Chapter 1 Flashcards
Define Confidentiality:
prevents the unauthorized disclosure of data.
The different methods to ensure confidentiality is:
Encryption
Access Controls
Steganography
Obfuscation
Define Encryption:
scrambles data to make it unreadable by unauthorized personnel
What is included to provide access controls?
Identification
Authentication
Authorization
Define Identification:
a unique username
Define Authentication:
a password
Define Authorization:
grant or restrict access to resources
Define Steganography:
the practice of hiding data within data
Define obfuscation:
security through obscurity
The CIA security triads includes:
Confidentiality
Integrity
Availability
Define Integrity:
provides assurances that data has not changed
What can you use to enforce integrity?
Hashing or Message Authentication Code (MAC)
Digital signatures
Describe hash:
a number created by executing a hashing algorithm against data, such as a file or message
What are two key concepts related to integrity?
Integrity provides assurances that data has not been modified, tampered with, or corrupted
Hashing verifies integrity
Digital signatures provide:
non-repudiation
Digital signatures requires:
the use of certificates
and
Public Key Infrastructure (PKI)
Certificates include:
keys used for encryption
Public Key Infrastructure provides:
the means to create, manage, and distribute certificates
Define non-repudiation:
the ability to prevent a party from denying an action.
Access logs provide:
non-repudiation
Define availability:
indicates that data and services are available when needed
What is a common goal of fault tolerance and redundancy?
To remove each single point of failure (SPOF)
Some fault tolerance and redundancy techniques:
Disk redundancies
Server redundancies
Load balancing
Site redundancies
Backups
Alternate power
Cooling systems
Define disk redundancies:
fault-tolerant disks allow a system to continue to operate even if a disk fails
RAID-1:
mirroring
RAID-5:
striping with parity
RAID-10:
striping with a mirror
Define server redundancies:
Failover clusters include redundant servers and ensure a service will continue to operate, even if a server fails
Virtualization can also increase availability of servers by reducing unplanned downtime
Load balancing uses:
multiples servers to support a single service
Site redundancies provide:
an alternate site when a site can no longer function due to a disaster
Alternate power:
Uninterruptible power supplies (USPs) and power generators can provide power to key systems even if commercial power fails.
Cooling systems:
heating, ventilation, and air conditioning (HVAC) systems improve the availability of systems by reducing outages from overheating
One of the basic goals of implementing IT security is to:
reduce risk.
Define Risk:
the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
Define Threat:
any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
Define Vulnerability:
a weakness in either the hardware, software, configuration, or even the users operating the system.
When can a security incident occur?
When a threat exploits a vulnerability.
Define security incident:
an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.
Risk mitigation:
reduces the chances that a threat will exploit a vulnerability.
Technical controls:
use technology to reduce vulnerabilities
Administrative controls:
use methods mandated by organizational policies or other guidelines
Physical controls:
are any controls that you can physically touch
Preventive controls:
attempt to prevent security incidents
Detective controls:
attempt to detect when vulnerabilities have been exploited, resulting in a security incident
Corrective controls:
attempt to reverse the impact of an incident or problem after it has occurred
Compensating controls:
are alternative controls used when a primary control is not feasible
Example of technical controls:
Encryption
Antivirus software
Intrusion detection systems (IDSs) and Intrusion prevention systems (IPSs)
Firewalls
Least privilege
Define encryption:
a strong technical control used to protect confidentiality
Define antivirus software:
once installed, the antivirus software provides protection against malware infection
Define Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs):
can monitor a network or host for intrusions and provide ongoing protection against various threats
Define firewalls:
restrict network traffic going in and out of a network
Define least privilege:
specifies that individuals or processes are granted only the privileges they need to perform their assigned tasks or functions, but no more.
Some common administrative controls are:
Risk assessments
Vulnerability assessments
Penetration tests
Risk assessments help:
quantify and qualify risks within an organization so that the organization can focus on the serious risks
Vulnerability assessment attempts to:
discover current vulnerabilities or weaknesses
Penetration tests attempt to:
exploit vulnerabilities
Many administrative controls are also known as:
operations or management controls
Operational or management controls include the following families:
Awareness and training
Configuration and change management
Contingency planning
Media protection
Physical and environmental protection
Training helps users:
maintain password security, follow a clean desk policy, understand threats such as phishing and malware, and much more
Configuration management often uses:
baselines to ensure that systems start in a secure, hardened state
Change management helps ensure that:
changes don’t result in unintended configuration errors
The goal of contingency planning is to:
reduce the overall impact on the organization if an outage occurs
Media protection includes:
physical media such as USB flash drives, external and internal drives, and backup tapes
Physical and environmental protection includes:
physical controls, such as cameras and door locks, and environmental controls, such as heating and ventilation systems
Technical and administrative controls categorize the controls based on:
how they are implemented
Some examples of preventative controls are:
Hardening
Security awareness and training
Security guards
Change management
Account disablement policy
Hardening is the practice of:
making a system or application more secure than its default configuration
Security guards:
prevent and deter many attacks
Change management ensures:
that changes don’t result in unintended outages
Account disablement policy ensures:
that users accounts are disabled when an employee leaves
Some examples of detective controls are:
log monitoring
trend analysis
security audit
video surveillance
motion detection
Log monitoring:
record details of activity on systems and networks
Trend analysis:
monitor logs to detect trends
Security audits can:
examine the security posture of an organization
Video surveillance can:
record activity and detect what occurred
Motion detection can:
detect motion from potential intruders and raise alarms
What are the differences between detection and prevention controls?
