Domain 3 Flashcards by Jesse Margarini

Secure ________ are those that have built-in security mechanisms so that, by defaultSecurity can be enforced via the protocol

Protocols

How well did you know this?

Not at all

Perfectly

________ provides integrity by validating DNS data
_______ uses TCP port 53

Domain Name System Security Extensions (DNSSEC)

How well did you know this?

Not at all

Perfectly

An encrypted remote terminal connection program used for remote connections to a server

____ uses TCP port 22

Secure Shell (SSH)

How well did you know this?

Not at all

Perfectly

____________ is designed to provide cryptographic protections to e-mails and is built into the majority of modern e-mail software to facilitate interoperability

Secure/Multipurpose Internet Mail Extensions (S/MIME)

How well did you know this?

Not at all

Perfectly

_____ is a protocol to secure communications, typically over a telephony or communications-based network

Secure Real-time Transport Protocol (SRTP

How well did you know this?

Not at all

Perfectly

What uses an SSL/TLS tunnel to connect these services
This communication occurs over port TCP 636

Lightweight Directory Access Protocol over SSL (LDAPS)

How well did you know this?

Not at all

Perfectly

is the use of FTP over an SSH channel _____ uses TCP port 22

SSH File Transfer Protocol (SFTP)

How well did you know this?

Not at all

Perfectly

A standard for managing devices on IP-based networks. All versions of SNMP require ports 161 and 162 to be open on a firewallThe only secure version of SNMP is _______

Simple Network Management Protocol, Version 3 (SNMPv3)

How well did you know this?

Not at all

Perfectly

What is the use of SSL or TLS to encrypt a channel over which HTTP traffic HTTPS is used for secure web communications, Using port 443, it offers integrity and confidentiality

Hypertext Transfer Protocol over SSL/TLS (HTTPS)

How well did you know this?

Not at all

Perfectly

________ is a set of protocols developed to securely exchange packets at the network layer (layer 3) of the OSI model ______ uses two protocols to provide traffic security:
•Authentication Header (AH)•Encapsulating Security Payload (ESP

IPSec

How well did you know this?

Not at all

Perfectly

The AH protects the IP address, which enables data origin authenticationThe AH Provides Authentication & Integrity for each data packet, but it does not provide privacy because only the header is secured.

Authentication Header (AH)

How well did you know this?

Not at all

Perfectly

This provides security services for the higher-level protocol portion of the packet only, not the IP header

Encapsulating Security Payload (ESP

How well did you know this?

Not at all

Perfectly

This encrypts only the data portion of a packet
This enables an outsider to see source and destination IP addresses

Transport Mode

How well did you know this?

Not at all

Perfectly

provides encryption of source and destination IP addresses as well as of the data itself. This provides the greatest security

Tunnel Mode

How well did you know this?

Not at all

Perfectly

An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server
E-mail clients using this generally leave messages on the server until the user explicitly deletes them
IMAP uses port 143, but secure IMAP4 uses port 993

Internet Message Access Protocol

How well did you know this?

Not at all

Perfectly

What internet standard protocol used by e-mail clients to retrieve e-mail from a remote server supports simple download-and-delete requirements for access to remote mailboxes, it uses port 110, but secure uses port 995

Post Office Protocol (POP)

How well did you know this?

Not at all

Perfectly

Internet standard protocol for electronic mail (e-mail) transmission across IP-based networks ____ is used to transmit mail from server to server and POP3 and IMAP are used to access the mail on a personal device

Simple Mail Transfer Protocol (SMTP)

How well did you know this?

Not at all

Perfectly

Beyond knowing the general meaning and functionality of the protocols, you need to know the scenarios in which you would deploy them.

Use cases

How well did you know this?

Not at all

Perfectly

There are two forms of communication
Voice translates to phone calls while video translates to video calls or video conferencing. For this use case, this is appropriate. Additionally, there would likely be use of TLS for parts of the communication

Voice and video

How well did you know this?

Not at all

Perfectly

For, the primary service is Network Time Protocol (NTP) NTP is a protocol to sync clocks between two devices over the network. It operates using UDP on port 123

Time synchronization

How well did you know this?

Not at all

Perfectly

For email , the primary protocols are SMTP (port 25, for email relay), POP/IMAP (for email retrieval using legacy email clients), S/MIME (for encrypted email), HTTPS (for administration and web-based email), and SSL/TLS (for securing various communications

Email and web

How well did you know this?

