Chapter 1 - Mastering Security Basics Flashcards
Use Case
Describes a goal than an organization wants to achieve
Confidentiality
Prevents the unauthorized disclosure of data. Authorized personnel can access the data, but unauthorized cannot.
Encryption
Scrambles data to make it unreadable by unauthorized personnel. Authorized personnel can decrypt the data to access it.
Identification
Claiming identity with unique username
Authentication
Prove identity with authentication, such as a password
Authorization
Granting or restricting access to resources
Stenography
Hiding data within data. Obscures the data and can be used in a use case to support obfuscation. Referred to as hiding data in plain sight. Example is embedding a hidden message in an image by modifying bits.
Obfuscation
Attempting to make something unclear or difficult to understand. Its called security by obscurity. Not reliable.
Best way to protect data confidentiality
Encryption
Access Controls
Help protect confidentiality by restricting access
Integrity
Provides assurances that data hasn’t changed. This means data isn’t modified, tampered with, or corrupted.
Hash
Simply a number created by executing a hashing algorithm against data, such as a file or message.
Digital Signature
Attached to file or email to assure that nothing was modified. Also provided authentication. Also provide non-repudiation (you can’t deny you digitally signed it after sending). Require digital certificates.
Availability
Indicates that data and services are available when needed.
Redundancy
Adds duplication to critical systems and provides fault tolerance
Risk
Possibility or likelihood of a threat exploiting a vulnerability resulting in a loss
Threat
Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
Vulnerability
A weakness in the hardware, software, the configuration, and even the users operating the system.
Security Incident
An adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s IT systems and data.
Risk Mitigation
Reduces the chances that a threat will exploit a vulnerability, by implementing security controls
Technical Controls
Use technology to reduce vulnerabilities
Principle of Least Privilege
Individuals or processes are granted only to privileges they need to perform their assigned tasks or functions, but no more.
Administrative Controls
Use methods mandated by organizational policies or other guidelines.
Risk Assessments
Help quantify and qualify risks within an organization so that the organization can focus on the serious risks.
Quantitative Risk Assessment
Uses cost and asset values to quantify risks based on monetary values
Qualitative Risk Assessment
Uses judgments to categorize risks based on probability and impact.
Vulnerability Assessment
Attempts to discover current vulnerabilities or weaknesses.
Pen Tests
Attempts to exploit vulnerabilities.
Physical Controls
Any controls that you can physically touch. Includes lighting, signs, fences, guards, and more.
Many physical controls are also technical controls, such as a fire suppression system.
Preventive Controls
Controls to prevent security incidents like hardening, security awareness & training, security guards, change management, etc
Hardening
Making a system or application more secure than its default configuration.
Includes disabling unnecessary ports and services, implementing secure protocols, using strong passwords along with a robust password policy, and disabling default and unnecessary accounts.
Security Awareness and Training
Ensuring that users are aware of security vulnerabilities and threat help prevent incidents.
Change Management
Ensures that changes don’t result in unintended outages. One must submit a change to a change management process.
Both operational and preventive control.
Detective Controls
Detects when vulnerabilities have been exploited, resulting in a security incident.
Log Monitoring
Monitoring logs to detect anomalies.
Trend Analysis
Using past logs or alerts to identify a trend, such as an increase of attacks on a specific system
Security Audit
Examines the security posture of an organization. An example may be reviewing current permissions to ensure no one has more permissions than they should.
Difference between detective controls and prevention controls
Detective control (IDS) cant predict/prevent an attack while Prevention control (IPS) stop the incident from occurring at all.
Corrective Controls
Attempt to reverse the impact of an incident or problem after it has occurred. Examples include IPS and Backups & system recovery
Deterrent Controls
Attempt to discourage a threat. Some attempt to discourage potential attackers from attacking, and others attempt to discourage employees from violating a security policy. Very similar to preventive controls.
Compensating Controls
Alternative controls used instead of a primary control. Includes issuing a Time-based One-Time Password while employee awaits smart card.
Virtualization
Allows you to host one or more virtual systems on a single physical system.
Hypervisor
The software that creates, runs, and manages the VMs is the hypervisor.
Host
The physical system hosting the VMs.
Guest
Operating systems running on the host system are guests or guest machines.
Host elasticity and scalability
Refer to the ability to resize computing capacity based on the load.
Type 1 Hypervisors
Run directly on the system on the system hardware. Called bare-metal hypervisors
Type 2 Hypervisors
Run as a software within a host operating system.
Application Cell/Container virtualization
Runs services or applications within isolated application cells/containers. Doesn’t have its own kernel.
Snapshot
Provides you with a copy of the VM at a moment in time which can be used as a backup.
VDI/VDE
Virtual Desktop Infrastructure/Virtual Desktop Environment
A user’s desktop operating system runs as a VM on a server
Persistent virtual desktop
Each user has a custom desktop image
Non-persistent virtual desktop
Serves the same desktop for all users. Reverts back to known state (snapshot) when they log off.
VM escape
An attack that allows an attacker to access the host system from within the virtual system.
A successful VM escape attack often gives the attacker unlimited control over the host system and each virtual system within the host.
VM Sprawl
Occurs when an organization has many VMs that aren’t managed properly. This means they aren’t updated or or unauthorized.
Ping
Tests connectivity for remote systems. Checks name resolution. Checks security posture (if pings aren’t getting through firewall if configured to do so).
Uses ICMP echo request packets.
ipconfig
Shows the TCP/IP configuration information for a system. This includes IP, subnet, gateway, MAC, and DNS server address.
Command so show content of DNS cache
ipconfig /displaydns
Command to erase contents of the DNS cache
ipconfig /flushdns
Non-promiscuous mode
Normal function of NIC where it only processes packets addressed directly to its IP address.
Promiscuous mode
NIC processes all packets regardless of the IP address.
Which command is replacing ifconfig
ip command
ipconfig vs ifconfig
ifconfig can manipulate the settings on the network interfaces.
How to enable promiscuous mode
ifconfig command
Command to view and manipulate NIC settings
ip command
Netstat
Allows you to view statistics for TCP/IP protocols on a system. Can also view active TCP/IP network connections.
Command to display all TCP/UDP ports that a a system is listening on
Netstat -a
Command to display the routing table
Netstat -r
ESTABLISHED
Normal state for the data transfer phase of a connection. Indicates an active open connection.
LISTEN
System is waiting for a connection request.
CLOSE_WAIT
Indicates the system is waiting for a connection termination request
TIME_WAIT
Indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.
SYN_SENT
Indicates the systems sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-acknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response
SYN_RECEIVED
This indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process.
Tracert
Lists the routers between two systems. Identifies faulty routers and where traffic stops.
ARP
resolves IP addresses to MAC addresses and stores the result in the ARP cache.
