Chapter 2: Monitoring and Diagnosing Networks Flashcards
A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in the DMZ.
Demilitarized Zone
A network that functions in the same manner as a honeypot.
Honeynet
A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.
Honeypot
A broad term that applies to a wide range of systems used to manage information security.
Information Security Management System (ISMS)
A system that monitors the network for possible intrusions and logs that activity.
Intrusion Detection System (IDS)
A system that monitors the network for possible intrusions and logs that activity and then blocks the traffic that is suspected of being an attack.
Intrusion Prevention System (IPS)
Any information that could identify a particular individual.
Personally Identifiable Information (PII)
The entire network, including all security devices, is virtualized.
Software-Defined Network (SDN)
A firewall that not only examines each packet but also remembers the recent previous packets.
Stateful Packet Inspection (SPI)
Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.
ISO/IEC 27001:2013
Recommends best practices for initiating, implementing, and maintaining information security management systems.
ISO 27002
This an agreement on shared or divided security responsibilities between the customer and cloud provider.
CLD.6.3.1
This control addresses how assets are returned or removed from the cloud when the contract is terminated.
CLD.8.1.5
This control states that the cloud provider must separate the customers’ virtual environment from other customers or outside parties.
CLD.9.5.1
This control states that the customer and the cloud provider both must ensure the virtual machines are hardened.
CLD.9.5.2
It is solely the customer’s responsibility to define and manage administrative operations.
CLD.12.1.5
The cloud provider’s capabilities must enable the customer to monitor their own cloud environment.
CLD.12.4.5
The virtual network environment must be configured so that it at least meets the security policies of the physical environment.
CLD.13.1.4
Defines privacy requirements in a cloud environment-particularly how the customer and cloud provider must protect personally identifiable information (PII).
ISO 27018
Publishes standards for electrical power companies.
North American Electric Reliability Corporation (NERC)
The source for many of the national standards in the United States.
National Institute of Standards and Technology (NIST)
What are the 6 phases of the IT security life cycle?
Phase 1: Initiation Phase 2: Assessment Phase 3: Solution Phase 4: Implementation Phase 5: Operations Phase 6: Closeout
A series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACSs).
ISA/IEC-62443
The standard used by Visa, Mastercard, American Express, and Discover.
Payment Card Industry Data Security Standard (PCI-DSS)
What includes a wide variety of resources used in web application security?
Open Web Application Security Project (OWASP)
Which security zone has the most sensitive systems, with mission-critical data?
Secure Zone
Which security zone contains standard workstations and servers, with typical business data and functionality?
General Work Zone
Which security zone contains computers, network segments, and systems that have no highly sensitive information, and the breach of these systems would have minimal impact?
Low Security Zone
Not relying on a single control to address any security threat.
Control Diversity
A hardware device used to create remote access VPNs.
VPN concentrator
A software application that programmatically understands relationships.
Correlation engine
A method of monitoring network traffic where the switch sends a copy of all network packets see on one port (or an entire VLAN) to another port, where the packet can be analyzed.
Port mirroring
Freestanding devices that operate in a largely self-contained manner, requiring less maintenance ad support than a server-based product.
Appliance
A firewall that has two Network Interface Cards (NICs)
Dual-homed firewall
The encryption key used in SEDs.
Media Encryption Key (MEK)
The key used to decrypt the MEK.
Key Encryption Key (KEK)
Dedicated processors that use cryptographic keys to perform a variety of tasks.
Trusted Platform Modules (TPMs)
Devices that handle digital keys and can be used to facilitate encryption as well as authentication via digital signatures.
Hardware Security Modules (HSMs)
A process whereby the BIOS or UEFI makes a cryptographic hash of the operating system boot loader and any boot devices and compares that against a stored hash.
Secure boot
A security process that has to begin with some unchangeable hardware identity often stored in a TPM.
Root of Trust (RoT)