2.1 Security Concepts in Enterprise Environments Flashcards
Why is it important to keep up with configuration management?
Change is the only constant
This is the configuration to which all devices on a network should be conforming to. Integrity measurements should be checked against this configuration.
Baseline config
Data that resides in a country is subject to the laws of that country.
Data Sovereignty
The act of hiding some of the original data in order to protect sensitive data like PII. Usually only protected from view, data is still intact in storage.
Data masking
The process of encoding information into unreadable data
Data encryption
Used to describe data that is on a storage device, often encrypted and given appropriate permissions.
Data at-rest
Description of data that it is being transmitted over a network. Less protection that data at rest
Data in transit
Describes data that is actively processing in a computer’s memory or CPU cache. Almost always decrypted at this state.
Data in use
This method is used to replace sensitive data with a benign placeholder. No encryption is involved.
Tokenization.
What does information rights management (IRM) designate?
How data is used
Restricts data access
System used for stopping data leakages before attackers can get to them
Data Loss Prevention (DLP)
What areas can a DLP system be installed to prevent data leakage?
Endpoint (PC)
Network
Servers
Cloud
What is one of the largest geographical considerations when storing data in other states or in other countries?
Legal implications
What are 3 major goals of an Incident Response Plan?
Identify the attack
Contain the attack
Limit impact of an attack
What is being inspected when you are performing an SSL Inspection?
If the trusted certificate between the browser and the web server has been signed
True or false: When a PC sends a hello message to a web server on a network with SSL inspection on the firewall, the SSL decrypter on the firewall does not send it’s own proxy hello message to the web server.
False
Composed of a short string of letters and numbers, also known as a message digest
Hash
True or false: It is possible to recover the original message from a message digest created using a hashing function.
False
What is a major consideration to hashing when it comes to reapeat data?
Collisions are possible
This interface is commonly used to perform mobile app processes such as login pages. Can be subject to on-path attacks involving replaying received commands, as well as injection.
Application Programming Interface (API)
Type of firewall used to protect applications over the web. Often used to protect APIs
WAF - Web application firewall
What are two important security areas to consider when implementing an API?
Authentication - limit access
Authorization - keep roles limited
Recovery site:
• An exact replica
– Duplicate everything
• Stocked with hardware
– Constantly updated
– You buy two of everything
• Applications and software are constantly updated
– Automated replication
• Flip a switch and everything moves
Hot site
Recovery site:
• No hardware
– Empty building
• No data
– Bring it with you
• No people
– Bus in your team
Cold Site
Recovery site:
• Somewhere between cold and hot
– Just enough to get going
• Big room with rack space
– You bring the hardware
• Hardware is ready and waiting
– You bring the software and data
Warm site
A trap intended to lure in bad guys and keep them trapped there.
Honeypot
Term referring to a network of honeypots
Honeynets
Files created on a network to intentionally lure in attackers. Acts as an alert when file is accessed.
Honeyfile
This method of deception involves sending false information to a machine learning AI which makes malicious malware look benign.
Fake telemetry
A DNS server that hands out incorrect IP addresses
Can be bad: attacker can redirect traffic to a malicious site
Can be good: detects devices trying to access a malicious IP and redirects them back into the network
DNS Sinkhole
