3.2 Given a scenario, implement host or application security solutions. Flashcards
TPM
The Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system and provides secure key storage for full disk encryption. A TPM keeps hard drives locked until proper authentication occurs.
HSM
A Hardware Security Module (HSM) is a device used to generate, maintain, and store cryptographic keys. It is an external device and can easily be added to a system.
HIDS
A Host-based Intrusion Detection System (HIDS) can detect attacks on a host and protect critical files.
HIPS
Host intrusion prevention systems (HIPS) provide threat detection and prevent those threats based on signature values, heuristic behaviors, and security policies.
EDR
An endpoint detection and response (EDR) product provides real-time and historical visibility into the compromise, contains the malware, and facilitates remediation of the host to its original state.
Measured Boot
A trusted, or measured, boot process uses the trusted platform module (TPM) at each stage in the boot process to check hashes of key system state data, which then uses an attestation process to verify if the system has not been tampered with.
Fuzzing
Fuzzing is a dynamic analysis technique that checks code as it is running. When using fuzzing, the system is attacked with random data to check for code vulnerabilities.
Static analyzer
A static code analyzer examines code quality and effectiveness without executing the code. An analyzer can be used in conjunction with development for continued code quality checks, or once the code is in its finalization stages.
SED
A self-encrypting drive (SED) includes both the hardware and software to encrypt data on a drive. Keys are securely stored within for decryption. SED requires credentials to be entered for decryption.
provides encryption for a whole disk and protects the confidentiality of the data
Full disk encryption (FDE)
radio frequencies emitted by external sources, such as power lines that disturb signals. Can be avoided by shielding
Electromagnetic interference (EMI)
combination of hardware and software used to adjust settings in a computer.
BIOS
UEFI
Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer’s firmware to its operating system. UEFI is the replacement for Basic Input/Output System (BIOS) and has many advancements to include provisions for secure booting.
process of checking and validating system files during a boot process.
Attestation
a known secure starting point by embedding a private key in the system. The key remains private until the public key is matched.
hardware root of trust
environment mimics that of production and allows for an environment to practice deployment
staging
the final stage of the deployment effort. Testing in this environment would be too late, given it is the operational environment.
Production
A place for creation. Requirements are turned into reality in this environment
development
An isolated environment that is often used for testing. Security, patches, and critical updates can be tested.
sandbox
Dynamic analysis
Inspects code as it is running for code quality and vulnerabilities.
NIDS
Network Intrusion Detection System (NIDS) is an appliance at the network level.
NIPS
Network Intrusion Prevention System (NIPS) is like a NIDS but uses intrusive means to protect the network.
