Chapter 5 Flashcards
Securing Hosts and Data
Least Functionality
A core principle of secure systems design
Systems should be deployed with only the applications, services, and protocols needed to meet their purpose
Trusted Operating System
An operating system that is configured to meet a set of security requirements
It ensures that only authorized personnel can access data based on their permissions
Patch Management
The process used to keep systems up to date with current patches
It typically includes evaluating and testing patches before deploying them
Change Management
The process used to prevent unauthorized changes
Unauthorized changes often result in unintended outages
Application whitelist
A list of application that a system allows
Users are only able to install or run applications on the list
Application Blacklist
A list of applications that a system blocks
Users are unable to install or run any applications on the list
Sandboxing
The use of an isolated area on a system, typically for testing
Virtual machines are often used to test patches in an isolated sandbox
Application developers sometimes use the chroot command to change the root directory crating a sandbox
Chroot
A Linux command used to change the root directory
It is often used for sandboxing
EMI
Electromagnetic interference is an interference caused by motors, power lines, and fluorescent lights
EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable
EMP
Electromagnetic Pulse is a short burst of energy that can potentially damage electronic equipment
It can result from electrostatic discharge (ESD), lightning, and military weapons
FDE
Full disk encryption is a method to encrypt an entire disk
Compared with SED
SED
Self-encrypting drive is a device that includes he hardware and software necessary to encrypt a hard drive
Users typically enter credentials to decrypt and use the drive
BIOS
Basic Input/Output System is a computers firmware used to manipulate different settings such as the date and time, boot drive, and access password
UEFI is the designated replacement for BIOS
UEFI
Unified Extensible Firmware Interface is a method used to boot some systems and intended to replace BIOS firmware
TPM
Trusted Platform Module is a hardware chip on the motherboard included with many laptops and some mobile devices
It provides full disk encryption
Compare with HSM
Secure Boot
A process that checks and validates system files during the boot process
A TPM typically uses a secure boot process
Attestation
A process that checks and validates system files during the boot process
TPMs sometimes used remote attestation, sending a report to a remote system for attestation
Hardware Root of Trust
A known secure starting point
TPMs have a private key burned into the hardware that provides a hardware root of trust
HSM
Hardware security module is a removable or external device that van generate, store, and manage RSA keys used in asymmetric encryption
Compare wirh TPM
SaaS
Software as a Service is a cloud computing model that provides applications over the internet
Webmail is an example of a cloud based technology
Compare with IaaS and PaaS
PaaS
Platform as a Service is a cloud computing model that provides cloud customers with a preconfigured computing platform they can use as needed
Compare with IaaS and SaaS
IaaS
Infrastructure as a service is a cloud computing model that allows an organization to rent access to hardware in a self-managed platform
Compare with PaaS and SaaS
CASB
Filler
Cloud Deployment models
Cloud model types that identify who has access to cloud resources
Public clouds are for any organization
Private clouds are for a single organization
Community clouds are shared among community organizations
A hybrid cloud is a combination of two or more clouds
MDM
Mobile device management is a group of applications and/or technologies used to manage mobile devices
MDM tools can monitor mobile devices and ensure they ate in compliance with security policies
Application Management
Filler
Full Device Encryption
Filler
Storage Segmentation
A method used to isolate data on mobile devices
It allows personal data to be stored in one location and encrypted corporate data to be stored elsewhere
Content management
Filler
Containerization
A method used to isolate applications in mobile devices
It isolates and protects the application, including any data used by the application
Passwords and PINs
Filler
Biometrics
Filler
Screen Locks
Filler
Remote Wipe
The process of sending a signal to a remote device to erase all data
It is useful when a mobile device is lost or stolen
Geolocation
The location of a device identified by GPS
It can help locate a lost or stolen mobile device
Geofencing
A virtual fence or geographic boundary
It uses GPS to create the boundary
Apps can then respond when a mobile device is within the virtual fence
GPS Tagging
A process of adding geographical data to files such as pictures
It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created
Context-Aware
An authentication method using multiple elements to authenticate a user and a mobile device
It can include identity, geolocation, the device type, and more
Push Notification Services
The services that messages to mobile devices
Third Party App Store
An app store other than the primary source for mobile device apps
It refers to an app store other than the App Store or Google Play for Apple and Android devices, respectively
Jailbreaking
The process of modifying an Apple mobile device to remove software restrictions
It allows a user to install software from any third-party source
Compare with rooting
Rooting
The process of modifying an Android device, giving the user root-level, or administrator, access
Compare with Jailbreaking
Firmware OTA Updates
Over-the-air updates for mobile device firmware that keep them up to date
These are typically downloaded to the device from the Internet and applied to update the device
Custom Firmware
Mobile device firmware other than the firmware provided with the device
People sometimes use custom firmware to root Android devices
Sideloading
The process of copying an application package to a mobile device
It is useful for developers when testing apps, but can be risky if users sideload unauthorized apps to their device
SMS
Short Message Service is a basic text messaging service
Compare with MS
MMS
Multimedia Messaging Service is a method used to send text messages
It is an extension of SMS and supports sending multimedia content
USB OTG
Universal Serial Bus On-The-Go is a cable used to connect mobile devises to other devices
It is one of many methods that you can use to connect a mobile device to external media
Tethering
The process of sharing an Internet connection from one mobile device to another
Wi-Fi Direct
A standard that allows devices to connect without a wireless access point
Carrier Unlocking
The process of unlocking a mobile phone from a specific cellular provider
Embedded System
Any device that has a dedicated function and uses a computer system to perform that function
It includes a CPU, an operating system, and one or more applications
IoT
Internet of things is the network of physical devices connected to the Internet
It typically refers to smart devices with an IP address, such as wearable technology and home automation systems
Wearable Technology
Smart devices that a person can wear or have implanted
Home Automation
Smart devices used within the home that have IP addresses
These are typically accessible via the Internet and are part of the Internet of things (IoT)
SoC
System on a chip is an integrated circuit that includes a computing system within the hardware
Many mobile devices include an S0C
ICS
Industrial control system is a system that controls large systems such as power plants or water treatment facilities
A SCADA system controls the ICS
SCADA
Supervisory control and data acquisition is a system used to control an ICS such as power plant or water treatment facility
Ideally, a SCADA is within an isolated network
RTOS
Real-time operating system is an operating system that reacts to input within a specific time
Many embedded systems include an RTOS
HVAC
Heating, ventilation, and air conditioning is a physical security control that increases availability by regulating airflow within data centers and server rooms
UAVs
Unmanned aerial vehicles are flying vehicles piloted by remote control or onboard computers
EFS
Filler
NTFS
Filler
ACLs
Access control lists are lists of rules used by routers and stateless firewalls
These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols
GPG
Filler
Linux Permissions
Filler
Windows Permissions
Filler
DLP
Data loss prevention is a group of technologies used to prevent data loss
They can block the use of the USB devices, monitor outgoing email to detect and block unauthorized data transfers, and monitor data stored in the cloud
Data Exfiltration
The unauthorized transfer of data outside an organization
