Chapter 5: Securing Hosts and Data Flashcards
What is Virtualization?
The creation of virtual instances of computing resources- like servers, storage, or networks, on a single physical machine using a hypervisor, improving efficiency, scalability, and isolation.
What is a Hypervisor?
Software that creates and managed virtual machines by allocating hardware resources, allowing multiple OSes to run on one physical machine.
In virtualization, what is a Host?
The physical machine that runs the hypervisor and provides hardware resources to virtual machines (guests).
In virtualization, what is a Guest?
A virtual machine running on a host system, managed by a hypervisor, with its own OS and virtual hardware.
What is Cloud Scalability?
The ability of a cloud system to handle increasing workloads by adding or upgrading resources over time (either vertically or horizontally).
What is Cloud Elasticity?
The ability of a cloud system to automatically scale resources up or dowin in real-time based on workload demand.
What is a Thin Client?
A minimal computer that depends on a central server for processing and storage, commonly used to access virtual desktops or applications.
What is Virtual Desktop Infrastructure (VDI)?
A system that delivers desktop environments from a central server to end-user devices like thin clients, enabling remote and centralized desktop access.
What is Containerization?
A lightweight virtualization method where apps and their dependencies are packed into containers that run in isolated environments, sharing the host OS kernel.
What is VM Escape?
A security exploit where an attacker breaks out of a virtual machine and gains access to the host or other VMs, violating isolation.
What is VM Sprawl?
A situation where unmanaged growth of virtual machines causes inefficiencies, security risks, and administrative challenges.
What is Resource Reuse?
Refers to the potential for data or resources to remain on a shared infrastructure after a customer has finished using them, making them potentially accessible for other users of the cloud service.
What benefits does Replication offer VMs?
Replication provides high availability, disaster recovery, fast failover, and safe environments for testing without affecting production.
What are Snapshots?
A saved state of a VM at a specific point in time, used to restore the VM to that exact state later.
What is an endpoint?
Computing devices such as servers, VMs, desktops, laptops, mobile devices, or IoT devices.
What is Antivirus software?
Detects, prevents, and removes malware using methods like signature-based detection, heuristics, and real-time protection.
What is Endpoint Detection and Response (EDR)?
Monitors endpoints for threats, analyzes behavior, and provides real-time alerts and responses.
What is Extended Detection and Response (XDR)?
A unified security solution that integrated data from endpoints, networks, cloud, and more to detect and respond to threats more effectively.
What is Host Intrusion Prevention Systems (HIPS)?
Endpoint software that detects and blocks malicious activity using signatures and behavior analysis.
In the context of endpoints, what is Hardening?
Endpoint hardening is the process of securing devices by minimizing vulnerabilities, applying patches, disabling unnecessary services, and using security measures like encryption and access controls.
What is Configuration Management?
The process of managing and maintaining consistent system settings and configurations to ensure operational effectiveness, security, and compliance.
In configuration management, what is a Baseline?
A baseline in configuration management is an approved and documented set of configuration settings that serves as a reference point for future changes, ensuring system consistency and control.
What is an Image?
A replica or snapshot of a system’s configuration, including the OS, applications, and settings, used for rapid system deployment or restoration.
What is a Master Image?
A master image is a pre-configured, optimized base image used as a template for creating consistent, identical system configurations across multiple devices.
What is a Secure Starting Point?
Refers to a baselines configuration that ensures systems are securely configured before deployment, with key security measures like encryption, access control, and patching in place.
What are Reduced Costs in Cybersecurity?
Occurs when preventative measures, automation, and effective risk management minimizes the financial impact of cyber incidents, avoiding costly breaches, fines, and reputational damage.
What is a Patch?
A software update that fixes vulnerabilities, corrects bugs, or adds new features to enhance security and functionality.
What is Patch Management?
The process of acquiring, testing, and deploying software patches to keep systems secure and up-to-date, ensuring that vulnerabilities are mitigated.
What is Change Management?
The systemic process for managing changes in IT systems to ensure that changes are made with minimal risk, disruption, and that they are properly planned and documented.
What is an Application Allow List?
A security measure where only pre-approved applications are allowed to run on a system, preventing unauthorized software from executing.
What is an Application Block List?
A security approach that prevents known malicious or untrusted applications from running while allowing all other applications.
What is Full Disk Encryption (FDE)?
A software-based program that encrypts the entire hard drive of a device, making all data inaccessible without proper decryption credentials, even if the device is stolen.
What is Self-Encrypting Drives (SED)?
A hardware-based storage device that automatically encrypts and decrypts data as it’s written and read, using an onboard encryption engine.
What is Boot Integrity?
Ensures that only trusted and untampered code is run during the system’s startup process, protecting against unauthorized modifications at boot time.
What is Measured Boot?
Conducts enough of the boot process to perform checks without allowing the user to interact with the system. If it detects that the system has lost integrity and can no longer be trusted, the system won’t boot.
