Chapter 7 - Software Deployment, Operations, Maintenance, Disposal Flashcards

1
Q

What do you need to do with software to ensure it continues to function as expected after deployment?

A

Monitor it.
Address incidents that impact the software
Patch vulnerabilities
Identify the conditions under which the software should be replaced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the goal of configuration management according to ITIL?

A

to enable the control of the infrastructure by monitoring and maintaining information on all the resources that are necessary to deliver services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the pre and post installation security configuration management considerations?

A

Hardening
Enforcement of security principles
Environment configuration
Bootstrapping and secure startup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is hardening?

A

The process of securing the host hardware and operating system, securing it to the most appropriate level for its purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a MSB?

A

Minimum Security Baseline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the some common security misconfigurations?

A

Hard coded credentials or keys, especially in plain text

Allowing directory listings in a web server

Installing software with default accounts or settings

Installing an administrative console with default configuration settings

Unneeded services, ports, protocols, unused pages, unprotected directories.

Missing software patches

No permeter controls, such as firewalls and filters

Enabling tracing and debugging, which can reveal sensitive state information to an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some methods for hardening software?

A

Remove maintenance hooks
Remove debugging code and flags
Remove unneeded comments and sensitive information from code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why shouldn’t developers install software on production systems?

A

It violates the principle of separation of duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is granting administrative rights to software during installation a problem?

A

It violates least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe defense in depth violations in software installation

A

Enablind disabled services, ports, and protocols so software can run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the pdb file?

A

The Program Database File holds debugging and project state information. It is used to link the debug configuration of the program incrementally, but can be used to discover the internal workings of the software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a CMDB?

A

Configuration Management Database. It records all the assets in theorganization. ISO/IEC 15408 (Common Criteria) requires that the implementation, documentation, tests, project-related documentation, and tools, including build tools, are maintained in a configuration management system (CMS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is booting or bootstrapping?

A

The sequence of events and processes that self-start the system to a preset state. Also called IPL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is IPL?

A

Initial Program Load. Synonymous with bootstrapping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is POST?

A

Power On Self Test.

The first step in bootstrapping/IPL. Needs to be protected so the TCB is maintained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is secure startup?

A

The collection of processes and mechanisms that assure the environment’s TCB integrity when the system or software running on the system starts. It is usually implemented using the hardware’s trusted platform module (TPM) chip, which provides heightened tamperproof data protection during startup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is TPM?

A

Trusted Platform Module.

chip can be used for storing cryptographic keys and providing identification information on mobile devices for authentication and access management. Physically, the TPM chip is located on the motherboard and is commonly used to create a unique system fingerprint within the boot process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe how acceptable risk and residual risk should interplay.

A

The level of residual risk in an installation should be below the level of acceptible risk, unless that risk has been formally accepted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are detective controls?

A

Controls that build historical evidence of user and system/process actions.

Auditing and IDS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are preventive controls?

A

Controls that make the success of the attcker difficult.

Input validation, output encoding, bounds checking, patching, and intrusion prevention systems (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are deterrent controls?

A

Controls that dissuade an attacker without actually preventing the action.
Auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are corrective controls?

A

Controls that return the system to its correct state in the event of a failure.

Load balancing, clustering, and failover of data and systems

23
Q

What are compensating controls?

A

Controls that are implemented when the prescribed software controls (by policy or requirement) can’t be met due to legitimate constraints.

24
Q

What are the PCI DSS requirements for compensating controls?

A

Meet the intent and rigor of the original requirement.
Provide a similar level of defense as the original requirement.
Be part of a defense in depth implementation so that other requirements are not adversely impacted.
Be commensurate with additional risk imposed by not adhering to the requirement.

25
Q

What should be monitored?

A

Broadly, anything that poses a repultational risk to the business.

This could include any operations that can cause a disruption to the business (business continuity operations) and/or operations that are administrative, critical, and privileged in nature. Additionally, systems and software that operate in environments that are of low trust, such as in a demilitarized zone (DMZ), must be monitored.

26
Q

What are the primary ways in which monitoring is accomplished?

A

Scanning

Logging

Intrusion detection

27
Q

What are the primary ways in which monitoring is accomplished?

