Chapter 1 - Essential Knowledge Flashcards
Network Security Zones - Internet
Uncontrollable
Network Security Zone - Internet DMZ
Controleld buffer network
Network Security Zone - Production Network Zone
Very restricted; controls direct access from uncontrolled zones; has no users
Network Security Zone - Intranet Zone
Controlled; has little to no heavy restrictions
Network Security Zone - Management Network Zone
Might find VLAN and IPSEC; highly secured; strict policies
CVSS
Common Vulnerability Scoring System - Places numerical score based on severity
National Vulnerability Database (NVD)
US government repository of vulnerabilities
What are the 2 access control types?
Mandatory (MAC) - access is set by an administrator. Discretionary (DAC) - allows users to give access to resources that they own and control
Hack Value
perceived value or worth of a target as seen by the attacker
Zero-day Attack
attack that occurs before a vendor knows or is able to patch a flaw
Doxing
searching for and publishing information about an individual usually with a malicious intent
Enterprise Information Security Architecture (EISA)
process that determines how systems work within an organization
Incident Management
Deals with specific incidents to mitigate the attack
What are the risk management phases?
Risk Identification, Risk Assessment, Risk Treatment, Risk Tracking, Risk Review
Annualized Loss Expectancy
ARO x SLE
Security Control Types: Physical, Technical, Administrative
Physical: Guards, lights, cameras. Technical: Encryption, Smart Cards, Access Control Lists. Administrative: Training awareness, policies
Types of Security Controls: Preventative, Detective, Corrective
Preventative: Authentication, alarm bells. Detective: Audits, Backups. Corrective: Restore Operations
User Behavior Analytics
(UBA) - Tracking users and extrapolating data in light of malicious activity
CIA Triad
Confidentiality: Passwords, encryption. Integrity: Hashing, digital signatures. Availability: Anti-dos solutions
Bit Flipping
Integrity attack. In Bit flipping, the attacker isn’t interested in learning the entirety of the plain-text message. Instead, bits are manipulated in the cipher text itself to generate a predictable outcome in the plain text once it is decrypted.
MAC Address spoofing is an example of what kind of CIA attack?
Authentication
Evaluation Assurance Level (EAL)
The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation
Common Criteria for IT Security Evaluation
Testing standard designed to reduce or remove vulnerabilities from a product before its released.
Target of Evaluation (Common Criteria)
What is being tested
Security Target (ST) ( common criteria)
The documentation describing the TOE and security requirements
Protection Profile (PP) (Common Criteria)
A set of security requirements specifically for the type of product being tested.
Security Policy Categories: Promiscuous, Permissive, Prudent, Paranoid
Promiscuous: Wide Open. Permissive: Blocks only known dangerous things. Prudent: Blocks most and only allows things for business purpose. Paranoid: Locks everything down
Standards vs. Baselines vs. Guidelines
Standards: Mandatory rules to achieve consistency. Baselines: Provide minimum security necessary. Guidelines: Flexible or recommended actions
Script Kiddie
Uneducated in security methods, but uses tools that are freely available to perform malicious ativities
Phreaker
Manipulates telephone systems
White vs Black vs Gray Hat
White Hat: Ethical Hackers. Black Hat: Hackers that seek to perform malicioius activities. Gray Hat: Hackers that perform good or bad activities but do not have the permission of the organization they are hacking against
Suicide Hacker
Do not care about any impunity to themselves, hack to get the job done
Hacktivist
Someone who hacks for a cause.
Operating System Attack
Attacks targeting OS flaws or security issues inside such as guest accounts or default passwords
Application Level Attack
Attacks on programming code and software logic
Shrink-Wrap Code attack
Attack takes advantage of built-in code or scripts
Misconfiguration Attack
Attack takes advantage of systems that are misconfigured due to improper configuration of default configuration.
What are the phases of ethical hacking?
Reconaissance, Scanning and Enumeration, Gaining Access (escalate privilege) , Maintaining Access, Covering Tracks
Ethical Hacker vs. Cracker
Ethical Hacker - Employs tools that hackers use with a customer’s perimission; often obtains agreement from client before testing done. Cracker - Uses tools for personal gaihn or destructive purposes.
What are the Pen Test phases?
Preparation: Contracts, team, scope of pen test determined. Assessment: All hacking phases (recon, scanning, attacks, etc.). Post-Assessment: Reports & Conclusions
White Box vs. Black Box vs. Gray Box
Black Box Testing: Ethical hacker has NO knowledge of TOE. White-Box: Pen tester has full knowledge of network, systems, infrastructure they’re targeting. Gray-Box: Partial knowledge testing, some knowledge of system/or network.
ISO 27001
Security standard based on the British BS7799 standard, focuses on security governance
NIST-800-53
SOmeone who hacks for a cause.
ISO 27002 AND 17799
Based on BS799 but focuses on security objectives and provides security controls based on industry best practice
FISMA
“Federal Information Security Modernization Ac Of 2002” A law updated in 2004 to codify the authority of the Department of Homeland Security with regard to implementation of information security policies
FITARA
“Federal Information Technology Acquisition Reform Act” A 2013 bill that was intended to change the framework that determines how the US GOV purchases technology
HIPAA
“Health Insurance Portability and Accountability Act” a law that set’s privacy standards to protect patient medical records and health information shared between doctors, hospitals and insurance providers
PCI-DSS
“Payment Card Industry Data Security Standard” Standard for organizations handling Credit Cards, ATM cards and other POS cards
COBIT
“Control Object for Information and Related Technology” IT Governance framework and toolset, created by ISACA and ITGI
SOX
“Sarbanes-Oxley Act” Law that requires publicly traded companies to submit to independent audits and to properly disclose financial information
GLBA
“U.S Gramm-Leach-Bliley Act” Law that protects the confidentiality and integrity of personal information that is collected by financial institutions.
OSSTM Compliance
“Open Source Security Testing Methodology Manual” maintained by ISECOM , defines three types of compliance: Legislative - Deals with government regulations (Such as SOX and HIPAA. Contractual - Deals with industry / group requirement (Such as PCI DSS). Standards based - Deals with practices that must be followed by members of a given group/organization (Such as ITIL ,ISO and OSSTMM itself)