Chapter 5 Securing Hosts and Data Flashcards
1
Q
____ is the practice of making an operating system (OS) or application more secure from its default installation.
A
Hardening
2
Q
___ helps eliminate vulnerabilities from default configurations, misconfigurations, and weak configurations.
A
Hardening
3
Q
Describe least functionality
A
A core security principle stating that systems should be deployed with the least amount of applications, services, and protocols.
4
Q
A ____ is an access point to an application or service that bypasses normal security.
A
Backdoor
5
Q
True or false: A system or application default account and default password does not need to be changed.
A
False
Default accounts and default passwords should always be changed.
6
Q
Windows and Apple operating systems are _____ source software, meaning that the underlying code is not freely available to the public.
A
Closed
7
Q
Linux and Unix operating systems are ____ source software, meaning that it is freely available to the public.
A
Open
8
Q
Identify three other locations where OSs operate
A
Kiosks
Network
Appliance
9
Q
What is a kiosk?
A
A kiosk is a small structure in an open area used to sell something, provide information, or display advertisements.
10
Q
To create a non-persistent operating system on a computer you can use a ___
A
Live boot media
Ex. DISA uses BootMe that authorized DoD users can use to run an operating system on almost any computer.
11
Q
What is a non-persistent operating system?
A
One that disappears when users turn off the computer
12
Q
What is a common method of deploying systems?
A
Creating a master image with a secure configuration, and then deploy the image to multiple systems.
13
Q
What is a trusted operating system?
A
One that meets a set of predetermined requirements with a heavy emphasis on authentication and authorization.
14
Q
What is the overall goal of a trusted operating system?
A
To ensure that only authorized personnel can access data based on their permissions. It also prevents any modifications and movement of data by unauthorized entities.
15
Q
An ____ is a snapshot of a single system that administrators deploy to multiple other systems.
A
Image
16
Q
What are two important benefits of imaging?
A
- It creates a secure starting point.
2. It reduces cost
17
Q
True or false: You can convert an image to a virtual system
A
True
18
Q
A ____ is a known starting point and organizations commonly use them to provide known starting points for systems.
A
Baseline
19
Q
True or False: Admins can use an MS security template to import to a GPO and then apply to systems within a domain
A
True
Some orgs deploy a master image to all systems and then use the security templates to automatically apply different security settings to different groups of systems based on their security needs.
20
Q
___ security configuration is a common security issue
A
Weak
21
Q
True or False: One of the primary benefits of secure baselines is that they improve the overall security posture of systems
A
True
22
Q
Identify the three steps for the use of baselines
A
- Initial baseline configuration
- Integrity measurements for baseline deviation
- Remediation
23
Q
____ ensures that systems and applications stay up to date with current patches.
A
Patch management
24
Q
One of the most efficient ways to reduce operating system and application vulnerabilities is ____ because it protects systems from known vulnerabilities.
A
Patch management
25
True or False: Patch management does not include a group of methodologies and processes of identifying, downloading, testing, deploying, and verifying patches.
False
26
What does SCCM stand for and what is it?
System Center Configuration Manager
| It is a systems management tool used for many purposes like patch management
27
____ defines the process for any type of system modifications or upgrades, including changes to applications.
Change management
28
What are two key goals of Change Management?
1. To ensure changes to IT systems do not result in unintended outages
2. To provide an accounting structure or method to document all changes
29
A common security issue is the use of _______ software, which can cause many different problems.
Unauthorized
30
The most common problem of using unauthorized software often includes ____
Malware
31
Aside from malware, additional problems of using unauthorized software are _____ and ____
Application support and license compliance violations
32
True or False: An organization can be susceptible to fines and penalties if they breach license agreements.
True
33
______ is a list of applications authorized to run on a system
Application whitelist
34
____ is a list of applications the system blocks
Application blacklist
35
____ ______ ______ in MS Group Policy can be used for both whitelisting and blacklisting computers within a domain.
Software Restriction Policies
36
What does MDM stand for?