A

Scanning

Logging

Intrusion detection

28
Q

What are the core security objectives of auditing?

A

7.4.1.3

29
Q

What is a bastion host?

A

7.4.1.3

30
Q

What is a honeypot?

A

7.4.1.3

31
Q

What are the characteristics of good metrics?

A

Consistency

Quantitative: a number or percentage, not a vague “high, medium, low”

Objective

Contextually specific

Inexpensive

32
Q

What is the difference between an event, an alert, and an incident.

A

An event is any action that is directed at an object that attempts to change it’s state.

An alert is generated for an event that matches a preset condition or pattern, typically because the event can be expected to have negative consequences.

An incident violates or threatens to violate the security policy of the network, system, or software applications.

33
Q

What are the major incident types?

A
DoS
Malicious code
Unauthorized access
Inappropriate usage
Multiple component (encompasses more than one incident)
34
Q

Describe the Incident Response Process

A
  1. Preparation
  2. Detection and analysis
    3 Containment, eradiciation, and recovery
  3. Postincident activity
35
Q

What are the 5 Ws of postincident analysis?

A
What happened?
    When did it happen?
    Where did it happen?
    Who was involved?
    Why did it happen?

Why is most important.

36
Q

What is the difference between incident management and problem managemetn?

A

Incident management aims at restoring service and business operations as quickly as possible, whereas problem management is focused on improving the service and business operations.

37
Q

What is the difference between a problem and an known error?

A

When the cause of an incident is unknown, it is said to be a problem. A known error is an identified root cause of a problem.

38
Q

What are the two CSFs of problem management?

A

Avoiding repeated incidents

Minimize the adverse impacts of incidents and problems on the business.

39
Q

What is the Problem Management Process Flow

A
  1. Incident Notification
  2. Root cause analysis
  3. Solution determination
  4. Request for change
  5. Implement solution
  6. Monitor and report
40
Q

Describe RCA

A

Root Cause Analysis

Asking “Why did the problem happen?” repeatedly and systematically until htere are no more reasons.

Litmus test: When you identify the root cause and fix it, the problem no longer exists. If that’s not true, you haven’t found the root cause.

41
Q

What is a fishbone diagram?

A

A tool used in Root Cause Analysis

42
Q

What’s the differnece between incident management and problem management?

A

Incident management treats symptoms (reboot it). Problem management addresses the core of the problem.

43
Q

What is the difference between a Hotfix and a Service Pack?

A

A hotfix is a functional or security patch that is provided by the software vendor or developer. It usually includes no new functionality or features and makes no changes to the hardware or software. Also called a QFE (Quick Fix Engineering).

A Service Pack is usually a rollup of multiple hotfixes and may also provide additional enhancements and functionality.

44
Q

What is disposal?

A

Discarding medai without giving any considerations to sanitization.

45
Q

What is sanitization?

A

The catchall term for removing data from media.

46
Q

What is clearing?

A

Sanitizing by overwriting logical and addressible storage with nonsensitive random data.

Data remanance can be an issue, and it doesn’t work on damaged or write-once media.

47
Q

What is purging?

A

Santitizing media by rendering the data into an unrecoverable state. Degaussing. ATA Secure Erase.

48
Q

What is destruction?

A

A method of ensuring that the media can no longer be reused and the recovery of data is virtually impossible.

Disintigration, pulverization, melting, incineration, shredding.

49
Q

What is cause mapping?

A

A problem solving method that draws out, visually, the multiple chains of interconnecting causes that lead to an incident. The method, which breaks problems down into specific cause-and-effect relationships, can be applied to a variety of problems and situations.

50
Q

What is an Ishikawa diagram?

A

Also known as the fishbone diagram or cause and effect diagram.

51
Q

What are KPIs?

A

Metrics used by organizations to measure their progress toward their goals.

52
Q

Occurs when there are significant changes to the information system affecting the security of the system or when a specified time period has elapsed in accordance with federal or agency policy.

A

Reaccreditation

53
Q

What is included in Software Configuration Management?

A

Versioning, backups, check-in and check-out practices, and management of software configuration.