Chapter 5 Securing hosts and data

Question 1

A software that creates, runs and manages virtualization?

Answer 1

A hypervisor

Question 2

Virtual machines vs containerization? and one draw back of containerization?

Answer 2

virtual machines host entirely new sessions of operating systems and everything within it. Whereas containers are isolated boxes that run applications or services seperated from the rest of the current OS - if containers are running on linux host, all containers must then use linux

Question 3

How to keep virtual machines secure? considerations

Answer 3

Hypervisor, patches and avoiding VM escapes, avoiding VM sprawl avoidance (policies, assesments etc).

Question 4

What kind of arrangement allows users to keep their VM desktops customized?

Answer 4

persistence, non-persistence utilizes the same for all.

Question 5

What is the purpose of a baseline? give a brief description on how it might be created and used.

Answer 5

Baselines provide a secure standard configuration. A baseline is usually created via a master image that is used across all deployed systems (stock/default for security). The master image is an OS that has been configured for security and tested extensively. Then, automated tools are used to assess changes from that baseline.

Question 6

How do organizations typically deal with patch management?with regards to deployment

Answer 6

Patch management is usually deployed in a sandbox environment (such as VM), Third party tools are then used to deploy the patches in a controlled manner, other tools (similar to an NAC) check for these patches, comparing them on end point systems to what is expected.

Question 7

What process ensures no unintended outages and accounting for configuration or upgrades?

Answer 7

A change management policy.

Question 8

When implementing an API list some important components to include:

Answer 8

Authentication - depends, possibly 2FA
Authorization - ACLs, rule/role/mandatory/ type of idea.
Security method - TLS is good to encrypt traffic over the network

Question 9

FDE vs SDE?

Answer 9

Full disk encryption - entire disk is encrypted., also able to encrypt partitions as well (encrypt and decrypt at the file or partition level)
Self encrypting drive - on booting up enter credentials to unencrypt it. (at the drive level)
FDE offers more flexibility.

Question 10

An important thing to implement every time the computer starts up? examples?

Answer 10

Boot integrity checks. BIOS (basic input/output system), it is physical with software on it (firmware), newer systems use UEFI (unified extensible firmware interface) which is upgraded version ( more performance, less CPU demanding).

Question 11

How does a computer store encrypted keys(that relate to the booting process)? and what else does it do with regards to booting?

Answer 11

through a hardware chip called the TPM (Trusted platform module), when booting (boot attestation) stores key signatures of particular files. Then, secure boot checks the files against the stored signatures to ensure they haven’t changed. Remote attestation verifies it using a remote system.

Question 12

what is the difference of an HSM to the similar component?

Answer 12

An Hsm is often a removable or external device that generates, stores, and manages keys via assymmetric encryption whereas a TPM is a hardware chip that deals with signatures and boot processes.

Question 13

An organization wants to use software that blocks USB devices and prevents outgoing information (sensitive information), what might they implement?

Answer 13

Data loss prevention software.

Question 14

Protecting against data streams coming in vs going out? tools?

Answer 14

Unified threat manager and DLP software

Question 15

Unauthorized flow of data out of a network is called?

Answer 15

Data exfiltration

Question 16

What are some examples of SaaS and why are they classified as such?

Answer 16

Gmail, Yahoo! Mail, Splunk, Dropbox, they are accessed via a web browser providing someone elses’ software to use/interact with.

Question 17

How is PaaS different from SaaS?

Answer 17

PaaS provides its own hardware AND software on its own infrastructure. Provides end users with the infrastructure, tools, storage and networking to build / deploy software. Compared to SaaS it provides a platform rather than just the software.

Question 18

IaaS?

Answer 18

Pay-as-you go storage, networking, virtualization, alternatives to on-premise infrastructure. More scalable, more secure but less individualized to business needs.

Question 19

What is XaaS?

Answer 19

Anything as a service, may include a combination of all services (S, P and IaaS) as long as it is delivered over the cloud.