What is the Basic Input/Output System (BIOS)?
A legacy firmware interface that initializes hardware and starts the OS using the Master Boot Record (MBR) during the boot process.
What is the Unified Extensible Firmware Interface (UEFI)?
A modern firmware interface that replaces BIOS, offering enhanced booting security, faster startup, and support for larger drives.
What is a Trusted Platform Module (TPM)?
A hardware chip that securely store cryptographic keys and system integrity measurements to support security features like encryption and Measured Boot.
What is Boot Attestation?
A process where cryptographic measurements from the boot process are sent to a remote server to verify system integrity and trustworthiness.
What is a Hardware Root of Trust?
A trusted, tamper-resistant hardware component that verifies the integrity of the system’s boot process and establishes a secure foundation for system trust.
What is Secure Boot?
A feature that ensures only digitally signed, trusted software runs during system startup, protecting against boot-time malware and tampering.
What is Remote Attestation?
A process where a system proves to a remote verifier that its hardware and software have not been tampered with, using cryptographic boot measurements.
What is a Hardware Security Module (HSM)?
A tamper-resistant device that securely manages, generates, and stores cryptographic keys and performs secure encryption operations.
What is MicroSD HSM?
A compact hardware security module that fits in a MicroSD slot and securely performs cryptographic operations and stores encryption keys.
What is Decommissioning?
A secure and systematic retirement of IT assets, including secure data removal and proper disposal.
What is Legacy Hardware?
Outdated or unsupported hardware that remains in use, often posing security and compatibility challenges.
What is End-of-life (EOL) Hardware?
Hardware that is no longer supported or maintained by the manufacturer, making it vulnerable and unsuitable for continued use.
What is Data Exfiltration?
The unauthorized transfer of data from a system, often by attackers of insiders.
What is Data Loss Prevention (DLP)?
A set of technologies and strategies to detect and prevent the unauthorized sharing or leakage of data.
What is Removable Media?
Portable storage devices that can be connected and removed from a computer, often carrying data or malware risks.
What is Data-in-use?
Data that is actively being accessed or processed in memory, and is vulnerable to attacks during that state.
What is a Secure Enclave?
A hardware-isolated area for processing sensitive data securely, protecting it even if the main system is compromised.
What is Cloud Computing?
The on-demand delivery of IT resources over the Internet, providing scalable and flexible services without owning physical hardware.
What is a Cloud Delivery Model?
A method of delivering cloud services–SaaS, PaaS, or Iaas–based on the level of control and responsibility between provider and user.
What is Software as a Service (SaaS)?
A cloud model where users access fully-managed applications over the Internet without handling the underlying infrastructure.
What is Platform as a Service (PaaS)?
A cloud model that provides a platform for developers to build and deploy apps without managed the underlying hardware or OS.
What is Serverless Computing?
A cloud model where the provider manages infrastructure, allowing developers to focus solely on writing and deploying code.
What is Infrastructure as a Service (IaaS)?
A cloud model providing virtualized computing resources online, where users manage their own software and the provider handles hardware.
What is a Cloud Deployment Model?
A strategy for deploying cloud services, such as public, private, hybrid, or community clouds, based on access and control needs.
What is the Public Cloud?
A cloud environment offered by third parties to multiple users, providing scalability and ease of use.
What is the Private Cloud?
A cloud environment exclusively used by one organization, providing greater control and security.
What is the Community Cloud?
A cloud environment shared by multiple organizations with similar concerns, like compliance or mission objectives.
What is the Hybrid Cloud?
A cloud environment that merges public and private clouds to increase flexibility and optimize workloads.
What is Multi-Cloud Systems?
The use of multiple cloud service providers to enhance performance, avoid lock-in, and boost resilience.
What is an Application Programming Interface (APIs)?
A set of rules and protocols that enable software applications to interact and share data.
What are Microservices?
An architectural style where applications are built as a small, independent, and loosely coupled services.
What is a Managed Security Service Provider (MSSP)?
A third-party provider that remotely managed and monitors an organization’s cybersecurity infrastructure and operations.
What are some services an MSSP may offer?
Some services may include: 24/7 security monitoring, firewalls, IDS, IPS, Threat Intelligence, Vulnerability Assessments & Penetration Testing, Incident Response, SIEM, Compliance Monitoring, and Endpoint Detection and Response (EDR).
What is a Managed Service Provider (MSP)?
A third-party company that remotely manages a business’s IT infrastructure, providing services like network management, tech support, updates, and backups.
What considerations should an organization take when considering cloud security issues?
Availability, resilience, cost, responsiveness, scalability, and segmentation.
In regards to cloud computing, what does on-premises mean?
IT infrastructure that is physically hosted and managed within an organization’s own location rather than in the cloud.
What are the benefits of having a centralized on-premises setup?
Easier management, better security control, reduced costs, and simplified backups and recovery.
What are the benefits of having a decentralized on-premises setup?
