Security Concepts
This is a guide on security concepts.
ISCĀ² Code of Ethics
Every industry has a code of ethics that's designed to guide behavior in a fair manner. Problem is, there are some people that simply choose not to follow any codes of ethics. ISC squared also has a code of ethics.
ISC squared stands for International Information System Security Certification Consortium. This is the standards' body that provides, among other certifications, the SSCP certification. So in addition to passing the SSCP exam, to be fully certified you also need to agree to abide by the ISC squared Code of Ethics when you perform security work. If you notice any code of ethics breaches it is your duty to report it to the ISC squared Code of Ethics Committee by filing a complaint.
Straight from the ISC squared Code of Ethics web page I've taken the following quote. The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this code is a condition of certification. There you have it, can't be any more clear than that. We need to agree to the code of ethics put forth by ISC squared to be fully SSCP certified.
The code of ethics, when it comes to clients that you're doing work for as an SSCP certified candidate, gives them assurances to your strength of character, integrity. And they can also have a high level of confidence in the security work that's being performed, because you will have passed the exam. And so you have demonstrated a level of expertise and knowledge.
The code of ethics consists of four canons. The first of which is to protect society, the commonwealth, and the infrastructure. For example, when we're performing security work for clients it would be our duty to discourage unsafe security practices.
The second canon is to act honorably, honestly, justly, responsibly, and legally. Bear in mind legally will vary from one part of the world to another. So it's up to us to understand that, especially if we are traveling to different regions on the planet to perform security work. [Video description begins] This requires truthfulness and objectiveness. [Video description ends] So really it boils down to being truthful and honest.
The third canon is to provide diligent and competent service to principals. And an example of this would be to preserve client IT systems and data to protect them, to not divulge any trade secrets. And of course, also to know when to escalate something. It's okay to not know everything. And so rather than cause a problem with a client if they ask you to do something or they ask you something that you don't know, it's okay to escalate it and to find out for the client.
The fourth and final canon is to advance and protect the profession. And at the individual SSCP candidate level, we can do this by maintaining our knowledge and skills, and also acting within the framework of the ISC squared Code of Ethics.
The Law and Organizational Ethics
Laws and ethics are not the same thing. There could even be a code of ethics within a specific organization. Or, as there is with ISC squared, to acquire the SSCP certification. Ethics really dictate professional conduct. Whereas laws are societal rules that are created by governments. And the disregard of those laws can result in penalties of some kind, including fines and incarceration.
Ethics are based on moral philosophy, where there aren't any specific written rules. It's not legally binding as a contract would be. And so as a result there are no specific penalties for ethical violation. And there are different types of ethics to think about. There are those that we adhere to in our personal life, but there are also those that we must adhere to in our professional careers. Then there are also societal types of ethics.
The law is specifically written with rules. So legislation passed by government committees, passes these laws that are put into effect and then they're enforced. So they are legally binding. And there are predefined penalties for law breakers. Now of course, laws will vary from one location to another location by jurisdiction. At the local or municipal level we could have laws that will vary compared to state, provincial and territorial laws. And certainly between countries national laws will vary. This is of the utmost importance. If, as an IT security professional, you find yourself traveling abroad, you need to be sensitive. And you need to also prep yourself on the laws, especially related to IT security in different parts of the world where you might be working. And certainly, we also need to be culturally sensitive, which usually feeds into ethics that will vary around the world.
Now, sometimes there's a blurry line between ethics and law. So imagine that we are an online retail, and so we accept payment through PayPal, through credit cards, through debit cards, and so on. What do we do if we have a security breach where some of that customer data has been compromised? Well, in some parts of the world we are required by law to notify customers within a certain period of time about the security breach. But at the same time, contradictory, in other parts of the world there are no such laws. Just because there isn't a law, however, doesn't mean that we shouldn't still do the right thing and notify customers of a security breach.
We also have to think about nondisclosure of exposure to sensitive data, trade secrets, and IT system configuration details. What this boils down to is that a security professional will have access to, and will see a lot of things that are specific and unique to a company. And often, if you're going to perform security work such as performing a vulnerability assessment or a penetration test for your organization, you'll have to sign a non-disclosure agreement or an NDA.
Then we have to consider breaking into vulnerable IT systems prior to notifying system owners. Sometimes you'll hear media accounts of people that break into corporate networks and then notify the corporation that they were able to break in. Now you have to be careful, because in many cases that's breaking and entering. You're breaking the law by doing that without the express permission of the system owner. So you're better off staying away from breaking into systems before getting permission from the owner of those systems, so play it safe.
Make sure that you're working within certain security boundaries, and also make sure you have consent to do what you're doing on the network. And you might consider participating in bug bounties. Bug bounties allow us to identify flaws in software, almost like a competition, and then receive payment from vendors. Or entering hacking competitions, or being hired by companies for penetration testing. Those are okay methods to break into vulnerable IT systems, because you've got express permission ahead of time. But we want to be very careful, and especially in different parts of the world where laws will vary.
The CIA Triad
If you work a lot in the IT security field, you will hear the CIA triad being referred to many times. It's a common IT security reference. The CIA triad is a general umbrella, if you will, under which all security controls exist. CIA stands for Confidentiality, Integrity, and Availability.
So let's talk about each of these, one at a time, starting with confidentiality. Confidentiality is used to protect sensitive systems and data from unauthorized access. And often this is done through the use of encryption, where we can encrypt data at rest or data that's being transmitted over a network.
Next we have integrity. Integrity really relates to assuring that we can trust data, or trust network transmissions. So we need assurances, then, that data came from who it says it came from. That data hasn't been tampered with, and also that the data that we've received hasn't been corrupted during the data transfer task. So file hashing is an example of making sure that we determine whether or not data has been tampered with. Digital signatures allow us to be assured that data came from who it says it came from. And Internet file download verifications is a way to verify that data that we've received. Files that we might have downloaded from the Internet, were not corrupted by the download process. We'll be looking at some examples of these things in other demos.
The last part of the CIA triad is availability. This means that we want to make sure our IT systems and the resulting data are always available. And one way to do this is through configuring load balancing. Whether it's for a public-facing type of application or even an internal line-of-business application that's private to the organization. Either way, it means that we've got multiple back-end servers hosting the same service. Data backup is also a part of data availability. So we have additional copies of data, ideally, some of which are off-site. And these days, off-site backups can also include backing data up from on-premises hosts into the cloud.
