Chapter 1 Flashcards
What is Security?
The ways an organization can protect its own data. (Pg. 5)
What are the 3 main components of Security?
Confidentiality, integrity, and availability. (Pg. 5)
What is Privacy?
The ways an organization can use and share information that it has collected about individuals, known as PII. (Pg. 5)
What is GAPP?
Generally Accepted Privacy Principles. This is a set of 10 privacy practices that organizations should strive to follow. (Pg. 6)
What is a Vulnerability?
A weakness in a device, system, application, or process that might allow an attack to take place. (Pg. 7)
What is a Vulnerability?
A weakness in a device, system, application, or process that might allow an attack to take place. (Pg. 7)
What is a threat?
An outside force that may exploit a vulnerability. (Pg. 7)
What is a risk?
The combination of a threat and a corresponding vulnerability. Both of these factors must be present before a situation poses a risk to the security of an organization. (Pg. 7)
Define NIST and its purpose.
The National Institute of Standards and Technology. It publishes a guide for conducting risks assessments that’s widely used throughout the cybersecurity field as a foundation for risk assessments. (Pg. 8)
What is the Special Publication (SP) for the NIST risk assessment document.
NIST SP 800-30. (Pg. 8)
Define the NIST SP 800-30 risk assessment process.
Threats and vulnerabilities should be identified and then used the determine the level of risk posed by the combination of those threats and vulnerabilities. (Pg. 8)
What are the 4 steps to the NIST SP 800-30 risk assessment process?
- Prepare for Assessment
- Conduct Assessment.
- Communicate Results.
- Maintain Assessment. (Pg.8)
What is an adversarial threat?
Individuals, groups, and organizations that attempt to deliberately undermine the security of an organization. Adversaries may include trusted insiders, competitors, suppliers, customers, business partners, or nation-states. (Pg. 9)
What are Technical Controls?
Systems, devices, software, and settings that work to enforce confidentiality, integrity, and/or availability requirements. (Pg. 12)
What are Operational Controls?
Practices and procedures that bolster cybersecurity. Ex: Penetration testing and reverse engineering. (Pg. 12)
Explain how 802.1X works.
802.1X is a protocol (known as a NAC standard) is used to authenticate devices on a network. The supplicant, which is on the requesting device, attempts to authenticate with the switch or WAP’s authenticator service. The authenticator reaches out to the RADIUS server to verify authentication and either allows the request and joins it to the network or rejects the request. (Pg. 13)
Define Agent-Based vs Agentless NAC solutions.
An agent-based solution (like 802.1X) requires the requesting device runs special software to communicate with the NAC service.
An agentless solution conducts authentication utilizing a web browser and does not require special software. (Pg. 13)
In-Band vs Out-of-Band NAC solutions.
In-band (or inline) NAC solutions use dedicated appliances that sit in between devices (like a captive portal) and the resource and deny or limit network access to device that do not pass NAC authentication.
Out-of-Band Nac Solutions (like 802.1X leverage existing network infrastructure and have network devices communicate with authentication servers for access. The network is reconfigured to grant or deny access. (Pg. 13)
What is a screened subnet?
A Screened Subnet is a special network zone designed to house systems that receive connections from the outside world, such as web and email servers. The devices sit on an isolated network. (Pg. 15)
Describe Stateful inspection firewalls.
These firewalls maintain information about the state of each connection passing through the firewall. Standard standalone firewall type. (Pg. 17)
Describe Next-generation firewalls (NGFWs).
More information is incorporated into these firewalls decision making process, such as contextual information about users, applications, and business processes. Expensive compared to Stateful inspection firewalls. (Pg. 17)
Describe Web application firewalls (WAFs).
Specialized firewalls designed to protect against web application attacks, such as SQL injection and cross-site scripting. (Pg. 17)
What is a Jump Box?
A server that acts as a secure transition point between segmented networks. A system admin can initiate an SSH or RDP request, for example, on one network to connect to the jump box in order to access the other network. (Pg. 17)
What is a DNS Sinkhole?
A DNS sinkhole feeds false information to malicious software that works its way onto the enterprise network. The DNS server detects suspicious request when a compromised systems attempts to obtain information from a DNS server about its command-and-control (C&C or C2) sever and responds with the IP address of a sinkhole system designed to detect and remediate the botnet-infected system. (Pg. 19)
