Chapter 1 Mastering Security Basics Flashcards
Use Case, Access Control, Hashing etc
What is a “Use Case”?
A “Use Case” describes a goal that an organization wants to achieve.
___________prevents the unauthorized disclosure of data.
Confidentiality
_______scrambles data to make it unreadable by unauthorized personnel.
Encryption
What are the key elements of access controls?
Identification, authentication, authorization
Stegnaography is a method of confidentiality.
Stegnaography obscures the data and can be used in a use case to support obfuscation.
What is obfuscation?
to make something unclear of difficult to understand.
Hiding data in plain sight is referred to as
steganography
to provide assurance that data has not changed or been modified or corrupted.
Integrity
How can integrity be enforced with data?
hashing techniques
What are examples of hashing algorithms?
Message Digest 5 (MD5), Secure Hash Algorithm (SHA), Hash-based Message Authentication Code (HMAC).
MAC has three different meanings..
Media access control, Mandatory access control, Message authentication code
What do digital signatures ensure?
authentication, non-repudiation and prevents attackers from impersonating others.
Availability indicates that data and services are available when needed.
Organizations commonly implement redundancy and fault-tolerant methods to ensure availability for key systems.
Why is redundancy important?
it adds duplication to critical systems and provides fault tolerance. continue service with no interruptions.
What does SPOF mean?
Single point of failure
What is the common goal of fault tolerance and redundancy?
to remove single point of failure (SPOF)
______the possibility of a threat exploiting a vulnerability and resulting in a loss
Risk
_______can occur if personnel in a organization don’t manage the VMs correctly.
VM sprawl
Louie hid several plaintext documents within an image file. He then sent the image file to Tony. Which of the following best describe the purpose of his actions?
support obfuscation
_______allow an attacker to access the host system from the VM.
VM escape attacks
_________the state of a VM at a moment in time.
Snapshot
_________ a specialized version of a Type II hypervisor that has use the kernal of the host.
Container virtualization
__________ runs as a software within a host operating system
Type II Hypervisor
_______run directly on the system hardware.
Type I Hypervisor
________reduces risk by reducing the chanes that a threat will exploit a vulnerability or by reducing the impact of the risk.
Risk mitigation
What are the three primary security control types
technical, administrative, physical
Additional control methods are
corrective, preventive, detective, compensating,and deterrent
You run command-line tools in the command Prompt window in Windows and terminal in Linux
Ping command is used to check connectivity, name resolution, verify routers, firewalls, and intrusion prevention block ICMP
ipconfig command on Windows allows you to view configuration of network interfaces.
Linux uses “ifconfig and ip” to view and change configurations of a network interfaces.
You can enable promiscuous mode on a NIC with ifconfig
Netstat allows you to view statistics for TCP/IP protocols and view all active network connections.
Netstat is useful if you suspect malware is causing a computer to connect with a remote computer
Tracert list the router or hops between two systems and verify a path has not changed
The arp command allows you to view and manipulate the ARP cache.
ARP can be useful if you suspect a system’s ARP cache has been modified during an attack.
What does ARP stand for?
Address Resolution Protocol
One benefit of using a VDI/ VDE is that user PCs can have limited hardware resources. If the PC can connect to a server over a network, it can run a full-featured desktop operating system from the server.
In a persistent virtual desktop, each user has a custom desktop image.
Virtual desktops that support non-persistence serve the same desktop for all users. When a user accesses the remote server, it provides a desktop operating system from a preconfigured snapshot.
Although non-persistent users can make changes to the desktop as they’re using it, it reverts to a known state (the original snapshot) when they log off.
ipconfig /all. This command shows a comprehensive listing of TCP/ IP configuration information for each NIC. It includes the media access control (MAC) address, the address of assigned DNS servers, and the address of a Dynamic Host Configuration Protocol (DHCP) server if the system is a DHCP client. You can use ifconfig-a on Linux systems.
ipconfig /displaydns. Each time a system queries DNS to resolve a host name to an IP address, it stores the result in the DNS cache and this command shows the contents of the DNS cache. It also shows any host name to IP address mappings included in the hosts file.
ipconfig /flushdns. You can erase the contents of the DNS cache with this command. Use this when the cache has incorrect information and you want to ensure that DNS is queried for up-to-date information.
Netstat. Displays a listing of all open TCP connections.
Netstat-a. Displays a listing of all TCP and User Datagram Protocol (UDP) ports that a system is listening on, in addition to all open connections.
Netstat–r. Displays the routing table.
• Netstat-e. Displays details on network statistics, including how many bytes the system sent and received.
Netstat-s. Displays statistics of packets sent or received for specific protocols, such as IP, ICMP, TCP, and UDP.
Netstat-p protocol. Shows statistics on a specific protocol, such as TCP or UDP. For example, you could use netstat-p tcp to show only TCP statistics.
Network administrators typically use tracert to identify faulty routers on the network.