Another aspect of availability is replication, where we have additional up-to-date copies of data, ideally off-site. Now you might say, well, that's kind of similar to data backup, where we've got copies of data off-site. Well, the difference is that with replication, we have this continuous synchronization. So, for example, we might have an important database in one region, but we might create additional replicas of that database on servers in other locations. Now, because we've got replication happening, we've got an up-to-date copy of that data in different regions. [Video description begins] Ideally, these would be kept off-site. [Video description ends] Whereas a backup is only as up-to-date as when the previous backup was taken, which might have been the night before.
Now that we've talked about the CIA triad, we can clearly see, indeed, that security controls that we put in place to protect assets really do fall under this general umbrella.
Confidentiality
Confidentiality has always been important, but especially now in today's connected world, where everything is potentially available online. Confidentiality could mean restricting access to a system or protecting sensitive data through encryption. With encryption, the original data is called plain text and the encrypted data is called cipher text. But how do you get from point A to B? We're missing something here, let's talk about it in more detail.
On the left, we have plain text in the form of the quick brown fox. Now what happens to encrypt that data is the plain text is fed into an encryption algorithm. An encryption algorithm is a complex mathematical formula. Now we also have to feed a key into that encryption algorithm along with the plain text. We'll talk about keys in a minute. Once that's done and the encryption completes, we then have cipher text, which is scrambled data and you can't make sense of it unless you've got the proper decryption key.
There are two main types of encryption, one of which is symmetric encryption. This uses one unique key to encrypt and also the same unique key to decrypt, hence symmetric, same. Now, because we have one key that is used for encryption and decryption, it's also called a secret key. If anyone gets a hold of the secret key, they can decrypt encrypted messages. So there's a problem with this on a large scale, such as over the Internet. How do we securely distribute a symmetric key over the Internet? Well, we've got multiple devices and systems that, for the most part, have no affiliation with one another, so there's no pre-established trust. It's a problem. However, we'll talk about asymmetric encryption in a minute which addresses that problem. But first, let's talk about common symmetric encryption algorithms like 3DES.
Triple DES is the Triple Digital Encryption Standard. It used to be a big deal for the US government as a standard for encryption, back in the 1970s. [Video description begins] This refers to the former US government. [Video description ends] These days, the US government and in many other parts of the world, the AES encryption standard is used. It stands for Advanced Encryption Standard. So, it's accepted universally. Blowfish is a commonly used symmetric encryption algorithm that's used for file and folder encryption. MD5 is Message Digest algorithm 5, but it's not per se really for encryption but rather, for generating hashes. It's a hashing algorithm which relates to verifying the integrity of something such as a file on a disk volume.
Asymmetric encryption uses two different or two unique yet, mathematically related keys. One is called the public key. It's called that because you can make it publicly available and there's no security risk in having done that. There's also the private key which is related to the public key but like the name implies, the private key must be kept private. Only the owner of the key should have access to the private key. So you'll also hear asymmetric encryption commonly called public key encryption, or sometimes public key cryptography, all means the same thing.
Now, our previous problem with symmetric encryption of how to securely distribute the key over a network safely. That's not even an issue here because of the public key portion. We can give the public key to anybody that asks for it over a network, and there's no security risk. And you might say, wait a minute, how does that really address the whole encryption and decryption problem? Here's how, when you want to encrypt a message, whether you are a user sending an encrypted email or you're a device that wants to send an encrypted transmission to another device over a network. Whatever the case is, you need the target's public key to encrypt the message for them. Now there's no problem with that because it's a public key. So it can be sent to us over a network in its raw form, no security risk.
Now that we've got the target's public key, we can encrypt the data with that public key. On the other end, when that message is received, the target uses their private key, which is private to them only, to decrypt that same message. Because remember, with asymmetric cryptography, the public and private key pairs are mathematically related for this exact purpose.
Now there are some common asymmetric encryption algorithms as well as key exchange protocols. ECC, the Elliptic Curve Cryptography algorithm is an asymmetric algorithm that you'll find is used often where we need to use smaller keys because we've got less compute power available. Think mobile devices like smartphones. RSA has been around for a while. It bears the last names of its creators, Rivest, Shamir, and Adleman. This is widely used over the Internet everywhere with SSL and TLS. Then we've got Diffie-Hellman which isn't an encryption algorithm per se but rather, a method of key exchange over a public network.
Now you might wonder, that's all interesting academically, but what am I going to do with that knowledge? Well, in order to be accredited by certain bodies. So let's say, for example you're an online retailer, you're gonna have to demonstrate by acquiring PCI DSS security certification that you are properly protecting credit and debit card holder data. Now the specifics of exactly how you implement that aren't specified with PCI DSS, but rather the concept that it must be protected in a certain way. Yes, that is specified.
PIPEDA is related to Canadian data privacy laws. HIPAA is more related to data privacy for medical information in the United States. General data protection regulation 2016/679 is related to data privacy and whether it can be exported outside of the European Union. So all of these types of confidentiality related security accreditations will specify that things need to be protected, but the specific algorithm that gets used or how it's done is usually up to the implementer.
Now, some related technologies for things like data at rest and encryption would be things like Microsoft BitLocker disk volume encryption. Or Microsoft Encrypting File System, EFS, which allows users to choose which specific files and folders they want encrypted, as opposed to the entire disk volume. Then, depending on your public cloud provider, they might offer server-side encryption, where it can be turned on so that when you upload content to the cloud, it's automatically encrypted.
Then there is encryption of data in transit when it comes to confidentiality. We might use a virtual private network, or a VPN, to connect two devices over a public untrusted network and anything transmitted through that connection is protected, through the VPN encrypted tunnel. We might use Hypertext Transfer Protocol Secure, in other words, HTTPS for a secured website. We might use Secure Shell, SSH, to remotely administer things like routers or switches or printers, and so on.
So in the context of IT security, when we start talking about confidentiality, as you can see, it really relates to many different technological solutions.
Encrypt Data at Rest for Confidentiality
One way to protect data at rest is to encrypt it, and there are many ways to do that depending on the operating system you're using and which tool you select.
Microsoft Windows Server 2016 allows me to use Encrypting File System, or EFS, to encrypt individual files and folders. EFS was introduced way back in Windows 2000, the real only requirement is that you've got an NTS volume on which the files and folders that you want to encrypt reside.