Mobile Device Management
37
True or False: an MDM can whitelist and blacklist applications on mobile devices
True
38
_______ is the use of an isolated area on a system and it is often used for testing.
Sandboxing
39
True or False: Sandboxing cannot be used by admins and security professionals to test various security controls before deploying them to a live production network.
False
| It can be used to test security controls.
40
True or False: Virtualized sandboxes are useful for testing patches
True
41
The ____ command in Linux is used to change the root directory for an application, effectively isolating it.
Chroot
| Note: Chroot jail is a term when using chroot to isolate a sandbox in a test directory
42
List the different types of environments in a secure staging environment
1. Development - used by developers to create and modify code
2. Test - used by developers to unit test and identify any bugs or errors. Typically does not simulate a full production environment
3. Staging - simulates the production environment and is used for late stage testing.
4. Production - Final product which includes everything needed to support the application and allow customers and others to use it.
43
A ____ ____ includes all the elements required to produce a product.
Supply chain
44
What does EMI stand for and what is it?
Electromagnetic interference
Interference of transmitted signals over wires that comes from sources such as motors, power lines, and fluorescent lights and can prevented from shielding
45
What does EMP stand for and what is it?
Electromagnetic pulse
A short burst of electromagnetic energy. It can come from a wide assortment of sources and can cause damage to computing equipment
46
What are some sources of EMP?
1. Electrostatic discharge (ESD).
2. Lightning
3. Military weapons such as nuclear explosions
47
What does FDE stand for and what is it?
Full disk encryption
| When an entire disk is encrypted
48
What does SED stand for and what is it?
Self-Encrypting Drives
| A drive that includes hardware and software to encrypt all data on the drive and securely store the encryption keys
49
What does BIOS stand for and what is it?
Basic Input/Output System
| Firmware which provides a computer with basic instructions on how to start.
50
What does UEFI stand for and what is it?
Unified Extensible Firmware Interface
| Firmware similar to BIOS with enhanced features such as booting from larger disks and designed to be CPU independent
51
What process upgrades a BIOS or UEFI and how does it work?
Flashing overwrites the software within the BIOS/UEFI chip with newer software
52
A ____ is a hardware chip on the computer's motherboard that stores cryptographic keys. It keeps hard drives locked, or sealed, until the system completes a system verification and authentication process.
Trusted Platform Module (TPM)
53
A ____ supports secure boot and attestation processes
Trusted Platform Module
54
True or False: If a TPM detects that files have been modified it will block the boot process to protect the data on the drive
True
55
What is a remote attestation process?
A process that uses a separate system (not TPM) to check the boot files
56
Rivest Shamir Adleman (RSA) private keys are used for what form of encryption?
Asymmetric
57
True or False: A hardware root of trust is formed where a private key is matched with a public key
True
58
True or False: Another term for hardware root of trust is secure starting point
True
59
What does HSM stand for and what is it?
Hardware Security Module
It is a security device that can be added to a system to manage, generate, and securely store cryptographic keys. Similar to a TPM
60
What is a noteworthy difference between HSM and TPM?
HSMs are removable or external devices
61
_____ _____ refers to accessing computing resources via a different location than your local computer.
Cloud computing
62
Web-based e-mail is what type of could computing service?
Software as a Service (SaaS)
63
What is Amazon's hosted cloud services referred to as?
Amazon EC2 - Elastic Compute Cloud
| Note: It combines virtualization with cloud computing and they currently provide a wide variety of services
64
What other options do organizations have aside from cloud hosted services?
1. On-premise - all resources owned, operated, and maintained within the org's building(s)
2. Hosted - An org can rent access to resources from a specific org. However in most cases, hosted services are somewhere within the cloud
65
What does SaaS stand for and what is it?
Software as a Service
| A software or application provided to users over a network i.e. internet Generally accessed via a web browser
66
What does PaaS stand for and what is it?
