Module 11: Asset Management & Security Operations

Glossary of Terms

Anything that has value to an organization, including tangible items like hardware and intangible items like data and intellectual property.

The process of accounting for, deploying, maintaining, upgrading, and disposing of an organization's assets throughout their lifecycle.

The process of categorizing assets based on their value, sensitivity, and criticality to the organization to determine the appropriate level of protection.

The process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. Methods include software-based wiping and physical destruction.

The formal process of taking an asset out of service, which includes data sanitization and secure disposal or recycling.

Stands for Authentication, Authorization, and Accounting. It's a security framework for controlling access to resources, enforcing policies, and auditing usage.

A networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect to and use a network service.

The process of finding, fixing, and preventing security vulnerabilities at the application level, throughout the entire application lifecycle.

A technique to prevent malicious data from entering a system. It involves checking data to ensure it meets specific criteria (e.g., correct type, length, format) before processing.

The analysis of an application's source code or binary code for security vulnerabilities without executing the program.

The process of using a digital signature to confirm the identity of the software author and guarantee that the code has not been altered or corrupted since it was signed.

A security mechanism for separating running programs in a tightly controlled environment to limit the harm they can cause to the host system.

HTTP cookies with security attributes like `Secure` (to ensure they are only sent over HTTPS) and `HttpOnly` (to prevent access from client-side scripts) to protect user session data.

Asset Management

The Asset Management Lifecycle

Effective security requires managing assets through every stage of their life, from initial planning to final disposal.

1. Acquisition & Procurement: Security must be a primary consideration when purchasing new hardware or software. This includes vendor risk assessments and ensuring new assets meet security standards *before* they are bought.
2. Assignment & Accounting: Once acquired, every asset must be assigned a clear owner (an individual or department) and classified based on its criticality and the sensitivity of the data it handles. This establishes accountability.
3. Monitoring & Tracking: Organizations must maintain a continuous, up-to-date inventory of all assets. Automated discovery tools are essential for tracking where assets are, who is using them, and their current security status (e.g., patch level).
4. Disposal & Decommissioning: When an asset reaches the end of its life, it must be retired securely. This is crucial for preventing data breaches from discarded hardware. The process involves secure data sanitization (wiping or physical destruction) and obtaining a certificate of destruction.

Security Implications of Asset Management

Proper asset management directly strengthens an organization's security posture in several key areas.

Hardware Security: A complete hardware inventory allows security teams to identify unauthorized "rogue" devices on the network and ensures all devices are securely configured and patched.
Software Security: An accurate software inventory is the foundation of patch management. It allows organizations to quickly identify systems running vulnerable software (like the out-of-date Plex server in the LastPass breach) and prevent the use of unauthorized, potentially malicious applications.
Data Security: By classifying data and mapping it to the assets where it is stored and processed, organizations can apply the correct security controls (like encryption and access restrictions) to protect their most sensitive information.

Network Security: AAA and RADIUS

Controlling access to the network is a core part of securing assets.

AAA Framework: This stands for Authentication ("Who are you?"), Authorization ("What are you allowed to do?"), and Accounting ("What did you do?"). It's the fundamental model for network access control.
RADIUS: This is a protocol that implements the AAA framework. It provides a centralized way to manage user authentication and policies across various network devices like VPNs and wireless access points.

Application Security (AppSec)

The Importance of Application Security

Applications are often the primary target of cyberattacks. Securing them is critical to protect sensitive data, maintain business continuity, and build customer trust. A strong AppSec program integrates security into every phase of the software development lifecycle (a practice known as DevSecOps).

Key Application Security Techniques

These techniques are used to build and maintain secure applications.

Input Validation: Never trust user input. This technique involves rigorously checking all data submitted by a user to ensure it is safe before processing. It's the primary defense against injection attacks like SQL injection and cross-site scripting (XSS).
- Whitelisting: Only allowing known-good input.
- Sanitization: Removing potentially harmful characters from input.
Secure Cookies: User session cookies can be a target for attackers. Securing them with the `HttpOnly` flag prevents them from being stolen via XSS, and the `Secure` flag ensures they are only ever transmitted over encrypted HTTPS connections.
Static Code Analysis (SAST): Using automated tools to scan an application's source code for potential security vulnerabilities before the code is even run. This helps developers find and fix flaws early in the development process.
Code Signing: This provides a digital signature for software, which verifies the identity of the author and ensures the code hasn't been tampered with since it was signed. It helps prevent users from installing malicious software masquerading as a legitimate application.
Sandboxing: Running an application in a restricted, isolated environment (a "sandbox"). This limits the application's access to the host system's files and resources, containing any potential damage if the application is compromised.
Real-time Application Monitoring: Continuously analyzing application logs and behavior to detect and respond to anomalies or threats as they happen.