Question 20

What are the four cloud deployment models with a brief description of each?(this is not a Iaas, Xaas question)

Answer 20

Public - Third party services anyone can pay for, not individualized.
Private - specific to the organization may be internal only, hosting own servers (IaaS?)
Community - Many organizations with similar needs that all require access, a group of franchised schools etc.
Hybrid - combination of two or more.

Public clouds - available to anyone, private only for that organization, community - many, hybrid mix.

Question 21

What role can an MSSP play in cloud services?

Answer 21

managed security service provider, basically everything security wise. From patch management, DLP, networking(proxy filters), VPNs, UTM, firewalls, IDS & IPS, they may host these all on the cloud or send out appliances managing them remotely.

Question 22

How does a CSP typically maintain high availability? list 1

Answer 22

Multiple load balancing nodes in different geographical locations

Question 23

What types of networks do CSP provides? (4 examples)

Answer 23

1. Virtual networks (soft-ware defined networking to create virtual networks using 1 server)
2. Public subnets (accessible via internet usually with a screen subnet infront of it) and 3. Private subnets (not accessible via internet). These can both be created via virtual networks.
3. Segmentation (Like a VLAN) segmenting computers, or networks.

Question 24

On-premise vs off-premise clouds

Answer 24

On-premise, all facilities for the cloud (all resources), on the organizations premise. Can still access when at home.
Off-premise - resources are outsourced / rented

Question 25

Who might use on-premise clouds?

Answer 25

An organization with sufficient resources, very big, large IT department, can maintain / update / secure it. Want to individualize security, 2fa, AAA etc. But it is expensive.

Question 26

What are the risks of off-premise?

Answer 26

Security is managed with a third party, data may be off shore (could be an issue with data possession laws),

Question 27

What is a CASB and why would you need it?

Answer 27

Cloud access security broker, it is software or a service, monitors traffic and enforces policies. Those with higher security requirements, helps to mitigate tasks.

Question 28

Purpose of a SWG?

Answer 28

Next-gen secure web gateway provides proxy services for traffic and scanning for malware, DLP, sandboxes. It is a cloud-based service.

Question 29

Edge vs Fog computing

Answer 29

Edge computing stores + processes data close to devices that are generating and using the data. Processing cruise control in a car computer vs sending the data to be processed afar. One is quick, convenient and appropriate for the situation.
Fog computing sends it to a node near the device within a fog network.

Question 30

List of models of device deployment a coorperation may employ

Answer 30

Corporate owned

COpersonally enabled (employees are free to use the device as they wish but managed by the corp),

BYOD (bring your own device (employees must adhere to policies, personally responsible for managing deviice),

ChooseYOdevice (employee purchases device based on a list, similar to COPenabled)

Question 31

What is a UEM tool for MDM and what does it typically do?

Answer 31

Unified endpoint management for mobile devices, keeps systems up to date, antivirus software, application management

Question 32

Uses of an MDM?

Answer 32

Application management, FDE, storage segmentation (partitions), content management (ensure encryption when storing corp data), containerization, passwords, biometrics and screen locks, remote wipes.

Question 33

Geolocation vs geofencing vs geotagging and what might a combination of these be used for?

Answer 33

One locates (lost device for example), other gets fenced out if they aren’t in the right place. Geotagging adds metadata to files. Context-aware authentication uses multiple of these (geolocation, geofence, time of day/device type) to authenticate.

Question 34

ICS is a broad term for what system

Answer 34

Industrustrial control systems, like SCADA, supervisory control and data acquisition

Question 35

What are the constraints of embedded systems?

Answer 35

Computational power
Cryptographic processing (limited processing power)
Power (don’t have their own power systems)
Range (using wireless but limited power and thus range)
Authentication (often skipped)
Network (doesn’t have interface, often default)
Cost (kept low, minimizing security features)
Inability to patch
Implied trust (vulnerabilities that aren’t reported or known)