Chapter 5 Securing Hosts and Data Flashcards
____ is the practice of making an operating system (OS) or application more secure from its default installation.
Hardening
___ helps eliminate vulnerabilities from default configurations, misconfigurations, and weak configurations.
Hardening
Describe least functionality
A core security principle stating that systems should be deployed with the least amount of applications, services, and protocols.
A ____ is an access point to an application or service that bypasses normal security.
Backdoor
True or false: A system or application default account and default password does not need to be changed.
False
Default accounts and default passwords should always be changed.
Windows and Apple operating systems are _____ source software, meaning that the underlying code is not freely available to the public.
Closed
Linux and Unix operating systems are ____ source software, meaning that it is freely available to the public.
Open
Identify three other locations where OSs operate
Kiosks
Network
Appliance
What is a kiosk?
A kiosk is a small structure in an open area used to sell something, provide information, or display advertisements.
To create a non-persistent operating system on a computer you can use a ___
Live boot media
Ex. DISA uses BootMe that authorized DoD users can use to run an operating system on almost any computer.
What is a non-persistent operating system?
One that disappears when users turn off the computer
What is a common method of deploying systems?
Creating a master image with a secure configuration, and then deploy the image to multiple systems.
What is a trusted operating system?
One that meets a set of predetermined requirements with a heavy emphasis on authentication and authorization.
What is the overall goal of a trusted operating system?
To ensure that only authorized personnel can access data based on their permissions. It also prevents any modifications and movement of data by unauthorized entities.
An ____ is a snapshot of a single system that administrators deploy to multiple other systems.
Image
What are two important benefits of imaging?
- It creates a secure starting point.
2. It reduces cost
True or false: You can convert an image to a virtual system
True
A ____ is a known starting point and organizations commonly use them to provide known starting points for systems.
Baseline
True or False: Admins can use an MS security template to import to a GPO and then apply to systems within a domain
True
Some orgs deploy a master image to all systems and then use the security templates to automatically apply different security settings to different groups of systems based on their security needs.
___ security configuration is a common security issue
Weak
True or False: One of the primary benefits of secure baselines is that they improve the overall security posture of systems
True
Identify the three steps for the use of baselines
- Initial baseline configuration
- Integrity measurements for baseline deviation
- Remediation
____ ensures that systems and applications stay up to date with current patches.
Patch management
One of the most efficient ways to reduce operating system and application vulnerabilities is ____ because it protects systems from known vulnerabilities.
Patch management
True or False: Patch management does not include a group of methodologies and processes of identifying, downloading, testing, deploying, and verifying patches.
False
What does SCCM stand for and what is it?
System Center Configuration Manager
It is a systems management tool used for many purposes like patch management
____ defines the process for any type of system modifications or upgrades, including changes to applications.
Change management
What are two key goals of Change Management?
- To ensure changes to IT systems do not result in unintended outages
- To provide an accounting structure or method to document all changes
A common security issue is the use of _______ software, which can cause many different problems.
Unauthorized
The most common problem of using unauthorized software often includes ____
Malware
Aside from malware, additional problems of using unauthorized software are _____ and ____
Application support and license compliance violations
True or False: An organization can be susceptible to fines and penalties if they breach license agreements.
True
______ is a list of applications authorized to run on a system
Application whitelist
____ is a list of applications the system blocks
Application blacklist
____ ______ ______ in MS Group Policy can be used for both whitelisting and blacklisting computers within a domain.
Software Restriction Policies
What does MDM stand for?
Mobile Device Management
True or False: an MDM can whitelist and blacklist applications on mobile devices
True
_______ is the use of an isolated area on a system and it is often used for testing.
Sandboxing
True or False: Sandboxing cannot be used by admins and security professionals to test various security controls before deploying them to a live production network.
False
It can be used to test security controls.
True or False: Virtualized sandboxes are useful for testing patches
True
The ____ command in Linux is used to change the root directory for an application, effectively isolating it.
Chroot
Note: Chroot jail is a term when using chroot to isolate a sandbox in a test directory
List the different types of environments in a secure staging environment
- Development - used by developers to create and modify code
- Test - used by developers to unit test and identify any bugs or errors. Typically does not simulate a full production environment
- Staging - simulates the production environment and is used for late stage testing.
- Production - Final product which includes everything needed to support the application and allow customers and others to use it.
A ____ ____ includes all the elements required to produce a product.
Supply chain
What does EMI stand for and what is it?
Electromagnetic interference
Interference of transmitted signals over wires that comes from sources such as motors, power lines, and fluorescent lights and can prevented from shielding
What does EMP stand for and what is it?
Electromagnetic pulse
A short burst of electromagnetic energy. It can come from a wide assortment of sources and can cause damage to computing equipment
What are some sources of EMP?
- Electrostatic discharge (ESD).
- Lightning
- Military weapons such as nuclear explosions
What does FDE stand for and what is it?
