Chapter 10 Defense-in-Depth Security Architectures

Question 1

Means each layer of security adds additional protections that help prevent a hole or flaw in another layer from allowing an attacker in

Answer 1

Layered security

Question 2

Name the four design models used as part of a layered security design?

Answer 2

1. Uniform protection
2. Protected enclaves
3. Risk or threat analysis based designs
4. Information classification based designs

Question 3

• Layered security design
• Provides the same level of protection to all systems or networks
• Can be expensive if every system needs to be protected at the same high level of security

Answer 3

Uniform protection

Question 4

• Layered security design
• Can take the form of protected network segments, systems, or physical locations that have additional controls to provide additional protection

Answer 4

Protected enclaves

Question 5

• Layered security design
• Design model that reviews Potential Threat vectors in attempts to address each of them in the design
• May not handle new or emerging threats without frequent review and updates

Answer 5

Risk or threat analysis based designs

Question 6

• Layered security design

- Uses information classification, tagging, or other methods to guide the application of security controls

Answer 6

Information classification based designs

Question 7

• Control intended to stop an incident from occurring by taking proactive measures to stop the threat
• i.e. firewalls, training, and security guards

Answer 7

Preventive controls

Question 8

• Control that detects an incident and captures information about it, allowing a response like alarms or notifications

Answer 8

Detective controls

Question 9

• Control that remediates an incident or acts to limit how much damage can result from an incident
• i.e. patching, anti-malware software, and system restores from backups

Answer 9

Corrective controls

Question 10

Name remote services that host a service entirely on the outsourced vendors’ systems and networks.

Answer 10

• Software and a Service (SaaS)

- Platform as a Service (PaaS)

Question 11

Layered security at an individual host level typically relies on a number of common security controls, what are they?

Answer 11

• Passwords or other strong authentication
• Host firewalls and host IPS software
• Data loss prevention software monitors manages protected data
• Whitelisting or blacklisting software can prevent certain applications from being run or installed on the system
• Anti-malware software for known malware instances
• Patch management and vulnerability assessment tools to ensure OS is fully patched and properly secure
• System hardening and configuration management that ensures that I needed services are turned off and that good security practices are followed
• Encryption either add a file level or full disk encryption
• File Integrity monitoring tools monitor files and directories for changes and can alert an administrator if changes occur
• Logging of events, actions, and issues is a important detective control at the host layer

Question 12

A provider that usually leverages Security Suite and appliances to capture on-site and hosted data and then use central tools to analyze, report, and alert on issues that they discover

Answer 12

Security as a Service (SECaaS)

Question 13

Combines data from multiple sources like syslogs, authentication logs, application logs, event logs, and other logs and statistics in a central location for analysis

Answer 13

Data aggregation and correlation

Question 14

A form of encryption and hashing techniques used to protect data on the wire and at rest, and to validate that data integrity is maintained

Answer 14

Cryptography

Question 15

Trusted protection modules (TPM) provides what three major capabilities?

Answer 15

1. Remote attestation, allowing hardware and software configurations to be verified
2. Binding which encrypts data
3. Sealing, which encrypts data and sets requirements for the state of the TPM chip before decryption

Question 16

Requires more than one individual to perform elements of a task to ensure that fraud or abuse do not occur

Answer 16

Separation of duties

Question 17

Ensures continuity for roles, regardless of the reason a person leaves your organization

Answer 17

Succession planning

Question 18

A control that requires two individuals to perform and action together

Answer 18

Dual control

Question 19

Requires staff members to take a vacation allowing you to identify individuals who are exploiting the rights that they have

Answer 19

Mandatory vacation

Question 20

Key considerations and questions when reviewing outsourcing include what following?

Answer 20

• Proper vetting - When hiring consultants, are they properly vetted, with background checks?
• Access Control
• Data ownership and control - Is your data encrypted and inaccessible to the outsourced provider?
• Employment Practices - Does the outsourced win their conduct background checks of their employees?
• Incident response processes and notification requirements - Will you be notified if there is an incident? When?

Question 21

• Architectural View
• Describes how a function is performed or what is it accomplishes
• Typically shows how information flows but does not capture the technical detail about how data is transmitted, stored, or captured

Answer 21

Operational views

Question 22

• Architectural View
• Focuses on the technologies, settings, and configurations used in an architecture.
• Can be helpful in identifying incorrect configuration and insecure design decisions

Answer 22

Technical views

Question 23

• Architectural View
• Conveys broader information about how a system or service connects or works
• Typically less technically detailed than a technical view
• i.e network diagrams

Answer 23

Logical View

Question 24

What are four of the most commonly encountered design issues?

Answer 24

1. Single point of failure
2. Data validation and trust problems
3. User issues
4. Authentication and authorization security

Question 25

Ways to protect data?

Answer 25

• Protecting data at rest and in transit using encryption
• Validating data Integrity using file Integrity checking tools
• Implementing processes to verify data in an automated or manual fashion
• Profiling or boundary checking data based on known attributes of the data

Question 26

Ways to limit user error?

Answer 26

• Using automated monitoring and alerting systems to detect human error
• Constraining interfaces to allow only permitted activities
• Implementing procedural checks and balances like separation of Duties and other Personnel controls
• Training and awareness programs designed to help prepare staff for the types of threats they are likely to encounter

Question 27

Authentication and authorization best practices are what?

Answer 27

• Multi-factor Authentication
• Centralized account and privilege management and monitoring
• Privileged account usage monitoring
• Training and awareness efforts

Question 28

How should security designs be maintained?

Answer 28

Security design should undergo periodical, and scheduled reviews

Question 29

Name some reasons why an organization may retire a security policy or process

Answer 29

• The process our policy is no longer relevant
• It has been superseded by a newer policy or process
• The organization no longer wants to use the policy or process