Not at all

Perfectly

you can opt to use FTP (quick, easy, lacking security), FTPS (like FTP but adds encryption), or SFTP (securely transfer files over SSH)Alternatively, you can use HTTPS for web-based file transfers

File Transfer

How well did you know this?

Not at all

Perfectly

Delete

How well did you know this?

Not at all

Perfectly

For ____ _____ to devices, HTTPS is the most common protocol
For ____ _____ to servers, SSH (mostly for Linux-based computers) and RDP (Remote Desktop Protocol, mostly for Windows-based computers) are commonly used

Remote Access

How well did you know this?

Not at all

Perfectly

For DNS, DNSSEC is the most common security protocol Although not widely implemented, it is the standard for securing DNS when you have requirements for DNS security

Domain Name Resolution

Open Shortest Path First (OSPF) is an interior gateway protocol that provides robustness Border Gateway Protocol (BGP) is a complex routing protocol that provides the backbone functionality of the internet For administration purposes, SSH and HTTPS are commonly used

Routing and switching

To efficiently and automatically distribute IP addresses to devices on a network, Dynamic Host Configuration Protocol (DHCP) is the most used DHCP works via broadcast traffic initially

Network address resolution

Network News Transfer Protocol (NNTP) is a legacy protocol used to communicate with Usenet, which hosts forums and file transfer With NNTP, you subscribe to desired groups, whether for discussion or file transfer

Subscription services

Endpoint security is a concept that each system is responsible for its own security Appropriate level of security controls includes anti-malware software or local firewall Each system should be capable of maintaining local security to an appropriate level

Endpoint protection

Most current antivirus software packages provide protection against a wide range of threats, including viruses, worms, Trojans, and other malware Use of an up-to-date antivirus package is essential in the current threat environment

Antivirus

What is the name of a product designed to protect your machine from malicious software or malware. Most of these solutions are combined with antivirus solutions into a single product.

Anti-malware

______ ______ are solutions are integrated solutions that combine individual endpoint security functions into a complete package Having a packaged solution makes updating easier

Endpoint detection and Response (EDR)

____ ____ solutions serve to prevent sensitive data from leaving the network without notice

Data loss prevention (DLP)

_____ _____ ______ act by inspecting the actual traffic crossing the firewall—not just looking at the source and destination addresses and ports, but also at the actual content being sent

NGFW)Next-generation firewalls (NGFWs)

What act is to detect undesired elements in network traffic to and from the host

Host-based intrusion detection system (HIDS)

is a HIDS with additional components to permit it to respond automatically to a threat condition

A host-based intrusion prevention system (HIPS)

protective mechanisms that monitor and control traffic passing in to and out of a single system

Host-based firewall or Personal firewalls

What is the characteristic of the intended hardware/firmware/software load for the system following the expected state Having a means to ensure ? is a means of assuring that the hardware, firmware, and initial loading of software are free of any tampering

Boot integrity

_______ offers a solution to the problem of boot integrity, called _______ , which is a mode that, when enabled, only allows signed drivers and OS loaders to be invoked Secure Boot enables the attestation that the drivers and OS loaders being used have not changed since they were approved for use

Boot security/Unified Extensible Firmware Interface (UEFI)UEFI

What is also a method of depending on the Root of Trust in starting a system, but rather than using signatures to verify subsequent components, a measured boot process hashes the subsequent processes and compares the hash values to known good values

Measured boot

What is the reporting of the state of a system with respect to components and their relationship to the Root of Trust Part of the UEFI/Root of Trust specification is the means of reporting via digital signatures of the verified integrity of the system components

Boot attestation

What engines have built-in encryption capabilities The advantage to these encryption schemes is that they can be tailored to the data structure, protecting the essential columns while not impacting columns that are not sensitive

Database

What is the process of substituting a surrogate value, called a _____, for a sensitive data element This allows processing of the data, including referential integrity without disclosing the sensitive value

Tokenization

________ is the process of adding a random element to a value before performing a mathematical operation like hashing This is done to add randomization and to also prevent identical original values from being hashed into an identical hash

Salting

is a mathematical method of reducing a data element to a short form that is not reversible to the original form

Hashing

Having a stringent and comprehensive validation of inputs prior to processing them is essential to filter out specific attacks

Input validations

An attribute in the cookie called the secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels As cookies are transmitted in plaintext across the Web, they are subject to being read by unauthorized parties

Secure cookies

Using a security-related set of response headers can alleviate such risks as protocol downgrade attacks, clickjacking, cookie hijacking and other attacks An example is the HTTP Strict Transport Security (HSTS) directive: Strict-Transport-Security: max-age 3600; includeSubDomains

