Static Hosts

CompTIA Security+ Certification (SY0-501) Chapter 7 - Beyond the Basic LAN
7 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€91.73
List Price:  €128.43
You save:  €36.69
£78.50
List Price:  £109.90
You save:  £31.40
CA$135.42
List Price:  CA$189.60
You save:  CA$54.17
A$152.22
List Price:  A$213.12
You save:  A$60.89
S$133.77
List Price:  S$187.28
You save:  S$53.51
HK$781.89
List Price:  HK$1,094.68
You save:  HK$312.79
CHF 88.30
List Price:  CHF 123.63
You save:  CHF 35.32
NOK kr1,058
List Price:  NOK kr1,481.24
You save:  NOK kr423.24
DKK kr684.10
List Price:  DKK kr957.77
You save:  DKK kr273.66
NZ$164.15
List Price:  NZ$229.81
You save:  NZ$65.66
د.إ367.20
List Price:  د.إ514.09
You save:  د.إ146.89
৳10,978.23
List Price:  ৳15,369.96
You save:  ৳4,391.73
₹8,290.53
List Price:  ₹11,607.08
You save:  ₹3,316.54
RM471.80
List Price:  RM660.54
You save:  RM188.74
₦156,534.34
List Price:  ₦219,154.34
You save:  ₦62,620
₨27,950.66
List Price:  ₨39,132.05
You save:  ₨11,181.38
฿3,595.26
List Price:  ฿5,033.51
You save:  ฿1,438.25
₺3,229.78
List Price:  ₺4,521.83
You save:  ₺1,292.04
B$499.40
List Price:  B$699.18
You save:  B$199.78
R1,883.20
List Price:  R2,636.56
You save:  R753.35
Лв179.42
List Price:  Лв251.19
You save:  Лв71.77
₩133,286.20
List Price:  ₩186,606.01
You save:  ₩53,319.81
₪365.03
List Price:  ₪511.06
You save:  ₪146.02
₱5,561.09
List Price:  ₱7,785.75
You save:  ₱2,224.66
¥14,911.76
List Price:  ¥20,877.07
You save:  ¥5,965.30
MX$1,670.32
List Price:  MX$2,338.52
You save:  MX$668.19
QR364.82
List Price:  QR510.77
You save:  QR145.94
P1,359.04
List Price:  P1,902.71
You save:  P543.67
KSh13,398.66
List Price:  KSh18,758.66
You save:  KSh5,360
E£4,718.65
List Price:  E£6,606.31
You save:  E£1,887.65
ብር5,656.15
List Price:  ብር7,918.84
You save:  ብር2,262.68
Kz83,512.74
List Price:  Kz116,921.18
You save:  Kz33,408.44
CLP$93,810.03
List Price:  CLP$131,337.80
You save:  CLP$37,527.76
CN¥710.61
List Price:  CN¥994.89
You save:  CN¥284.27
RD$5,917.87
List Price:  RD$8,285.25
You save:  RD$2,367.38
DA13,435.55
List Price:  DA18,810.31
You save:  DA5,374.76
FJ$226.69
List Price:  FJ$317.37
You save:  FJ$90.68
Q780.94
List Price:  Q1,093.35
You save:  Q312.40
GY$20,949.18
List Price:  GY$29,329.69
You save:  GY$8,380.51
ISK kr13,659.63
List Price:  ISK kr19,124.03
You save:  ISK kr5,464.40
DH1,002.67
List Price:  DH1,403.78
You save:  DH401.11
L1,768.33
List Price:  L2,475.73
You save:  L707.40
ден5,652.42
List Price:  ден7,913.61
You save:  ден2,261.19
MOP$805.88
List Price:  MOP$1,128.27
You save:  MOP$322.38
N$1,866.55
List Price:  N$2,613.25
You save:  N$746.69
C$3,681.10
List Price:  C$5,153.70
You save:  C$1,472.59
रु13,266.49
List Price:  रु18,573.62
You save:  रु5,307.13
S/368.83
List Price:  S/516.39
You save:  S/147.55
K382.06
List Price:  K534.91
You save:  K152.84
SAR375
List Price:  SAR525.02
You save:  SAR150.01
ZK2,508.19
List Price:  ZK3,511.57
You save:  ZK1,003.37
L456.04
List Price:  L638.48
You save:  L182.43
Kč2,310.02
List Price:  Kč3,234.13
You save:  Kč924.10
Ft36,211.46
List Price:  Ft50,697.50
You save:  Ft14,486.03
SEK kr1,038.11
List Price:  SEK kr1,453.39
You save:  SEK kr415.28
ARS$85,066.49
List Price:  ARS$119,096.49
You save:  ARS$34,030
Bs691.23
List Price:  Bs967.75
You save:  Bs276.52
COP$389,029.38
List Price:  COP$544,656.70
You save:  COP$155,627.31
₡50,979.09
List Price:  ₡71,372.77
You save:  ₡20,393.67
L2,470.17
List Price:  L3,458.33
You save:  L988.16
₲730,160.41
List Price:  ₲1,022,253.79
You save:  ₲292,093.37
$U3,841.23
List Price:  $U5,377.88
You save:  $U1,536.64
zł395.31
List Price:  zł553.46
You save:  zł158.14
Already have an account? Log In

Transcript

One of the coolest things about being in today's internet is that our universe is filled with all of these amazing devices that I'm going to call static host. Now, you might also want to use the term Internet of Things. But it basically boils down to those zillions of devices out there that have some form of embedded operating system. And they also have some type of network awareness. So gosh, that could go from a Google Home box to a nest thermostat to a home router to a game controller, there are so many things out there that fit underneath that criteria. Now, a lot of people would argue that mobile devices are static hosts.

