Chapter 3 Flashcards

Question

Real Time Operating System (RTOS)

Answer 1

An operating system with a deterministic processing schedule. Makes sure that actions are performed within a time constraint. Will dedicate all resources to important tasks immediately. Used in industrial equipment, automobiles, and military environments. Extremely sensitive to security issues. No time for antivirus checks. Systems are often self contained and it is difficult to find a way in.

Answer 2

Hardware and software are created as a self contained and purpose built device. May work as a single component of a larger system. Can be very optimized for it's task. Traffic light controllers, digital watches, medical imaging systems

Answer 3

Always on, always available. Automatic redundancy. May include many components working together. Higher availability means higher costs.

Answer 4

Availability and security can be a difficult balancing act. Available but only to the right people. Uptime % is an important metric when evaluating availability.R

Answer 5

Eventually something will happen. How quickly can you recover. Based on many different variables: Root cause, replacement hardware installation, software patch availability, system redundency. Commonly referred to as MTTR: Mean time to Repair.

Answer 6

The length of time to replace something that is no longer available, with components that are available.

Answer 7

How long does it take for a user to recieve their information after they make a request? This is very important for interactive applications, as humans are sensitive to delays.

Answer 8

How quickly or easily can we increase or decrease capacity. This may happen many times per day. Need to make sure that security monitoring keeps up with the system scaling. Project management and scalability are an important factor to consider during the engineering phase. One missed detail can cause major deployment issues.

Answer 9

Allows you to recover lost funds resulting from things like randsomeware attacks, or outages and business downtime. Helps mitigate risks associated with legal proceedings from customers.

Answer 10

The only constant is change. Software usually isn't static. The first step after installation is usually making sure you are running the latest version. Patches need to be tested.

Answer 11

The second tuesday of each month microsoft rolls out patches.

Answer 12

A foundational element. Must be monitored. Requirements are very different depending on the purpose.

Answer 13

An applications heavy lifting. More than just a single CPU. Cloud services provide a compute engine.

Answer 14

Every network is different, but there are often simularities. We often use firewalls to segment the network, as well as provide additional security to specific parts of the network. Other services may require their own security technologies: Honeypots, jump server, load balancers, sensors.

Answer 15

A logical separation of all of the devices on the network by their use or access type. More flexible and secure than IP address ranges. Each area of the network is associated with a zone. Simplifies security policies, allows you to determine what kinds of data can be sent between zones.

Answer 16

Everything can be a vulnerability. Application code, open ports, authentication process, human error. The goal is to minimize the attack surface. Audit code, block ports on the firewall, monitor network traffic in real time, train employees. Secure physical network cabling. Application level encryption makes the data traveling our network encrypted and secure.

Answer 17

IPSec tunnels and VPN connections

Answer 18

Watches network traffic in real time. If there is any data that may be an intruision or an exploit it can block the traffic in real time. Looks for known exploits, buffer overflows, XSS

Answer 19

Watches network traffic and sounds an alarm if it thinks there is a problem.

Answer 20

Eventually something will break. Depending on device configuration different things may happen. Fail open and fail closed

Answer 21

When a system fails data continues to wflow. Security processes are disabled but the network stays up and running.

Answer 22

When a system fails the data does not flow

Answer 23

System in connected in line. Data can be blocked as it passes by. intrusion prevention is commonly active

Answer 24

A copy of the network traffic is examined using a tap or port monitor. Data can not be blocked in real time, intrusion detection is commonly passive.

Answer 25

A device on the inside of your network that is accessable from the outside. This is a highly secured device that is hardened and closely monitored. Usually a 2 step process: SSH/Tunnel/VPN to the jump server, and then connect to the rest of the network from there. The compromise of a jump server is a significant breach

Answer 26

A device that sits between two endpoints and transmits data between by sending and recieving requests on their behalf. Useful for caching, access control, URL filtering, content scanning.

Answer 27

Converts between internal and external IP addresses on internet facing routers. A network level proxy.