So here on my server, I've navigated to drive C into a folder called Sample_Data_Files. [Video description begins] The File Explorer is open on a Windows machine. [Video description ends] I've got a couple of files here that I want to protect. [Video description begins] The files include a CSV file, a database file, and a spreadsheet. [Video description ends] The first one will be called Projects_2017-2018. [Video description begins] He points to the file, Project_2017-2018.csv. [Video description ends]
I'm going to go ahead and right-click on that file to encrypt it. I'll choose Properties, [Video description begins] He selects Properties from the right-click menu. The Projects_2017-2018.csv Properties dialog box opens. [Video description ends] and I'll click the Advanced button. [Video description begins] The Advanced Attributes dialog box opens. There is a section, Compress or Encrypt attributes. [Video description ends]
We've got an option here that says encrypt contents to secure data. [Video description begins] He points to the checkbox by that name. [Video description ends] And we don't have it checked on so, therefore, the file's not currently encrypted. I'm going to go ahead and turn on the check mark and I'll click OK twice. [Video description begins] He selects the Encrypt contents to secure data checkbox and clicks OK. The Projects_2017-2018.csv Properties dialog box displays. When he clicks OK again, an Encryption Warning displays. It prompts for an action. The options are to Encrypt the file and its parent folder (recommended) or Encrypt the file only. [Video description ends]
Then I get a message that tells me that the file would be encrypted, depending on the software I use to work with that file. Some software sometimes makes a temporary copy of the file and stores it somewhere. And that temporary copy of the file would not be encrypted, so it recommends that I encrypt both the file and its parent folder. And I can encrypt individual files, I can encrypt an entire folder all using this exact same mechanism. So I'm going to heed the advice and I will choose to encrypt the file and its parent folder, so I'll go ahead and click OK. [Video description begins] He clicks OK. The dialog box is dismissed. [Video description ends]
Now, you might wonder how exactly would I know that that's been done? Well, one way is to change your view settings. If I go to the View menu up at the top [Video description begins] He clicks the View tab on the ribbon. [Video description ends] and then click Options over on the right [Video description begins] He expands the Options drop-down menu. There is one option: Change folder and search options. [Video description ends] and then choose Change Folder and Search Options. [Video description begins] He selects the Change folder and search options. A Folder Options dialog box opens. [Video description ends] Under the View tab, [Video description ends] and then choose Change Folder and Search Options. [Video description begins] He clicks the View tab. [Video description ends] I've scrolled down, I can choose to show encrypted or compressed NTFS files in color. [Video description begins] He selects the checkbox, Show encrypted or compressed NTFS files in color. [Video description ends] So, I'm going to turn that on because it wasn't turned on, and I'll click OK. [Video description begins] He clicks OK. Two files now display in a green color within the Sample_Data_Files folder in File Explorer. [Video description ends]
Notice now that I've got a couple of files here listed with green text for the file name. And that's because those files are encrypted with EFS file encryption. Now at the same time, I could go ahead and right-click and go back into the Properties, [Video description begins] He right-clicks and selects Properties. The Projects_2017-2018.csv Properties dialog box opens. [Video description ends] back into Advanced. [Video description begins] He clicks the Advanced button. The Advanced Attributes dialog box opens. [Video description ends] And I could decrypt the file by removing the check mark and clicking OK, OK. [Video description begins] He deselects the Encrypt contents to secure data checkbox and clicks OK twice. [Video description ends] And because we've got the color for compressed or encrypted files turned on, it's pretty easy to tell that that has been changed. It's no longer encrypted. [Video description begins] The file no longer displays in a green color in File Explorer. [Video description ends]
So we have the option of protecting individual files and folders, protecting data at rest, essentially, using Encrypting File System.
Integrity
The integrity part of the CIA security triad really provides data assurances to make sure that data hasn't been tampered with or modified in an unauthorized manner. It can also be used to verify that data is not corrupt. And this would apply to data at rest, that's being stored somewhere, like on a smartphone, on a laptop, on a server, in the cloud. As well as to data being transmitted, whether that's being transmitted over a local area network or over the Internet.
Let's start by focusing on file hashing. File hashing is used to detect changes and to also verify file copies, such as downloaded files over the Internet. So the way that file hashing works is that the file data is fed into a hashing algorithm, such as MD5. Remember that algorithms are complex mathematical formulas. So the result of this mathematical formula, or hashing algorithm, is a unique value that's called a hash. Now, what we can do, then, is store that hash for future reference, because in the future, when we run a hash again, if we have the same hash, then the file is said to have been unmodified. It's the same as it was before. The hash value doesn't lie, because it's down to the bit level. However, when we generate a new hash, if it's different from the original hash, then we know that the file has been modified. But that's all we're going to know. If you need to know more, you might consider enabling something like auditing, so you can track who did what when.
When it comes to digital signatures, this is used to assure the validity of the sender of a network message, so to make sure that the message really was sent by who it says it was sent by. This also relates to something that's called non-repudiation. Non-repudiation means that the sender can't deny having signed a message. You'll see why when we talk about the relationship with the private key in just a moment.
So how do digital signatures work? Number one. Data, such as a transmission over a network or it could even be an email message, let's say, is fed into a one-way hashing algorithm. Then we end up with a unique hash value. So in number two, the sender's private key to which only they have access to, encrypts that unique hash value. So the hash value, then, is called the digital signature. So then, when the recipient gets that transmission, they can verify the signature with the sender's mathematically related public key. So what'll happen is, the public key will be used to determine what kind of a hash value is generated on the recipient's end. And, if it's the same, then it's valid. So this is a very interesting way to use public and private keys that differs from how it's used on the encryption side of things.
Now, when we say that in step four, that the recipient needs to verify the signature, depending on the solution you're using, that could be a manual process, but more often than not, it's automated. It's built into a protocol.
Generate File Hashes for Integrity on Windows
In this demonstration, I will generate file hashes using Microsoft Windows PowerShell. File hashing allows us to generate a unique value at a given point in time that really defines the state of that document. And if we generate the hash in the future and it's different, we know the file's been modified.
