2.1 - Explain the importance of security concepts in an enterprise environment. Flashcards

1
Q

Configuration management

A

-identify + document hardware/software settings
->manage sec when changes occur
->rebuild sys if disaster occurs

-documentation + processes = CRITICAL

-identify + control + audit deployment and changes made to established baseline

-help enforce standards, manage sys, report on areas where sys don’t match expected settings

-OS’s, patches, app updates, net mods, new apps, etc

Benefits in these processes;
-provisioning new sys
-replicating environ
-recovering from disasters
-onboarding + training
-ensuring hardened/secure sys
-ensuring stability

Weiss 124
Gibson 148
Chapple 336

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Diagrams

A

-important 4 nets + interconnected complex sys
-EX: net maps, cabling/wiring, etc

-critical in incident response + disaster recovery ops b/c allows responders to quickly understand how infra/sys r configured/interconnect/where data flows/dependencies that exist/etc

-can be provided 2 auditors + is useful artificat for assessment of designs

Network diagrams
-document physical wire + device

Physical data center layout
-can include physical rack locations

Device diagrams
-individual cabling

Weiss 125
Chapple 336
Neil 379

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Baseline configuration

A

-config + settings that r set as foundation 4 all similar systems
-ideal starting place 2 build from to 2 help reduce complexity

-without it = more susceptible to errors, malfunctions, sec breaches

-documentation = v important
->so that another person could easily replicate config
->standardization helps facilitating audit activities

-sec of app environ should be well defined
->all apps instances follow baseline
->firewall, patch levels, OS file versions
->may require constant updates

-integrity measurements check 4 secure baseline should be performed often
->check against well-documented baselines
->failure requires immediate correction

Weiss 124-125
Chapple 336
Gibson 148
Neil 380

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Standard naming conventions

A

-easily understood by everyone
-agreed upon method of naming assets
->valuable 4 everyday mgmt + emergencies
-to identify standard configs
-can make sys more anonymous = less meaningful to a perp
-make scripting mgmt easier b/c can filter/sort/take actions more easily

-Devices: asset tag names + #s, comp names (location/region), serial #s, owners, function, etc.

-Networks: port labeling

-Domain configs: usr acct names, standard email addresses

Weiss 125
Gibson 148
Chapple 337
Neil 379

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internet protocol (IP) schema

A

-IP address plan/model
->consistent addressing 4 net devices
->helps avoid duplicate IP addressing

-segmenting sys based on purpose + location + etc.

-managing IP address space helps avoid address collisions, running out of addresses in net segments, identify sys that shouldn’t be using a given address

-if u run out + have to re-address -> significant rework may be required to update firewall rules + tools, etc

Locations: # of subnets, hosts per subnet

IP ranges: dif sites have a dif subnet

Reserved addresses: usrs, printers, routers/default gateways

Weiss 125
Chapple 337

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data sovereignty

A

-data is subject to legal restrictions of any jurisdiction where its COLLECTED, STORED, or PROCESSED
-data residing in a country = subject to laws of that country (legal monitoring, court orders, etc)
-laws may prohibit WHERE data is stored
-> GDPR
->data collected on EU ppl has to be stored in the EU
-wherever ur data is stored, ur compliance laws may prohibit moving data out of the country
-where ur data is located has major impact on restoration phase following a disaster

Weiss 139
Chapple 311
Neil 325

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data protection

A

-maintaining confidentiality/ensuring privacy
->only ppl who should be authorized to view data r allowed to do so
-preventing theft/disclosure of data (intentional/unintentional)
-tools include;
->DLP
->cloud access sec brokers
->data obfuscation
->rights mgmt/data permissions
->hardware sec modules
->encrypted traffic mgmt
->sec policies

Weiss 126
Neil 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DLP

A

-Data loss prevention

-identify confidential/sensitive info thru content analysis

-helps orgs enforce info handling policies + procedures to prevent data loss + theft

-way 2 detect + prevent it from being exfiltrated
->based on 1/3 states: data in use/in motion/in transit

-way 2 enforce data sec policies by providing centralized mgmt
-can config 2 look 4 specific words, phrases, character strings
->can block transmission b4 damage is done
->policies 4 blocking USBs, removable media, etc
->alert admins to attempted breach
->usr can be alerted about sec policy violations 2 keep sensitive info from leaving their desktop

-international orgs need 2 ensure they’re compliant wth local privacy regulations as its implemented

-work in 2 diff environments
->host based DLP
->network DLP

Weiss 127
Chapple 10
Neil 54
Gibson 155

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Masking

A

-partially redacts sensitive info by replacing some or all sensitive fields with blank characters

