C836 Ch. 11 Flashcards
Operating system hardening
The process of reducing the number of available avenues through which our operating system might be attacked
Attack surface
The total of the areas through which our operating system might be attacked
Name the six main hardening categories
- Removing unnecessary software
- Removing or turning off unessential services
- Making alterations to common accounts
- Applying the principle of least privilege
- Applying software updates in a timely manner
- Making use of logging and auditing functions
The principle of least privilege
A principle that states we should only allow a party the absolute minimum permission needed for it to carry out its function
A particularly complex and impactful item of malware that targeted the Supervisory Control and Data Acquisition (SCADA) systems that run various industrial processes; this piece of malware raised the bar for malware from largely being a virtual-based attack to actually being physically destructive
Stuxnet
Anti-malware tool
A type of tool that uses signature matching or anomaly detection (heuristics) to detect malware threats, either in real-time or by performing scans of files and processes
Heuristics
The process of anomaly detection used by anti-malware tools to detect malware without signatures
Executable space protection
A hardware- and software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code
Buffer overflow attack
The act of inputting more data than an application is expecting from a particular input, creating the possibility of executing commands by specifically crafting the excess data
Address space layout randomization (ASLR)
A security method that involves shifting the contents of memory around to make tampering difficult
Software firewall
This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities
Host intrusion detection system (HIDS)
A system used to analyze the activities on or directed at the network interface of a particular host
Scanner
A type of tool that can detect various security flaws when examining hosts
Vulnerability assessment tool
A tool that is aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilities
Nessus
A well-known vulnerability assessment tool (it also includes a port scanner)