CompTIA Security+ SY0-601 Topic: 2.1 Security Concepts in an Enterprise Environment.
December 13, 2022

2. Data Sovereignty and Protection

In this video, I’m going to talk about data sovereignty and data protection. Let’s get started. I think you guys probably already understand the concept that data is the second-most valuable asset that a company will own. You’re probably thinking, “What’s the first one?” Human life is the most valuable asset companies have to protect. Now data is going to be the second one. Without a doubt, data is going to be worth more than the facilities, like buildings, they may have.

Data is going to be worth more than other fixtures such as computers, servers, routers, and so on. Data is the lifeline of many businesses, such as Amazon. So in this video, we want to talk about a few different things that we can use to protect data. But before we get into that, let’s talk about something called “data sovereignty.” Now, this is about the jurisdiction of data within a country. definition of data sovereignty. Data are subject to the laws and governance structures of the country in which they are collected. So what is that? So, let us discuss this within a nation, our nation.

When data is collected from particular people within that country, what happens? Well, you know what? The businesses that are collecting it should be secure with that particular information. So what happens now is that we have laws within these particular nations to secure the data. An example of this would be GDPR. The GDPR is a law that applies to European nations to help secure the data that’s there. Within the United States, we have a variety of laws that we will use in order to secure our information, such as HIPAA, the Health Insurance Portability and Accountability Act, which is there to secure health information. So basically, data sovereignty is saying to us, “Hey, man, when you collect data within that nation, we want to make sure that the data is secured within that nation.” The next thing here in this video we’re talking about is data protection. And when it comes to data protection, the first thing we’ll mention is something called DLP software DLP.

Now, DLP will stop data from exiting the business and prevent confidential data from leaving the business. Firewalls prevent malicious software hackers from breaking in. But what happens if users mistakenly or intentionally send confidential data out of the business? This is known as “egress filtering” or “data exits” in the business. DLP software will stop that from happening. One example of this that I have here is semantic DLP. Forget this bio. If you just want to check it out, just Google “semantics DLP” and you’ll find it here. So Semantics DLP is one of the biggest players in this game of DLP software. But what exactly is DLP? So let’s say you have a user in an organization that makes a mistake and probably types somebody’s Social Security number, and they didn’t realize that they were sending it outside the business. Remember, email is not encrypted.

And before you know it, this could be compromised. The DLP can actually stop this. If someone tries to email confidential credit card numbers, social security numbers, or company confidential documents, the DLP can stop this. They try to copy the files to a memory stick. The DLP can also stop this also. So DLP is now I personally believe that DLP software should be almost mandatory in places where we send a lot of confidential data, such as hospitals and law offices, where almost every email that’s sent out and the data that’s shuffled around is pretty much confidential data. So if you’re dealing with this, what is it? I would highly suggest that your organization check out the DLP software.

Now for your exam, you don’t need to go in depth into how to set it up, including endpoint and network-based DLP. You don’t need to go into that. Just know what the DLT software is. Okay? The other thing to consider here is data masking and tokenization. Masking. You’re going to collect quite a lot of confidential data throughout the work. They’re going to collect people’s names and their Social Security numbers, maybe their dates of birth, maybe their addresses, emails, and so on. And then you’re going to store them on secure servers, right? servers that are highly encrypted, secured, and have good access control. Here’s a problem, though.

What happens when you want to reuse that particular data in other parts of the business that just don’t have that much security? Well, what you could do is mask it. Data masking basically takes secured data, masses it, and gives it to other sections of your business so that now you can use it and, for example, maybe capture a bunch of credit card information. And the other sections of the business want to analyse how much credit card revenue we’re capturing. So instead of sending them the credit cards, you could mask the data and send them just mass data.

Now that mass data is occasionally encrypted, this could be equivalent to simply encrypting it at a certain point. So they’ll send them this formatted data that’s not the original data. It’s basically a mask; it’s hidden there. That’s where we would use data masking. So it’s like taking confidential data and masking it to be reused in other sections. The other part here is tokenization data. Tokens. And you guys are familiar with this. You’ve used this before with tokenization. Now I’m going to draw you guys a little diagram here. What exactly is tokenization? So banking transactions and tokenization are where we use it a lot. Even when logging in, you use login tokens. So let’s say you have a bank in the banking system.

