Domain 1 Flashcards
CIA - Authorization - Attacks
Confidentiality - MAC - Social Engineering
Integrity - RBAC - HASH
Availability - DAC - DDoS
IAAA
Id
Authentication - something ur, know, have
Authorization - DAC, MAC, RBAC, ABAC
Accounting - Logs
Content base AC vs Context
Access content based on rights
Access based on parameters/ conditions
Qualitative risk vs quantitative
How likely it is to happen
How much it’ll cost if it happens
DAC, MAC, RBAC, ABAC
Access based on given rights by owner
Confidentiality like military
Access based on role given and assigned job
Policy engine gives access based on conditions and role
Access control category
Admin (directive) - policy
Tech (logic) - hardware/ software
Physical - locks
Access Control Types
CC PDD
corrective, compensating, preventive, detective, deterrent
Risk Cyle
ID risk > risk assessment (Q2) > risk response (second, transfer, avoidance, Do not Reject risk) > Contro/monitoring ( KGI, KPI, KRI)
Risk = threat X vulnerability
Likelihood
Criminal, Civil, ECPA, CFAA, PC-DSS
Punish/ deter society, individuals/ group, protect against wire tapping, law to prosecute crime, credit card standard
Security governance principle
Vision, mission, strategic objectives, Action, guidelines
Hope, motivation, plans/goals, resource, recommendation (non mandatory)
BCP, COOP, crisis communication plan, OEP, BRP
process of creating long term strategic planning and procedure after disaster.
How we operate during a disaster.
Person speaks to press.
How we protect facility and staff in disaster.
List of steps needed to recover back to normal business from disaster.
CMP
Coordination w management in an emergency, steps to ensure safety of personnel
DRP cycle
Disaster recovery plan
Mitigation ( pre disaster mitigation), preparation (educ), response ( emergency plan), recovery ( post disaster recovery)
DRP Simulated test - Review, read through, walk through, simulation
Team looks at gaps
Manager goes through recovery process
Tabletop
The whole team does scenario
DRP physical test - partial interruption, response, recovery
Off hours
How we react
Re establish recovery
BIA, RPO, MTTR, MOR, MTBF
Id critical and non critical system
Acceptable data we can loose
how long it’ll take to recover
Minimum requirements to operate
How long new component will fail
Incident management (event)
Monitor/ detection of security event and react to them
Event > alert > incident > problem > inconvenience > emergency > disaster > catastrophe
Incident management life cycle
Prep (prepare for incident) > detect (analyze IPS) > response (team works on affected system) > mitigation (know the cause) > Report/recover/remediation > lessons learned
Identify and access provisioning life cycle
Policy defines a persons credential access NO activity FOR 30 days
Federated ID, FIDM, SSO
Persons electronic ID across systems
Policy to manage ID of user across org USAF
CAC - single sign on for multiple system
Lights, CCTV, fence, TSA, Guard, Dog
Detect/deter
Deter/preventative
Preventative, detective, deterrent
Deterrence, detect, prevent, compensate
Deter, detect, compensate
Separation of duties, Job rotation, Mandatory vacation
Need 2 people to do the task.
Detect error/ fraud like turnover, rotate jobs.
One person is not performing the same task
Data classification
TS war plans - Confidential trade secrets (grave danger)
S deployment plans - Private PII (serious damage)
Confidential report - Sensitive system info (damage)
Circuit switching, packet switching, QoS
One dedicated circuit (Caro)
Switches packets (cheap)
Prioritizes specific data traffic like voip
LAN, MAN, WAN, GAN
Local like Campus KState
Like Manhattan
Manhattan to KC
Global
IPV4 vs IPV6
32 bits
128 and IPSEC
ARP, ICMP
Has IP and ask network who has it to receive MAC address so they can communicate.
Network analysis tool, ping, trace route
HTTP, HTTPS, DHCP ports, NAC
80
443
67 server 68 client assigns IP to client
System adheres to security policy
STP, UTP
Extra shielded
Un shielded wire
VLAN, VXLAN Layer
Layer 2
Physically shares switch but virtually separated
Beyond switch can go to multiple locations
Router layer, static, default gate way, dynamic route, metric
Layer 3 IP and port connect LAN to WAN.
Preconfigured route admin has to create.
Sends non local traffic to ISP our exit to internet.
Auto routing.
Determines best route.
OSI layers
Please(bit) do(frame) not(packet) throw(segment) sausage pizza away (data)
TCP/IP
Link physical (1-2), network 3, transport 4, application (5,6,7)
SDN, SD-WAN, SDx
Control/manage network via software separate control and data plane.
Connects multiple WAN in single point to use resource.
Connects to everything
Stealth, polymorphic, multipart, macro
Hide from OS, changes signature definition, spreads in different vector, document/file
Signature, heuristic
Looks for signature (pattern)
Behavior
HIPS, NIDS/NIPS
Can see unencrypted data on workstation.
Can’t look at encrypted
IDS, IPS, attacks fragmentation, avoid default, low bandwidth
Sends alert
Takes action
Sends fragmented packet
Attacker using unexpected port
Did attackers using numerous ports
TP, TN, FP, FN
Attack/system acts
Normal traffic/nothing
Normal traffic/ system attacks
Attack/ system doesn’t act
SOAR
SEIM W AI
Firewall layer, stateful filtering, attack, proxy
Layer 1-3.
1-4 if in routing table it’s good, need to connect with outside so they can communicate.
DDoS to overwhelm table.
Gateway from one net to another asking request from internet
NGFW, DMZ, stuxnet, hypervisor, type 1 and 2, attack on cloud
IDS/IPS antivirus w deep packet inspection.
Segregated network between firewall.
3 modules worm>link>rootkit.
Controls access bw guest and host hardware.
Metal installed on top of hardware, everything runs on HV.
Runs in computers OS.
VM escape attacker jumps from host to client.
