3.0 - Architecture and Design Flashcards
What purpose do Industry-standard frameworks
and reference architectures serve?
They provide a roadmap for aligning IT with the organization’s business strategy.
What is the difference between Industry-standard frameworks and reference architectures?
Industry-standard frameworks is more general than the eference architectures.
This non-regulatory publication is a common framework for IT Security.
The NIST Framework for Improving Infrastructure Cybersecurity (or Cybersecurity Framework, or CSF)
This organization is a good source of benchmarking guides.
CIS (Center for Internet Security)
The Department of Defense provides implementation guides through this agency.
DISA STIGs (Defense Information Security Agency Security Technical Implementation Guides)
What is the greatest risk in configuring network infractructure devices.
Incorrect configuration of rulesets.
This security principle advocates multiple layers and overlapping controls.
Defense-in-Depth
Why is it important to have both security policy and technical controls.
Policies are important to provide a guideline for new systems.
Administrative Controls are…
… policies, regulations and laws.
Technical Controls are…
Passwords, logical access controls, ACLs, antimalware, firewalls, etc.
Most significant attacks include this component.
Most significant attacks include a user component. User training is vital.
This structure allows your important data servers to remain safe, while putting web and web application servers in a semi-trusted zone.
DMZ
How does a DMZ keep external users away from sensitive data?
Users interact with a server in the DMZ, which in-turn requests the data from a server inside the organizations trusted network.
You want to share some company data with selected business partners. What is a good solution?
An Extranet would provide secure, private access to company data.
What are two methods to provide your Intranet data to users outside the network?
The Intranet content could be duplicated in the DMZ, or it could be provided via an Extranet.
What are the types of NAT?
Types of NAT:
- Static - for web servers so that external users can initiate the connection
- Dynamic - uses a pool of public IPs
- Port Address Translation (PAT) - many internal users can share one public IP
Ad Hoc networks are difficult to manage. Why?
There is not central entry and exit point, so monitoring communcation is difficult.
What are the advantages and disadvantages of a flat network.
A flat network runs faster and avoids some latency issues associates with Spanning Tree Protocols. But letter every device see every other device creates security issues.
What is a network Enclave?
An enclave is a portion of an otherwise flat network that is partitioned off, by subnet, VLAN, proxy, firewalls, or routers.
This the most secure and most expensive method to segregate portions of the network.
Physical segregation - separate physical equipment to handle different classes of traffice.
Why are air gaps a poor security choice?
Air gaps are difficult to implement and must be strictly enforced. Failures can be significant.
This system is at the heart of a signature-based antivirus or IDS.
Correlation Engine
Where should a DDoS Mitigator be located?
A DDoS Mitigator needs to be at the edge of the network, in the network path of the systems it is protecting.
What does an Aggregation Switch do?
An Aggregation Switch connects many edge switches back to the core router, so that fewer ports are used on the router.
A Switch Port Analyzer (SPAN) is a type of what.
A SPAN is a mirror port. It can copy the activity of every port on a switch.
This is a passive signal-copying mechanism, which will not be overwhelmed by traffic during data collection.
TAP (Test Access Point)
This newer method allows engineers to re-configure network traffic flow without physically re-wiring the network.
SDN (Software-Defined Networking)
Defense-in-Depth incorporates which types of diversity?
Defense-in-Depth includes:
- Vendor diversity
- Control diversity
- Redundancy
Why is securing hardware important, beyond just physical theft?
Securing hardware prevents against:
- Data loss
- Data falling into the wrong hands
- Firmware alteration by a bad actor
What is FDE and SED?
Full Disk Encryption (FDE)
and
Self Encrypting Disks (SED)
What is a TPM?
A Trusted Platform Module (TPM) is a hardware solution on the motherboard, which assists in security key generation and storage. This is a more secure soluton for storing keys.
What is an HSM?
A Hardware Security Module (HSM) is a device used to manage and store encryption keys. These are USB or network peripherals usually. On a larger network, an HSM is an efficient solution.
Why is UEFI a better choice for BIOS?
UEFI has security built in, including secure boot options.
What does UEFI Secure Boot enforce?
UEFI Secure Boot only allows signed drivers and OS loader to be invoked at bootup. It also enables the Attestation the drivers have not changed.
A Hardware Root of Trust must be secure, since it’s trust will be elevated to other systems. What are some hardware roots of trust?
Some hardware roots of trust are:
- TPM chip
- Apple’s Secure Enclave coprocessor
- Apple’s signed Boot ROM
- A highly-trusted software designed to securely store encryption keys
These external influences do not consist of code, but do represent a security threat to PC equipment.
EMI and EMP
This type of OS tends to be updated by the vendor.
Appliance OS’s are typically updated by the vendor. They are usually stripped down Linux distros and require unique updates.
What are the five types of OS?
Types of OS:
- Network
- Server
- Workstation
- Appliance
- Kiosk
- Mobile OS
What are the three common type of updates?
Common update types:
- Hotfix - quick fix for a small issue, usually a security hole.
- Patch - can include enhancements
- Service Pack - large collection of patches and hotfixes