CompTIA Security+ SYO-401

Certification Training
9451 Learners
View Course Now!
33 Chapters +

Alternative Methods to Mitigate Security Risks in Static Environments Tutorial

1 Alternative Methods to Mitigate Security Risks in Static Environments

In this lesson, we will explore a unique topic of safeguarding the static IT environment. Let’s begin with objectives in the next screen. After completing this lesson, you will be able to: • Comprehend Static Environment and its example, • Explain weak examples of Static Environment, • Describe examples of Static Environment, and • Define different methods of Security Management.

2 Static Environment and its Example

In this topic you will learn about Static Environment and its example. Static means constant. If this word is applied to the technology or IT environment, we can say that the elements that define the IT environment remain constant. They say, “Change is the Only Constant,” and every entity undergoes a change sooner or later. So in technology, even the elements of the static IT environment would undergo change, and the reasons might be hardware failure, change in hardware configuration, software bug, software-setting change, or an exploit. However, for definition, a Static IT environment is expected to remain unaffected by external factors that even includes users and administrators. Hence, to strengthen the security or functional operation, it is important to avoid or at least reduce the changes imposed by the user.

3 Weak Examples of Static Environment

Supervisory Control and Data Acquisition, or SCADA, helps you in controlling and collecting data. In recent days, this concept has been applied in every modern industry such as manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refineries. The SCADA systems are used in many different enterprises, both private and public service providers, due to its range of simple configurations for large and complex projects. It can perform its function independently, irrespective of whether you connect it with other SCADA systems or with traditional IT systems. The design of SCADA systems consists of very little human interface. There are hardware and software elements that help you in gathering and arranging data into a computer with the installed SCADA software. To carry out this function they use mechanical buttons and knobs, or simple LCD screen interface, similar to GPS navigation device, or a business printer. However, the SCADA devices connected to a business network possess complex remote controlled software interfaces. Looking at such high-tech security, and with very little human interface, it was evident that there should be no security issues with this system. So, a low level of security was built. But as mentioned earlier, systems can be altered because of many specific reasons. In case of SCADA, the famous example of compromised security is Stuxnet delivering the first-ever rootkit to a SCADA system located in a nuclear facility. It is a code that is inserted into the programmable logic controllers. These controllers attack the most acute part of an industrial process. The exact or accurate definition of an Embedded System is not easy. To put it in simple words, we would frame it as the combination of hardware and software to perform a set of fixed tasks or plans. It can be a part of a larger system. Common examples of embedded system are cell phones, digital cameras, camcorders, answering machines, fax machines, printers, and scanners, cash registers, automated teller machines, and other gadgets. The embedded systems are designed to minimize costs by implementing only the mandatory features. This results in lack of security and umpteen roadblocks in upgrading the system. An embedded system is in control of the processes followed by the larger system. Hence, compromised security would harm its users and the property within the environment.

4 Examples of Static Environment

In this topic, you will learn about weak examples of the Static Environment. Android is a Linux-based operating system, which is mostly used in mobile devices. The first Android-based mobile was made available in 2008, and it was programmed using an open source code licensed by Apache. Other than mobile phones, android systems are used in televisions, game consoles, digital cameras, microwaves, watches, e-readers, cordless phones, and ski goggles. Android phones or tablets can never be an appropriate example of a static environment. This is because, this OS includes umpteen user customization options that allow you to install various apps from different app stores and other websites. This can lead to various virus and malicious attacks. Moreover, the security level in these devices is very low. Yet, Android used in devices other than mobile phones or tablets can be considered closer to the static environment. Whether static or not, Android comes with many weaknesses, which leads to hacking of cellphones, licensed apps, and stored data. The Android team is constantly working toward enhancing security for android devices. This would enable users to adjust various configuration settings and reduce risks and vulnerabilities while using different apps. iOS is another operating system, which is exclusively used for Apple-owned devices, such as, iPhone, iPad, and Apple TV. Apple does not permit the use of its OS in a hardware device, which is not their proprietary product. Thus, the company has full control over the features and capabilities of iOS. Since iOS is an operating system for iPhone and other Apple devices, users can install apps from the Apple App store, thus, making it a poor example of a Static environment. Also, it is possible to break access and security restrictions by installing apps from other sites or stores and attain greater control over the settings. Doing this, the security of device becomes severely hindered. To increase the security level of your Apple device, you can install apps with additional security features. In this topic, you will learn about a few examples of the Static Environment. Mainframes are large and expensive computer systems designed to perform multifaceted calculations and process a huge amount of data. Mainframes can be divided into older and newer mainframes. The former type can be considered an ideal example of the Static environment. This is because, old mainframe systems were designed for a single task, or we can say, at a given point of time, such systems could support a single application, that held prime or high importance. This feature offered less flexibility, but high stability. So, they could be used for long term operations. However, there was a drawback; these systems could not be used for decades. In contrast to old mainframes, the new mainframe systems offer more flexibility, and with the support of numerous virtual machines, they perform high speed calculation of power. These virtual applications are used to host an exclusive operating system, and this in turn would support wide range of applications. If the new mainframe systems are constantly used with an OS, or an application, then these can be considered as static environment. Game consoles are commonly known as video games. They can be used either with home systems or portables systems. The platform to play these video games is known as the Video Game Console. It is an accurate example of a static environment. This is because the operating system of a game console is fixed and is only changed when there is a system update. We have seen that the game console capabilities are generally focused on playing games and media, but modern consoles might include accessing data from third-party applications. We can conclude that static and flexible environments are inversely proportional. The In-vehicle computing systems offer components used to monitor engine performance and optimizing brake, steering, and suspension. It also includes en-dash elements with reference to driving, environment controls, and entertainment. We can differentiate between the old and new In-vehicle computing systems by calculating their flexibility. Unlike the old In-vehicle computing system, the new In-vehicle computing system offers very high flexibility for the owner or driver. Therefore, the old version of In-vehicle computing system can be the best example of a Static environment.