Improved local performance, improved resilience, site autonomy, and flexibility.
What is a Cloud Access Security Broker (CASB)?
Monitors and enforces security policies between cloud users and cloud services.
What is a Cloud-based DLP?
Designed to detect and block unauthorized sharing or movement of sensitive data in the cloud.
What is a Next-Generation Secure Web Gateway (SWG)?
A web security tool that inspects traffic for threats, enforces policies, and protects cloud-bound traffic.
What are Cloud Firewall Security Groups?
Virtual firewalls that control inbound and outbound traffic to cloud resources based on rules.
What is Infrastructure as Code (IaC)?
Managing and provisioning infrastructure through machine-readable code instead of manual configuration.
What is Software-defined Networking (SDNs)?
A network architecture that separates the control plane from the data plane and uses a centralized controller for flexible, programmable network management.
What is a Software-defined Wide Area Network (SDN-WAN)?
WAN architecture that uses software to manage and optimize network traffic across multiple connection types.
What is Edge Computing?
A computing model where data is processed near the source, reducing latency and improving speed.
What is Fog Computing?
A decentralized computing model that processes data between edge devices and the cloud, enhancing efficiency.
What are mobile devices?
Portable computing devices such as smartphones, tablets, and laptops that connect to the Internet via wireless networks.
What is a mobile device deployment model?
A framework that defines how devices are owned, controlled, and managed in an organization, impacting security and user experience.
Explain the Corporate-Owned mobile device deployment model.
A device fully owned and controlled by an organization, typically used for work tasks, with all security usage policies enforced by the organization.
Explain the Corporate-Owned, Personally Enabled (COPE) mobile device deployment model.
A model where the organization owns the device but allows personal use, managing and securing the device while enabling personal applications.
Explain the Bring Your Own Device (BYOD) mobile device deployment model.
A model where employees use their personal devices for work, with the organization providing security guidelines while employees retain control over the device.
Explain the Choose Your Own Device (CYOD) mobile device deployment model.
A model where employees select from a list of pre-approved devices provided by the organization, which manages and secure the devices.
May you name a few methods mobile devices use to connect to networks and other devices?
Cellular, WiFi, and Bluetooth.
What is Cellular?
Refers to mobile phone networks that enable voice calls, text messaging, and Internet access through base stations in geographic cells.
What is Mobile Device Management (MDM)?
A security software that allows organizations to monitor, manage,and secure mobile devices, enforce policies, and remotely configure or wipe data.
What is Unified Endpoint Management (UEM)?
A security solution that allows organizations to manage and secure all types of endpoints (like desktops, mobile devices, and IoT devices) from a single platform, ensuring consistent security and configuration.
What are some MDM concepts that apply to mobile devices?
Application management, full device encryption, storage segmentation, content management, containerization, passwords/PINs, biometrics, screen locks, remote wipes, geolocation, geofencing, GPS tagging, context-aware authentication, and push notifications.
What are Third-party app stores?
Unofficial app marketplaces where users can download apps not available in the official stores. They may present security risks due to unverified or malicious software.
What is Jailbreaking?
The process of removing restrictions on IOS devices to gain full access to the operating system, allowing the installation of unauthorized apps and modifications.
What is Rooting?
The process of gaining root access to the operating system of Android devices, enabling system modifications and the installation of unauthorized apps.
What are Over the Air (OTA) Updates?
Software or firmware updates delivered wirelessly to a device, ensuring it receives the latest features and security patches.
In regards to mobile devices, what is Custom Firmware?
Overwriting the device’s manufacturer firmware with one of your own making or an image made by somebody else.
What is Sideloading?
The process of manually installing apps or software onto a device from a third-party source instead of the official app store, which may pose security risks.
What is an Embedded System?
A specialized computer system designed to perform specific tasks within a larger system, often with real-time constraints.
What is Internet of Things (IoT)?
Refers to a network of interconnected devices that communicate and share data over the Internet, enabling automation and remote control.
What is an Industrial Control System (ICS)?
A system used to control industrial processes, such as manufacturing, production, and energy distribution, ensuring smooth and safe operations.
What is a Supervisory Control and Data Acquisition (SCADA) system?
An industrial control system used to monitor and control large-scale processes, such as utilities or manufacturing systems, by collecting real-time data and enabling remote management.
What is System-on-chip (SoC)?
An integrated circuit that combines essential components like a processor, memory, and input/output interfaces onto a single chip, used in embedded systems and mobile devices.
What is Real-time Operating System (RTOS)?
An operating system designed to meet the strict timing and reliability requirements of embedded systems, ensuring tasks are completed within specific deadlines.
What is the challenge with embedded systems such as ICS, IoT, and SCADA?
Security vulnerabilities, limited resources, interoperability issues, real-time processing requirements, and the difficulties of maintaining systems over long lifespans.
What are some constraints of embedded systems?
Computing power, cryptographic limitations, power, ease of development, cost, and inability to patch/patch availability.
