4.6-4.9 Flashcards
just-in-time permissions
allows tech to receive elevated rights for a limited amount of time
password vaulting
primary credentials are stored in password vault. just in time process creates ephemeral credentials off of those primary credentials
how can automation help with user and resource provisioning
automation and scripting can automatically assign access to specific resources
guard rails
automated script can verify inputted info to correct human errors
security groups automation
assign or remove group access
ticket creation
automatically identify issues for tickets
escalation
correct issues before involving a human
considerations for automation and scripting
technical debt
ongoing supportability
patching problems down the road. more expensive to fix later.
have to keep updating the script over time.
Process: Preparation
have incident analysis resources, incident mitigation software, incident handling hardware and software
Process: Detection
many different detection sources
Process: Analysis
analyze all data from detection and see if you can locate the incident
Process: Containment
isolate the problem into a sandbox so it doesn’t spread
incident response process
-Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Lessons learned
threat hunting
find the attacker before they find you
what is digital forensics
what is acquisition and reporting in df
collect and protect information relating to an intrusion
acquisition (obtain) , analysis and reporting(document the findings)