11 Endpoint Security Flashcards
What is the importance of using appropriate cryptographic solutions?
Ensures data confidentiality, integrity, and authenticity.
Tools include Trusted Platform Module (TPM), Hardware Security Module (HSM), Key Management System, and Secure Enclave.
What are the types of vulnerabilities?
Operating system (OS)-based, Hardware (Firmware, End-of-life, Legacy), Misconfiguration.
Each type presents different risks that need to be managed.
What is the purpose of mitigation techniques in securing the enterprise?
To reduce risk and enhance security through strategies such as patching, encryption, and configuration enforcement.
Other techniques include decommissioning and hardening techniques.
List some hardening techniques.
- Encryption
- Installation of endpoint protection
- Host-based firewall
- Host-based intrusion prevention system (HIPS)
- Disabling ports/protocols
- Default password changes
- Removal of unnecessary software
Hardening techniques are critical for securing systems.
What are the security implications of different architecture models?
Architecture models can affect the security posture of IoT, Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), Real-time Operating Systems (RTOS), and Embedded Systems.
Understanding these implications is crucial for security planning.
What are secure baselines?
Establish, Deploy, Maintain.
Secure baselines help ensure consistent security configurations across systems.
What does proper hardware, software, and data asset management entail?
- Acquisition/procurement process
- Assignment/accounting (Ownership, Classification)
- Monitoring/asset tracking (Inventory, Enumeration)
- Disposal/decommissioning (Sanitization, Destruction, Certification, Data retention)
Effective asset management is key to maintaining security.
What tools are used for security alerting and monitoring?
- Antivirus
- Data Loss Prevention (DLP)
These tools help detect and respond to security incidents.
What is endpoint detection and response (EDR)?
A security solution for detecting, investigating, and responding to endpoint threats.
EDR is part of enhancing overall security capabilities.
True or False: Endpoints significantly outnumber servers and network devices in most organizations.
True
This makes endpoint protection a major task for security professionals.
What are some techniques to secure a system’s boot process?
Secure boot, firmware validation, and integrity checks.
These techniques help prevent unauthorized access at startup.
Fill in the blank: _______ involves the practices of detecting, preventing, and remediating malware infections.
Antimalware and antivirus tools
These tools are essential for maintaining system integrity.
What specialized systems are discussed in relation to security requirements?
Embedded systems, Real-time Operating Systems (RTOS), SCADA, and Industrial Control Systems (ICS).
They have different security needs compared to traditional systems.
What is the role of asset inventories in organizational security?
To track and manage assets effectively, ensuring accountability and security compliance.
Asset inventories are critical for security operations.
What is a key element in security operations related to operating systems?
Properly securing operating systems
This includes workstations, mobile devices, servers, and other types of devices.
What can be exploited by attackers in operating systems?
Vulnerabilities in the operating system itself
This drives the need for ongoing patching.
What is meant by minimizing an operating system’s attack footprint?
Reducing the number of exposed services that can be targeted
This involves configuring systems appropriately.
What are potential paths for attackers in operating systems?
Defaults like default passwords and insecure settings
Insecure defaults can lead to vulnerabilities.
What are configuration baselines?
Security practices intended to avoid insecure defaults
They help ensure that systems are set up securely from the start.
What is the difference between configurations and defaults?
Configurations are intentional but may be insecure, while defaults are pre-set values
Both can lead to vulnerabilities if not managed properly.
What type of security tools can help limit configuration issues?
Tools that support mandatory access control
These tools help mitigate potential vulnerabilities introduced by configurations.
What is misconfiguration?
A mistake made in system configuration
It is a common way for attackers to exploit systems.
What remains a consistent way for attackers to overcome security measures?
Human error
Misconfiguration often results from mistakes made by individuals.
What does the Security+ exam outline say about operating system-based vulnerabilities?
It is vague and just lists ‘OS-based’
This requires deeper understanding during study.