You have access to your credit card information. So let’s say your credit card information is represented by forex, right? Let’s say that’s just your credit card information. What happens now is that the bank can then issue you a token. This token can then be reused in other parts of the banking system without anyone ever having to refer back to the original credit card numbers. So let’s say this token is represented by the numbers 10 and 1. So your token is $10 one.You can then use this token as you would your normal credit card within that banking system, though. So then you can use that token throughout your entire banking system. All you’re doing is referring to it as “ten one.” But the system knows that this is the original credit card number.

This is good because, you see, the good thing about tokenization is that you never really need to pull up your original credit card number. And if this token is ever compromised, no big deal. Because this token is unreversible, you can’t take 101 and revert it back to the original credit card number. They would have to have access to this system to do that, which is very secure. So that’s tokenization. Okay, the next topic we’ll talk about is encryption. So encryption is important. Now, encryption is a big topic. We have a giant section on it coming up later. But just remember, encryption basically encrypts data so it can’t be read by anyone other than the intended recipient.

So if I encrypt data and I have Mary in the corner over there, basically I would encrypt it and then I would give it to Mary, and she should be the only one that’s able to decrypt this information. If there’s Bob over there in that corner trying to listen to the conversation or sniff the data, he’s not going to be able to decrypt it because only Mary can decrypt it. The whole process of how that works Have some fun with them when we get to cryptography later in this particular course. Okay, now let’s talk about data states.

As a result, data exists in three states: data at rest, data in transit or motion, and data in processing, also known as “in use.” So it’s data at rest. Motion and use These are the three data rest motion states. Let’s talk about this. So I have a server over there. I have a web server in that corner of the room, and I have my desktop right here. So all data would always be in one of these three states all the time.So right now I have a Web page that is on that server. So that’s quote, unquote, “data at rest.” That means that the data is just sitting on the hard drive. Then I open up a browser and go to the website, right? I go to the internal website.

Then the web page goes across the network and hits the web browser on this desktop. That’s data in motion. If the data is moving across the network, we consider it to be in motion. Now, the next thing would be that when the data gets here, the data has to be put to use. The data has to be processed by my browser. If it is encrypted with SSL, it has to be decrypted so I can see it. So that’s the data in use. So data always lies in these three states. I mean, you can see it here. So if I go back to my Amazon, if I just go here and type, right now there’s a web page sitting on the Amazon web server.

So when I go here and type, I forget how to spell Amazon there.So I go, and I type Amazon. So right now, there’s a web page sitting on the Amazon. So if I press Enter, that webpage will have flown across the Internet. That was the date set in motion. And now it’s on my computer, and I’m scrolling. I’m looking at it. I’m looking at it. This is data security in use. How does this relate to security? You must understand how we secure these data in various states. So, for example, if data is at risk, how do you secure it?

Data at rest is secured by using encryption. So you can do hard drive-based encryption. As an example, TPM chips with Microsoft BitLocker are available. You also have SSL encryption when the data is coming across the line, we’re secured with SSL encryption. Anybody who tries to read the information can’t; they’ve got to get past the SSL. And the other one here is going to be data in use. Now here’s the thing: You can’t encrypt data and use it. You can see the web page in front of you. It’s not encrypted, but what you could do is stop people from printing it. So you can apply controls so they can’t print it, they can’t take a screenshot of it, and then you can apply controls for how they can edit it.

So you can lock up certain fields. These are some of the controls available for securing and using data. Okay, and the last party we want to talk about here is going to be something called rights management. Most of us have probably heard of Information Rights Management (IRM), and you’ve probably heard of “DRM,” or digital rights management, right? So Digital Rights Management is used to stop people from copying things like movie files, DVDs, Blu-rays, ebooks, different types of music, and whatnot. Information rights management will become more important for that internal business and will aid in the security of information, whether dealing with one business to another or a business to consumer.

So information rights management is basically securing the information so it can’t be copied over to another business or given over to another business or individual in a malicious way. Okay, so these are some terms here that we just went over. We talked about data sovereignty and data protection. Don’t forget what a DLP is. That’s a term that you may see on your exam. Remember, that stops data from leaving the organization. Masking is to hide and reformat the information. So you could be using insecure methods. Tokenization produces tokens that you use throughout the network. Of course, encryption is required for encrypted data to be in motion and used. And then, of course, we finished it off by talking about rights management.

3. Other Security Consideration

In this video, I’m going to be going over quite a few different miscellaneous security terms that you’re going to need to know for your exam and in real life. So let’s get started. The first thing we’re going to take a look at is this term called HSMs, or hardware security modules.

