701 - Section 4 Flashcards
What makes up a secure baseline?
The specific device or applications foundational security policy
In my working experience, what is a secure baseline that I have used?
STIG checklists
What is it called to apply these foundational secure configurations to the associated system?
Hardening
What are three general ways to harden a mobile device?
Always apply updates when ready, segment the company and user data, control with an MDM, which is a mobile device manager
What are three ways to harden a workstation?
Apply and automate monthly patches, connect to a policy management system, such as active directory group policy, remove unnecessary software to limit the threats
How do you harden network infrastructure devices?
Always check with the manufacturer because when they do put out security updates, while not frequent, they are usually very important.
What are three ways to harden cloud infrastructure?
Apply least privilege to services, network settings, etc… configure endpoint detection and response (EDR), always have an offsite back up
What are four general ways to harden a server?
Always apply all updates service packs, and patches… apply best practices to user accounts, limit network access, monitor and secure with antivirus anti-malware software
How do you harden an embedded system because they can be difficult to upgrade?
Apply security patches when available, prevent access from unauthorized users
How do you harden an RTOS?
Isolate the system, run with the minimum services needed, protect with a host-based firewall
How do you harden IOT devices?
Change the default passwords, deploy updates quickly, segment these devices by putting them on their own VLAN
What is another name for a map of an organizations wireless network?
A site survey
What are some of the benefits of a site survey?
They identify existing access points, they allow you to lay out and plan for interference, they identify wireless signal strengths
What is an especially helpful wireless survey tool?
Spectrum analyzer
What are three Features that an MDM provides?
Centralize management of the mobile devices, sets policies on apps, data, camera… Manages access control for things like screen locks and PINs
What does BYOD stand for?
Bring your own device
What does COPE stand for? And what is it?
Corporate owned personally enabled… When the company buys and controls the device but allows you to use it as a personal device as well
What are three security concerns with a cellular network?
Traffic monitoring, location tracking, worldwide access to any mobile device
What are three securities concerns with the Wi-Fi network?
Data capture so encrypt your data, on path attacks, denial of service
What is another name for Bluetooth?
PAN or personal area network
How do we ensure that all wireless communication is confidential?
By encrypting the wireless data
What is MIC? And what is it used for?
Message integrity check, and it is used to confirm that the received data is identical to the original #DATA sent
What is the problem with WPA2?
It is vulnerable to a pre-shared key (PK) brute force attack
What is a pre-shared key?
It is the wireless key that everyone uses when they connect
What protocol solves the WPA two PSK problem?
WPA3 and GCMP
What is GCMP and what does it offer?
Galois counter mode protocol. It offers #DATA confidentiality with AES, MIC with Galios message authentication code GMAC
How does W PA3 resolve the issues with WPA2?
It includes mutual authentication, creates a shared session key without sending that key across the network, no more four-way handshakes or ashes which eliminates the brute force attack vector
What is SAE stand for, and how does it work,
Simultaneous authentication of equals… it uses a Diffie-Hellman derived key exchange with an authentication component, uses a different session key even with the same pre-shared key, and includes an eye EEE standard the dragonfly handshake
Where do you configure security on a wireless network?
On your wireless access point or wireless router
What are three wireless security modes?
Open system, which means no authentication password is required, WPA3 personal or WPA3 PSK, WPA3 Enterprise or WPA3-802.1x
What does radius stand for?
Remote authentication dial-in user service
What is RADIUS? And what does it do?
One of the more common AAA protocols and is supported on a wide variety of platforms and devices… it’s centralizes the authentication for users
What is the AAA framework?
Authentication, authorization, accounting
What is EAP, and what standard is it integrated with?
Extensible authentication protocol. It is an authentication framework… It integrates with 802.1X
What is a primary methodology that developers can use to secure their application?
Validate the input fields
What is a secure cookie?
A cookie that has its secure attribute set a browser will only send it over HTTPS
True or false it is OK to store sensitive information within a cookie?
False, they are not designed to be secure storage
What are four methods for securing application code?
Static code analyzers, code signing, sandboxing, application security monitoring
What method of securing code uses automated tools to identify security flaws?
Static code analyzers also known as static application security testing SAST
What method of application code security is used to confirm that the application was written by a specific developer? And how does it work?
Code signing, which means the application code is digitally signed by the developers private key
Which form of application code security separates the application where it cannot access unrelated resources? And where else can it be used?
Sandboxing… it can be used in many different types of deployment, such as the M, mobile devices, browser Iframes
Which form of application code security separates the application where it cannot access unrelated resources? And where else can it be used?