So what I'm going to do here in Windows is go to my Start menu and search for the word power. [Video description begins] In Windows 10, the presenter opens the Start menu and types "power" as the search term. In the Apps category of the Search results, the Windows PowerShell app is listed. [Video description ends] And I'm going to go ahead and start Windows PowerShell. [Video description begins] He selects Windows PowerShell in the Search results. Windows PowerShell opens. [Video description ends]
Now once I'm in PowerShell, I'm going to navigate to the appropriate location where I know that I've got some sample documents. [Video description begins] He enters the command: cd .\Documents\. The prompt changes from C:\Users\Admin> to C:\Users\Admin\Documents>. Then executes the command: cd .\Sample_Data_Files\. [Video description ends]
Now once I'm in that location, I'm just going to go ahead and type dir. [Video description begins] The prompt changes to C:\Users\Admin\Documents\
What I want to do is generate a file hash for everything here. So I'm going to use the get -filehash PowerShell commandlet to do that, and I'll specify *.*, or asterisk dot asterisk. every file and every file name extension in the current location, and I'll go ahead and press Enter. [Video description begins] He runs the cmdlet: get-filehash *.*. The output displays as a three-column table with column headers: Algorithm, Hash, and Path. Several rows of output display. [Video description ends] And noticed once we've done that, it's gone ahead and it's generated unique file hashes, and it's done it for all of the files, not the directories. [Video description begins] There are seven rows in the table, one for each of the files in the directory. The Hash column contains a unique hash value, consisting of a string of alphanumeric characters, for each row entry. [Video description ends]
Now, each of these unique hashes, again, uniquely identifies each of these files. So what I'm going to do then is run that command again, but I'm going to pipe it using a vertical bar to SELECT. Now, select doesn't have to be upper case, I'm just doing that to illustrate that we're piping it to a different command, so we can control the output a bit. What I want to see is the path and the hash items or properties. [Video description begins] He runs the cmdlet: get-filehash *.* | SELECT path, hash. This time the output consists of only two columns: Path and Hash. Again there are seven rows of output, one for each of the files in the directory. [Video description ends]
So notice now I can actually see the file names listed on the left along with their associated hashes on the right. [Video description begins] For instance, the value of the first row of output in the Path column is: C:\Users\Admin\Documents\
Now, for example, if I were to just bring up the previous PowerShell command with the up arrow key, [Video description begins] He presses the Up arrow key and the cmdlet that displays is: get-filehash *.* | SELECT path, hash. [Video description ends] I could change what I want to see. Let's say I only want to see the hashes. [Video description begins] He modifies the command to: get-filehash *.* | SELECT hash. And he runs it. Now the output yields a single column, Hash, with seven hash row values. [Video description ends] This way I can see the entire hash for that first file, that HR_Employelist. [Video description begins] The hashes in the output display without being truncated. He highlights the first row's hash value. [Video description ends]
I'm going to copy that to the clipboard and paste it in WordPad. The reason I've done this is I'm going to go ahead and modify that file, and get the file hash for it again. And it should be different than this hash, because the file will have been modified. [Video description begins] The hash value that he copied displays in a document in WordPad. [Video description ends]
I've opened up that spreadsheet here in Excel, [Video description begins] The spreadsheet, HR_EmployeeList.xlsx, is open in Excel. [Video description ends] and I'm just going to add some sample data for hours worked, and the hourly wage. The point is I've made a change to the file that I will then save, I'll click the Save button. [Video description begins] He adds the value of 50 to the Hours Worked column and he adds the value of 15 to the Hourly Wage column. He clicks Save on the Quick Access Toolbar. [Video description ends]
Back here in PowerShell, [Video description begins] Windows PowerShell is open. The prompt is still within the Sample_Data_Files directory. [Video description ends] I'm going to run get-filehash, but this time only against that HR file. So I'll type hr and press Tab, and it finds that unique filename in the current directory. [Video description begins] He runs the cmdlet: get-filehash .\HR_EmployeeList.xlsx. [Video description ends]
Notice now that our hash is not the same as it was, but let's just verify by copying that [Video description begins] The output displays a different value in the Hash column. He selects it and copies it. [Video description ends] and pasting it into WordPad where the original hash of that same file exists. And sure enough after I've pasted this hash, it's quite clear that it's different from the original hash. And so as a result, we know that that file has been modified. [Video description begins] The second hash value is pasted below the first in the WordPad document. The values differ. For example, the first hash starts in DD6BBB whereas the second hash starts in 93ADDC. [Video description ends]
Now whether it was modified from an authorized user versus an unauthorized user, that we don't quite know. And that's where we could take a look at audit logs if we've enabled auditing, to see who made the change at a specific date and time. But at this level with hashing, all we can tell is that a change has been made.
Generate File Hashes for Integrity on Linux
The first thing I'll do here in my Linux system where I've already logged in is generate a simple text file. And I'll do that by typing in echo and in quotes, Line one. And then after that I'll use a greater than sign, that's the output redirection symbol and I'm going to put that into a file called file1. [Video description begins] He runs the command: echo "Line one" > file1. There isn't any output. [Video description ends] So now if I use the cat command in Linux to display the contents of file1, we can see it has the text Line one. [Video description begins] He runs the command: cat file1. The output reads: Line one. [Video description ends]
Now, what I want to do is generate a file hash of that file as it is right now. And to do that, I'll use the md5sum command. I'll type md5sum, for message digest five and then the name of the item I want to generate a hash for, in this case, file1. [Video description begins] He runs the command: md5sum file1. The command outputs a hash followed by the file name, file1. [Video description ends]
Now, we can see it's returned a unique hash based on the data currently in file1. What I'm going to do is echo Line two. And I've got to use the double redirection symbol, two greater than signs which means I want to append to whatever is already in, in this case, a file called file1. [Video description begins] He runs the command: echo "Line two" >> file1. There isn't any output. [Video description ends] And if I cat file1 to show the contents of the file, indeed, we can see that it's now got not only Line one, but also, Line two. [Video description begins] He runs the command: cat file1. The output reads: Line one Line two. [Video description ends]
So I'm going to use my up arrow key to run md5sum against the same file, [Video description begins] He presses the Up arrow key and presses Enter to run the md5sum file1 command again. The command outputs a hash value followed by the file name, file1. [Video description ends] and notice that we now have a totally different file hash. It starts with d5 compared to the previous one which began with c9. And that's because the file has been modified. And with file hashing, if there's been a modification made to a file, we end up with a different hash when we compare it later on down the road.
Availability
Another important aspect of the CIA security triad is availability. This really relates to business continuity to make sure the business processes can run uninterrupted in the event of some kind of negative incident. So it means constant availability where possible. And that would be availability to make sure that IT systems are kept up and running and also to make sure that the data is accessible when it's needed.