What is that? Well, let’s just take a look at it first, and let’s go back to Google here and look one up so you know exactly what I’m talking about and what I’m talking about it. Hardware security module I want to show this to you, and then I’ll explain to you guys what it does. So hardware security modules are generally boxes, or sometimes they are going to be cards that are in your actual server. So here’s another one. Here’s one that says “big cipher” on it, and sometimes they are cards themselves.

You can even have these things as cloud services. where the cloud is generating it for you. It has cloud-based HSMs, just like AWS. So, what exactly is there? A cloud HSM; a hardware HSM. What exactly is an HSM, and what does it do? So let’s say, for example, you’re running a web server, okay? You’re running a web server, and you’re processing credit cards on your web server. You’re storing other people’s information. Well, to do that, you’re going to need to encrypt all of this information. You’ll have a lot of keys now that you’re in the process of encrypting.

You’re going to have to keep generating encryption keys and managing encryption keys. That’s the problem. You see, the generation and management of encryption keys takes up a lot of CPU power on this service. So why don’t you take the generation of all of these cryptographic keys and offload it to another device? Now you’re probably saying, “Okay, so that’s what the HSM is?” That’s right. The HSM is that other device that you’re offloading all of these cryptographic keys to. So HSMs are basically devices that generate and manage cryptographic keys for you. That way, your server doesn’t need to do that.

That way, your server is not bogged down. All the CPU and all the RAM are basically getting used up by the creation of cryptographic keys. So remember, for your exam, what is an HSM? It’s a device that creates and manages cryptographic keys for a network. And remember, this device is going to be optimized for this. So that’s its only job. So if it’s only one job, the fact that it’s optimized means it’s a lot quicker than your web server. Okay? So the next term here that we’re looking at is going to be geographical consideration. When you’re storing data, it’s important to know the geographical region that it’s in. There are a lot of reasons for this. Number one: laws and regulations. Depending on where the data is created and where it is stored, there may be laws for GDPR, HIPAA regulation, or PCI compliance.

There will be laws and regulations in the United States that will affect where the data is stored, how it can be accessed, and how quickly it can be accessed. If you’re storing data at the opposite end of the planet, then it has to come here. Then it might be even slower.

So you might have to do replication to make the data faster. OK, the next term here we need to know is going to be “Cloud Access Security Broker.” Now, we haven’t gotten to Cloud yet, but I’m going to describe what this is to you. And later on, of course, we’ll get to cloud computing. But let me show you guys what this is. So what exactly is the cloud? active security broker. Well, it’s a piece of software that sits between the organization and the cloud provider. So, imagine you have your organization and AWS. AWS is going to be your cloud provider.

So the CASBOR, or Cloud Access Security Broker, sits between your organization and the cloud provider. You’re saying, “Why do you need that?” Right? Well, here’s why you need it: this particular software will help enforce your organization’s policies, which could include ensuring that the data is encrypted. That can ensure that the authentication is done correctly. For example, you may want multifactor authentication, and if you want things like single sign-on into the AWS cloud, the Cloud Access Security Broker could do this. Now it’s generally a piece of software that’s doing it and ensuring that, hey, if the data is not meeting the security policies, the data cannot be transferred between the organisation and the cloud provider.

So remember, for your exam, that the cloud access security provider, the cloud access security broker, sits between the organization and the cloud provider to ensure that the security controls and your organization’s policies are met. Okay, let’s get rid of all that there. What else are we on to here? So the next thing we’re looking at is response and recovery controls. Now response and recovery controls is goingto be different forms of controls. We’re going to have different forms of control. You’re going to have to respond to security incidents. So every organisation is going to experience security incidents throughout the day. It could be an invasive incident where a server goes down. It could be a confidentiality incident, a hacker stealing information, or an employee stealing information.

You’re going to have to have procedures or methods to respond to these incidents. You’re going to have to have software that can detect them, such as intrusion detection systems. And the next one is going to be recovery controls, controls that allow you to restore data from backups or reimagine computers. Okay, the next one I really wanted to show you guys is something called SSL or TLS inspection. Well, this is interesting. So let me explain what this is to you. SSL or TLS inspection is when traffic coming into your network gets encrypted with SSL or TLS. By the way, for your exam, we’re going to COVID more on the difference between SSL and TLS in our cryptography section. But you guys should know that SSL just means it’s encrypted. So what this is is that we’re going to put something between the client and the server, right?

