4.1 Flashcards
Secure baselines, hardening targets, securing wireless and mobile, wireless security settings, application security
A template of a secure configuration that can be modified in order to best serve the specific application it is being used for.
They are often available from the manufacturer of the device or application.
Security baseline
True/False
Most security baselines rarely need updating/changing
True
However, some baselines may require frequent updating due to discovered vulnerabilities or new software needed.
2 common hardening techniques for mobile devices
Update
Segmentation (user vs company data)
True/False
Mobile devices typically have hardening checklists available from the manufacturer
True
4 ways to harden a workstation
Keep it updated
Automate the monthly security patches (but make sure to test them)
Connect to a policy management system (AD group policy, etc.)
Remove unnecessary software
2 ways to harden network infrastructure devices
Configure authentication - don’t use defaults!
Check with the manufacturer for security updates
(Because these are purpose-built devices, they don’t get updated often. But any updates are always important.)
4 ways to harden/secure cloud infrastructure
Secure the cloud management workstation
Implement least privilege
Configure EDR (all devices accessing the cloud should be secure)
Always have backups (you can backup to a separate cloud provider)
4 ways to harden/secure servers
Update and patch
Secure accounts (least privilege, password requirements)
Limit network access (firewall)
Monitor and secure (antivirus, antimalware)
SCADA stands for
Supervisory Control and Data Acquisition System
1 way to harden/secure SCADA/ICS
Extensive segmentation - no access from the outside
3 ways to harden/secure embedded systems
Security patches
Segmentation on their own network
Firewall in front of the segment
Note: Upgrading/modifying an existing embedded system is not always an option. Remember that embedded systems don’t usually allow access into the OS. Things like televisions and watches are easy, but other things not so much.
3 ways to harden/secure RTOSs
Isolate the system from the rest of the network
Run with the minimum amount of services
Use secure communication (firewall)
3 ways to harden/secure IoT devices
Change default accounts and configurations
Deploy updates quickly
Segment IoT devices on their own VLAN
The inspection of a location that involves what wireless networks are nearby, determining the existing wireless spectrum, identifying existing access points, and a plan for how to work around existing wireless frequencies.
Site survey
A two-dimensional diagram that shows wireless AP signal coverage.
Heat map
AKA Wi-Fi coverage map
MDM stands for
Mobile Device Management
BYOD stands for
Bring Your Own Device
A system that allows centralized management of mobile devices. Can set policies on features (camera, apps, data, etc.), enforce segmentation, and manage access control (screen locks, PINs).
MDM
A policy that allows employees to bring their own personal device to be used partially for work. The device will be managed via an MDM.
BYOD
COPE stands for
Corporate owned, personally enabled
A policy where the organization purchases the device for employees to use as both a personal and corporate device.
COPE
Difference between COPE and CYOD
CYOD allows the employee to choose which device they want to use
CYOD stands for
Choose Your Own Device
PAN stands for
Personal Area Network
PAN is AKA
Bluetooth
MIC stands for
Message Integrity Check
3 methods to secure a wireless network
Authenticate users before granting access
Encrypt all confidential communication
Verify integrity of communication (MIC)
True/False
WPA2 is insecure because it is vulnerable to brute force attacks
True
Which cipher mode does WPA3 use? This encryption is stronger than that of WPA2.
GCMP
GCMP stands for
Galois/Counter Mode Protocol
2 security services that GCMP provides
Data confidentiality with AES
MIC with GMAC (Galois Message Authentication Code)
SAE stands for
Simultaneous Authentication of Equals
The authentication process used in WPA3
SAE
A derivation of Diffie-Hellman key exchange with an authentication component. Everyone uses a different session key even if they each use the same pre-shared key.
Eliminates the need for four-way handshakes and hashes, so it is not vulnerable to brute force attacks.
SAE
SAE is AKA
Dragonfly handshake
True/False
A PSK is the same thing as a network password
False
A PSK is a super-long series of seemingly random letters and numbers generated when a device joins a network through a wireless AP. The process begins when a user logs into the network using the SSID (name if the network) and password.
The PSK is derived from both the SSID and password, which is then used in conjunction to create an even more complex encryption key to protect data sent over the network.
A PSK plays an essential part in the encryption process that keeps network traffic secure.
PSK stands for
Pre-shared key
The 2 most common methods of securing a network
Pre-shared password (PSK)
Centralized authentication (802.1X)
WPA3-Personal / WPA3-PSK provides authentication via
PSK
WPA3-Enterprise / WPA3-802.1X provides authentication via
Individual authentication credentials with an authentication server (ex. RADIUS, LDAP, TACACS+, etc.)
A framework that identifies users, authenticates them, identifies their permissions, and logs what resources that user accessed.
AAA framework
RADIUS stands for
Remote Authentication Dial-In User Service
One of the most common AAA protocols that is supported on a wide variety of platforms and devices.
It centralizes authentication for users–through routers, switches, firewalls, VPNs, and 802.1X network access.
RADIUS
When a network says it is an “open system” that means…
No authentication/password is required
NAC stands for
Network Access Control
A control that prevents network access until authentication is successful (802.1X is just one type of this)
NAC
802.1X NAC is used in conjunction with…
AAA server (RADIUS, LDAP, TACACS+, etc.)
Allows administrators centralized management for disabling accounts, forcing password changes, etc.
A framework used with 802.1X that allows manufacturers to customize authentication measures for their devices to meet requirements.
Combined with 802.1X to provide authentication to the network.
EAP
EAP stands for
Extensible Authentication Protocol
A security process that prevents unexpected input from being interpreted by an application
Input validation
A type of input validation that raises an error when the input does not match what is expected. (ex. SSN should be 9 characters and only have integers.)
Normalization
An automated tool that inputs random data of random types to see what the application does. If the application behaves unexpectedly, the developer can fix whatever issue it has.
Fuzzer
Small pieces of information that are stored on your browser that track the websites you visited. They are used for personalization and session management.
Cookies
Difference between cookies and secure cookies
Secure cookies will only be transferred when using a secure connection (ex. HTTPS)
SAST stands for
Static Application Security Testing
An automated analysis tool that identifies known vulnerabilities (buffer overflows, database injections, etc.)
SAST
A way to ensure that the code you are installing is the same code that was deployed by the developer/manufacturer
Code signing
A method of isolating a system for the purposes of testing data without affecting the production network.
Sandbox
Real-time detection of application use that can indicate who is accessing the application, blocked attack attempts, identify anomalous file transfers or increased permissions, and log events.
Application security monitoring
2 vulnerabilities that CANNOT be identified by a SAST tool.
Authentication security
Insecure cryptography