3.3 Given a scenario, implement secure systems design. Flashcards

1
Q

Hardware/Firmware Security

A

When implementing system and device security, it is critical to look to hardware features or firmware features that can add to the security of the system or device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hardware/Firmware Security - FDE/SED

A

As discussed earlier, full disk encryption (FDE) is a security feature that allows a device to encrypt the entire hard disk to help maintain confidentiality in cases where a device is lost or stolen. You can also use a stream editor (SED) to transform text inside a file to an unreadable format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hardware/Firmware Security - TPM

A

When working with full disk encryption, you can use a Trusted Platform Module (TPM module), which is a computer chip located on the motherboard, to store encryption keys for the FDE feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Hardware/Firmware Security - HSM

A

Environments needing a high level of security can leverage a hardware security module (HSM), which is an add-on card or a separate device that takes care of managing encryption keys for the environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hardware/Firmware Security - UEFI/BIOS

A

There are a number of UEFI or BIOS features that can be enabled to help with hardware security. For example, you can add bootup passwords to a device, prevent booting from optical drives or USB drives, and password protect the UEFI/BIOS setup program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hardware/Firmware Security - Secure Boot and Attestation

A

Secure boot is a device security feature that can be enabled that involves the system digitally signing the bootup files. Once the files are signed, the system will only load digitally signed files during bootup. This helps prevent someone from booting another operating system on that system in order to gain access to the system and its data. Attestation in this context means that the system has booted the way it was supposed to based on the digital signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hardware/Firmware Security - Supply Chain

A

The supply chain is the list of organizations and people
that a product must move through before it reaches its customer. Be sure to get confirmation that you will be able to order parts and receive delivery quickly should a hardware failure occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hardware/Firmware Security - Hardware Root of Trust

A

Hardware roots of trust are hardware components trusted by the system that perform security functions. For example, a TPM module that generates and stores a key pair.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hardware/Firmware Security - EMI/EMP

A

Electromagnetic interference (EMI) is interference from an external source that distorts information being transmitted. An electromagnetic pulse (EMP) is a burst of electromagnetic energy. Ensure that you use technologies that are immune to EMI/EMP, such as fiber optic cabling instead of twisted-pair cabling, in order to protect your data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Operating Systems

A

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Operating Systems - Types

A

Depending on the type of operating system you are reviewing, you will need to refine the steps that you take to put the system in a secure state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Operating Systems - Types - Network

A

A network operating system is designed to run on servers. Be sure to load only the services that are required of the network operating system to help reduce the number of vulnerabilities being exposed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Operating Systems - Types - Server

A

Server operating systems are designed to provide resources to clients such as files and printers. Lockdown each server by only installing the software required and keep it up to date with patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Operating Systems - Types - Workstation

A

A workstation is what the user uses to access network resources. Be sure to install anti-malware software and keep the client up to date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Operating Systems - Types - Appliance

A

An appliance is any device used by the users. Be sure to

investigate any services or protocols that are running on the appliance so that you can disable if needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Operating Systems - Types - Kiosk

A

A kiosk is a computer system in a public place, such as the front foyer of the building, that people can use for selected reasons. Be sure to lock down the kiosk and limit the applications that can run on it.

17
Q

Operating Systems - Types - Mobile OS

A

Apple also uses closed source OSs—macOS for its Macintosh computers and iOS as a mobile OS for mobile devices such as iPhones and iPads. Because they are closed source, only Apple updates or modifies these OSs.

Linux is derived from Unix and is open source, meaning that it is freely available to anyone. Developers have access to the code and can modify, improve, and, at times, freely redistribute it. Because of this, there is an almost endless assortment of Linux versions. As an example, the Android OS is open source software, and it was derived from the open source Linux OS. Additionally, many mobile device manufacturers modify the Android OS and use it as a mobile OS for their devices. It’s worth noting that the use of Linux in many systems has steadily increased. More, CompTIA has been adding additional Linux-based objectives in their exams, including the Security+ exam.

18
Q

Operating Systems - Patch Management

A

Be sure to patch all systems, including applying updates to mobile devices and their applications.

19
Q

Operating Systems - Disabling Unnecessary Ports and Services

A

Always look at the default software running on a device and disable any unnecessary ports that are open and any unnecessary services that are running.

20
Q

Operating Systems - Least Functionality

A

When dealing with devices such as mobile devices, look at the features offered by the device and disable any features that you are not going to use.

21
Q

Operating Systems - Secure Configurations

A

Be sure to review the configuration of the system or device and enable any security features. For example, a mobile device should have an auto-lock feature enabled

22
Q

Operating Systems - Trust Operating System

A

Use a trusted OS. A trusted OS is a system that implements multiple layers of security, such as authentication and authorization, to determine who can access a system and what they can do.

23
Q

Operating Systems - Application Whitelisting/Blacklisting

A

You can restrict what software is allowed to run on a system with a whitelist, or you can block software from running with a blacklist.

24
Q

Operating Systems - Disable Default Accounts/Passwords

A

Disable any default accounts that exist and create your own replacement accounts with a strong password.

25
Q

Peripherals

A

Another aspect of securing systems is ensuring that the peripherals are in a secure state.

26
Q

Peripherals - Wireless Keyboards/Mice

A

Using a wireless keyboard (or mouse) opens your system to communication from unwanted sources. The USB dongle that accepts transmissions can be hijacked by a hacker, allowing the hacker to type commands on your system. Keep the system up to date with patches to help prevent the exploit, but also do not use wireless keyboards and mice in highly secure environments.

27
Q

Peripherals - Displays

A

To secure displays, be sure to put screen dampeners over the displays to help prevent someone from eavesdropping over a user’s shoulder and seeing sensitive information.

28
Q

Peripherals - WiFi-enabled MicroSD Cards

A

Wi-Fi-enabled MicroSD cards are SD cards that have a wireless chip in them that allows them to receive data remotely from devices such as cameras.

29
Q

Peripherals - Printers/MFDs

A

When it comes to printers and other multifunction devices, you should first disable any features that are not being used, such as wireless functionality or, if applicable, the built-in web server. Before you dispose of a printer, check whether there is a drive in the printer that is used to queue print jobs, as this could be a way for someone to access data after you get rid of the printer. Be sure to destroy the drive when you dispose of the printer.

30
Q

Peripherals - External Storage Devices

A

Allowing a user to connect an external storage device to a system can expose that system to worm-based viruses that exist on the external or removable drive. Also, allowing someone to connect an external drive allows them to easily copy data and take it away with them. To help protect the system, restrict the use of external storage devices and implement DLP to prevent data leaks.

31
Q

Peripherals - Digital Cameras

A

Be aware of any technologies built into the camera, such as wireless communication and storage, and be sure to disable the features that you are not using. For example, if you are not using the wireless capabilities of the camera, disable wireless to prevent a hacker from exploiting the device via wireless.