Chapter 3 and 5 Flashcards
span
Switch Port Analyzer: known as mirrored ports, it allows a switch to mirror a port’s traffic to another port.
Easiest way to deploy a VPN
An TLS/SSL vpn which does not require a client.
Decentralized placement to manage multiple data centers.
can provide increased resilience because a failure or compromise of service will not disrupt other locations.
Users want to have a simple experience connecting to company’s resources.
TLS VPN does not require a client.
What is the primary reason for parallel processing
Allows for systems to be tested without taking them offline.
What are the IPsec protocols
AH, ESP, IKE (internet key exchange)
Can NAC tools allow for authentication?
Yes, it can allow for user groups, roles, and VLANS that separate the groups based on roles.
ACL, VLANS, and firewalls can implement network segmentation.
air gaps create operational challenges so it’s unlikely.
NAC
NAC helps divide networks into logical security zones for unauthorized access. It uses a software agent, which adds complexity, but it can be agentless.
802.1X
standard for authenticating devices connected to wired and wireless networks using EAP. And it’s used for port based authenticating.
Port Security
allows you to limit the number of MAC addresses that a single port on a switch can use.
CVE
is a vulnerability feed
Bug Bounty
A bug bounty is a program offered by organizations, companies, or even independent software developers to reward individuals (commonly referred to as ethical hackers, security researchers, or bug hunters) who discover and report vulnerabilities or security flaws in their systems.
false negative
is when an issue exists and it is not identified
false postive
is when a scanner picks up and issue but it doesn’t exists.
Oauth
is a common authorization service used by cloud services.
SAML
security authentication markup language is a language not a service
Federation
federation refers to the ability of multiple systems, organizations, or platforms to work together while remaining independently managed. Social logins from Google or Facebook are an example of using a federated approach to using identifies.
multifactor authentication
is based on something-you-have, something-you-are, and something-you-know.
geofencing
is a location-based technology that creates a virtual geographic boundary around a specified area, enabling software to trigger pre-defined actions when a device enters, exits, or remains within that boundary.
Devices (e.g., smartphones) track their location through GPS, cellular networks, or Wi-Fi and compare it to the geofenced area.
Mandatory Access Control (MAC)
is a security model that enforces access control policies based on predefined rules set by a central authority, rather than allowing individual users to make decisions about permissions. It will not allow lowered privileged users to see data from higher privileged users.
Discretionary access control (DAC)
Is when each data owner configures their own security and then delegates the rights and permissions of those objects as they desire. For example assigning who can view, execute, delete files in a Linux OS
Role Based Access Control
is an access control model that restricts system access based on the roles assigned to users. In this model, permissions are associated with roles, and users acquire permissions through their assigned roles.
Roles:
Represent job functions or responsibilities within an organization (e.g., “Admin,” “Manager,” “Sales Representative”).
Permissions:
Define what actions can be performed on specific resources (e.g., “read,” “write,” “delete”).
Users:
Individuals or entities assigned to one or more roles.
ABAC
Attribute-Based Access Control (ABAC) is an advanced access control model that grants or denies access to resources based on attributes associated with users, resources, actions, and environmental conditions.
Attributes:
User Attributes: Characteristics of the user (e.g., job title, department, clearance level).
Resource Attributes: Metadata about the resource (e.g., file type, classification, owner).
Action Attributes: The type of action requested (e.g., read, write, delete).
Environmental Attributes: Contextual factors like time, location, or device used.
What type of access control does Windows and Linux uses
DAC
Does Windows log network traffic
Windows does not log network traffic.
NetFlow
is a network protocol developed by Cisco that collects and monitors IP traffic information. It provides visibility into network usage and traffic patterns by capturing metadata about packets flowing through a network.
Where does RedHat store authentication logs
/var/log/secure
What is Cuckoo Sandbox for?
is an open-source automated malware analysis system designed to analyze suspicious files and URLs in a controlled and isolated environment. It provides detailed reports on the behavior of malware by executing it in a virtualized or emulated sandbox.
What are the seven incident response process
Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lesson learned
CIS
Center for Internet Security provides information on how to secure OSs, applications, or other cover technology.
Can IPS/IDS detect behavior patterns
No, EDR can and NACs cannot detect behaviors as well, they are designed for access
exposure factor
the lost in value if an asset that is lost due to loss or damage
What are the five Why’s?
Who, What, When, Where and Why
ABAC
provides access based on attributes like location, age, rank, or attributes.
What is COPE
Company owned personally enabled. Can be used for personal reasons.
Quarantine and Isolation are common in what phase of the Incident response?
Containment
Trend analysis
is commonly used for behavior based detection which can help identify new attacks.
Where are the advantages of automation?
For the provisioning process, decreases the potential for mistakes, provides faster provisioning, improves constitency but it doesn’t address auditability.
What are the three components of NIST
What is a worm
They are self install malware and spread themselves
ISAC
Information Sharing and Analysis Center