So with availability, one form of this is a service level agreement, or an SLA. This is a contract between a service provider and a service consumer such as with Cloud services. [Video description begins] SLAs are commonly used with cloud services. [Video description ends] So a cloud provider might have an SLA for their cloud storage, which would be different from their SLA for running virtual machines in the cloud. So in other words, each service would have a different type of SLA. So the SLA, then, provides guaranteed uptime, otherwise service credits are issued to the account holder. And that's certainly true in the public cloud forum.
Load balancing, as pictured on the screen, works to provide resilience to failure, as well as to improve application performance. [Video description begins] A graphical representation of a load-balanced network display. In the diagram, a network load balancer acts as an intermediary between several app servers and app users that connect via the Internet. [Video description ends] In the upper-left of the diagram, we have our application users, and they would connect through the Internet to the network load balancer. The way that would work is they might go into a web browser and type in an address, and that would resolve to the public IP address of the network load balancer.
Now, the network load balancer would then receive those client requests, let's say, for a web application. The network load balancer would then forward that to the least busy and healthy backend app server. Now, network load balancers, most of them at least, will have configuration settings for how often they should check the health of backend servers. The idea being that we don't want the load balancer sending client requests to a backend server that's not running or is unresponsive. So this serves two purposes. We've got multiple servers hosting one app, it runs quicker. Number two, if we've got an app server failure, there are other app servers that will remain running. So we've got the fault tolerance side of it as well.
Availability also relates to data backup, whether we manually back data up or whether it happens in an automated fashion through a backup schedule. Off-site backups are always absolutely critical. And the way that this works these days is much easier than the way it used to work. In the olden days, so to speak, off-site backups meant that you would have backup tapes that were backed up locally on-premises at a site, and those tapes would physically be taken to another location for safekeeping. That way, if there was a flood in the building or the building burnt down or anything like that, you still had a backup of your data stored off-site. These days, it's much easier, you can simply back data up to the cloud.
So cloud backup works for individuals, as well as for enterprise solutions as well. [Video description begins] And so off-site backups to the cloud are commonly done. [Video description ends] But we always have to consider when it comes to data backup, yes, that's a part of data availability. It's part of the CIA security triad. But how quickly can that data be restored? So imagine that an enterprise is backing up hundreds of gigabytes of data into the cloud. Well, we have to consider, what kind of Internet connection do they have? Because that will determine how long it will take to restore that data from the cloud back to on-premises if that's where it needs to be restored to.
So this really relates to things like the Recovery Time Objective, or the RTO. In other words, how quickly can data be restored, or how quickly can systems be brought back online? Which could be related, because without data, maybe the system won't function and won't be online. But then, we have to also consider how much data loss can be tolerated. If we've had a system failure and data is rendered corrupt, what do we do about data that was modified or created since last night's backup, for instance? Well, we would lose a few hours of work. And that's related to the Recovery Point Objective, or the RPO, which stipulates the maximum amount of tolerable data loss. And so our backup schedule should be configured in accordance with the RPO within the organization.
Another aspect of availability would be things like system restore points. Windows client operating systems like Windows 8 and Windows 10 support system restore points. [Video description begins] Operating system can be abbreviated as OS. [Video description ends] This allows us to revert the entire configuration of the system to an earlier point in time if system restore points are configured. However, bear in mind that if we're going back, let's say, to two weeks ago with the configuration of a Windows system, that might be before you installed apps that you're currently using. And so it will appear, then, that apps are removed. However, data is not affected. It's not like it's going to revert your data files and your documents folder back to the state they were two weeks ago. Data is untouched with system restore points.
Another availability potential would be versioning, storing multiple versions of something such as documents in a Microsoft SharePoint site, or even enabling file system versioning in Windows where you could right-click on it to restore a previous version of it. That is another aspect of data availability that we should consider.
So as the old saying goes, there's more than one way to cook a turkey. There are many ways to implement availability for systems and data in the IT realm.
Configure Windows Server 2016 Backup
Here in Microsoft Windows Server 2016, I'm in the Server Manager GUI tool, which should start automatically after you sign in. If it doesn't, it's been disabled and you can simply go to your Start menu [Video description begins] The presenter expands the Start menu. [Video description ends] and launch the Server Manager from there. [Video description begins] He minimizes the Start menu. [Video description ends]
Server Manager is important because the Windows Server backup feature, while available, is not installed by default. So here from Server Manager we have one method by which we can install it. For example, I could click Add Rules and Features, [Video description begins] From the Dashboard, he clicks the Add Roles and Features link. The Add Roles and Features Wizard opens. [Video description ends] I'll accept the defaults in the first part of the wizard, since I want to install something on the server from which I am running this tool. [Video description begins] He skips past the configurations for the first three Wizard pages to arrive at the Select server roles page. [Video description ends]
And I'll go past the Roles list, on to Features. [Video description begins] He proceeds past the Select server roles page. The Select features page opens. A list of Features display, with two pre-selected: .NET Framework 4.6 Features (2 of 7 installed) and Group Policy Management (Installed). [Video description ends] And if I go down the list of features, we can see way down in the Ws that Windows Server Backup, in this case, is already installed. It says Installed in parentheses, we've got a check mark. [Video description begins] He points to the checkbox for a feature, Windows Server Backup (Installed), which is selected. [Video description ends] Otherwise, we would simply have to make sure that that gets done.
So I'm going to cancel out of this, and I'm going to go to my Start menu [Video description begins] He clicks Cancel to dismiss the Wizard. He opens the Start menu. [Video description ends] and type in backup to start the Windows Server Backup tool. [Video description begins] He types: backup. Windows Server Backup is listed in the Best match category for the search results. He selects Windows Server Backup. Windows Server Backup opens on the Local Backup node in its own window. [Video description ends]
Now here, I've got local backup options, where I have a backup that has failed in the past. [Video description begins] In the details pane, he selects a Backup that has a Description value of: Failed. [Video description ends] But no worry, because we're going to configure a scheduled backup now. So I'm going to click Backup Schedule, [Video description begins] He selects Backup Schedule in the Actions pane. The Backup Schedule Wizard opens on the Getting Started page. [Video description ends] and then in the wizard I'll click Next. [Video description begins] He clicks the Next button. The Select Backup Configuration page opens. It prompts to confirm What type of configuration you want to schedule? There are two options: Full server (recommended) and Custom. [Video description ends]
I don't want to backup the full server, I'm going to choose Custom so I can cherry pick which components I'll want to backup, [Video description begins] He selects the Custom radio button. [Video description ends] then I'll click Next. [Video description begins] The Select Items for Backup page opens. There is an Add Items button. [Video description ends] When I click the Add Items button, I can choose to perform a bare metal recovery type of backup. [Video description begins] He clicks Add Items. A Select Items dialog box opens. Options are: Bare metal recovery, System state, System Reserved, Local disk (C:), and New Volume (E:). He points to Bare metal recovery. [Video description ends] That would be applicable and useful if I wanted to make sure I could restore the entire server operating system and its current configuration if I had to replace the machine, either with a physical computer or a virtual machine. I could also back up system state, such as if I'm using the Microsoft IIS web server. Settings like that, or if it's a domain controller backing up the Active Directory domain database and so on.
