------------------------------------------------------------------------------------- / _ \ \_\(_)/_/ _//"\\_ JOHLEM.net / \ https://johlem.net/V1/topics/cheatsheet.php ------------------------------------------------------------------------------------- --- FORTINET ============================================================================== FORTINET - NSE 1 ==================================================================================== ####NSE1 - Information Security Awareness BAD ACTORS Lesson 2—Data Security Perspectives informaion security = infosec Data Privacy: - collection - retenton - deletion Cybersecurity compile method to: - protectiong networks - devices - data and ensuring CIA Confidentiality / Intergrity / Availability information security include cybersecurity + Physical security VULNERABILITIES are flawter software, firmware or hardware who an attacker can exploit to perform unauthorise acion on the system. ATTACKER take advantage of these errors to infect computers with malware or perform other malicious activity. ATTACK SURFACE is any expose place in your environnement that a bad actor can use to gain entry to or extract something valuable that you want to protect. Role of cybersecurity profesionnal is to - identify all the attack surfaces - reduce their size - decrease the risk of attack. MALWARE is an unauth this includes: - virus - worm - botnet - trojan horse - DDos - Ransomware malicious data files are non-executable (word file, pdf, zip file, jpg) PII (Personal Identifiable Information) - full name - birthday - biometric - passport - ID - credit card - phone numbers - home or email adress Protect personal and proprietary data - be suspicious of any email, text, or voice message requesting sensitive information or financial transactions. - hover over all hyperlinks, before clicking, to confirm they are from legitimate source. - use multi-setp verification that requires a unique security code for authenticating to a system. - ensure your browserm mobile devices, and computers systems are updated with the most recent protections. - never reuse passwords across multiples accounts and devices. - lock your screen device when away from your workstation. - follow compagny policy. PASSWORD PERSPECTIVE-- strong passphrase woth le MFA - Multi factor authentification require 2 separates elements to gains access something you know (liek a password) = something you have (like token) hardware token is synchronise with the system you login into. software token often an application like phone app. one time pass - it sent a passcode. BACKUP - encrypted backup - where are you storing your backup - disconnect backup from internet. ======================================== JUICE HACKING - compromise charging area (phone/ computer / air port / conference place BEC/ Whale / spear fiching ---------------PHONE Develop good mobile habits - avoid joining unknow Wi-Fi networks. - Use multi-factor authentification (MFA). - backup your date - avoir opening files, clicking links, or calling numbers fron unsolicited messages. - change the factory-set default username and password. - delete all information stored in a device prior to discarding it. - disable features not currently in usem such as bluetooth or wiifi - encrypt all sensitive data and communication paths. - enable screen lock,, using strop password or personal identification number (PIN) - follow your compagny policies and data handling guidelines - maintain up-to-date software and operation systems. - never leave your device open and unattended. - power-down your devicex or put it in airplance mode prior to storing it. - set bluetooth-enabled decies to non-discoverable - turn off automatic connections whens not in use. EMAILS--- - txt only - block contact and set to spam if you don't know the person who sent you the mail phishing spearphishing whaling ceo fraud business email conpromise (BEC) if you are not sure of the info, use another source of comunication to verify like calling the sender. ----INSIDER THREATS LESSON Physical Security awareness - always follow compagny policy and data handling guidelines - back up sensitive and critical information - be aware of shoulder surfing - do not write or leave passwords on notes - keep your desk free of any proprietary or confidential information. - lock you computer screen and cell phone - report broken doors, windows, and locks to your security personnel. - report suspicious activity. - report suspicious packages. - shred and destroy all documents that contain sensitive personal or organizational information. - treat all device as sensitive if they contain proprietary and sensitive data. - use your badge to enter your workplace and do no allow tailgaters. INSIDER as internal access to an organization - critical information - personnel - equipment - facilities - networks - systems To mitigate the risk, Ensure all critical assets have been identified and securely protected. report any abnormal activity to your manager. ============================ CIO - Chief Information Officer Role: CIO is responsable for controlling compagny's information technology ressources. CISO - Chief Information Security Officer