So let’s say the server is Amazon. Then you have the client, which is me here on my desktop. We’re going to put a device right in between them that allows it to inspect the SSL traffic. You say, “Why would you want that?” Because what happens is that we want to inspect the traffic from malware. These are also visible in firewalls. So I got my old Sonic as well as my new Sonic wall. And this Sonic Wall supports SSL encryption. I’d like to show you how it appears. All right, let’s return to my desktop and launch my Sonic Wall. And again, it’s all default settings here, guys. I still haven’t gotten to configure it. If you watch the earlier videos of me cracking weapons on it, you’ll notice that I still haven’t gotten around to securing it. It’s still the default username and password. When I get to the section, I keep telling myself that I’m going to secure it. I’ll show you. I’m going to go down here. This is the firewall setting in it.

Now remember, this is a full-fledged security device that a large organisation uses. They’ll use a bigger version of this, and it’s the same operating system. They’ll get the same features this tiny one has, except it just has more RAM and CPU on it. so they all get the same. So large businesses will use the exact same thing. I’m going to go down here to where it says Decryption Services. And you notice how they have “deep packet inspection” (SSLTLs). So in this one here, we can enable SSL client inspection. And what this is going to do now is that it’s going to start to actually encrypt and decrypt the sessions within it. Now you’re probably saying, “How does it actually work?” Well, what it does is that it actually sets up the SSL encryption and the SSL session with the server, and then the client sets it up here.

So that’s why it’s in the middle. It’s like a glorified man in the middle. Now it’s actually inspecting the SSL traffic. Why is it doing that, though? So why would they want to do it? Do you know why it does it? because it does. it to detect malware. This is a subscription service on this device. This is not something that’s free. You see, if I go here and notice how all of this is enabled, this is a subscription service. I have it in trial mode right now. So you have to actually pay for this notice to enable server SSL encryption.

So we could go in there. And you notice how it’s like the Gateway antivirus virus. It could detect quite a lot of things. This is something that many large corporations have nowadays. That way. If malware is coming through the firewall because a user could have gone to a website and mistakenly downloaded malware, and the malware is coming through the SSL session, the organisation wouldn’t be able to see it. Unless they have a device like this that can actually view the SSL session itself, detect the malware, and kill it before it gets into the business, This is amazing technology. Imagine stopping the malware before it even gets into your organization.

Amazing technology. The problem, though, that a lot of companies have encountered is that it slows the device down. So if you have a large number of users, this will become an issue. You need a much more powerful device. Okay, moving on here, the next thing we’re going to be looking at is hashing. Now a cryptographic hash is able to detect if data has been modified. I’m going to go over more hashing with you guys later on in this course. You know what? Hashin, I’ll show you some MDF hash. So we talked a little about this when we did passwords.

However, Hashin’s main purpose is to assist in the modification of detective data. So when you create confidential data, you want to hash it. That way, if it’s ever modified, you could tell. So let’s say I have many certifications. So that’s my message. So this is the hash of that message. So this is a cryptographic calculation, and this hash basically represents this message. If this message ever changes, So this was the original message. Let’s say I changed it and said, “I currently have 62 certifications.” Notice how the hash has changed. Maybe if I just detected this and deleted it, the whole hash would change. If I say I have many again, it goes back to where it was. So hashes basically detect that the data has been modified.

Don’t forget, passwords are hashed as well. Right? Passwords are basically hashes. Remember to look through those sections of the class. The next thing here I’m looking at is API considerations, right? API considerations. application programming interfaces. Earlier in the class, we talked about what APIs are. Now, remember, APIs are what you’re going to use—what apps use to connect to other systems. API enables interconnections between various types of systems. For example, going to the Expedia airfare booking website and booking an airfare with American Airlines Expedia has an API for American Airlines that allows you to connect to American Airlines, get the flight database, and put you on a flight there.

What are the considerations? But when it comes to API considerations, you have to consider how secure the data has to be. So, for example, is the data encrypted between Expedia and the American Airlines systems? That would be important, right? Or how is it authenticated, and what is its structure? Some of the considerations you would have, encryption being the most important one, especially the APIs, are on the Internet. OK, so we went over quite a lot of different topics here, right? This is a quick review before we finish this video.

HSM hardware security modules are going to be used to create and manage encryption keys for networks. Geographical considerations will be used to ensure that we follow the laws of that country, as well as the distance of the data. The Cloud Access Security Broker, or CASB, is basically the software that sits between the organisation and the actual cloud provider. To enforce the organization’s security policy, you must have good response and recovery control when managing security in any organization. SSL or TLS inspection will be used in businesses today to help detect malware that may flow in and out of the network. We use hashing to detect changes or modifications to data. And when managing APIs, just make sure that one of the considerations is making sure that the data stays encrypted.

