2.1: Enterprise Security

Question 1

Configuration Management

Answer 1

The only constant is change.
Identify and document hardware and software settings.
Rebuild those systems if a disaster occurs.

Question 2

Baseline configuration

Answer 2

security of an app evironment should be well defined.
Firewall settings, patch levels, OS file versions.

Question 3

Standard naming conventions

Answer 3

Create a standard, needs to be understood by everyone.

Question 4

IP Schema

Answer 4

Ip address plan or model
consistent addressing for network devices. Helps avoid duplicates.
Reserved addresses: Printers, routers etc.

Question 5

Protecting Data

Answer 5

Data is everywhere, on a storage drive, on the network, in a CPU.
Protecting the data with encryption, security policies.

Question 6

Data sovereignty

Answer 6

data that resides in a country is subject to the laws of that country.
laws may prohibit where data is stored.
GDPR (General Data Protection Regulation) - Data collected on EU citizens must be stores in EU.

Question 7

Data Masking

Answer 7

Data obfuscation-hide some of the original data.

Question 8

Data Encryption

Answer 8

Encode plaintext into cypertext
Two way street, convert between one and the other if you have a proper key.

Question 9

Data at-rest

Answer 9

Data is on a storage device
encryption can be individual or whole disk encryption
Apply permissions to limit access on a per user basis

Question 10

Data In-Transit

Answer 10

Data transmitted over the network
Not much protection as it travels
Network based protection through firewall, IPS
Transport encryption TLS, IPSec

Question 11

Data In-use

Answer 11

In RAM, Caches or CPU register.
almost always decrypted.
can be picked straight out of ram by an attacker.

Question 12

Tokenization

Answer 12

Replace sensitive data with a non sensitive placeholder
Not encryption or hashing, no overhead.

Question 13

Hashing

Answer 13

Represent data as a short string of text(message digest)
One way trip, can’t unhash a hash to get the original data.

Question 14

Hot Site

Answer 14

Exact replica and duplicate of everything, ready to go at a moments notice.

Question 15

Cold Site

Answer 15

No hardware, empty building.
No data or people, everything has to be brought.

Question 16

Honeypot

Answer 16

system or series of systems that look very attractive to an attacker.

Question 17

Honeynet

Answer 17

multiple honeypots to gather info from multiple sources.

Question 18

Honeyfiles

Answer 18

Attractive bait inside the honeynet. alert is sent if file is accessed.
virtual bear trap.

Question 19

DNS sinkhole

Answer 19

gives a reponse back with incrorrect/bad info.
Useful to redirect machines infected to track a known site that malware infected machines would try and visit.