Chapter 11 - Security Operations Flashcards
Due Care vs Due Diligence
Due Care is keeping things maintained and due diligence is “look before you leap”
Security Accountability
Checking audit logs and enabling audit logs
Clipping Level
How many errors trigger an action or discipline
Operational Assurance
Ensure the product architecture and features are implemented securely
Life-Cycle Assurance
Ensure design, testing and configuration management is in place
What to look out for?
Unusual Occurrences
Deviation from Standard
Asset Management
IO Controls
Transactions should be timestamped and recorded
Input Validation
Output should only reach intended requester
System Hardening
Lock that door, configure a password, SSL enable.. etc
Licensing
Business Software Assurance (BSA) will get you if you dont license and pirate corporate software
Acceptable Use Policy
This is used to control what users can install and use on the technology the company provides
Change Control
Used to document system changes
Sanitized data
Contents deleted
Purging data
Contents deleted, and zeroization or degaussing occurs on the media
Data Remanence
Residual data left over after sanitizing or purging
Object Reuse
Giving a hard drive away to your grandma
MTBF
Mean time between failures is the estimated lifetime of equipment calculated by the vendor
MTTR
Mean time to repair is how long a broken device takes to repair
MAID
Massive array of inactive disks meant as a write mostly disk array
RAIT
Redundant array of independent tape - the economical write mostly data array, which is to tape and set/forget
Clustering vs Grid Compute
In Grid compute the nodes do not trust each other and work independently toward the common goal, cluster has cross talk between nodes, grid does not.
Hierarchical storage management
Multitier backup storage, Disk, Tape, and Optical
Mainframe
Differs from PC compute by having more processors in key places, like at the disk, network, and peripherals
Supercomputer
Like a mainframe, but tuned and dialed in to parallelize a specific function (like an algorithm)
Operators
Name used on the exam for mainframe operators
Facsimile Security
Fax encryption can be used to bulk encrypt fax server communication
OS fingerprinting
Tapping computers to find out the OS based of certain pattern responses.
Port knocking
Setup of two ports, one for service and one for opening the service in a session. Knock port should log verbosely.
LOKI
ICMP header communication
Mail Bombing
Overloading a mail system
Ping of Death
Oversized ICMP attack
Slamming and Cramming
Changing service providers without you knowing and inserting bogus charges
Vulnerability Guidelines
Must have management consent
Personnel testing (social engineering)
Physical testing (can I push the power button)
System/Networking test (can I digitally get to it)
Penetration Testing
Actually attempting various attacks to uncover vulnerabilities
Get out of jail card
You need a document to protect you from prosecution and a contact to protect you. Contracts help.
What are the levels of knowledge assessment?
Zero, partial, and full knowledge assessments
Blind vs Double Blind
Blind - Public knowledge only
Double Blind - Security staff doesnt know either