2.1 Explain the importance of security concepts in an enterprise environment Flashcards
Diagrams
a graphical diagram that maps out the network, physical data (server),
and device
Baseline Config.
Documenting the security of a application (fire wall, patch levels, OS files) and checking for any deviations. (INTGREITY CHECK)
Standard Naming Conventions
A set of rules/standards of what something is named. (Files, devices, users, ports)
IP Schema
standardization for IP addressing. a way to assign IP address to users and devices without duplicating.
Data Sovereignty
Data in that country is subject to the Laws of that country.
Data Masking
is related to hiding original data by replacing data, mixing, shuffling so that the data is protected. (Data maybe visible on the server though)
Data Encryption
Plain text is encrypted into a ciphertext (algorithm) only way to decipher it is with a KEY.
Data at Rest
Data that is stored. If the data is stored it needs to be protected.
Data in Transit/Motion
Data being sent over the network. Needs to be protected by TLS, IPsec, firewall, IPS
Data in processing
Data actively used in memory (RAM, CPU).
This data is unencrypted because its in the memory.
Tokenization
Replaces sensitive numbers with a set of different numbers. A tokenization sever authenticates those 2nd set of number. (not encrypted)
IRM (information Rights Management )
Restricting what you do on a document such PDF, Microsoft docs, email messages.
DLP (Data Loss Prevention)
Intelligent system that protects/prevents your data from leaving you network.
Types of DLP
-Endpoint DLP data in use on a workstation (in and out)
-Network DLP in and out packets
-Blocks hardware (USB)
-Cloud DLP watches traffic, prevents data going to URLs, blocks malicious attacks
-Email DLP
Geographical Considerations
Considering laws and regulations of where your data is stored.
-Access, recovery,
Response and Recovery Controls
Documenting/identifying a attacks and containing it. (Reduces the impact of the attack)
SSL/TLS Inspection
There is a client server that inspects incoming traffic before it reaches the client. Decrypts data at the firewall by using CA certificates.
Hashing
One way encryption through a mathematical process. (there is no reversing it) Fixed length
API Considerations
Site Resiliency
having a Recovery site for data available when there is a disaster.
Hot Site
A exact replica of the original site. data will be synchronized in real time (hard ware and infrastructure)
Cold Site
A empty site that has little to no hardware or infrastructure. Will take weeks to be operational
Warm site
Has some equipment for a recovery site. usually up within a few days
Honeypots
A fake sever that attracts a attacker. designed to look like your actual server.
Honeynet
A collection of a honeypots. Designed to look like a cooperate network.
Honeyfiles
Files that send a alerts for unauthorized activity. (seem real)
Fake telemetry
Fake traffic being sent over a network. Makes honeypots and honeynets look real
DNS Sinkhole
Users that try to visit a malious site is redirected with a fake DNS so that you can identify the infected user. (combats Bots)