1.2 Flashcards
The CIA triad Non-repudiation Authentication, Authorization, and Accounting Gap analysis Zero trust Physical security Deception and disruption
CIA stands for
(AKA AIC)
Confidentiality Integrity Availability
The pillar of security that prevents disclosure of information to unauthorized individuals or systems (CIA Triad)
Confidentiality
The pillar of security that prevents messages being modified without detection (CIA Triad)
Integrity
The pillar of security that keeps systems and networks up and running (CIA Triad)
Availability
Which part of the CIA triad does encryption help?
Confidentiality
Which part of the CIA triad do access controls help?
Confidentiality
Which part of the CIA triad does 2FA help?
Confideniality
Which part of the CIA triad does hashing help?
Integrity
Which part of the CIA triad do digital signatures help?
Integrity
Which part of the CIA triad do certificates help?
Integrity
Which part of the CIA triad does non-repudiation help?
Integrity
Which part of the CIA triad does redundancy help?
Availability
Which part of the CIA triad does fault tolerance help?
Availability
Which part of the CIA triad does patching help?
Availability
Ensures stability and closes security holes
A security concept that means that you cannot deny what you have said or done
Non-repudiation
A security concept that means that data is stored and transferred as intended; any modification to that data would be identified
Integrity
A security concept that means that certain information should only be known to certain people; unauthorized information disclosure should be prevented
Confidentiality
A security concept that means that information is accessible to authorized users
Availability
A string of text that represents data
AKA message digest, fingerprint
Hash
AAA stands for
Authentication, Authorization, Accounting
What information does the AAA server hold?
Username/password information to verify if credentials are approved
How do you authenticate a device, and make sure that it is approved to access your network?
(A device can’t authenticate with username/password)
Put a digitally signed certificate on the device, and check it during the login process
A device or software that is responsible for managing all of the certificates in the environment
Certificate authority (CA)
How do you authenticate a user, and make sure that they are approved to access your network?
Usually by using username/password credentials
A model used to authorize users/devices to access resources within a network
Authorization model
How does an authorization model work?
It makes a framework of permissions associated with roles, organizations, and attributes
Without this model, you would have to assign permissions to every user. This does not scale well.
Authorization model is AKA
An abstraction
A study of where we are versus where we would like to be
Identifies weaknesses and most effective processes
The final report provides detailed baseline objectives, recommendations, as well as plans for budget, schedule, and change control
Gap analysis
A security term meaning that everything must be verified; nothing is inherently trusted
Forces users/devices/processes to authenticate every time they access a resource
Zero trust
The 3 parts of 2FA
Something you have
Something you know
Something you are
The part of the device that performs the actual security process
Processes frames, packets, and network data
Does processing, forwarding, trunking, encrypting, and NAT
Data plane
The part of the device that:
Defines policies and rules
Determines how packets should be forwarded
Sets up routing tables, session tables, NAT tables
It manages the actions of the data plane
Control plane
A technology that applies security controls based on additional information gathered by the authentication process
ex. geolocation, type of connection, IP address
Adaptive identity
The limitation of the number of entry points to a network
Threat scope reduction
A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, heuristics).
It combines adaptive identity with a predefined set of rules
Decides what type of authentication process should be used to truly understand if the person trying to identify themselves is truly that person
Policy-driven access control
A logical way to group physical and virtual interfaces
Identifies where the traffic comes from and where it is going
ex. trusted/untrusted, internal/external, separate departments, separate VPN connections
Security zone
How are security zones used during authorization?
Some zones may be implicitly blocked
If an untrusted zone tries to communicate with a trusted zone, they will be blocked
Some zones may be implicitly trusted
If a trusted zone tries to communicate with an internal zone
What are subjects and systems?
End users, devices, applications, and processes that need to be authenticated/authorized by a PEP
A mechanism that enforces policies upon subjects and systems
Sends authentication information to the PDP for the PDP to make a decision
After the PDP makes the decision, this mechanism enforces that decision
PEP (Policy Enforcement Point)
A mechanism that uses a process for making an authentication decision
Examines authentication and determines whether the traffic should be allowed on the network
Uses pre-defined security policies to determine the decision, and then sends that decision to the PEP
PDP (Policy Decision Point)
The part of the PDP that measures gathered authentication information against pre-defined network policies in order to determine whether the traffic should be allowed on the network
Policy engine
The 2 parts of the PDP
Policy Engine
Policy Administrator
The part of the PDP that provides the decision to the PEP
Generates access tokens or credentials
Policy Administrator
A physical security measure that prevents access, and can channel people through specific access points
Also used to mark high security areas
ex. Allows people, but prevents cars and trucks
Barricades and bollards
A physical security measure that provides a space between two sets of interlocking doors. It prevents unauthorized individuals from following authorized individuals into facilities.
It controls access to a particular area to certain individuals or groups.
This control has a variety of configurations–for example, all the doors can be unlocked, but when one door is open, all of the other doors will automatically lock.
Access control vestibule
AKA mantrap
A physical security measure that creates a perimeter and prevents access to an area. May be transparent or opaque.
This is normally a very obvious security measure. Thus, it needs to be very sturdy.
Fence
A physical security measure that allows authorized individuals to watch footage of a secure area.
May include motion detection and object detection.
Video surveillance
AKA CCTV
A physical security measure that can provide physical protection of an area and validate the identity of existing employees
Guard
What is two-person integrity/control?
The idea that if security guards work in pairs, they each hold each other accountable to uphold the security policy.
A physical security measure that is given to authorized individuals. It contains the individual’s name, picture, and other necessary details to verify their identity.
Often electronically logged
Access badge
A physical security measure that illuminates secure spaces to provide better visibility for guards or cameras.
Angles and optimal light levels are important to consider.
Lighting
A physical security measure that detects infrared radiation in both light and dark areas.
Infrared
A type of infrared security measure that detects motion.
Motion detector
A type of infrared security measure that detects pressure. Detects a change in force, for example, around windows or floors.
Pressure sensor
A type of infrared security measure that detects movement across large areas
Microwave
A type of infrared security measure that can send and receive sound waves, detect motion, and provide collision detection
Ultrasonic
A virtual machine used to attract attackers to your system and keep them involved in the system while you study the attacker and their methods
Honeypot
A real network (including servers, workstations, routers, switches, and firewalls) that attracts attackers and keeps their interest while you study the attacker and their methods
Honeynet
Files that have fake information or appear to be very important in order to attract an attacker.
These files will NOT normally be accessed by normal employees, so it is good to have an alarm on these files when someone attempts to gain access.
ex. passwords.txt
Honeyfiles
Traceable data added to a honeynet. If this data is downloaded and distributed, you know exactly where it came from.
ex. Fake API credentials or fake email addresses that send out notifications when used
ex. Database records, browser cookies, web page pixels, etc.
Honeytokens