5 Methods of Security Management

In this topic, you will learn about the different methods of Security Management. The concept of Network Segmentation is controlling traffic among networked devices or splitting the network into subnetworks. But the question is why we need network segmentation. This is to ensure that the data transaction remains only between devices within a segment. However, we can separate a network completely only when it is completely isolated from all other communication. It may interest you to know that logical network segmentation is possible with the help of switches using VLANs or through other traffic-control devices, such as MAC addresses, IP addresses, physical ports, TCP or UDP ports, protocols, or application filtering, routing, and access control management. In a static environment, network segmentation is important to avoid changes, attacks or exploits reaching towards them. Application firewalls lay the rules for communication protocols, which are responsible for interacting and sharing service with other applications within the network. Such firewalls are generally considered as an add-on for the server, a device, a virtual service, or a filter monitoring the set rules. The primary purpose of application firewalls is to prevent payload attacks that are specially targeted toward the application. On the other hand, a network firewall is a physically installed device, designed to monitor and filter unwanted traffic trying to enter the network. Its primary purpose is to provide protection for the overall network. Both physical and network firewalls have their relevance, and a network comprising systems and application servers requires both. Also, the use of a firewall doesn't negate or lessen the impact of the other. So, it is recommended that you use the two firewalls in a series to complement each other. It is possible for you to apply security layers when devices with different levels of classification or sensitivity are clustered together and more importantly isolated from other clusters. This isolation is omnidirectional. This means, a low-level user cannot initiate communication with a higher level, but the high level user can. Moreover, isolation can be of two types: logical and physical. The former requires you to mention classification labels on data and packets. On the other hand, the latter requires creating network segments or air gaps between networks of different security levels. In a static environment, updates should be applied manually. This ensures that only verified and permitted changes are allowed and implemented. It is recommended that you should not use automatic updates, as it may allow unverified or untested changes to diminish the security level within the environment. As we discussed in manual software updates, there should be strict protocols to implement only verified changes. Similarly, in a static environment, it is important to have strict control over firmware. Moreover, it is your responsibility to check for firmware updates manually, and apply them only once they are tested and reviewed thoroughly. For all firmware updates, it is recommended that you maintain versions to ensure minimum downtime during a system compromise. A wrapper is referred to as an entity that encloses or contains another entity. A well-known example of a wrapper is a Trojan Horse that encapsulates numerous viruses, adware, spywares, and other such entities. Similarly, in a static environment, wrappers are used to reject updates, changes, or software installation, unless they are tested and sent through a controlled channel. This channel can be a particular wrapper, which may include integrity and authentication features to allow only authorized updates for installed systems. There can be numerous attacks on your environment, which are sometimes mild or severe. In these situations, can one security method help you avoid the attack? What if the same method fails, or has an error? So, in a static environment, depending on a single security solution is not a wise strategy. You can avoid the risk of using a single security measure by applying control redundancy and diversity. This helps you n deflect, deny, detect, and deter any threat in the environment. Though we use various securities, we know that there can never be a perfect solution, and every security mechanism will have some or the other loophole.

7 Summary

Let us summarize the topics covered in this lesson. Static environments are applications that are configured for a specific need, capability, or function, and then set to remain unaltered. Examples include SCADA, Embedded Systems, Android, iOS, Mainframes, Game Consoles, and In-Vehicle Computing Systems. Static environments, embedded systems, and limited or single-purpose computing environments need security management. These techniques include network segmentation, security layers, application firewalls, manual updates, firmware version control, wrappers, and control redundancy and diversity. With this we conclude this lesson “Compare and contrast alternative methods to mitigate security risks in static environments.” In the next lesson, we will look at “Compare and contrast the function and purpose of authentication services.”

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*