Analyzing Security Output 2.4 Flashcards

1
Q

Host-Based Detection Systems

A

Intrusion Detection/Prevention Systems. Anti-Virus and ID/PS used to be separate apps however now they are often integrated together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Endpoint Security

A

Not just Antivirus. Endpoint security aims to protect the IT infrastructure at large by protecting the endpoints as gateways to it. As such, it does protect against malware and other external threats. Endpoint security doesn’t just focus on endpoints; it also protects the data stored on them. Data Loss Prevention monitors data on your corporate endpoints, can block any unwarranted traffic, and notify your IT security team of anomalies. You should have a clear idea of where sensitive data moves in and out of your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Antivirus

A

Analyzes attacks, bad URL’s, ransomware attacks, malicious installation packages. Alerts upon recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

File Integrity Check

A

Software built into many OS’s. In Windows its known as SFC. It will scan your system and make sure your core OS files are good. If it detects corruption, it will repair it. It will generate a large log of what it checked and the details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Host-Based Firewalls

A

Built into many apps. Basically required for mobile devices. Restricts apps and network port numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Application Whitelisting

A

Setting up rules via the OS on what apps are allowed to run on it. Also built into an centralized OS to manage all of the devices on the network. You can whitelist using Application Hash (unique identifiers) or through digitally signed certificates. Additionally only certain application paths can be allowed to run. Lastly whitelisting an entire network zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

USB Devices

A

Security vulnerability. Windows Event log can track USB use and will log the filenames copied to/from USB/portable hard drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Advanced Malware Tools

A

Antivirus cant handle systems that get infected by malware. These tools are specifically designed to remove malware. Malware is very pervasive. It’s generally easiest to delete your system and restore it from a good backup if able. Stay diligent and prevent it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Patch Management Tools

A

Windows tracks important security logs about patches on your computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Unified Threat Management (UTM)

A

Also known as web security gateways. Combine many security technologies into one device such as Router/Switch/Firewall/URL Filter etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Execution Prevention (DEP)

A

Your CPU can work in conjunction with your OS to allocate specific protected locations to prevent executables. If an executable is attempting to run from within these areas, the code will not be able to run and the malware and viruses will be prevented from executing. The OS must support this feature. Windows calls it Data Execution Prevention (DEP). Can be viewed in Event Viewer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Web Application Firewall (WAF)

A

Not like a traditional network firewall. It’s looking at conversation between web client and web server. If it detects unauthorized input, it stops it. SQL injections for example.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly