Chapter 1 Defending Against Cybersecurity Threats Flashcards
Weakness in a device, system, application or process that might allow an attack to take place.
Vulnerability
- A force outside an organization that may exploit a vulnerability.
- Malicious i.e. hacker
- Non-malicious i.e. earthquake
Threat
- The relationship between threats and vulnerabilities
- If one of these don’t exist then this definition doesn’t either
Risk
Framework that outlines the risk assessment process that suggests an organization should identify threats and vulnerabilities and use this info to determine the level of risk posed by the combination or of these threats and vulnerabilities.
NIST SP 800-30
- NAC solution that use dedicated appliances that sit in between devices and the resources they wish to access.
- Solution typical in hotels
In-Band NAC
- NAC solution that leverages existing network infrastructure
- i.e. 802.1X
Out-of-Band NAC
Checks the characteristics of each packet against firewall rules without additional intelligence
Packet filtering firewalls
Maintains info about each state of each connection passing through the firewall
Stateful Inspection firewalls
- Ensures that there are not unauthorized modifications to info or systems, either internationally or unintentionally
- i.e. hashing and integrity monitoring solutions
Integrity
- Ensures that info and systems are ready to meet the needs of legitimate users at the time those users request them.
- i.e. fault tolerance, clustering and backups
Availability
- Under step 2: Conduct Assessment task Identify Threats NIST SP 800-300
- Represents individuals, groups, and organizations that are attempting to undermine security of organization
Adversarial Threats
- Under step 2: Conduct Assessments task Identify Threats NIST SP 800-30
- Represents individuals doing their routine work and mistakenly performs an action that undermines security
Accidental Threats
- Under step 2: Conduct Assessments task Identify Threats NIST SP 800-30
- Represents equipment, software, or environmental controls that fail due to exhaustion of resources, exceeding operational capacity, or failing due to age.
Structural Threats
- Under step 2: Conduct Assessments task Identify Threats NIST SP 800-30
- Represents natural to man-made disasters occurring
Environmental Threats
Controls put into place for systems, devices, software, and settings that work to enforce CIA.
Technical Threats
Controls put into place that use practices and procedures to bolster security
Operational Controls
Firewalls designed to protect against web attacks
Web App Firewalls (WAF)
- In 802.1x this device cannot validate the user itself, it instead passes requests along to authentication server using RADIUS.
- Runs on WAP or switch
Authentication
In 802.1x refers to endpoint device
Supplicant
In 802.1x server that validates user access on a network
Authentication Server
Attacker sends a suspicious request to the DNS server. Server in turns feeds false DNS info to the attacker
DNS Sinkholes
Firewall that incorporates more info into their decision-making process, i.e. users, apps, business processes.
Next-gen Firewalls
NIST divides a pen test into what phases?
- Planning
- Discovery
- Attack
- Reporting
According to the NIST in the Planning phase. What are some rules of engagement?
Timing - When will test the take place?
Scope - What is on and off-limits?
Authorization - Who is authorizing the pen-test at the org?
- Ensures that unauthorized individuals are are not able to gain access to sensitive info.
- i.e. firewalls , ACLs, and encryption
Confidentiality
What are the 4 steps of a risk assessment per NIST SP 800-30
Step 1: Prepare for Assessment
Step 2: Conduct Assessment
Step 3: Communicate Results
Step 4: Maintain Assessment
According to Step 2: Conduct Assessment list some tasks included in this section
- Identify Threat sources and events
- Identify Vulnerabilities and predisposing conditions
- Determine Likelihood of occurrence
- Determine Magnitude of impact
- Determine Risk
