Troubleshooting Security Issues

• Troubleshoot Identity and Access Issues

• Troubleshoot Attacks
• Troubleshoot Other Security Issues

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 1
Authentication Issues

• First determine if the problem is truly authentication and not some other problem
with the cloud network, the device, or the application.
• See if someone else can authenticate.
• If no one can authenticate by using one method, then see if users can authenticate
by using some other method.
• Also try, if available, a different authentication protocol, such as Kerberos, NTLM,
smart card/token, MS-CHAP v2 (for remote access), and more.
• Check the Event Viewer logs or error messages to see if there is any indication of the
problem.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Authorization Issues

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
Federation and SSO Issues

There are some potential issues with SSO and federation that you need to consider
before implementing these systems.
• How the system will provision and de-provision user accounts.
• How a user is allowed to reset their passwords.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
Certificate Issues

Issue Description
Unencrypted credentials Credentials are sent over the network unencrypted, or they are
stored in cleartext form.

Certificate issues Digital certificates are invalid, insecure, or non-functional.

Key management issues Encryption keys are inaccessible to authorized personnel or

accessible to unauthorized personnel.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
Incorrect Identity and Access Hardening Settings

• Personnel: The most common use for IAM is to define identities for organizational
employees. Likewise, personnel identities are among the most popular attack
vectors.
• Endpoints: The devices that people use to gain legitimate access to your network are
varied and often difficult to account for in an IAM system. This is especially true of
mobile devices like smartphones, tablets, and laptops.
• Software: Like servers, applications and services can be uniquely identified in the
organization through digital certificates. One unique issue with applications is how to
determine which other entities are allowed to run certain apps.
• Roles: Roles support the identities of various assets by defining the resources an
asset has permission to access based on the function that asset fulfills. Role-based
identity can have poorly defined roles that can lead to privilege creep.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
Guidelines for Troubleshooting Identity and Access
Issues

• When users experience authentication issues, first try to determine if the issue is
related to something else instead.
• When an issue occurs, determine if it affects other users or just one.
• Consider how the system will provision and de-provision user accounts when using
SSO and federation before implementing these systems.
• Consider how users will reset their passwords when using SSO before implementing
these systems.
• Consider how non-user assets in your organization fit into your IAM scheme.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
Activity: Troubleshooting Identity and Access
Issues

• Your manager at Rudison Technologies poses different scenarios to you and asks
what troubleshooting steps you would take to troubleshoot identity and access
issues.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
External Attacks

2.
2. Virtual
Virtual resources
resources provisioned
provisioned to
to
individual accounts
individual accounts

4.
4. Distributed
Distributed cloud
cloud resources
resources
overload
overload target
target server
server
3.
3. Attacker
Attacker consolidates
consolidates
control
control over
over virtual
virtual
environments
environments

1.
1. Attacker
Attacker executes
executes
automated
automated signup script
signup script on
on
cloud
cloud provider
provider

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
Internal Attacks

Issue Description
Policy violation Personnel violate your organization's policy and engage in
unacceptable use of systems, data, and the network.

Social media and personal messaging Personnel use social media and personal messaging accounts in
use ways that bring risk to the organization.

Social engineering Personnel fall victim to social engineering attacks and divulge
sensitive information or give access to unauthorized users.

Insider threat Disgruntled or otherwise malicious personnel use their unique

knowledge of the organization to exploit it for personal gain.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
Privilege Escalation

• Vertical
• User can perform functions not normally assigned to their role or explicitly permitted.
• Example: Normal user gains access to admin rights.
• Horizontal
• User can access or modify specific resources they are not entitled to.
• Example: Normal user gains access to other users’ private data.

cal
ti
Admin
Ver

User A User B
Horizontal

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
Attack Vectors Related to Configuration

Although the paths that attackers take are diverse, there are three general elements that
can contribute to an attack vector:
• Vulnerabilities: Attackers will almost always search for holes within your systems and
networks.
• Exploits: These almost always depend on vulnerabilities to be effective. When the
gap in security is identified, the attacker can launch a tool or utility to take advantage
of that gap.
• Techniques: An attack's technique provides more detail about the path it takes, as
well as how it operates. It can also help categorize the effects of an exploit payload.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
Guidelines for Troubleshooting Attacks

