2.1 Enterprise Security Concepts Flashcards
What is the importance of configuration management and documentation?
Mainly to allow easy manual re-configuration of devices should there be a failure or catastrophe
What is the importance of network diagrams?
To know where devices are on the network and how they are physically connected to each other
What is the importance of baseline configurations? (2)
- ensure new equipment is configured correctly
- check to ensure that existing equipment is properly configured
What is the importance of standard naming conventions?
Standard naming conventions allow for easy identification of equipment, such as if the device is a router, switch, user workstation, etc..
What is the importance of an IP Schema? (2)
- Identifying physical location of an IP address
- Identifying type of equipment by IP address
Define data sovereignty
Laws and regulations for data based on the location of the data, i.e. data collected on EU citizens must physically reside in the EU
What is masking (relative to data)?
A technique to protect sensitive data, such as only display the last 4 numbers of a credit card and replacing the rest of the numbers with asterisks
What is data at rest and how can it be protected?
Data at rest is data that is stored on a storage device, such as SSD. Encryption and file/folder permissions can be used to protect this data.
Define data in transit/motion and how to protect it
- Data that is being transmitted across a network
- Encryption and network devices, such as a firewall
Define data in-processing and how it is vulnerable
Data in-processing is data that is in the memory or other system caches. It is not encrypted and vulnerable if access is gained to those hardware resources
What is tokenization?
Replacing data with data different from the original data. For example, instead of transmitting credit card numbers, a token is transferred across the network that can be used to identify the credit number
What is information rights management?
Protecting a document by only allowing certain actions based on the user. For example, denying copy/paste from a document.
What is DLP?
Data-Loss Prevention, intelligent systems that inspect and identify sensitive information and prevent it from exfiltrating the organization
Define response and recovery
Pre-determined and documented procedures need to be defined to follow in case of an attack or catastrophe to stop the threat and recover from the event
Define SSL/TLS Inspection
A host or device that acts as a man-in-middle to decrypt and re-encrypt network traffic to allow monitoring/inspection of network traffic
Importance of hashing in an enterprise environment - 3 uses
Using strong hashing, like SHA256, is important to:
1. protect passwords
2. create strong digital signatures
3. prevent encryption from being cracked via brute force
API Security concerns
API traffic must be monitored, encrypted, and properly secured with permissions to limit access and actions using principle of least privilege
Define Site Resiliency: Hot Site
An exact replica of the network at an alternate location; all data and configurations are kept in-sync with the live environment
Define Site Resiliency: Cold Site
A site containing empty racks; all devices and data must be setup and restored from backups
Define Site Resiliency: Warm Site
In-between a hot and cold site; has some equipment to get your network back up and running in a relatively short time frame
Define Honeypot
A system or series of systems designed to look like a real environment to bait attackers and monitor what exploits are attempted against it
Define Honeynet
Multiple honeypots designed to gather more intel on exploits attempted by threat actors
Define Honeyfiles
Files to attract the attention of threat actors to determine what type of information they are interested in accessing, such as “passwords.txt”
Define Fake Telemetry in relation to AI
Attackers feeding data to AI during its learning phase in order to alter its behavior, such as a specific malware program that the AI learns to identify as a good program
Define DNS Sinkhole
A DNS server that provides responses to direct traffic to alternate websites, instead of the valid website. Can be used by attackers or by IT Security to monitor users attempted access to known malicious sites
