3. Security Flashcards
OPSEC
Operations Security - Process you use to protect your information
Steps of OPSEC (5)
- Identification of critical info (identify the assets that would cause you the most harm if exposed)
- Analysis of threats (analyze any threats related to each critical info)
- Analysis of vulnerabilities (analyze the vulnerabilities int he protections you’ve put in place to secure your info assets. HOW YOU INTERACT W/ ASSETS)
- Assessment of risks (what issues you need to address in the rest of the ops sec process. RISK OCCURS WHEN YOU HAVE A MATCHING THREAT AND VULNERABILITY)
- Application of COUNTERMEASURES (when you construct countermeasures for a risk, you need to mitigate either the threat or the vulnerability at a min)
Laws of OPSEC - Kurt Haase (3)
- Know the threats “If you don’t know the threat, how do you know what to protect?”
- Know what to protect (determine critical info)
- Protect the information
Purple Dragon
Code study during the Vietnam War. Coined the term OPSEC
Competitive Intelligence
Conducting intelligence gathering and analysis to support business decisions
Competitive Counterintelligence
Managing info gathering activities directed at an organization
OpSEC Support Staff (IOSS)
Provide multiple agencies w/ a wide variety of security awareness and trainings
Social engineering attacks
manipulate people to gain info/access to facilities
HUMINT
Human Intelligence - gathered by talking to people, torture, tricking people w/ scams
OSINT
Open Source Intelligence - info collected from publicly available sources
Metadata
Data about data found in almost any file
Ex forensic tool: EnCase
EXIF data
Image/video file metadata
Shodan
Search engine of service banner which are metadata that the server sends back to the client.
Web based search engine that looks for info saved on internet connected devices.
FTP
File Transfer Protocol
GEOINT
Geospatial info from satellites
MASINT
Measurement and signature from sensors
RADINT
Radar info
TECHINT
Technical info about equipment, tech, and weapons
FININT
Financial info about financial dealings
CYBINT/DNINT
Cyber/Digital Network info from comp systems/networks
Pretexting
Social engineering attack that utilizes credible scenarios to lure people into disclosing sensitive info
Phishing
Social engineering technique that uses electronic communications to carry out an attack that is broad in nature
Tailgating
Following someone through an access control point
Malware
Application that makes unauthorized changes to a device
Clean desk policies
Sensitive info shouldn’t be left out/unattended
BCP - Business continuity planning
Plans put in place to ensure that critical business functions can continue in a state of emergency
DRP - Disaster recovery planning
Plans put in place to prepare for a potential disaster. What to do during and after.
Types of physical security controls (3)
Deterrent
Detective
Preventive
Magnetic Media
Use movement and magnetically sensitive material to record data
Ex: hard drives, tapes
Flash Media
Media that stores data on NONVOLATILE memory chips
Cheaper and faster
Optical Media
Ex: CD, DVDs
Fragile
RAID/RAID array
Redundant arrays of inexpensive disks - method of copying data to more than 1 storage device
Computer Network
Group of computers/other devices that are connected to facilitate the sharing of resources
DDoS
Distributed denial of service attacks
Network Segmentation
Network design factor that controls the flow of traffic between subnets to prevent attacks and boost network performance
Firewalls
Mechanism for controlling network traffic. Natural segmentation where level of trust changes.
Types of firewalls (4)
Packet Filtering
Stateful Packet Inspection
Deep Packet Inspection
Proxy Servers
Deep Packet Inspection Firewalls
Analyze content of traffic and can reassemble the content to determine what will be delivered to the destination application
Disaster Recovery
Steps and organization will take during a state of emergency to REPLACE IT INFRASTRUCTURE
Stateful Packet Firewall
Monitors and defends a system based on traffic patters over a given connection
Packet Filtering
Makes a determination on each packet individually based on the source and destination IP addresses, port #, and protocol used
Proxy Servers
Pertain specifically to applications. “Choke point”. Log traffic for later inspection. Single source for requests.
DMZ
Demilitarized zone - Creates a zone that allows public facing servers to be accessed from the outside while providing protection and restricting traffic
IDS
Network Intrusion Detection Systems
Signature-based IDS
Maintain a database of the signatures that might signal an attack and compare incoming traffic to those signatures
Anomaly-based IDS
Determine normal kinds of traffic/activity taking place on the network then measure present traffic against this.
Can produce a larger number of false positives
VPN
Virtual private network - encrypted connection between 2 points
Packet Sniffer
Network/protocol analyzer tool that can intercept traffic on a network
Ex: TcpDump, Ethereal, Wireshark, Kismet
Honeypots
Network security tool that deliberately configures a system w/ fabricated vulnerabilities to detect and monitorthe activities of an attacker
Buffer overflow attack
Inputting more data than an application is expecting
HIDS
Host Intrusion Detection - Analyze activity on or directed at the network interface of a particular host
Centrally Managed
Devices are under control of 1 main system that maintains them
Baseband Operating System
Runs on it’s own processor and generally handles the phone’s hardware
Supervisory Control and Data Acquisition System
Industrial control system that monitors and controls systems over long distances, often those related to utilities and other infrastructure
Embedded Devices
Computer contained inside another device
How to counteract a buffer overflow/buffer overrun attack?
Bounds checking
Input validation attacks AKA Format string attacks
When certain print functions within a programming language can be used to manipulate/view internal memory of an app
Software development vulnerabilities (6)
Buffer overflows
Race conditions
Input validation attacks
Authentication attacks
Authorization attacks
Cryptographic attacks
AES
SYMMETRIC ALGORITHM
STANDARD US ENCRYPTION)
Advanced Encryption Standard (Cryptographic attack)
Client-Side Attacks (3)
XSS (Cross-site scripting)
XSRF (Cross-site request forgery)
Clickjacking
XSS
Cross-site scripting - attack carried out by placing code in the form of a scripting language into a Web Page or other media that is interpreted by a client browser
XSRF
Cross-site request forgery - attack of a planed line on a Web Page in a way that will be automatically executed in order to initiate a particular activity on another page/app where the user is authenticated
Clickjacking
Attack takes advantage of graphical display capabilities of browsers to click something we wouldn’t normally. Another layer over the web page.
Server-side attacks (3)
Lack of input validation (Directory traversal attacks)
Improper/Inadequate permissions
Extraneous files (server moved from development to production, files not directly related to the running of the site)
Database Vulnerabilities (4 main branches)
Protocol issues
Unauthenticated access
Privilege escalation
Arbitrary code execution
Port 443
Provides HTTP Secure Services, which web pages secured with secure socket layer and or transport layer security
TCPdump
Data network packet analyzer that runs under a cmd line interface
RSA
Asymmetric encryption to secure web and email traffic
What does endpoint protection help reduce?
Malware
Residual Data
Leftover info after erasing a hard drive
WPA3
Wireless protocol
System hardening
Done to an organizations attack surface to protect its devices and network
When are software updates performed?
After testing and vetting
Port 53
Needs to be removed when running a web server
Core Impact - Exploit framework
Centralized penetration testing that enables security teams to conduct multi-phased penetration tests
What control protects against authorization attacks?
Principle of least privilege
Wireshark
Packet sniffer used to monitor web traffic. Can intercept and troubleshoot traffic from wired and wireless sources.
Burp Suite
Web assessment and analysis tool that looks for issues on websites such as XSS or SQL injection flaws
Fuzzer
Analysis tool that bombards applications with all manner of data and inputs from a wide variety of sources in the hope that the application will fail/perform in unexpected ways
Port 80
Provides HTTP Services - Web content
Port 22
Provides remote access services and is secured with Secure Shell