2.4-3.1 Flashcards
ddos reflection amplification
sending many requests to protocols that require no authentication to take up bandwidth through a botnet
dns poison
send fake response to valid dns request, “on-path attack”
rf jamming
transmit interfering wireless signals
on path
redirects your traffic, arp poisonning is on path attack on the local IP subnet
how to prevent session hijacking
encrypt end to end using vpn
privilege escalation
gain higher level access to a system using a vulnerability
birthday attack
uses collisions which are same hash output for different plaintext
downgrade attack
force systems to downgrade their security
IOC
indicators of compromise
acl
access control list
allow or disallow traffic
app allow/deny
allow=strict only apps on allow can run
deny= anything except apps on deny can run
monitoring methods
info from devices
sensors- fw logs, ips, authentication logs
collectors- siem consoles, syslog servers
configuration enforcement
checking posture of devices, and updates
decommisioning
getting rid of a device. should have a formal policy
responsibility matrix
shows who is responsible for what depending on the service they provide