scope = security Operation, gouvernance, and how security impact all the business. goal is to protect Data confidentiality, integrity, and availability. ensure that ours valuable asset have reasonable protection and manage the risks to all our critical resources. CISO JOB : understand the risk / plan inevitable compromises / securely adress them CFO - Chief Financial Officer responsability is helping set investment and spending priorities while managing compagny risks across financial, regulatory compliance. She rely on Data managing financial risks ERP - Enterprise Ressource Planning ==================================================================================== FORTINET - NSE 2 ==================================================================================== NSE 2 SASE (Secure Access Service Edge) ---------------------------------------- 1) SASE => Network-As-A-Service ---------------------------------------- Digital innovation has brought on: - expanding thin edge - growing amount of off-network users accessing the central data center. - challenging user experience for off-network users. - expanding attack surface. - multi-level compliance requirements. - increasingly sophisticated cyber threats. -- BYOD = Bring-Your-Own-Device -- All traffic running through the core data center for inspection resuts in: - high cost - complexity - elevated risk exposure - latency and a poor user experience. == SASE (Secure Access Service Edge) provide: - integrated networking - security capabilites. including: - Peering: direct network connection and traffic exchange across the internet (without having to pay a third party) - a Next-Generation Firewall (NGFW) or cloud-based Firewall-As-a-Service (FWaaS). NGFW or FWaaS: - Physical device or cloud based - Full stack security (IPS, anti-Malware, SSL Inspection, Sandbox) Secure Web Gateway : - filter malware - enforce internet security and compliance policies. Zero Trust Network Access (ZTNA) - identify users and devices and authenticate and authorize. - every attempt to access a system is challenged and verified. - multiple technologies -- Multi-Factor Authentification MFA. -- Network Access Control NCA. -- Access policy enforcement. Data Loss Prevention (DLP) - prevents moving key information outside the network. - informs content inspection of messaging and email applications. Domain Name System (DNS) - serves as the phone book of the internet. - informs SASE with detailed threat detection capabilities. - analyse and assess risky domains. SASE services deliver: - optimized paths for alls users to all clouds to improve performance and agility. - enterprise-grade certified security for mobile workforces - consistent security for all edges. - consolidated management of security and network operations. The goal of SASE is to support the dynamic secure access needs of today's organizations. The goal of SASE is to Support the dynamic, secure access needs of today’s organizations by extending enterprise-grade security and networking regardless of location Proper SASE service allows organizations to extend enterprise grade security and networking to the : - Cloud edge (where remote off-network users are accessing the network) and - The Thin Edge (small branch offices) Fortinet Sase solution name is FORTISASE. ==QUIZZ Which two cloud capabilities are combined to deliver SASE? - Security-as-a-Service - Network-as-a-Service ---------------------------------------- 2) Cloud Security ---------------------------------------- Iaas vendor responsability: - infrastructure uptime responsability of the provided - responsible for infrastructure security it provides. But you are responsable for: - securing access - network traffic - data application. cloud provider may have tools to protect but same tools vendors use to secure the underlying infrastructure if this is bypass by hacker it can bypass the others layers application level as well. Many organization operate in a hybrid world, on-premise - cloud or multi-cloud environnement with different providers like cons to have multicould provider is they don't use same tools, they are not coordonate, its more complexe to manage security if you use multiple cloud provider in the same time. Fortinet Security fabric integre: - fortiGate - FortiMail - FortiWeb - FortiSandbox - FortiInsight cloud provider: aws, ms azure, google cloud, vmware, cisco aci, oracle cloud.. ==QUIZZ Q - Identify the correct description for IaaS. A - Allows you to rent virtualized data infrastructure without having to physically manage it on premises Q - Identify a potential problem that customers risk if they rely solely on vendor cloud security tools. A - The tools provide basic security and do not secure all facets of a multi-cloud environment. Q -Which reason drove organizations to use cloud services? A - Cost savings by paying for only what computer services were needed. Q -Complete the sentence. Cloud computing is the practice of A - using a network of remote servers hosted on the internet to store, manage, and process data. ==== ---------------------------------------- 3) SD-WAN ---------------------------------------- SD-WAN (Software-Defined Wide-Area Network) - -