Sandboxing… it can be used in many different types of deployment, such as the M, mobile devices, browser Iframes
Which form of application security uses real time logging information?
Application security monitoring
What is this testing methodology called that throws random data at input fields on a form?
Fuzz testing
What is the name of the multi step process for requesting and obtaining goods and services?
Acquisition or procurement process
What does an organization use to track IT equipment purchased and who it is assigned to?
A central asset tracking system
What is the process called to completely remove #DATA so no usable information remains?
System disposal or decommissioning
What is usually contained on an asset tag?
Barcode, RF ID, visible tracking number, organization name
What can be used to physically destroy an asset like a hard drive?
Shredder or pulverizer, a drill or hammer, degaussing Which removes the magnetic field or incineration
When a third-party physically destroys an IT acid, what do you receive in return that confirms the assets has been destroyed and how it was destroyed?
A certificate of destruction
What is it called when you back up your data and keep it for a period of time?
Data retention
What are two reasons why data is retained?
Regulatory compliance or operation needs
Is vulnerability scanning the same thing as penetration testing?
No
What is it? An example of vulnerability scanning that I have used in the past? And what is one example within the scans?
ACAS or Nessus, a port scan to see what ports are open
What is SAST and what does it do?
Static application secure testing, and it is used to help identify security flaws within application code… it can identify security, vulnerabilities such as buffer, overflows, and database injections
True or false, knowing who the threat actors are is helpful with threat intelligence?
True
True or false, knowing who the threat actors are is helpful with threat intelligence?
True
What does OSINT stand for?
Open source intelligence
This type of threat intelligence is compiled and available for sale and is constantly monitoring for new threats so it’s always being updated?
Proprietary or third-party intelligence
What is CTA?
Cyber threat alliance… A member group who compiles, classifies threat intelligence for CTA members
What is the internet area where hacking groups provide tools and techniques and other information for sale, including credit cards and account and passwords?
Dark web… it is good to monitor this area for signs of your or your companies information..
The process of simulating and attack is called what?
Penetration testing
What is the organization that provides technical guides and testing and assessment procedures for penetration testing?
The national Institute of standards and technology… NIST
This is an important document that outlines the purpose and scope and makes everyone aware of the test parameters for the penetration test?
Rules of engagement
What are some of the items within the rules of engagement?
The type of testing (physical, internal/external)and schedule, and the rules
What are some of the rules that might be outlined and the rules of engagement?
IP address ranges, emergency contacts, how to handle sensitive information
What are some of the dangers of penetration testing?
Could cause a denial of service or loss of data, buffer overflows can cause instability, privilege escalations can occur
And penetration testing, once you were able to gain access to a system, what are some important moves to test?
Lateral movement or moving from system to system, which tests if the network is relatively unprotected, being persistent, and ensuring once in that you can get back in by setting up a back door building fake user accounts, changing or verifying default passwords
What is called a reward offered for discovery of vulnerabilities?
A bug bounty program
At what point is a vulnerability publicly announced?
After the manufacturer has created a fix
What is a vulnerability that is identified that doesn’t really exist called?
False positive
What is a vulnerability that exist but is not detected?
False negative
It is important to have the latest of these when performing vulnerability scans?
Signatures
What does CVSS stand for and what is it?
Common vulnerability scoring system… It provides a quantitative scoring of a vulnerability from 0 to 10
What does CVE stand for, and what is it?
Common vulnerabilities and Exposures… Each vulnerability is assigned a CV and contains a CVSS score
What types of systems are generally included in a vulnerability scan?
Desktop, mobile apps, web application, misconfigured firewalls, open ports
What is the loss of value or business activity if the vulnerability and an organization is exploited called?
The exposure factor and it’s usually expressed as a percentage… This is also a useful metric when assigning priority
This type of variable for assigning a vulnerability priority when it impacts things such as internal servers, public cloud, or test lab?
Environmental type
This type of variable for assigning a vulnerability priority when it impacts things such as hospitals or power plants?
Industry or Organizational impact
What is the amount of risk acceptable to an organization called?
Risk tolerance
What is the most common mitigation technique for vulnerability remediation?
Patching
An unscheduled patch that has the highest priority is generally for what type of vulnerability?
Zero day
What can an organization purchase for a cyber security event does occur that causes loss?
Cyber security liability insurance
To limit the scope of an exploit, an organization will separate devices into their own networks/VLANS… what is that called?
Segmentation
What type of segmentation is it when the application is completely disconnected from everything?
And air gap
What can be used to block unwanted unnecessary internal traffic between VLANs?
NGFWs