-only partial data is left in data field so that OG data can’t be stolen

-protect PII

-may be hidden from view BUT data might be intact in storage
->ctrl view based on permissions

-diff techniques
->substituting
->shuffling
->encrypting
->masking out, etc

-commonly required 4 app development
-similar 2 tokenization b/c DM can preserve data format + referential integrity

Weiss 131
Chapple 12
Neil 328
Gibson 422

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Encryption

A

-uses mathematical algs. to protect info (in transit + while it resides on systems)

-2 way street
->convert btwn one + the other if u have proper key
-unintelligible to anyone who doesn’t have access to decryption key

-encode info into unreadable data
->OG = in plaintext
->encrypted form = cipher text

confusion = encrypted data is drastically diff than plaintext

diffusion = change one character of the input + many characters change of the output

Gibson 357
Chapple 10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

At rest

A

-data in its stored/resting state/not being used
->stored on storage device
->hard drives, SSD, flash drives, other storage media

  • prone to theft by insiders/external perps who gain access to systems + are able to browse through their contents

-encrypt the data
->whole disk encryption
->database encryption
->file/folder level encryption

-apply permissions
->ACLs (access ctrl lists)
->only authorized usrs can access data

Chapple 10
Gibson 357
Weiss 129
Neil 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In transit/motion

A
  • data moving across a net or from one sys to another

-data that’s in transit over a network
->not much protection as it travels
->when travels on untrusted network it’s open 2 eavesdropping by anyone with access to that net

-net based protections (firewall, IPS)

-provide transport encryption (TLS and IPsec)

-EX: ecommerce sites use HTTPS sessions 2 encrypt transactions that include credit card data -> if perps intercept transmissions they only see ciphertext

Chapple 10
Gibson 357
Weiss 129
Neil 54

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In processing (finish)

A

-data that’s actively in use by comp. system
-> data stored in memory while processing takes place
-perp may be able to read contents of memory + steal sensitive info

Chapple 10
Gibson 357
Weiss 129
Neil 54

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tokenization (finish)

A

-replaces sensitive values with unique identifier using a lookup table

Chapple 11
Gibson 423
Weiss 130
Neil 329

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Rights management (finish)

A

-

Gibson 155-156
Weiss 132-133

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Geographical considerations (finish)

A

-

Weiss 138
Neil 325

17
Q

Response and recovery controls

A

-incident response plan should be established
->documentation = important
->identify attack
->contain attack

-limit impact of the perp
->limit data exfiltration
->limit access 2 sensitive data

-disaster plans/recovery exercises should be conducted

Weiss 512
Neil 367

18
Q

Secure Sockets Layer (SSL)/Transport
Layer Security (TLS) inspection

A

-

Chapple 380
Gibson 75
Weiss 134
Neil 165

19
Q

Hashing

A

-uses hash function to transform a value in a dataset to a corresponding hash value

Chapple 11, 73, 165, 219, 558
Gibson - 347
Weiss 135, 271, 562

20
Q

API considerations

A

-

Chapple 311
Gibson 152
Weiss 137

21
Q

Hot site (Site resiliency)

A

-
Chapple 267
Gibson 335
Weiss 137

22
Q

Cold site (Site resiliency)

A

-
Chapple 267
Gibson 336
Weiss 138

23
Q

Warm site (Site resiliency)

A

-
Chapple 267
Gibson 336
Weiss 138

24
Q

Honeypots (Deception and disruption)

A

-
Chapple 382
Gibson 112-113
Weiss 139

25
Q

Honeyfiles (Deception and disruption)

A

-
Chapple 382
Gibson 113
Weiss 139

26
Q

Honeynets (Deception and disruption)

A

-
Chapple 382
Gibson 113
Weiss 139

27
Q

Fake telemetry (Deception and disruption)

A

-
Chapple 383
Gibson 114

28
Q

DNS sinkhole (Deception and disruption)

A

A DNS that hands out incorrect IP addresses
– Blackhole DNS
*
This can be bad
– An attacker can redirect users to a malicious site
*
This can be good
– Redirect known malicious domains to a benign IP address
– Watch for any users hitting that IP address
– Those devices are infected
*
Can be integrated with a firewall
– Identify infected devices not directly connected

Chapple 380
Gibson 244
Weiss 141

29
Q

Site resiliency

A

3 types;
->hot sites
->warm sites
->cold sites

Chapple 267
Gibson 335
Weiss 137