Domain 3 Flashcards
Secure ________ are those that have built-in security mechanisms so that, by defaultSecurity can be enforced via the protocol
Protocols
________ provides integrity by validating DNS data
_______ uses TCP port 53
Domain Name System Security Extensions (DNSSEC)
An encrypted remote terminal connection program used for remote connections to a server
____ uses TCP port 22
Secure Shell (SSH)
____________ is designed to provide cryptographic protections to e-mails and is built into the majority of modern e-mail software to facilitate interoperability
Secure/Multipurpose Internet Mail Extensions (S/MIME)
_____ is a protocol to secure communications, typically over a telephony or communications-based network
Secure Real-time Transport Protocol (SRTP
What uses an SSL/TLS tunnel to connect these services
This communication occurs over port TCP 636
Lightweight Directory Access Protocol over SSL (LDAPS)
is the use of FTP over an SSH channel _____ uses TCP port 22
SSH File Transfer Protocol (SFTP)
A standard for managing devices on IP-based networks. All versions of SNMP require ports 161 and 162 to be open on a firewallThe only secure version of SNMP is _______
Simple Network Management Protocol, Version 3 (SNMPv3)
What is the use of SSL or TLS to encrypt a channel over which HTTP traffic HTTPS is used for secure web communications, Using port 443, it offers integrity and confidentiality
Hypertext Transfer Protocol over SSL/TLS (HTTPS)
________ is a set of protocols developed to securely exchange packets at the network layer (layer 3) of the OSI model ______ uses two protocols to provide traffic security:
•Authentication Header (AH)•Encapsulating Security Payload (ESP
IPSec
The AH protects the IP address, which enables data origin authenticationThe AH Provides Authentication & Integrity for each data packet, but it does not provide privacy because only the header is secured.
Authentication Header (AH)
This provides security services for the higher-level protocol portion of the packet only, not the IP header
Encapsulating Security Payload (ESP
This encrypts only the data portion of a packet
This enables an outsider to see source and destination IP addresses
Transport Mode
provides encryption of source and destination IP addresses as well as of the data itself. This provides the greatest security
Tunnel Mode
An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server
E-mail clients using this generally leave messages on the server until the user explicitly deletes them
IMAP uses port 143, but secure IMAP4 uses port 993
Internet Message Access Protocol
What internet standard protocol used by e-mail clients to retrieve e-mail from a remote server supports simple download-and-delete requirements for access to remote mailboxes, it uses port 110, but secure uses port 995
Post Office Protocol (POP)
Internet standard protocol for electronic mail (e-mail) transmission across IP-based networks ____ is used to transmit mail from server to server and POP3 and IMAP are used to access the mail on a personal device
Simple Mail Transfer Protocol (SMTP)
Beyond knowing the general meaning and functionality of the protocols, you need to know the scenarios in which you would deploy them.
Use cases
There are two forms of communication
Voice translates to phone calls while video translates to video calls or video conferencing. For this use case, this is appropriate. Additionally, there would likely be use of TLS for parts of the communication
Voice and video
For, the primary service is Network Time Protocol (NTP) NTP is a protocol to sync clocks between two devices over the network. It operates using UDP on port 123
Time synchronization
For email , the primary protocols are SMTP (port 25, for email relay), POP/IMAP (for email retrieval using legacy email clients), S/MIME (for encrypted email), HTTPS (for administration and web-based email), and SSL/TLS (for securing various communications
Email and web
you can opt to use FTP (quick, easy, lacking security), FTPS (like FTP but adds encryption), or SFTP (securely transfer files over SSH)Alternatively, you can use HTTPS for web-based file transfers
File Transfer
Delete
Delete
For ____ _____ to devices, HTTPS is the most common protocol
For ____ _____ to servers, SSH (mostly for Linux-based computers) and RDP (Remote Desktop Protocol, mostly for Windows-based computers) are commonly used
Remote Access
For DNS, DNSSEC is the most common security protocol
Although not widely implemented, it is the standard for securing DNS when you have requirements for DNS security
Domain Name Resolution
Open Shortest Path First (OSPF) is an interior gateway protocol that provides robustness
Border Gateway Protocol (BGP) is a complex routing protocol that provides the backbone functionality of the internet
For administration purposes, SSH and HTTPS are commonly used
Routing and switching
To efficiently and automatically distribute IP addresses to devices on a network, Dynamic Host Configuration Protocol (DHCP) is the most used
DHCP works via broadcast traffic initially
Network address resolution
Network News Transfer Protocol (NNTP) is a legacy protocol used to communicate with Usenet, which hosts forums and file transfer
With NNTP, you subscribe to desired groups, whether for discussion or file transfer
Subscription services
Endpoint security is a concept that each system is responsible for its own security
Appropriate level of security controls includes anti-malware software or local firewall
Each system should be capable of maintaining local security to an appropriate level
Endpoint protection
Most current antivirus software packages provide protection against a wide range of threats, including viruses, worms, Trojans, and other malware
Use of an up-to-date antivirus package is essential in the current threat environment
Antivirus
What is the name of a product designed to protect your machine from malicious software or malware.