They certainly have a specific operating system. And it's also stored on firmware, and they're very much internet aware. However, these are kind of general purpose devices. So when we're talking about a static host, usually the best idea is to think about a device that's designed to do a specific thing. So So there are arguments for mobile devices being static hosts. However, I'm going to save all that for their own episode.

And we can go into the security of mobile devices in great detail. But there's lots of static hosts all around us. I mean, look what I got right in front of me here, I've got a wireless access point. I've got a nice switch here got an old but good router right in front of me, I've got a network aware printer right here. All of these are single purpose devices whose job is to do whatever they're supposed to do. They are network aware, very much network aware.

And they have some form of operating system stored on some kind of firmware. So these are all static hosts. Now, I'm not done yet. Let's keep going here. Let's take it up to more of an industrial level, and talk about some of the stuff that we see for example, industrial control systems. Everything we do when it comes to industrial anything these days, usually means you've got some kind of machine some kind of something with a computer that is network aware.

That is single purpose who is going to control that thing. To make it do whatever it wants to do. So I don't care if you're baking bread or making motherboards, there's invariably going to be some type of industrial control system. Now probably one of the more famous industrial control systems is heating, ventilation and air conditioning systems or HD AC. Pretty much any office building any industrial building today has an HD AC system. And all of that is powered by some type of specialized computer whose only job is to keep us warm or to keep us cool.

Now, we can even take it one step further than that. What I want to do is take the idea of industrial control and take it out over long distance. We have a lot of situations, railroads, oil pipelines, electrical distribution systems that require industrial controls, but because of their physical distances involved, they actually go into a whole new class of devices that we call supervisory control and data acquisition systems or skate up. So SCADA systems are pretty much ICS But the only big differences is they usually have to have some kind of like a cellular LAN connection, or something like that they have a lot of autonomy to make sure that they can do whatever they have to do. So there is a lot of stuff out there that we have to deal with when it comes to static hosts. So the big question is, is how do we secure them?

The biggest challenge to securing static hosts is understanding that in many ways, they're like any other type of host. And in many ways, they're not. So first of all, they act a lot like any regular host in that just like regular Windows system. For example, I will have user accounts with passwords. This has a user account with passwords, and invariably, it's going to have some default user account password. You know what, you probably want to change that.

Also like a regular host, you want to turn off unnecessary services. This particular router right here has a built in telnet server which I don't like to have turned on as an SSH server which is fine with me. So I make sure to turn off that telnet server. So the first thing you're going to do when you're dealing with the static host is think about that static host as a regular host. So there's a lot of things that you can take care of. However, the other problem with static hosts is that it doesn't act like a regular host.

In many ways. I don't have any Windows update that comes with this that automatically updates the built in operating system. I don't have any anti malware on this guy that allows me to make sure I'm not being corrupted by something. So when you have static hosts in your life, you're going to spend a lot of time monitoring your network, monitoring what's going on out there and making firmware updates. Hopefully, a lot voltage depends on the device, you run into a lot of interesting problems. Like for example, a very popular brand of home routers, people discovered fairly recently you could just type something into a screen and it would automatically allow you to take full control of them.

One injection attack. But it's because I watched the news and I discovered something like that. Also, this is a Cisco device, I tend to live on the Cisco sites, always watching for particular problems for any piece of firmware that needs an update. And then I'll go ahead and do those updates. And in 99% of the cases, it's a manual thing that you have to watch manually. Now.

That's great. But there's a lot of aspects about this device that you're not gonna be able to do anything about, for example, there is no anti malware built into the Cisco router. There are things I'm going to have to do to protect this. And I can't do it on the device itself. So I start to create layers of protection around it, or what we call defense in depth. And the best way to do defense in depth is through network segmentation.

Let me show you what I mean. So here's Mike's bread baking company, and I've got a big industrial control system where I make lots of delicious bread Now, what I need to do is perform networks segmentation here to give myself defense in depth. For example, here I have all of these bread baking machines, what I'm going to do is separate these bread making machines from the rest of my network using VLANs. In that way, I'm making sure that I get good control. And I can even put a firewall between the separate VLANs to make sure the traffic that I don't want to have going between these two will take care of it. Now, if I wanted to scale this up a little bit, let's just say I've got Mike's pipeline here.

So instead of an ICS, now I've got a SCADA system. So here's my pipeline with a few different terminals along 1000 mile pipeline. What I can do in this situation is that if any of these systems need to phone home or if I need to talk to them, I can go ahead and use a VPN network to allow me to talk to these guys with a high degree of security. You're going to see questions on the exam about static host. Remember a few things though, and you shouldn't have any trouble number one, treat a static host like any other regular host at first, but then Secondly, if there are unique aspects to that host, don't be afraid to throw in some really good network segmentation to protect your static hosts from the mean outside world.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.