4. Site Resiliency, Hot, Warm, Cold

In this video, I’m going to be talking about system resiliency. Now, resiliency means being able to take a hit and keep going. the ability for organisations to lose a particular data center but still keep working. In this video, in particular, we’re going to take a look at alternative sites. And there are three things that you need to know for your exam. It’s going to be hot, cold, and warm there. So what exactly is this? Well, say, for example, you have a large organization.

They have particular data centres where they process and store their information. Imagine a bank that has gigantic databases of banking information. This could be banking transactions, the user’s information themselves, like who’s a member of the bank or credit card, how much money they have, and so on. So these things are stored in giant data centers. What happens if one of these data centres goes down? Right? What happens if one of these centres drops? Well, we have to have a way to back them up. But the question would be, how would they drop? What would cause them to drop? That would be things like hurricanes, floods, fires, and big power outages in that section. So when these things happen, these data centres go offline.

So the organisation needs a way to put a new one online, right? So this is what this is. These are going to be alternative sites that we could use in case one of these data centres basically goes offline. So let’s take a look here. So there are three of them we need to talk about. There will be a hot site, a cold site, and a warm side. Let’s start out with a cold site. So a coldside is an alternative site that the organisation can get that is basically an empty room with HVAC. This year has no equipment, but it does come with HVAC. They all come with HVAC. Okay? HVAC is an abbreviation for heating, ventilation, and air conditioning. So it’s basically a room with heating, ventilation, and AC. It has no equipment. It even lacks Internet access. Coal sites are basically empty warehouses that the organization will rent.

The problem with coal sites is that they will take a long time to come up because they lack equipment. Let’s say the main data center drops, and what happens is the organization now needs to go out and get all the equipment, maybe bring all the equipment from the dead side or the site that lost power, or they have to purchase new equipment. They have to call Verizon and get an internet line. This can take a long time. Now, coal sites are used in certain organizations, and people say, “Well, why would an organization want to wait weeks?” Well, remember something.

If they can offload some of that processing and spread it across other data centers, and it’s okay for them to be offline for a few weeks, it might be justifiable, and don’t forget that the other ones are simply more expensive. So this is the cheapest option you can go with for an alternative site, known as a cold site. OK? The next thing we’re going to take a look at is a warm site. So a warm site will come with some of the equipment. It may come with specific routers or services, and the organization just has to bring specific equipment. Maybe the organisation uses a very particular firewall, very particular ID systems, or very particular data storage systems, so they’re going to have to bring their own equipment. So it may come with an internet line. Of course, it comes with heating, ventilation, and AC as well. So they may have to bring some of their equipment. And this year, this might not take very long. It might only be a few days before they can actually get the centre up and running. This here, but take note, is simply more expensive than the cold side.

The other one here that we’ll talk about is going to be a hot site. So a hot sight will come with all of the equipment, all right? It will come with servers, firewalls, data storage systems, different types of database processing systems, and so on. Okay, food equipment. heating, ventilation, and AC; of course, internet; and everything else. All you’ve got to do in a hotspot is bring your data loaded onto the machines, and you’re good to go. And because of that, you only have to wait a few hours, right? How long does it take to load your data?

Loading up your data may only take three to four hours. If it’s not a lot of data, it’s a lot of data. It might take 18 or 24 hours, but you’ll be fine. Within 24 hours, you’re back up and running in this hot weather. But remember something: the hot side is going to be the most expensive here. Now the organisation needs to do a cost-benefit analysis of this. The cost-benefit analysis has to show that if we go down and we are losing hundreds of thousands of millions of dollars every hour, then the hot side is the place to go. If you go down, you may only be losing a few thousand dollars every day.

And it’s not justifiable to spend that extra money because these hot sites can run thousands of dollars a day; then it’s better to do a cold site. The organization needs to come up with that. They must conduct a cost-benefit analysis. It’s going to be different for every organization. Some organizations may only have one data center; others may have multiple data centers. It just depends on the organization. Okay, so for your exam, remember that coal sites have no equipment, but they’re the cheapest solutions, and they do take weeks to come up. A warm set has some of the equipment but takes a few days to come up. A hot tub is the most expensive option. has all the equipment It could be a few hours before it’s ready.

