, and patches automatically; remove unnecessary drivers, file sharing, libraries, software, services, and functionality; encrypt local storage; tighten registry and other systems permissions; log all activity, errors, and warnings; implement privileged user controls.
   

10. Eliminate unnecessary accounts and privileges: Enforce least privilege by removing unnecessary accounts (such as orphaned accounts and unused accounts) and privileges throughout your IT infrastructure. This is one of the most powerful security practices for reducing the attack surface.

7.  A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.A.  attackC.  countermeasureB.  adversaryD.  protocol

8.  A(n) _________ is an attempt to learn or make use of information from the systemthat does not affect system resources.

Get answer to your question and much more

9.  Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.

Get answer to your question and much more

10.  A threat action in which sensitive data are directly released to an unauthorized entity is __________.

Get answer to your question and much more

11.  An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.A.  masqueradeC.  interceptionB.  repudiationD.  inference

12.  The _________ prevents or inhibits the normal use or management of communications facilities.

Get answer to your question and much more

Process to reduce a security threat

For other uses, see Countermeasure.

In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

The definition is as IETF RFC 2828[1] that is the same as CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America.[2]

According to the Glossary[3] by InfosecToday, the meaning of countermeasure is:

A synonym is security control.[2][4] In telecommunications, communication countermeasures are defined as security services as part of OSI Reference model by ITU-T X.800 Recommendation. X.800 and ISO ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture are technically aligned.

The following picture explain the relationships between these concepts and terms:

A resource (both physical or logical) can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the confidentiality, integrity or availability properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so-called CIA triad is the basis of information security.

The attack can be active when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality.

A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger enabling the exploitation of a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).[1]

A set of policies concerned with information security management, the information security management systems (ISMS), has been developed to manage, according to risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.[4]

Countermeasures Against Physical Attacks

If a potential malicious actor has physical access to a computer system, they have a greater chance of inflicting harm upon it.

Electronic Destruction Devices

Devices such as a USB Killer may be used to damage or render completely unusable anything with a connection to the motherboard of a computer, such as a USB port, video port, Ethernet port, or serial port.[5] Without proper protection, these devices may result in the destruction of ports, adapter cards, storage devices, RAM, motherboards, CPUs, or anything physically connected to the device attacked, such as monitors, flash drives, or wired switches. These types of devices can even be used to damage smartphones and cars, as well.[6]

This threat can be mitigated by not installing or restricting physical access to easily accessible ports in situations where they are not necessary. A port-closing lock which permanently disables access to a port short of the actual port being disassembled.[7] When it is necessary for a port to be accessible, an optocoupler can allow for a port to send and receive data to a computer or device without a direct electrical connection, preventing the computer or device from receiving any dangerous voltage from an external device.[8]

Hard Drives and Storage

In an unsecured scenario, a malicious actor may steal or destroy storage devices such as hard drives or SSDs, resulting in the destruction or theft of valuable data.

If the data of a storage device is no longer necessary, data theft is best prevented against by physically destroying or shredding the storage device.[9]

If the data of a storage device is in use and must be secured, one can use encryption to encrypt the contents of a storage device, or even encrypt the whole storage device save for the master boot record. The device can then be unlocked with a password, biometric authentication, a physical dongle, a network interchange, a one-time password, or any combination thereof. If this device is a boot drive, however, it must be unencrypted in a pre-boot environment so the operating system can be accessed. Striping, or breaking data into chunks stored upon multiple drives which must be assemble in order to access the data, is a possible solution to physical drive theft, provided that the drives are stored in multiple, individually secured locations, and are enough in number that no one drive can be used to piece together meaningful information.

Not to be neglected is the process of adding physical barriers to the storage devices themselves. Locked cases or physically hidden drives, with a limited number of personnel with knowledge and access to the keys or locations, may prove to be a good first line against physical theft.

See also

• Countermeasure
• Computer security
• Computer insecurity
• Common Vulnerabilities and Exposures (CVE)
• Common Vulnerability Scoring System (CVSS)
• Exploit (computer security)
• Full disclosure (computer security)
• IT risk
• Metasploit
• Month of Bugs
• Vulnerability management
• w3af

References

1. ^ a b RFC 2828 Internet Security Glossary
2. ^ a b CNSS Instruction No. 4009 Archived 27 February 2012 at the Wayback Machine dated 26 April 2010
3. ^ InfosecToday Glossary
4. ^ a b Wright, Joe; Harmening, Jim (2009). "15". In Vacca, John (ed.). Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 257. ISBN 978-0-12-374354-1.
5. ^ "USB Killer, yours for $50, lets you easily fry almost every device". Ars Technica. Retrieved 26 August 2018.
6. ^ "This $50 USB Killer Can Destroy Almost Any Smartphone, Computer Or Car Within Seconds". TechFonder. Retrieved 26 August 2018.
7. ^ "Bench Talk | Protect USB Ports From Nefarious "USB Killers"". www.mouser.com. Retrieved 26 August 2018.
8. ^ "Optocoupler Tutorial". ElectronicsTutorials.
9. ^ "Discarded hard drives can be dangerous". ComputerWeekly.com. Retrieved 26 August 2018.

External links

• Term in FISMApedia

Retrieved from "https://en.wikipedia.org/w/index.php?title=Countermeasure_(computer)&oldid=1110282186"