Penetration Testing with Kali Linux OffSec
|
|
Business Continuity Planning
(BCP). 80 BCP also includes many other aspects such as live drill responses to situations like ransomware and supply-chain compromise. BCP extends outside of cybersecurity emergencies to include processes and procedures for natural disasters and gun violence. Routine table-top sessions and continuous gathering of relevant intelligence provides a proactive effort for mitigating future issues as well as rehearsing tactics, processes, and procedures. 3.4.7 Continuous Patching and Supply Chain Validation Another defensive technique known as continuous automated patching is accomplished by pulling the upstream source code and applying it to the lowest development environment. Next, the change is tested, and only moved to production if it is successful. We can leverage cloud provider infrastructure to more easily spin up complete replicas of environments for testing these changes. Rather than continuously running a full patch test environment, we can create one with relative ease using our cloud provider, run the relevant tests, then delete it. The primary risk of this approach is supply chain compromise. Continuous supply chain validation occurs when people and systems validate that the software and hardware received from vendors is the expected material and that it hasn’t been tampered with, as well as ensuring output software and materials are verifiable by customers and business partners. Continuous supply chain validation is difficult, and sometimes requires more than software checks, such as physical inspections of equipment ordered. On the software side of supply chain security, we can use deeper testing and inspection techniques to evaluate upstream data more closely. We might opt to increase the security testing duration to attempt to detect sleeper malware implanted in upstream sources. Sleeper malware is software that is inactive while on a a system for a period of time, potentially weeks, before it starts taking action. Utilizing a software bill of materials (SBOM) 81 as a way to track dependencies automatically in the application build process greatly helps us evaluate supply chain tampering. If we identify the software dependencies, create an SBOM with them, and package the container and SBOM together in a cryptographically-verifiable way, then we can verify the container’s SBOM signature before loading it into to production. This kind of process presents additional challenges for adversaries. 3.4.8 Encryption Beyond tracking software, many organizations likely want to leverage encryption . Encryption often protects us from adversaries more than any other type of control. While using encryption doesn’t solve all problems, well-integrated encryption at multiple layers of controls creates a stronger security posture. Keeping this in mind, there are some caveats to consider when it comes to encryption. Encrypting all our data won’t be useful if we can’t decrypt it and restore it when required. We must also consider some types of data that we won’t want to decrypt as the information is to be used only 80 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Business_continuity_planning 81 (CISA, 2022), https://www.cisa.gov/sbom Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 49 ephemerally. One example of ephemeral encryption is TLS , 82 in which nobody but the server and the client of that specific interaction can decrypt the information (not even the administrators), and the decryption keys only exist in memory for a brief time before being discarded. Decryption keys in such a scenario are never on disk and never sent across the network. This type of privacy is commonly used when sending secrets or Yüklə Dostları ilə paylaş:
|