A detective control can’t predict when an incident will occur and it can’t prevent it
Prevention controls stop the incident from occurring at all
Some examples of corrective controls are:
Intrusion prevention system (IPS)
Backups and system recovery
Backups ensure:
that personnel can recover data if it is lost or corrupted
System recovery procedures ensure:
administrators can recover a system after a failure
Deterrent controls attempt to:
discourage a threat
Some physical security controls used to deter threats:
Cable locks
Hardware locks
Cable locks deter:
thieves from stealing the laptops
Hardware locks:
locks such as locked doors securing a wiring closet or a server room
Compensating controls are:
alternative controls used instead of a primary control
Virtualization allows you to:
host one or more virtual systems, or virtual machines (VMs), on a single physical system
Hypervisor is:
the software that creates, runs, and manages the VMs
VM Host is:
the physical system hosting the VMs
VM Guest is:
the operating systems running on the host system
Host elasticity and scalability refer to:
the ability to resize computing capacity based on the load
Type I hypervisors run:
directly on the system hardware
Type II hypervisors run:
as software within a host operating system
Application cell or container virtualization runs:
services or applications within isolated application cells (or containers)
A benefit of container virtualization is that is uses:
fewer resources and can be more efficient than a system using a traditional Type II hypervisor virtualization
A drawback of container virtualization is that:
containers must use the operating system of the host.
VMs can provide:
segregation, segmentation, and isolation of individual systems
Snapshot provides:
you with a copy of the VM at a moment in time, which you can use as a backup
When do administrators commonly take snapshots of systems?
Prior to performing any risky operation
Risky operations include:
applying patches or updates
testing security controls
installing new applications
In a Virtual desktop infrastructure (VDI) or Virtual desktop environment (VDE) a:
user’s desktop operating system runs as a VM on a server
One benefit of using a VDI/VDE is that:
user PCs can have limited hardware resources
Persistence or non-persistence
In a persistent virtual desktop, each user has a custom desktop image
In a non-persistent virtual desktop, the users use the same desktop from a preconfigured snapshot for all users
Risks associated with virtualization:
VM escape
VM Sprawl
Loss of confidentiality
VM escape is:
an attack that allows an attacker to access the host system from within the virtual system
VM sprawl occurs:
when an organization has many VMs that aren’t managed properly
Kali Linux is:
a free Linux distribution used by many security professionals for penetration testing and security auditing.
Ping is:
a basic command used to test connectivity for remote systems
What else can you use ping for?
to verify a system can resolve valid host names to IP addresses
test the NIC
Check the security posture of a network
How does the ping command check connectivity?
by sending Internet Control Message Protocol (ICMP) echo request packets
What is the command that verifies that your computer can connect with another computer on your network?
ping 192.168.1.1
Ping on Windows systems:
ping -t 192.168.1.1
Windows ping on a Linux system:
ping -c 4 192.168.1.1
How to get IP address from Windows command prompt?
ping getcertifiedgetahead.com
The ipconfig (Internet Protocol configuration) command shows:
the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system
What is included in the Transmission Control Protocol/Internet Protocol (TCP/IP)?
computer’s IP address
subnet mask
default gateway
MAC address
the address of a Domain Name System (DNS) server
Linux-based systems use what instead of ipconfig?
ifconfig (short for interface configuration)
The netstat command:
allows you to view statistics for TCP/IP protocols on a system
gives you the ability to view active TCP/IP network connections
The tracert command:
lists the routers between two systems. In this context, each router is referred to as a hop
Windows-based systems use tracert and Linux-based systems use:
traceroute
Tracing internet path Windows command prompt:
tracert blogs.getcertifiedgetahead.com
Arp is related to:
the Address Resolution Protocol (also ARP)
The arp command is used to:
view and manipulate the ARP cache
Some of the common state of connections are:
Established
Listen
Close_Wait
Time_Wait
Syn_Sent
Syn_Received
Established State:
the normal state for the data transfer phase of a connection
Listen State:
indicates the system is waiting for a connection termination request
Time_Wait State:
indicates the system is waiting for enough
time to pass to be sure the remote system received a TCP-based acknowledgment of the connection
Close_Wait State:
indicates the system is waiting for a connection termination request
Syn_Sent State:
indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-achknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response.
Syn_Received State:
indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process