Full disk encryption
When an entire disk is encrypted
What does SED stand for and what is it?
Self-Encrypting Drives
A drive that includes hardware and software to encrypt all data on the drive and securely store the encryption keys
What does BIOS stand for and what is it?
Basic Input/Output System
Firmware which provides a computer with basic instructions on how to start.
What does UEFI stand for and what is it?
Unified Extensible Firmware Interface
Firmware similar to BIOS with enhanced features such as booting from larger disks and designed to be CPU independent
What process upgrades a BIOS or UEFI and how does it work?
Flashing overwrites the software within the BIOS/UEFI chip with newer software
A ____ is a hardware chip on the computer’s motherboard that stores cryptographic keys. It keeps hard drives locked, or sealed, until the system completes a system verification and authentication process.
Trusted Platform Module (TPM)
A ____ supports secure boot and attestation processes
Trusted Platform Module
True or False: If a TPM detects that files have been modified it will block the boot process to protect the data on the drive
True
What is a remote attestation process?
A process that uses a separate system (not TPM) to check the boot files
Rivest Shamir Adleman (RSA) private keys are used for what form of encryption?
Asymmetric
True or False: A hardware root of trust is formed where a private key is matched with a public key
True
True or False: Another term for hardware root of trust is secure starting point
True
What does HSM stand for and what is it?
Hardware Security Module
It is a security device that can be added to a system to manage, generate, and securely store cryptographic keys. Similar to a TPM
What is a noteworthy difference between HSM and TPM?
HSMs are removable or external devices
_____ _____ refers to accessing computing resources via a different location than your local computer.
Cloud computing
Web-based e-mail is what type of could computing service?
Software as a Service (SaaS)
What is Amazon’s hosted cloud services referred to as?
Amazon EC2 - Elastic Compute Cloud
Note: It combines virtualization with cloud computing and they currently provide a wide variety of services
What other options do organizations have aside from cloud hosted services?
- On-premise - all resources owned, operated, and maintained within the org’s building(s)
- Hosted - An org can rent access to resources from a specific org. However in most cases, hosted services are somewhere within the cloud
What does SaaS stand for and what is it?
Software as a Service
A software or application provided to users over a network i.e. internet Generally accessed via a web browser
What does PaaS stand for and what is it?
Platform as a Service
Provides customers with a pre-configured computing platform they can use as needed. Referred to by many providers as a managed hardware solution.
What does IaaS stand for and what is it?
Infrastructure as a Service
Allows an organization to outsource its equipment requirements, including the hardware and all support operations. The provider owns the equipment, houses it in its data center, and performs all required hardware maintenance. The customer essentially rents access to the equipment and often pays on a per-use basis. Often referred to as a self-managed solution.
What does CSP stand for?
Cloud Service Provider
When comparing CSP and customer responsibilities for SaaS, PaaS, and IaaS, explain the difference in security responsibilities
SaaS the CSP has more responsibility than the customer.
IaaS the customer has more responsibility than the CSP.
PaaS there is closer to equal responsibility
What is Security as a Service?
Any services provided via the cloud that provide security services, and is commonly viewed as a subset of SaaS.
Example is of licensed anti-virus where each individual installs with their own license and the anti-virus is automatically updated periodically
What does CASB stand for and what is it?
Cloud access security broker
A software tool or service deployed between an organization’s network and the cloud provider. It provides Security as a Service by monitoring traffic and enforcing security policies.
What are the four categories of cloud deployment models?
- Public
- Private
- Community
- Hybrid
____ are available from third-party companies, such as Amazon, Google, Microsoft, and Apple. They provide similar services to anyone willing to pay for them.
Public
____ is set up for specific organizations.
Private
Those with shared concerns (such as goals, security, requirements or compliance considerations) can share cloud resources within a _____.
Community cloud
A ____ is a combination of two or more clouds.
Hybrid cloud
____ is when the organization purchases devices and issues them to employees
Corporate-owned
What does COPE stand for and what is it?
Corporate-owned, personally enabled
Deployment model where the employees are free to use the device as if it was their own personal device. Not restricted to only work related activities.
What does BYOD stand for and what is it?
Bring your own device
Where an employee can use his/her own personal mobile device and connect to the employer’s network
What does CYOD stand for and what is it?
Choose your own device
Organization identifies a list of acceptable mobile devices that employees can purchase and bring to work.
What does VDI stand for and what is it?
Virtual desktop infrastructure
Ability to access the VDI from users mobile device
What is ANT and ANT+?
Proprietary wireless protocols used by some mobile devices. Many sports and fitness sensors collect data on users and use ANT to send the data to a mobile device application i.e. fitbit
What are some MDM concepts with respect to mobile devices?
- Application management
- Full device encryption
- Storage segmentation
- Content management
- Containerization
- Passwords and PINs
- Biometrics
- Screen locks
- Remote wipe
How are biometrics used with mobile devices?
