Chapter 1a Flashcards
Technical Controls
Controls implemented using systems; Operating system controls; Firewalls, anti-virus
Managerial Controls
Standard operating procedures and policies that explain to people how best to manage their systems and data.
Operational Controls
Controls that are implemented by people; Security guards, awareness programs
Physical Controls
Limit physical access; Guard shack; Fences, locks; Badge readers
Preventive Control Types
block access to a resource; ex: firewall rules, door locks, guards checking ID, etc
Deterrent Control Type
Discourages intrusion attempts but does not prevent access.; Splash screen; Threat of demotion; Front reception desk; Posted warning signs
Detective Control Type
Identifies and logs intrusion attempts but may not prevent access.; Collecting logs; Reviewing login reports; Patrolling the property; Enabling Motion Detectors
Corrective Control Type
Applied after an event has been detected. Might reverse the impact of the event and allow for continued operations with minimal downtime.; Restoring from backups; Creating policies for reporting security issues; Contacting law enforcement to manage criminal activity; Using a fire extinguisher
Compensating Control Type
Provides other means when other controls are not currently available. May be a temporary solution to prevent the exploitation of a weakness.; Firewall blocking an application while it is being patched; Separate duties and limiting scope of security concerns; Requiring multiple guards on duty at the same time; Using a generator during a power outage
Directive Control Type
Directing a subject towards doing something more secure. Relatively weak. ‘Do this please’; Store all sensitive files in a protected folder; Create compliance policies and procedures; Train users on proper security policy; Authorized personnel only sign
The CIA Triad
Confidentiality, Integrity, Availability
Confidentiality
Prevent disclosure of information to unauthorized individuals or systems
Integrity
Messages can’t be modified without detection
Availability
Systems and networks must be up and running
Encryption
A process of encoding messages to keep them secret, so only ‘authorized’ parties can read it.
Access Controls
Controls that selectively restrict access to a resource
Two Factor Authentication
Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
Hashing
Map data of an arbitrary length to data of a fixed length
Digital Signatures
A mathematical scheme to verify the integrity of data
Certificates
Combine with a digital signature to verify an individual
Non Repudiation
Provides proof of integrity, can be asserted to be genuine
Hash
Represents data as a short string of text. If the data changes then the hash changes. Only tells you if data has been changed. Impossible to recover the original message from the hash. Also called a digest or fingerprint.
AAA framework
Authentication, Authorization, and Accounting. A security framework that controls access to computer resources, enforces policies, and audits usage.
Certificate Authority (CA)
An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Authorization models
Allows organizations to give access rights to the appropriate users by adding an abstraction that creates a clear relationship between the user and resource. Groups users and gives them access to resources
Gap Analysis
An extensive study used to determine current security levels compared to where we want them to be.
Zero Trust
Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.
Data Plane
The part of a device that is performing the actual security process
Control Plane
Manages the actions of the data plane; Define policies and rules; Determines how packets should be forwarded; Routing tables, session tables, NAT tables
Adaptive Identity
Relies on real-time validation that takes into account the user’s behavior, device, location, and more
Threat scope reduction
Decrease the number of possible entry points
Policy driven access control
Combine the adaptive identity with a predefined set of rules
Security Zones
Segregation of network resources into distinct zones based on security requirements and trust levels.
Policy enforcement point (PEP)
A point where all communications on a network are subject to evaluation.
Policy Engine
Cross-references the access request with its predefined policies
Policy Administrator
Communicates with PEP to allow or disallow access
Physical Security
Prevents physical access to a resource
Access control Vestibule
A secure entry system with two gateways, only one of which is open at any one time.
Two Person Integrity
No single person has access to a physical asset
Honeypot
A security tool used to lure attackers away from the actual network components. Can be used to study the techniques that attackers are trying to use against you.
Honey Net
A collection of honeypots used to present an attacker with an even more realistic attack environment.
Honeyfiles
Files that appear important or look like they contain sensitive information. Can be used as an alert if the file is accessed, or can contain traceable data.
HoneyTokens
Fake credentials that don’t actually provide access to sensitive information.