1.2 Flashcards
Confidentiality
Ensures info is accessible only to authorized personnel
- protects personal privacy
- to maintain a business advantage
- to achieve regulatory compliance
Integrity
Ensures data remains accurate and unaltered (checksums)
- maintain trust
- to ensure system operability
Availability
Ensures info and resources are accessible when needed
non-repudiation
guarantees that an action or event cannot be denied by the involved parties
What are ways to achieve confidentiality
- Access Controls
- Encryption
- Data Masking
- Physical Security Measures
- making sure paper is stored in proper location
- Training and Awareness
What are ways to achieve integrity
Hashing
digital signatures
access controls (ensure only authorized users can modify data)
regular audits (ensure only authorized changes have been made)
What are ways to ensure availability?
redundancy
- Server, Data, Network, Power
5 commonly used authentication methods?
Something you know (knowledge factor)
Something you are
Something you have
Somewhere you are
Something you do
authentication is important why?
To prevent unauthorized access
To protect user privacy
Authorization
- pertains to the permissions and privileges granted to users or entities after they have been authenticated
Accounting
A security measure to track all user activities
Why is accounting important?
To create an audit trail
maintain regulatory compliance
perform resource optimization
achieve user accountability
What tools are used for accounting?
syslog servers
network analysis tools
SIEM systems
Gap Analysis
Process of evaluating the differences between an orgs current state and desired performance
Types of Gap analysis?
Technical - evaluating orgs current technical infrastructure and identifying where it falls short
Business- Involves evaluating an orgs business processes
POA&M
Plan of action and milestones
outlines the specific measures to address each vulnerability allocate resources and set up timelines for each remediation task
Zero Trust
demands verification for every device, user and transaction within the network
Zero Trust Control Plane
The overarching framework and set of components responsible for defining managing and enforcing the policies related to user and system access
adaptive identity
threat scope reduction
policy driven access control
secured zones
Adaptive Identity
relies on real time validation of user
Threat Scope Reduction
limits the user’s access to only what they need for their work tasks because this reduces their attack surfacep
policy driven access control
entails developing managing and enforcing user access policies based on their roles and responsibilities
secured zones
isolated environments within a network to house sensitive data
Zero Trust Data Plane
Ensures policies are properly executed
Policy Engine
cross reference the access request with pre defined policies
policy admin
used to establish and manage the access policies
policy enforcement point
where the decision to grant or deny access is actually executed
TTPs
Tactics Techniques and Procedures that are specific to a threat actor
Honeypot
used to gain information about how a threat actor attacks a system. It is a decoy system or network setup to attract hackers. can log data on their successful and unsuccessful attacks
Honeynet
network of honeypots
Honeyfile
decoy file with fake data. Alert can be triggered when the file is opened
honeytoken
a piece of data with no legit value but is monitored for access and use. Any interaction would be suspicious. You can name something root account and see if someone attempts to access
What is the purpose of bogus DNS entires?
This is a fake domain that will waste an attacker;s time and resources
What is the purpose of dynamic page generation for disruption?
Used in websites to present ever changing content to web crawlers and confuse or slow a threat actor
Port Triggering
security mechanism where specific services or ports on a network remain closed until a sepcific outbound traffic pattern is detected
What is the purpose of spoofing fake telemetry data?
when a system detects a network scan is being attempted by an attacker it can be configured to respond by sending out fake telemetry data
Bollard
short sturdy vertical posts to prevent vehicle access
Brute force attack
forcible entry, tampering with devices, confronting security personnel or ramming a vehicle into a barrier
Access control vestibule
double door system electronically controlled to allow only one door at a time to be opened and closed
tailgating
an unauthorized person follows an unknowing authorized person
Video Surveillance can include the following?
Motion detection
night vision
facial recognition
PTZ System
can move a camera or its angle to better detect issues during an intrusion
Types of sensors?
infrared, microwave, pressure, ultrasonic
What types of badges can be used with access control vestibules?
RFID, NFC (Near field communication) and magnetic strips
Door lock types
Electronic (require identification number, wireless signals like bluetooth, biometric)
Cipher lock - most secure mechanical lock
FAR
False acceptance rate, someone unauthorized is let in
FRR
False rejection rate, someone authorized is blocked
CER
crossover error rate
a balance between far and frr