Platform as a Service
Provides customers with a pre-configured computing platform they can use as needed. Referred to by many providers as a managed hardware solution.
67
What does IaaS stand for and what is it?
Infrastructure as a Service
Allows an organization to outsource its equipment requirements, including the hardware and all support operations. The provider owns the equipment, houses it in its data center, and performs all required hardware maintenance. The customer essentially rents access to the equipment and often pays on a per-use basis. Often referred to as a self-managed solution.
68
What does CSP stand for?
Cloud Service Provider
69
When comparing CSP and customer responsibilities for SaaS, PaaS, and IaaS, explain the difference in security responsibilities
SaaS the CSP has more responsibility than the customer.
IaaS the customer has more responsibility than the CSP.
PaaS there is closer to equal responsibility
70
What is Security as a Service?
Any services provided via the cloud that provide security services, and is commonly viewed as a subset of SaaS.
Example is of licensed anti-virus where each individual installs with their own license and the anti-virus is automatically updated periodically
71
What does CASB stand for and what is it?
Cloud access security broker
A software tool or service deployed between an organization's network and the cloud provider. It provides Security as a Service by monitoring traffic and enforcing security policies.
72
What are the four categories of cloud deployment models?
1. Public
2. Private
3. Community
4. Hybrid
73
____ are available from third-party companies, such as Amazon, Google, Microsoft, and Apple. They provide similar services to anyone willing to pay for them.
Public
74
____ is set up for specific organizations.
Private
75
Those with shared concerns (such as goals, security, requirements or compliance considerations) can share cloud resources within a _____.
Community cloud
76
A ____ is a combination of two or more clouds.
Hybrid cloud
77
____ is when the organization purchases devices and issues them to employees
Corporate-owned
78
What does COPE stand for and what is it?
Corporate-owned, personally enabled
Deployment model where the employees are free to use the device as if it was their own personal device. Not restricted to only work related activities.
79
What does BYOD stand for and what is it?
Bring your own device
| Where an employee can use his/her own personal mobile device and connect to the employer's network
80
What does CYOD stand for and what is it?
Choose your own device
| Organization identifies a list of acceptable mobile devices that employees can purchase and bring to work.
81
What does VDI stand for and what is it?
Virtual desktop infrastructure
| Ability to access the VDI from users mobile device
82
What is ANT and ANT+?
Proprietary wireless protocols used by some mobile devices. Many sports and fitness sensors collect data on users and use ANT to send the data to a mobile device application i.e. fitbit
83
What are some MDM concepts with respect to mobile devices?
1. Application management
2. Full device encryption
3. Storage segmentation
4. Content management
5. Containerization
6. Passwords and PINs
7. Biometrics
8. Screen locks
9. Remote wipe
84
How are biometrics used with mobile devices?
Used for authentication and can be managed via MDM
85
What is a remote wipe?
MDM can send a remote signal to a device and wipe/erase all of the data including cached data
86
What is containerization for mobile devices?
Isolating an application to run in a container which protects the application and its data
87
What is storage segmentation for mobile devices?
Separate segments created on mobile device to protect data
88
What is geolocation?
Using GPS to identify the location of a device
89
What is geofencing?
Using GPS to create a virtual fence or geographic boundary. Apps can be configured to run only within a virtual fence.
90
What is GPS tagging aka geotagging?
When geographical information is added to files such as pictures when posting on social media.
91
What is context-aware authentication?
Uses multiple elements to authenticate a user and a mobile device. Can include the user's identity, geolocation, verification that the device is within a geofence, time of day, and type of device.
92
What are push notification services?
Services which send messages to mobile devices from apps.
93
_____ refers to removing all software restrictions from an Apple device.
Jailbreaking
| Often done by users in order to install software from third-party sources
94
____ is the process of modifying an Android device to give the user full administrator access to the device
Rooting
95
Mobile devices typically have the OS stored in ______ memory
Onboard
96
What does OTA stand for with regards to mobile devices?
