Chapter 1: Mastering Security Basics Flashcards
A use case
helps professionals identify and clarify requirements to achieve a goal.
Confidentiality ensures
that data is only viewable by authorized users. Encryption is the best choice to provide confidentiality. Access controls also protect the confidentiality of data.
Steganography
(hiding data inside other data) is one method of supporting obfuscation by making the hidden data harder to see.
Integrity
provides assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes. Data can be a message, a file, or data within a database. Hashing is a common method of ensuring integrity.
Non-repudiation
prevents entities from denying they took an action. Digital signatures and audit logs provide non-repudiation. Digital signatures also provide integrity for files and email.
Availability
ensures that data and services are available when needed. A common goal is to remove single points of failure. Methods used to increase or maintain availability include fault tolerance, failover clusters, load balancing, backups, virtualization, HVAC systems, and generators.
Risk
the possibility of a threat exploiting a vulnerability and resulting in a loss.
A threat
is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
A vulnerability
is a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system.
Risk mitigation
reduces risk by reducing the chances that a threat will exploit a vulnerability or by reducing the impact of the risk.
Security controls
reduce risks. For example, antivirus software is a security control that reduces the risk of virus infection.
The three primary security control types are
technical (implemented with technology), administrative (using administrative or management methods), and physical (using controls that you can physically touch).
A technical control is
one that uses technology to reduce vulnerabilities. Encryption, antivirus software, IDSs, firewalls, and the principle of least privilege are technical controls.
Administrative controls are
primarily administrative and include items such as risk and vulnerability assessments. Some administrative controls help ensure that day-to-day operations of an organization comply with their overall security plan. Some examples include security awareness and training, configuration management, and change management.
Preventive controls
attempt to prevent security incidents. Examples include system hardening, user training, guards, change management, and account disablement policies.
Detective controls
attempt to detect when a vulnerability has been exploited. Examples include log monitoring, trend analysis, security audits (such as a periodic review of user rights), video surveillance systems, and motion detection systems.
Corrective controls
attempt to reverse the impact of an incident or problem after it has occurred. Examples include intrusion prevention systems (IPSs), backups, and system recovery plans.
Deterrent controls
attempt to prevent incidents by discouraging threats.
Compensating controls
are alternative controls used when it isn’t feasible or possible to use the primary control.
Virtualization
allows multiple servers to operate on a single physical host. They provide increased availability with various tools such as snapshots and easy restoration.
Type I hypervisors
run directly on the system hardware. They are often called bare-metal hypervisors because they don’t need to run within an operating system.
Type II hypervisors
run as software within a host operating system.
Container virtualization
is a specialized version of a Type II hypervisor. It allows services or applications to run within their own isolated cells or containers. Containers don’t have a full operating system but instead use the kernel of the host.
Snapshots
capture the state of a VM at a moment in time. Administrators often take a snapshot before performing a risky operation. If necessary, they can revert the VM to the snapshot state.
VM sprawl
can occur if personnel within the organization don’t manage the VMs.
VM escape attacks
allow an attacker to access the host system from the VM. The primary protection is to keep the host and guests up to date with current patches.
You run command-line tools in
the Command Prompt window (in Windows) and the terminal (in Linux).
The ping command can be used to
check connectivity; check name resolution; and verify that routers, firewalls, and intrusion prevention systems block ICMP.
The ipconfig command on Windows allows you to
view the configuration of network interfaces.
Linux uses ifconfig and/or ip to
view and manipulate the configuration of network interfaces. You can enable promiscuous mode on a NIC with ifconfig.
Netstat allows you to
view statistics for TCP/IP protocols and view all active network connections. This can be useful if you suspect malware is causing a computer to connect with a remote computer.
Tracert
lists the routers (also called hops) between two systems. It can be used to verify a path has not changed.
The arp command allows you to
view and manipulate the ARP cache. This can be useful if you suspect a system’s ARP cache has been modified during an attack.