Answer 28

A proxy inside of your network that controls outbound traffic to the internet. "Internal Proxy". Commonly used to protect and control user access to the internet.

Answer 29

A proxy inside your network that controls inbound traffic from the internet to your specific internal service. Can also act as a caching server for identical requests.

Answer 30

A third party, uncontrolled proxy. Can be a significant concern. Often can be used to circumvent existing security controls.

Answer 31

Distributes network traffic across multiple servers and is invisible to the end user. Useful for large scale implementations. Provides fault tolerance, server outages will not disrupt availability.

Answer 32

Keeps connections open across all the servers. Can provide TCB offloading where it keeps a connection open with all servers so users do not have to keep making new server connections which adds protocol overhead. Some load balancers provide SSL offload, which means that encryption and decryption is done by the load balancer instead of the servers. Can provide Caching and prioritization. Content switching.

Answer 33

Some of the servers are active, while others are on standby. If an active server fails, the passive server takes it's place.

Answer 34

Aggregate information from the network devices. Some are their own stand alone device, while others are built in to switches, routers, servers, firewalls, etc. All of the data collected by these sensors are sent to a central database called a collector.

Answer 35

A framework for authentication that can be applied to various network configurations. Manufacturers can build their own EAP methods. The most common integration of EAP is with 802.1x which prevents access to the network until authentication succeeds.

Answer 36

Sometimes refered to as Port Based Network Access Control (NAC). When you plug into an available access point on a switch you would not gain access to the network until you authenticate. Used in conjunction with other authentication protocols or databases such as RADIUS, LDAP, etc. Involves 3 separate components: Supplicant, Authenticator, and Authentication server.

Answer 37

End user or client

Answer 38

The device that provides access such as a switch or AP (access point)

Answer 39

A backend database that contains and validates the log in credentials

Answer 40

Controls the traffic through the use of a purpose built appliance. Traditional network firewalls control traffic based on OSI layer 4: A TCP port or UDP port layer number. Next generation firewalls use OSI layer 7, which is the application layer. Firewalls can integrate other services such as the encyption of traffic. Many firewalls cna be layer 3 devices (routers). These devices commonly sit on the ingress/egress of the network.

Answer 41

An older type of firewall that has a number of security features built in. Also called an all in one security applicance or a web security gateway.

Answer 42

Operates at OSI layer 7, the application layer. Can make forwarding decisions based on the applications being used on the network. Also called: application layer gateway, stateful multilayer inspection, deep packet inspection. Can view all the data in every packet. Can perform a deep packet decode and recognize who is sending the traffic, where it is going, what is contained within the application layer of the traffic, and determine if the packet is allowed or disallowed through the firewall. Gives you granular control of what people are able to do on the network. Ex. employee can view twitter but cannot post. They often act as an intrusion prevention system. Allows for URL catagorization and allow/deny lists.

Answer 43

Analizes input into web based applications and allow or disallow traffic based on the input. Commonly used for web based conversations using HTTP or HTTPS. Can be used to identify SQL injection. A major focus of the payment card industry data security standard (PCI DSS) often used along side a next generation firewall.

Answer 44

Encrypts private data traversing a public network. Managed using a VPN concentrator: A purpose built device that is designed to be an endpoint for everyone to connect to using the encrypted link. They are often integrated into NGFW. There are many deployment options, specialized cryptographic hardware as well as software based options. Often used with client software and sometimes built into the OS.

Answer 45

A purpose built device that is designed to be an endpoint for everyone to connect to using the encrypted link.

Answer 46

The same protocol used to encrypt web server traffic. Runs over TCP port 443. Usually easily passes through firewalls. Used for remote access communication from a single device. No requirement for digital certificates or shared passwords for authentication. Can be run from a browser or light VPN client so additional software is not needed. Some VPN software can be configured as always on, that when you start up your laptop you automatically connect.

Answer 47

Designed to solve issues with securely connecting to cloud based applications. Data centers used to be found in our own buildings. Now out data can be anywhere with the cloud. Allows us to build dynamic networks that can connect directly to cloud based applications.