Hypertext Transfer Protocol (HTTP) headers

Code is signed by the manufacturer, either the commercial vendor or the in-house team This ensures that code has not been changed since being signed, allowing its integrity to be verified at any time

Code signing

A ____________ is a list of applications that are permitted to run on the OS

Whitelisting

A _________ is a list of applications that should not be allowed to run on the OS

Blacklisting

______ ____ _______ is when the code is examined without being executed ____ ___ ______ is frequently performed

Static code analysis

A ______ ______ _______ can be either undirected or directedIn an undirected review, a programmer examines the code to see what it does and how it does it A directed review is one where the code author walks through the code, explaining each line to the rest of the team

Manual code review

? is performed while the software is executed, either on a target system or an emulated systemThe system is fed specific test inputs designed to produce specific form of behaviors

Dynamic code analysis

(or ____ testing) is a brute force method of addressing input validation issues and vulnerabilities The basis for _______ a program is the application of large numbers of inputs to determine which inputs cause faults and which ones might be vulnerable to exploitation

Fuzzing

Any port and service that is not going to be used on a system should be disabled, and the ports should be blocked by the firewallThis has the effect of reducing the attack surface on a target and eliminating any vulnerability-based risk from services that are not needed

Open ports and services

The _________ in Microsoft Windows systems acts as a repository of all information related to configurations. Configuration options for the OS are located in the ______ Configuration options for applications are also located in the _______

Registry

? can provide data protection even if the disk is removed from one system and placed in another Having the data encrypted on the disk renders it unusable without the proper keys

Disk encryption

Updates and patches should be applied where and when possible All users should implement strong passwords and change them on a regular basis Privileged user accounts should be used only when necessary, and logging should be implemented

? What is the process used to maintain systems in an up-to-date fashion, including all required patchesEvery OS, from Linux to Windows, requires software updates, and each OS has different methods of assisting users in keeping their systems up to date

Patch management

As more and more applications are added, from a wider and wider selection of vendors, the process of keeping track of what software is up to date and which programs require updating is a challenge The key to making this work is to ensure that the solution chosen covers the apps you use, and you properly enroll the apps with the program so it knows what to update

Third-party updates

Many software vendors now equip their software with an ____ ______ function that calls home, gets the update, and installs it automatically

Auto-update

? are methods of implementing cryptographic protection on hard drives and other similar storage media with the express purpose of protecting the data, even if the drive is removed from the machine

Self-encrypting drive (SED)/full-disk encryption (FDE)

is used for applying hardware-based encryption to mass storage devices, hard drives (rotating media), solid state drives, and optical drives Having a standard has the advantages of interoperability between vendors and can be OS independent

Opal

?is the concept that if one has trust in a source’s specific security functions, this layer can be used to promote security to higher layers of a system

A hardware root of trust

? is a hardware solution on the motherboard, one that assists with key generation and storage as well as random number generation

Trusted Platform Module (TPM)

? refers to the quarantine or isolation of a system from its surroundingsIt has become standard practice for some programs with an increased risk surface to operate within a ?, limiting the interaction with the CPU and other processes, such as memory

Sandboxing

involves the use of devices that move loads across a set of resources in an effort not to overload individual servers

Load balancing

Two or more servers work together to distribute the load in an ? load-balancing configurationIf a server fails, service interruption or traffic loss may result

Active/active

All traffic is sent to the active server in an active/? configurationIf the active server fails, the ? server is promoted to active

Active/passive

When a load balancer moves loads across a set of resources, it decides which machine gets a request via a ? algorithm There are a couple of commonly used ? algorithms: affinity-based ? and round-robin scheduling

Scheduling

that allow for multiple systems to be reflected as a single IP address

Virtual IP

is the condition where a system connects to the same target in a load-balanced system This can be important for maintaining state and integrity of multiple round-trip events

Persistence

is where you have configured the network devices to limit traffic access across different parts of a network This can be done to prevent access to sensitive machines, but also aids in network traffic management

Network segmentation

What is a logical implementation of a LAN and allows computers connected to different physical networks to act and communicate as if they were on the same physical network

Virtual local area network (VLAN)

The zone that is between the untrusted Internet and the trusted internal network is called the screened subnet

DMZ Public internet ~ firewall ~ screened subnet ~ firewall ~ main server

refers to network data flows within an enterprise network North-south traffic refers to data flowing between the enterprise network or data center and the outside of the network