5. Deception and disruption  

In this video, I’m going to be talking about deception and disruption. So there’s an old saying in the world of security: It goes like this: When someone is looking for something, give it to them so they can stop looking. Hear me out on this. Imagine a hacker breaks into your network, and they’re looking for something very specific. They’re looking for confidential customer data. They’re never going to stop looking until they find what they’re looking for. So how about if we come up with some fake data and some fake servers or a fake network that’s loaded with fake data that’s easy to find, and then they go and they find it? And when they find it, they use it and leave because they think, “Oh, I stole the data.” This is all they have, and they go away.

This is the concept of a honey pot, a honey net, and honey files. Basically, these are going to be fake machines that you set up in your network to make them look like real machines. These machines are known to be vulnerable. And you’re hoping that when hackers break into your network or malicious employees look for data to steal or commit malicious acts with, they’ll go to the honey pot. Now it’s a honey pot because, basically, something sweet is enticing them. Hey, come here. Don’t go over there. That’s real data, right? Come here to this honey pot and take this fake data. So there are some terms here we need to know. For example, the first thing is a honey pot. So a honeypot is going to be a machine that you set up.

For example, you could have a honeypot. That’s a web server. So in your DMZ, where you have your public server, you put this honeypot. So this honeypot is going to mimic your real server. It’s going to have a website on it, but it’s going to have some vulnerabilities. You’re going to put some purposeful vulnerabilities on there. You don’t want to make it too obvious, but you’re going to put some vulnerabilities on there so the hacker can spend time trying to hack this particular web server. And what you’re going to do is put fake files on it, honeycomb files, deceptive files on the server. The honeypot files can also be within your network.

You may put fake files on particular servers. That way, in case anybody is looking for it, the thing you have to do is monitor the hell out of these things. You want to monitor them. Anyone who attempts to use the honey pots will be warned. So, you know, hey, somebody’s trying to hack this because somebody really should be here who’s authorized. Now, if you put a bunch of these honey pots in your network, you’ll get something called a honeynet. So if you have a whole fake network that looks like a real network, So if there are problems on your network, they can go there. And if they’re going to have honey, put some honey fouls and honey pops in your honey nest, okay?

So make sure you know these terms for your exam. Now the next term I wantto mention to you guys telemetry. What exactly is telemetry? Telemetry and software development are basically used to gather information about how people are using software. Let’s say you make an app, alright? You make an application, and you want to know how long people have been on the app. You want to learn how much they’re engaging with the app and how many links they’re clicking on.

Telemetry—this is the information we’re going to get out of it. Now, telemetry basically means data that’s acquired from other ends of the network that’s not directly available to you. So we have to find a way to keep track of this information. Fake telemetry would be fake data that you’re introducing just to throw hackers off. Maybe they’re looking to see how people are engaging with the app, but you basically give them fake information. And this is a very good one: a DNS sync.

This is a term you want to know for your exam. Also, here’s what a DNS sync is. So remember what DNS does, right? It translates domain names to IP addresses. So what exactly is the DNS sync hold? A DNS sync hole is going to be a false translation of a domain name to an IP address. DNS sync calls are basically used for formal and good reasons, right? for both security and malicious reasons Let me explain. So DNSYNC in a malicious way could be like when you redirect your browser. So when you go to Facebook, it takes you to a hacking website, but for a security reason. Here’s how you do it in businesses today: we set up DNS Sync calls to point to malicious websites, and we redirect them to good websites. So let’s say a user gets infected with malware A.

Now, what malware A does is redirect people to this malicious website to steal their information. However, you could create a DNS entry in your DNS server stating that this malicious domain is then redirected to another one. So when the malware infects the person’s computer, it doesn’t actually take them to a bad one, it takes them to a good one, right? So you’re reversing what the malware is actually trying to do. That would be a DNS sync.

You can use these in different types of proxy settings where, in organizations today, you don’t want people to go to social media sites. So you configure DNS synchronization whenever they visit this social media site. Maybe you don’t want Facebook to go to Facebook and redirect them to a company’s customized page that says employees are not allowed to access Facebook. They’ll have their DNS synchronized. Okay, in this one, we’re talking about some good stuff, right? Honey pots. Honey nuts. Honey files. Remember, those are going to be bogus files, bogus servers, and bogus networks that people can access if hackers break in. We talked with Telemetry to capture fake information about how users may be interacting with an application. Then DNS sync holes are basically false resolutions of DNS websites.

Leave a Reply

How It Works

img
Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
img
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
img
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!