Then I've got a list of disk partitions. I'm interested in drive C, where I've got a folder called Sample Data Files. And if I turn on the check mark to select that for backup, [Video description begins] He expands the Local disk (C:) node and selects the checkbox associated with Sample_Data_Files. [Video description ends] if I were to drill down under Simple_DataFiles. Notice that everything else that's subordinate is automatically selected and included for backup, which makes sense. [Video description begins] He expands the Sample_Data_Files folder. Its contents have checkboxes associated with each, all of which are selected. [Video description ends] So I'm going to click OK [Video description begins] He clicks the OK button. The Select Items for Backup Wizard page now lists the C:\Sample_Data_Files directory. [Video description ends] and Next. [Video description begins] He clicks the Next button. The Specify Backup Time page opens. There are two options to configure How often and when do you want to run backups? The options are Once a day or More than once a day. [Video description ends]
Then it asks how often and when you want to run your backups. So maybe I'll choose Once a day and let's say at 7 PM, local time. [Video description begins] With the Once a day radio button selected, he expands the Select time of day drop-down menu. He selects 7:00 PM. [Video description ends] So we could do that or we could choose more than once a day, but I'll stick with 7 PM once a day and then I'll click Next. [Video description begins] He clicks Next. The Specify Destination Type page opens. The Wizard prompts the user to specify Where do you want to store the backups? There are three options: Back up to a hard disk that is dedicated for backups (recommended), Back up to a volume, or Back up to a shared network folder. [Video description ends]
So then I can choose to back up to a hard disk that I've got dedicated for backups. I could back up to another disk volume or even a shared network folder. So I'm going to go ahead and choose Backup to a volume and click Next, [Video description begins] He selects the Back up to a volume radio button and clicks Next. The Select Destination Volume page opens. There is an Add button. [Video description ends] and then I have to click Add. [Video description begins] He clicks the Add button. An Add volumes dialog box opens. Two volumes are listed: System Reserved and New Volume (E:). [Video description ends]
I'm going to add a small disk volume I have here for drive E, which is going to be used solely for backups. [Video description begins] He selects New Volume (E:) and clicks the OK button. The volume is now listed on the Select Destination Volume page. [Video description ends] Now, that could be either local storage, or it could be network storage that gets backed up elsewhere. But either way, we want to make sure if this is local storage. Certainly, we have to make sure that we back it up and have a copy stored away from the server because if there's a problem with the server, we don't want this backup to be taken down with it. I'm going to go ahead and click Next [Video description begins] He clicks Next. The Confirmation page opens. It lists the configured settings, including the Backup times, Files excluded, and Backup destinations. [Video description ends] and then I'll click Finish. [Video description begins] He clicks the Finish button. The Summary page opens and a progress bar displays the status of the backup process. [Video description ends]
So we've now got a backup schedule that's being created for this server, [Video description begins] The backup completes and he clicks the Close button to dismiss the Wizard. [Video description ends] and we have the option of either waiting for that to back up, or what we could do, and by the way, we'll see Next Backup down here. [Video description begins] In Windows Server Backup, he points to the Next Backup section. [Video description ends] We can see the date and we can see the time, it's 7 PM. [Video description begins] The Status is: Scheduled. The Time is: 11/16/2018 7:00 PM. [Video description ends]
Or we can also click Backup Once over on the right to perform a backup right now. [Video description begins] He points to the Backup Once option in the Actions pane. [Video description ends] And should we have a problem in the future, if the server is running, which it is now, we also have the option of performing a recovery from our backup. [Video description begins] He points to the Recover option in the Actions pane. [Video description ends]
Accountability
In IT security, accountability can be used to track which user, device, or piece of software accessed a system or data and on what date and time that occurred. So we're talking about IT system usage. We're talking about data access. We're also talking about the role that various personnel play in relation to business processes. Let's talk about each of these three items.
Let's start by talking first about IT system usage. So we can audit when people, devices, or software access an IT system. But then we also have to consider how that access occurs through authentication. Authentication is the proving of one's identity, and it's a big deal with IT security. Because we don't want anybody to be able to authenticate to sensitive systems. So therefore, there should be no shared use of accounts. Every user should have their own separate and unique user account for tracking purposes. And those accounts should use strong passwords. And ideally in addition to that, Multi-Factor Authentication or MFA. And we see this everywhere these days, even at the consumer level.
So if you've got an eBay account or a PayPal account, anything like that, you'll find that when you sign in. You have to sign in with your username and password, that's something you know. Then after that, it'll send your mobile device a unique code that you then have to enter. So you have to possess or have that device, since Multi-Factor Authentication, something you know and something you have. This is a good thing, and it's being used everywhere.
Then there's time synchronization. Now, you might scratch your head and say, well, wait a minute, what does time synchronization have to do with IT system usage and accountability? Well, if we're going to track IT system usage, we need to make sure we've got reliable date and time stamps that are adjusted for time zones. Because all actions, depending on what we decide to audit, that is, will be time stamped. [Video description begins] In addition, audit data should not be stored on the device being audited. [Video description ends]
When it comes to data access, we need to think about auditing, reading, and writing of data. You want to be very selective when you configure auditing because it doesn't take much to be inundated with a lot of useless audit information. So for example, you don't want to audit everyone's reading of a particular file on a server, perhaps, if you're only interested in auditing a specific subset of users accessing that file.
We have to think about the protection of Personally Identifiable Information otherwise called PI. This would be things like credit card numbers, date of birth, mother's maiden name, and so on. Then there's also, on the health side, Protected Health Information or PHI which is designed to be protected by the US HIPAA legislation.
