CySA+ Study Notes 14 Flashcards
??? once users sign in, a cryptographic hash of their credentials is passed between systems as the means of sharing a sign-on. With federated identity management, the sign-on is provided as a service by the main identity provider (the system the user logs into).
SSO
??? stresses the importance of the owner. The owner is originally the creator of the resource, though ownership can be assigned to another user. The owner is granted full control over the resource, meaning that he or she can modify its ACL to grant rights to others.
??? these attributes could include information about the OS currently being used, the IP address, or the presence of up-to-date patches and anti-malware.
DAC / ABAC
An attacker may try to adjust the system’s configuration in order to open it up to additional methods of compromise, like adding a backdoor for the attacker to exfiltrate data.
Unscheduled changes to the system’s configuration
An attacker may try to cover their tracks by deleting portions of the log or modifying the log so that it tells a different story than what happened.
Sequencing errors or gaps in the event log
Control plane—Makes decisions about how traffic should be prioritized and secured, and where it should be switched.
Data plane—Handles the actual switching and routing of traffic and imposition of access control lists (ACLs) for security.
Management plane—Monitors traffic conditions and network status.
SDN
is also referred to as a perimeter network. The idea of a DMZ is that traffic cannot pass through it directly. Everything behind the DMZ is invisible to the outside network.
DMZ
Annoyance strategies to slow down attackers : Using port triggering or spoofing to return useless data when a host detects port scanning activity. This will result in multiple ports being falsely reported as open and will slow down the scan. Configuring a web server with multiple decoy directories or dynamically generated pages to slow down scanning. Using bogus DNS entries to list multiple hosts that do not exist.
info
infrastructure vulnerability scanner is a type of software that scans network hosts (client and servers) and intermediate systems (routers, switches, access points, and firewalls) for data such as patch level, security configuration and policies, network shares, unused accounts, weak passwords, rogue devices, anti-virus configuration, etc …
info
Unclassified (public)—There are no restrictions on viewing the data. Public information presents no risk to an organization if it is disclosed but does present a risk if it is modified or not available.
Classified (private/internal use only/official use only)—Viewing is restricted to authorized persons within the owner organization or to third parties under a non-disclosure agreement (NDA).
Confidential (or restricted)—The information is highly sensitive, for viewing only by approved persons within the organization (and possibly by trusted third parties under NDA).
Secret—The information is too valuable to allow any risk of its capture. Viewing is severely restricted.
Top-Secret—this is the highest level of classification.
Classification of Information
FISMA—The Federal Information Security Management Act (FISMA) requires federal organizations to adopt information assurance controls. It mandates the documentation of system information, the use of risk assessment, the use of security controls, and the adoption of continuous monitoring.
(SOX) dictates requirements for the storage and retention of documents relating to an organization’s financial and business operations, including the type of documents to be stored and their retention periods.
COSO—The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides guidance on a variety of governance-related topics including fraud, controls, finance, and ethics.
info