• Consider familiarizing yourself with different types of attacks on clouds so that you
will be better prepared to recognize and troubleshoot them.
• Remember that attacks don't come from outside your organization only; they can
come from inside your organization as well.
• User accounts can be a source of multiple attacks, so ensure you have good user
management in place to mitigate this.
• Understand the vectors that attackers take as this is a crucial step in security because
it helps the practitioner identify the how of an attack.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
Activity: Troubleshooting Attacks

• Your manager at Rudison Technologies poses different scenarios to you and asks
what troubleshooting steps you would take to troubleshoot attack issues.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
Unencrypted Communication

Some steps to help encrypt communications are:

• Ensure that you are using secure remote protocols like SSH.
• Ensure that you are using SSL/TLS to secure web-based communications.
• Ensure that users know not to store passwords in unencrypted text, spreadsheet, or
database files.
• Ensure that any custom apps you develop employ encryption for data at rest, in
transit, and in use.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
Unauthorized Physical Access

Physical Resource Vulnerabilities

Building and grounds • Location
• Physical access control
Devices • Servers
• Laptops and tablets
• Mobile phones
• Other wireless devices
Communications • Telecommunications
• Service providers
• Wireless cells

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
Unencrypted Data

Unencrypted
Unencrypted data
data is
is vulnerable
vulnerable
regardless
regardless of
of where
where itit is
is located.
located.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
Weak or Obsolete Security Technologies

• Securing your environment is a good accomplishment but only if it is done well and
maintained.
• When implementing security, ensure that you are following best practices and using
settings that provide adequate security.
• Even when you implement good security, you may still not maintain the level of
protection you want.
• You need to periodically review your security settings and also review new
vulnerabilities so that you can then implement changes to keep your environment
safe.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
Insufficient Security Controls and Processes

• Having insufficient security controls can leave your environment open to attacks.
• These can range from physical controls such as locks, to technical controls such as
anti-malware or firewalls.
• Having insufficient security processes can leave your environment open to attacks
even if you have good security controls in place.
• Security processes include items such as security governance, policy management,
awareness and education, identity and access management, vulnerability
management, and incident response.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
Tunneling or Encryption Issues

• Tunneling with a protocol such as SSH, or using a VPN, can provide access to your
cloud from another network.
• While these provide a useful service they can also create potential issues.
• Tunneling can be used to "sneak through" a firewall by wrapping a protocol that the
firewall would normally block inside a protocol that the firewall does not block.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20
Security Device Failure

Network Device Issues

Access point Access points are incorrectly authenticating users or are non-functional.

Firewall Firewalls fail to prevent unwanted traffic from entering or leaving the
network, or block legitimate traffic from entering or leaving the network.

Content filter The content filter blocks legitimate content, or fails to block undesirable
content.

Intrusion detection system (IDS) The IDS frequently encounters false positives and false negatives.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 21
Guidelines for Troubleshooting Other Security Issues

• Always encrypt your communications to prevent attackers from gaining important

information like account passwords.
• Remember that your physical security is as important as your virtual security as it will
keep intruders from gaining access to your organization and your staff.
• Remember that unencrypted data is vulnerable regardless of where it is located.
• Ensure you are implementing adequate security settings when you secure your
environment so that you have the level of security you require.
• Review your security settings and new vulnerabilities on a periodic basis to discover
new attack vectors that you can then implement security for.
• Ensure that your security controls are adequate for your environment to avoid
additional security issues.
• Ensure that you implement adequate security controls to further protect your
organization and avoid security or potential legal issues.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22
Activity: Troubleshooting Other Security Issues

• Your manager at Rudison Technologies poses different scenarios to you and asks
what troubleshooting steps you would take to troubleshoot other security issues.

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 23
Reflective Questions

1. What types of attacks have you had to deal with in your environment? How
did you detect them and stop them?

2. What other security issues have you identified in your environment?

Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 24