Audit data also should never be stored on the device that's been audited. Because if it's compromised, then the audit data too could be compromised. So usually it makes sense to store audit data elsewhere on a protected host on a protected network. And also have file integrity checking enabled so we can detect tampering of audit data by unauthorized users or processes.
On the personal level, we've got different roles for employees in the organization that relate to business processes. And so we have to think very carefully about that. There need to be clearly defined job responsibilities. And we have to adhere to the principle of least privilege. Which means that we only ever grant permissions to a system, to data, that are required to perform a job function, and that's it, nothing more. So that means that we don't put people in the administrators group just to make sure they have access to everything. That is a violation of the Principle of Least Privilege.
There should be separation of duties, and this stems all the way back to accounting. For example, we don't want the same person that approves purchase orders to be cutting checks. There should be job rotation. One of the great things about job rotation is that it not only allows different people in the organization to acquire a broader set of skills. But it also allows the new occupier of a job to notice any potential anomalies that might point back to fraud from the previous job occupant. And the same thing is true with mandatory vacations. By making sure people are on vacation, people taking over for them might notice anomalies in business processes which, of course, are supported by IT systems.
Enable File System Auditing on Windows Server
Auditing a file system on a server feeds into accountability. We can track which user accounts were used to do what to specific files at a given date and time.
So here in Server 2016, I've got a file that I want to audit read access to for the administrator account. [Video description begins] The File Explorer is open at the directory C:\Local Disk (C:)\Sample_Data_Files on a Windows Server 2016 machine. The presenter points to a file, Projects_2017-2018.csv. [Video description ends] So to set that up, I'm going to right-click on that file in question, and I'm going to go into Properties. [Video description begins] He right-clicks the file and selects Properties. A Projects_2017-2018.csv Properties dialog box opens on the General tab. [Video description ends]
Auditing is hidden under the Security tab. So I'm going to go under Security [Video description begins] He clicks the Security tab. [Video description ends] and then I'll click the Advanced button. [Video description begins] He clicks Advanced. An Advanced Security Settings for Projects_2017-2018.csv dialog box opens on the Permissions tab. [Video description ends] Here we'll see that we finally have an auditing tab. [Video description begins] He clicks the Auditing tab. A list of Auditing entries displays, which is currently blank. There is an Add button. [Video description ends]
Now, there are no auditing settings currently configured for this file, otherwise they would be listed down below. [Video description begins] He points to the Auditing entries list. [Video description ends] So I'm going to go ahead and click the Add button. [Video description begins] He clicks Add. An Auditing Entry for Projects_2017-2018.csv opens. There is a Principal field as well as a Type drop-down list. With Principal not yet specified, there is a link, Select a principal. [Video description ends]
The first order of business is to select the security principal that we want to audit, for example a user or a group. So I'm going to click Select a principal, [Video description begins] He clicks the Select a principal link. A Select User, Computer, Service Account, or Group dialog box opens. [Video description ends] and I'm going to type in administrator, then I'll click OK. [Video description begins] He types "administrator" into the field, Enter the object name to select. He clicks OK. A Multiple Names Found prompt opens, asking for confirmation on whether it's Administrator or the Administrators group. [Video description ends]
Now it wants to make sure I know what I'm talking about, whether it's the administrator user or the administrator's group, so I'm going to select the administrator user account and click OK. [Video description begins] He selects Administrator and clicks the OK button. The Principal is now specified within the Auditing Entry for Projects_2017-2018.csv dialog box. [Video description ends]
What I want to do is audit either the success or the failure of doing something, in this case, to the file or both failures and successes. I'm only interested in auditing successful access to the file, in other words, reading of the file. [Video description begins] He selects Success in the Type drop-down menu. The other two options are Fail and All. He points to the Read & execute checkbox, which is selected in the Basic permissions list. The Read checkbox is also selected in Basic permissions. [Video description ends]
Now, you want to be very particular about what you choose to audit because it doesn't take long before we get overwhelmed with a lot of useless information. So if I don't care about auditing the failure of the administrator account trying to access this file, then I shouldn't audit that. So I'm going to leave it on success, read and execute, and read. [Video description begins] He points to the two checkboxes that are selected. [Video description ends]
I don't have any further conditions for this auditing configuration. [Video description begins] He points to the third section, which is to Add a condition. [Video description ends] So I'm just going to go ahead and click OK. [Video description begins] He clicks OK. The Advanced Security Settings for Projects_2017-2018.csv dialog box now displays the Administrator item within the Auditing entries list. [Video description ends] Then OK again, and OK. [Video description begins] He clicks the OK button. The Projects_2017-2018.csv Properties dialog box displays. He clicks OK again to return to File Explorer. [Video description ends]
The next thing I need to do is enable the global option for auditing of file system objects. And for that, I'm going to fire up the Server Manager tool. [Video description begins] He opens the Start menu and clicks the Server Manager tile. The Server Manager opens on the Dashboard. [Video description ends] Now, I don't have to go directly through Server Manager, but Server Manager gives me a Tools menu where many common administrative tools are listed, including Group Policy Management, which I'm going to click here. [Video description begins] He expands the Tools menu from the menu bar and selects Group Policy Management from the menu items. The Group Policy Management console opens. [Video description ends]
Within the Group Policy configuration tool, I'm going to modify the default domain policy. [Video description begins] The Default Domain Policy node is selected within the Group Policy Management hierarchical tree structure. [Video description ends] This will apply to all users and devices that are joined to this Active Directory domain. So I'm going to right-click and choose Edit to edit the settings within the default domain policy. [Video description begins] He right-clicks the Default Domain Policy node and selects Edit in the shortcut menu. The Group Policy Management Editor opens. [Video description ends]
I'm interested primarily in going into the audit configuration under the Computer Configuration. [Video description begins] He points to the second-highest node, Computer Configuration, within the navigation pane. [Video description ends] So under Computer Configuration, I am going to go down under Policies. [Video description begins] He expands the Policies node. It lists three subnodes: Software Settings, Windows Settings, and Administrative Templates. [Video description ends] I'm going to go down under Windows Settings. [Video description begins] He expands the Windows Settings subnode. It lists several child nodes: Name Resolution Policy, Scripts (Startup/Shutdown), Deployed Printers, Security Settings, and Policy-based QoS. [Video description ends]
When that expands, I'm then going to go down under Security Settings, [Video description begins] He expands Security Settings. [Video description ends] and then we're going to go down under the Advanced Audit Policy Configuration where I can click on Audit Policies. [Video description begins] He expands the Advanced Audit Policy Configuration node and selects its child node: Audit Policies. [Video description ends] I'm going to further expand that. What I'm interested in is what's called Object Access, that relates to file system objects. [Video description begins] He expands the Audit Policies node and selects a child node: Object Access. In the details pane, several audit event subcategories are listed. [Video description ends]
So what I'm going to do then is go ahead and turn on the Audit File System. [Video description begins] He double-clicks an audit event subcategory, Audit File System. The Audit File System Properties dialog box opens. [Video description ends] So configure the following audit events. [Video description begins] He selects the checkbox: Configure the following audit events. Two events are listed, Success and Failure, each with an associated checkbox. [Video description ends] In this case, I'm only interested in auditing successful access to file system objects. [Video description begins] He selects the Success checkbox. [Video description ends] Otherwise, I would turn on the check mark for failure. So I've turned on Success. I'll go ahead and click OK. [Video description begins] He clicks the OK button. In the details pane, the Audit File System subcategory now lists an Audit Events description of: Success. [Video description ends]
Now, the other thing I have to do is bear in mind that if I'm making this change in group policy in a Microsoft Active Directory environment, I have to wait for group policy to be applied by affected computers. Before they'll know that this global file system auditing option is turned on. So what I'm going to do here on my server is go straight into a command prompt [Video description begins] He opens the Start menu and selects Command Prompt. The Command Prompt window opens for the Administrator user. [Video description ends] and type in gpupdate/force. So I want to force group policy to update now. And I also want to make sure that even if we've got group policy settings from before, I want to make sure we have them all. I want to check them all again. [Video description begins] He runs the command: gpupdate/force. The output reads: Computer Policy update has completed successfully. [Video description ends] So we can see that the computer policy update then has completed successfully.