Used for authentication and can be managed via MDM
What is a remote wipe?
MDM can send a remote signal to a device and wipe/erase all of the data including cached data
What is containerization for mobile devices?
Isolating an application to run in a container which protects the application and its data
What is storage segmentation for mobile devices?
Separate segments created on mobile device to protect data
What is geolocation?
Using GPS to identify the location of a device
What is geofencing?
Using GPS to create a virtual fence or geographic boundary. Apps can be configured to run only within a virtual fence.
What is GPS tagging aka geotagging?
When geographical information is added to files such as pictures when posting on social media.
What is context-aware authentication?
Uses multiple elements to authenticate a user and a mobile device. Can include the user’s identity, geolocation, verification that the device is within a geofence, time of day, and type of device.
What are push notification services?
Services which send messages to mobile devices from apps.
_____ refers to removing all software restrictions from an Apple device.
Jailbreaking
Often done by users in order to install software from third-party sources
____ is the process of modifying an Android device to give the user full administrator access to the device
Rooting
Mobile devices typically have the OS stored in ______ memory
Onboard
What does OTA stand for with regards to mobile devices?
Over the air
____ is the process of copying an application package in the Application Packet Kit (APK) format to the device and then activating it
Sideloading
True or False: Overwriting the firmware on an Android device with customer firmware is another way to root an Android device
True
What are two primary risks with text messaging?
- Messages sent in cleartext allowing the information to be intercepted and read by others
- With MMS attackers can gain remote code execution privileges on the user’s phone
What does SMS stand for?
Short Message Service
What does MMS stand for?
Multimedia Message Service
How does disabling the camera and recording microphone on a mobile device improve security?
Reduces the risk of attackers being able to use those hardware features to infiltrate and spy
______ allows you to share one device’s internet connection with other devices
Tethering
_____ ____ is a standard that allows devices to connect without a wireless access point, or wireless router.
Wi-Fi direct
True or False: An MDM cannot block access to devices using tethering or Wi-Fi direct to access the internet.
False
MDMs can block tethering and wi-fi direct connections
_____ ____ is any device that has a dedicated function and uses a computer system to perform that function
Embedded system
____ ____ includes Internet-connected devices, such as wireless thermostats, lighting, coffee makers, etc.
Home automation
____ is an integrated circuit that includes all the functionality of a computing system within the hardware. It typically includes an application contained within onboard memory.
System on Chip (SoC)
________ typically refers to systems within large facilities such as power plants or water treatment facilities.
Industry Controlled System (ICS)
Controlled by SCADA systems and best practice is for them to be within isolated networks i.e. VLAN that do not have access to the internet. If connected to corporate network are often protected by NIPS to block unwanted traffic
____ is an operating system that reacts to input within a specific time.
Real-Time Operating System (RTOS)
What does HVAC stand for?
Heating, Ventilating, and Air Conditioning
What are some special-purpose devices contain embedded systems?
- Medical devices
- Automotive vehicles
- Unmanned aerial vehicles (UAV)
What are some forms of software based encryption?
- MS Net Technology File System (NTFS) which allows to configure permissions with ACLs
- Database encryption - either entire database or specific datasets
What are the primary methods of protecting the confidentiality of data?
- Encryption
2. Strong access controls
What does EFS stand for?
Encrypting File System
What is a benefit of file and folder level encryption?
Ability to encrypt individual files without encrypting an entire disk
True or False: A common security issue with permissions is giving users more permissions than they need
True
When does an access violation occur?
When a user accesses materials that they shouldn’t
What are three primary entities that you can assign permissions to within Linux?
- Owner - User who owns the file or directory
- Group - Contains multiple users. A group can be an owner as well
- Others - Everyone else outside of Owner and Group. These permissions do not override those of Owner and Group
What are the basic Linux permissions?
- Read (r/4) - allows to view the file
- Write (w/2) - allows to modify the file
- Execute (x/1) - allows to run the file
True or False: With Linux file permissions, unassigned permissions are represented as an asterisk
False
Unassigned permissions are represented as a dash
What does FACL stand for?
File access control list
What command do linux admins use to change permissions on files?
chmod
Stands for change mode
What is an example of using the chmod command?
chmod 755 success.exe
Owner has rwx
Group has rx
Others has rx
What are the basic Windows permissions?
- Read - users can view
- Read and execute - users can view and run/execute
- Write - Users can create new and modify existing
- Modify - users can modify permissions
True or False: A DLP solution can prevent a user from copying or printing files with specific content
True
Some DLP solutions will also log and alert of the activity
____ is the unauthorized transfer of data outside an organization and is a significant concern.
Data exfiltration
True or False: DLPs can scan the text of all emails including zipped files which it unzips and scans
True
True or False: Many organizations classify and label data using terms such as Confidential, Private, and Proprietary
True
What does PII stand for?
Personally Identifiable Information
What does PHI stand for?
Protected Health Information