Ch 11- 2 Minute Drill Flashcards
Network Security: Best Practices (1)
Hardening is the process of ensuring that a system is not vulnerable to compromise. Logging must be enabled to track potential intrusions. Only the required software components should be installed on the system, software patches should be applied regularly, firewall and animal ware software should be functional and up to date, and any unused user accounts should be disabled or removed.
Network Security: Best Practices (2)
A penetration test tests network and host security by simulating malicious attacks and then analyzing the results. Not to be confused with a vulnerability assessment, which only identifies weaknesses and can be determined without running a penetration test.
Data Security (1)
A public key infrastructure (PKI) is a hierarchy of trusted security certificates that each contain unique public and private key pairs, used for data encryption and verification of data integrity.
Data Security (2)
Cipher text is the result of feeding plaintext into an encryption algorithm; this is the encrypted data. Block ciphers encrypt chunks of data at a time, whereas the faster stream ciphers encrypt data normally a binary bit at a time. Stream ciphers are best applied where there is an unknown variable amount of data to be encrypted.
Data Security (3)
Symmetric encryption uses the same secret key for encryption and decryption. The challenge lies in safely distributing they key to all involved parties.
Data Security (4)
Asymmetric encryption uses 2 mathematically related keys (public and private) to encrypt and decrypt. This implies a PKI. The public and private key pairs contained within a PKI certificate are unique to that subject. Normally data is encrypted with the recipient’s public key, and the recipient decrypts that data with the related private key. It is safe to distribute public keys using any mechanism to the involved parties.
Data Security (5)
A digital signature is a unique value created from the signer’s private key and the data to which the signature is attached. The recipient validates the signature using the signer’s public key. This assures the recipient that data came from who it says it came from and that the data has not been tampered with.
Access Control Methods (1)
Role-based access control is a method of using groups and roles to assign permissions to network resources. This scales well because once groups or roles are given the appropriate permissions to resources, users can simply be made members of the group or role to inherit those permissions.
Access Control Methods (2)
Mandatory access control (MAC) is a method of authentication whereby a computer system, based on configured policies, checks user or computer attributes along with data labels to grant access. Data labels might be applied to files or websites to determine who can access that data. The data owner cannot control resource permissions.
Access Control Methods (3)
Discretionary Access Control (DAC) allows the owner of the data to grant permissions, at their discretion, to users. This is what is normally done in smaller networks where there is a small user base. A larger user base necessitates the use of groups or roles to assign permissions.
Access Control Methods (4)
Multifactor authentication is any combination of 2+ authentication methods stemming from what you know, what you have, and what you are. For example, you might have a smart card and also know the PIN to use it. This is 2 factor authentication.
Access Control Methods (5)
Single sign-on (SSO) requires users to authenticate only once. They are then authorized to use multiple IT systems without having to log in each time.
Access Control Methods (6)
Federation allows SSO across multiple IT systems using a single identity (username and password, for example), even across organizational boundaries.