So if I type in whoami, I see indeed that I am logged in as the domain administrator account, [Video description begins] He runs the command: whoami. The output reads: fakedomain1\administrator. [Video description ends] so I'm going to go ahead and access that file that we've enabled auditing for. [Video description begins] He closes the Command Prompt and he closes the Group Policy Editor. The Group Policy Management console displays. [Video description ends]
Now, we could have enabled that for other users or other groups, but in this case I'll just go ahead and open up the file. [Video description begins] He closes the Group Policy Management Console as well as the Server Manager. He double-clicks the file, Projects_2017-2018.csv, in File Explorer. A How do you want to open this file? prompt opens. [Video description ends] I'll choose to open it up using WordPad. [Video description begins] He selects WordPad in the list and clicks the OK button. [Video description ends] And after a moment, we can see indeed that we have opened the file. So we've read the contents of the file. [Video description begins] The Projects_2017-2018.csv file opens in WordPad. [Video description ends]
Now, when you want to read auditing entries, it might take a moment or two, but you can do that through the Windows Event Viewer. [Video description begins] He closes WordPad. The File Explorer displays. [Video description ends] So on this same host, I'm going to go ahead and start up the Event Viewer. So I'm going to search for an event, and then I'll click the Event Viewer. [Video description begins] He launches the Start menu and types a search for: event. The Event Viewer is listed in the Best match category. He selects Event Viewer from the search results. The Event Viewer opens. [Video description ends] Then I'm going to go ahead and expand this.
Now, I'm interested in going down under Windows Logs, and specifically I'm interested in security because we're talking about auditing of the file system. [Video description begins] He expands the Windows Logs node within the navigation pane and then selects the Security child node. [Video description ends] I can see we already have a lot of Audit Success messages here in the security log with date and time stamps. [Video description begins] He points to several Audit Success event entries that are listed in the details pane. [Video description ends]
So, having one selected, if I were to click on details at the bottom, and looking at the friendly view, [Video description begins] He selects an Audit Success event in the list and clicks the Details tab. The Friendly View radio button is selected. [Video description ends] we can see here that it's recorded that a user administrator in a domain called FAKEDOMAIN1, accessed a file. And we can see the object or file name listed here. [Video description begins] He points to the ObjectName, C:\Sample_Data_Files\Projects_
Explain and Implement CIA
Confidentiality normally means encryption, when we're talking about technical IT Solutions. And we're talking about encryption for data at rest, data that's stored somewhere. And we could do that using the Blowfish algorithm which is often used for file and folder encryption. But it's not the only game in town. We might also use Microsoft Encrypting File System, EFS, file and folder encryption. We might use Microsoft BitLocker, disk volume encryption, to name just a few.
For data in transit, over the network, we might use a virtual private network. A VPN sets up two connectivity points, sets up a tunnel, and anything transmitted between those two points is protected because it goes through an encrypted tunnel. We might use SSH, Secure Shell for remote administration which also supports encryption. Nothing is sent in plain text with SSH, like it is with Telnet. We might also use HTTPS, for secured websites that use SSL or TLS certificates.
Integrity normally means hash generation. Generating a hash, means feeding data into a one-way algorithm at the bit level, which results in a unique hash. And the hash is used so that we can detect modifications in the future. Then we can also use this to prove message authenticity when messages are sent over the network. And one of the reasons for that, is because the generated hash for a transmitted message gets encrypted with the sender's private key. So with file hashing, we generate a unique file hash. And when we generate that hash in the future, if the hash value is different from when we originally generated a hash, it means the file has been modified.
On the availability side, we have to think about IT systems and the resultant data that need to be accessible. One way is through redundancy. For example, we might create replicas or copies of a database in different locations that are kept in sync, so that we've got multiple copies. We would back up data, such as off-site backups including to the Cloud. That's considered off-site. We might use load balancing, where we've got multiple back-end servers that are serving the same app. To increase or improve the performance of that app and also to increase resiliency in case one of those servers in the back-end fails.
Here in PowerShell, if I type dir, I see a number of files. [Video description begins] In this instance, the directory is: C:\Users\Admin\Documents\
So in PowerShell, I can use the get-filehash commandlet to do that. So I'll type in west and I'll press tab. And because that part of the founding was unique, it expanded and gave me the entire file name. When I press enter, I can see that I've got a SHA-256, that's secure hashing algorithm 256 hash value. [Video description begins] He runs the cmdlet: get-filehash .\WesternRegion_Budget_2018.
Now, currently that hash value begins with 2EF65 and so on. So we need to record this hash value somewhere, such as storing it in a file. The idea is that if we generate the hash in the future, and it's different, it means that the file has been modified.