East-west traffic

An ? is an extension of a selected portion of a company’s intranet to external partnersThis allows a business to share information with customers, suppliers, partners, and other trusted groups while using a common set of Internet protocols to facilitate operations

Extranet

An ? describes a network that has the same functionality as the Internet for users but lies completely inside the trusted area of a network and is under the security control of the system and network administrators

Intranet

What is a security model centered on the belief that you should not trust any request without verifying authentication and authorization What implementations require strict identity verification for every account trying to access resources, regardless of their location

Zero Trust

What technologies allow two networks to connect securely across an unsecure stretch of network by tunneling across the intermediate connections

Virtual private network (VPN)

What VPNs are a means to avoid this issue using pre-established connection parameters and automation When an Internet connection is made, this VPN client automatically establishes a VPN connection

Always-On

What is a form of VPN where not all traffic is routed via the VPN? What solution routes all traffic over the VPN, providing protection to all networking traffic?

Split tunnel/full tunnel

? is when a user requires access to a network and its resources but is not able to make a physical connection ? communication links are network connections to two or more networks across an intermediary network layer

Remote access vs. site-to-site

What is a set of protocols developed to securely exchange packets at the network layer in transport mode (end-to-end), security of packet traffic is provided by the endpoint computers In tunnel mode (portal-to-portal), security of packet traffic is provided between endpoint node machines in each network and not at the terminal host machines?

IPSec

What is an application of encryption technology developed for transport-layer protocols across the Web This protocol uses public key encryption methods to exchange a symmetric key for use in confidentiality and integrity protection as well as authentication

TLSSecure Sockets Layer (SSL)/Transport Layer Security (TLS)

What is the current version of the ? protocol standard This doesn’t require browser plugins and is considered a secure remote access alternative to using SSL/TLS VPNs

HTML5

What is an Internet standard and came from the ____ _ a L2P Forwarding protocol, a Cisco initiative designed to address issues with Point-to-Point Tunneling Protocol (PPTP

Layer 2 tunneling protocol (L2TP)

is a protocol for the translation of names into IP addresses DNSSEC (Domain Name System Security Extensions) is a set of extensions to the ? protocol that, using cryptography, enables origin authentication of ? data, authenticated denial of existence, and data integrity

The Domain Name System (DNS)

What refers to the management of the endpoints on a case-by-case basis as they connect?

Network access control (NAC)

NAC agents are installed on devices that connect to networks in order to produce secure network environmentsWith agentless NAC, the NAC code resides not on the connecting devices, but on the network, and it’s deployed to memory for use in a machine requesting connection to the network

Agent and agentless

What are physically separate connections, via separate interfaces that permit the active management of a device even when the data channel is blocked for some reason

Out-of-band management

Port address ? based on Media Access Control (MAC) addresses can determine whether a packet is allowed or blocked from a connection

Port security

Flood guards are commonly implemented in firewalls and IDS/IPS solutions to prevent DoS and DDoS attacks

Broadcast Storm Prevention

An attacker can issue multiple BPDU packets to a system to force multiple recalculations that serve as a network denial of service attack To prevent this form of attack, edge devices can be configured with ? guards that detect and drop these packets

Bridge Protocol Data Unit (BPDU)

To prevent loops, a technology called spanning trees is employed by virtually all switches STP allows for multiple, redundant paths, while breaking loops to ensure a proper broadcast pattern

Loop prevention

What is a defensive measure against an attacker that attempts to use a rogue DHCP device ? prevents malicious DHCP servers from establishing contact by examining DHCP responses at the switch level and not sending those from unauthorized DHCP servers

Dynamic Host Configuration Protocol (DHCP) snooping

What is the selective admission of packets based on a list of approved Media Access Control (MAC) addresses Employed on switches, this method is used to provide a means of machine authentication

Media access control (MAC) Filtering

What are hardened systems often used to protect and provide a means to access resources in a screened subnet

Jump servers

What can be used to filter out undesirable traffic and prevent employees from accessing potentially hostile websites? What takes requests from a client system and forwards them to the destination server on behalf of the client?

Proxy servers

What proxy operates to forward requests to servers based on a variety of parameters, as described in the other portions of this section Which proxy can be used to bypass firewall restrictions, act as a cache server, and change your IP address? (more useful before widespread adoption of NAT

Forward

Which proxy is typically installed on the server side of a network connection, often in front of a group of web servers, and intercepts all incoming web requests?

Reverse