Answer 48

Combines networking and security as a service functions into a single cloud-delivered service at the network edge. Allows you to combine multiple technologies and cloud offerings into one security architecture.

Answer 49

Data that a third party sets rules on for how it should be protected. ex. Credit Card Information. Government laws and statutes can determine how data can be stored, and for how long.

Answer 50

The secret formula

Answer 51

May be publicly visible but protected using copyright and trademark law

Answer 52

It can be difficult to provide information that should be public while protecting information that needs to be private. These are usually stored on different systems.

Answer 53

People can read and understand the data

Answer 54

Encoded data, barcodes, qr code

Answer 55

Data that is the property of an organization. May include trade secrets. Often unique to the organization

Answer 56

Data that can be used to identify an individual. Name, DOB, mothers maiden name, buimetric information

Answer 57

Health information associated with an individual. Health status, healthcare records, payments for healthcare, etc.

Answer 58

Intellectual propery, PII, PHICo

Answer 59

Very Sensitive, must be approved to view

Answer 60

No restrictions on viewing the data

Answer 61

Restricted access, may require an NDA

Answer 62

Should always be accessable

Answer 63

Data on a storage device. May want to encrypt and apply permissions and access control lists

Answer 64

Data being transmitted over the network. Also called data in motion. If the data isn't encrypted then there is not much protection as it traverses switches, routers, and devices. Someone could tap into any of these network links and view your data.

Answer 65

Firewall/IPS

Answer 66

Data actively being processed in memory or by the CPU. Could be System RAM, CPU registers, and cache. The data is almost always non-encrypted. Attackers like to go after data in use for this reason.

Answer 67

Data that resides in a country is subject to the laws of that country. It is important to consider laws on data monitoring, court orders, etc.

Answer 68

A European Union regulation that dicctates that any data collected on EU citizens must be stored in the EU.

Answer 69

Tells you the localized area of something. Endpoints, data, etc. There are many ways to determine the location of something: 802.11, mobile service, GPS. Can be used to manage access.

Answer 70

Automatically allow or restrict access when the user is in a particular location.

Answer 71

Encrypted data is very different from the plaintext

Answer 72

Separating sensitive data into different locations. Also allows additional security to be added for more sensitive data.

Answer 73

Combine two or more servers. Appears and operates like one large server. End users only see one device. Easy to scale and is configured in the server OS.

Answer 74

Data is sychronized here in case of a disaster. In that case, business processes failover to the alternate processing site. Allows for operations to continue while the problem is addressed.

Answer 75

An exact replica of the datacenter. Contains all of the same hardware as your primary site. Must buy everything twice. Applications are constantly updated and data is synched. Can move over at any time.

Answer 76

An empty building with no hardware. Have to bring all of your data, hardware, and people over to run the site

Answer 77

Anything in between a hot and cold site. Can get going, but hardware and data will need to be moved over to get everything running as before.

Answer 78

Sites that are physically far from each other. Many disruptions can effect a large area such as hurricanes, floods, etc. This can be a logistical problem when transporting equipment and employees between the sites.

Answer 79

Every operating system contains potential security risks. Many security vulnerabilities are specific to a single OS.

Answer 80

Cloud outages happen from time to time, so it may be a good idea to have backup services on multiple providers.

Answer 81

Not everything goes according to plan. When tech fails we still want to have a manual way to provide our services. Should be tested and documented before a problem occurs.

Answer 82

Match supply to the demand. Too much supply and you are spending more money than needed. Too much demand and you experience application slowdowns and outages. Requires a balanced approach. Some services require people, which is difficult to scale up and down.

Answer 83

Testing the process and procedures that take place in the event of a disaster. Use well defined rules of scope, and make sure you do not effect the live production systems. Practice specific scenarios.

Answer 84

A failure is inevitable, but you may be able to keep things running. Redundant infrastructure allows you to perform a failover.

Answer 85

Test an imaginary event. Pen Testing. Allows you to see how your organization would respond.

Answer 86

No internet link required, data is immediately available. Generally less expensive than offsite.