Over the air
97
____ is the process of copying an application package in the Application Packet Kit (APK) format to the device and then activating it
Sideloading
98
True or False: Overwriting the firmware on an Android device with customer firmware is another way to root an Android device
True
99
What are two primary risks with text messaging?
1. Messages sent in cleartext allowing the information to be intercepted and read by others
2. With MMS attackers can gain remote code execution privileges on the user's phone
100
What does SMS stand for?
Short Message Service
101
What does MMS stand for?
Multimedia Message Service
102
How does disabling the camera and recording microphone on a mobile device improve security?
Reduces the risk of attackers being able to use those hardware features to infiltrate and spy
103
______ allows you to share one device's internet connection with other devices
Tethering
104
_____ ____ is a standard that allows devices to connect without a wireless access point, or wireless router.
Wi-Fi direct
105
True or False: An MDM cannot block access to devices using tethering or Wi-Fi direct to access the internet.
False
| MDMs can block tethering and wi-fi direct connections
106
_____ ____ is any device that has a dedicated function and uses a computer system to perform that function
Embedded system
107
____ ____ includes Internet-connected devices, such as wireless thermostats, lighting, coffee makers, etc.
Home automation
108
____ is an integrated circuit that includes all the functionality of a computing system within the hardware. It typically includes an application contained within onboard memory.
System on Chip (SoC)
109
________ typically refers to systems within large facilities such as power plants or water treatment facilities.
Industry Controlled System (ICS)
Controlled by SCADA systems and best practice is for them to be within isolated networks i.e. VLAN that do not have access to the internet. If connected to corporate network are often protected by NIPS to block unwanted traffic
110
____ is an operating system that reacts to input within a specific time.
Real-Time Operating System (RTOS)
111
What does HVAC stand for?
Heating, Ventilating, and Air Conditioning
112
What are some special-purpose devices contain embedded systems?
1. Medical devices
2. Automotive vehicles
3. Unmanned aerial vehicles (UAV)
113
What are some forms of software based encryption?
1. MS Net Technology File System (NTFS) which allows to configure permissions with ACLs
2. Database encryption - either entire database or specific datasets
114
What are the primary methods of protecting the confidentiality of data?
1. Encryption
| 2. Strong access controls
115
What does EFS stand for?
Encrypting File System
116
What is a benefit of file and folder level encryption?
Ability to encrypt individual files without encrypting an entire disk
117
True or False: A common security issue with permissions is giving users more permissions than they need
True
118
When does an access violation occur?
When a user accesses materials that they shouldn't
119
What are three primary entities that you can assign permissions to within Linux?
1. Owner - User who owns the file or directory
2. Group - Contains multiple users. A group can be an owner as well
3. Others - Everyone else outside of Owner and Group. These permissions do not override those of Owner and Group
120
What are the basic Linux permissions?
1. Read (r/4) - allows to view the file
2. Write (w/2) - allows to modify the file
3. Execute (x/1) - allows to run the file
121
True or False: With Linux file permissions, unassigned permissions are represented as an asterisk
False
| Unassigned permissions are represented as a dash
122
What does FACL stand for?
File access control list
123
What command do linux admins use to change permissions on files?
chmod
| Stands for change mode
124
What is an example of using the chmod command?
chmod 755 success.exe
Owner has rwx
Group has rx
Others has rx
125
What are the basic Windows permissions?
1. Read - users can view
2. Read and execute - users can view and run/execute
3. Write - Users can create new and modify existing
4. Modify - users can modify permissions
126
True or False: A DLP solution can prevent a user from copying or printing files with specific content
True
| Some DLP solutions will also log and alert of the activity
127
____ is the unauthorized transfer of data outside an organization and is a significant concern.
Data exfiltration
128
True or False: DLPs can scan the text of all emails including zipped files which it unzips and scans
True
129
True or False: Many organizations classify and label data using terms such as Confidential, Private, and Proprietary
True
130
What does PII stand for?
Personally Identifiable Information
131
What does PHI stand for?
Protected Health Information