Most of these solutions are combined with antivirus solutions into a single product.
Anti-malware
______ ______ are solutions are integrated solutions that combine individual endpoint security functions into a complete package
Having a packaged solution makes updating easier
Endpoint detection and Response (EDR)
____ ____ solutions serve to prevent sensitive data from leaving the network without notice
Data loss prevention (DLP)
_____ _____ ______ act by inspecting the actual traffic crossing the firewall—not just looking at the source and destination addresses and ports, but also at the actual content being sent
NGFW)Next-generation firewalls (NGFWs)
What act is to detect undesired elements in network traffic to and from the host
Host-based intrusion detection system
(HIDS)
is a HIDS with additional components to permit it to respond automatically to a threat condition
A host-based intrusion prevention system (HIPS)
protective mechanisms that monitor and control traffic passing in to and out of a single system
Host-based firewall or Personal firewalls
What is the characteristic of the intended hardware/firmware/software load for the system following the expected state
Having a means to ensure ? is a means of assuring that the hardware, firmware, and initial loading of software are free of any tampering
Boot integrity
_______ offers a solution to the problem of boot integrity, called _______ , which is a mode that, when enabled, only allows signed drivers and OS loaders to be invoked
Secure Boot enables the attestation that the drivers and OS loaders being used have not changed since they were approved for use
Boot security/Unified Extensible Firmware Interface (UEFI)UEFI
What is also a method of depending on the Root of Trust in starting a system, but rather than using signatures to verify subsequent components, a measured boot process hashes the subsequent processes and compares the hash values to known good values
Measured boot
What is the reporting of the state of a system with respect to components and their relationship to the Root of Trust
Part of the UEFI/Root of Trust specification is the means of reporting via digital signatures of the verified integrity of the system components
Boot attestation
What engines have built-in encryption capabilities
The advantage to these encryption schemes is that they can be tailored to the data structure, protecting the essential columns while not impacting columns that are not sensitive
Database
What is the process of substituting a surrogate value, called a _____, for a sensitive data element
This allows processing of the data, including referential integrity without disclosing the sensitive value
Tokenization
________ is the process of adding a random element to a value before performing a mathematical operation like hashing
This is done to add randomization and to also prevent identical original values from being hashed into an identical hash
Salting
is a mathematical method of reducing a data element to a short form that is not reversible to the original form
Hashing
Having a stringent and comprehensive validation of inputs prior to processing them is essential to filter out specific attacks
Input validations
An attribute in the cookie called the secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels
As cookies are transmitted in plaintext across the Web, they are subject to being read by unauthorized parties
Secure cookies
Using a security-related set of response headers can alleviate such risks as protocol downgrade attacks, clickjacking, cookie hijacking and other attacks
An example is the HTTP Strict Transport Security (HSTS) directive:
Strict-Transport-Security: max-age 3600; includeSubDomains
Hypertext Transfer Protocol (HTTP) headers
Code is signed by the manufacturer, either the commercial vendor or the in-house team
This ensures that code has not been changed since being signed, allowing its integrity to be verified at any time
Code signing
A ____________ is a list of applications that are permitted to run on the OS
Whitelisting
A _________ is a list of applications that should not be allowed to run on the OS
Blacklisting
______ ____ _______ is when the code is examined without being executed
____ ___ ______ is frequently performed
Static code analysis
A ______ ______ _______ can be either undirected or directedIn an undirected review, a programmer examines the code to see what it does and how it does it
A directed review is one where the code author walks through the code, explaining each line to the rest of the team
Manual code review
? is performed while the software is executed, either on a target system or an emulated systemThe system is fed specific test inputs designed to produce specific form of behaviors
Dynamic code analysis
(or ____ testing) is a brute force method of addressing input validation issues and vulnerabilities
The basis for _______ a program is the application of large numbers of inputs to determine which inputs cause faults and which ones might be vulnerable to exploitation
Fuzzing
Any port and service that is not going to be used on a system should be disabled, and the ports should be blocked by the firewallThis has the effect of reducing the attack surface on a target and eliminating any vulnerability-based risk from services that are not needed
Open ports and services
The _________ in Microsoft Windows systems acts as a repository of all information related to configurations. Configuration options for the OS are located in the ______
Configuration options for applications are also located in the _______
Registry
? can provide data protection even if the disk is removed from one system and placed in another
Having the data encrypted on the disk renders it unusable without the proper keys
Disk encryption
Updates and patches should be applied where and when possible
All users should implement strong passwords and change them on a regular basis
Privileged user accounts should be used only when necessary, and logging should be implemented
OS
? What is the process used to maintain systems in an up-to-date fashion, including all required patchesEvery OS, from Linux to Windows, requires software updates, and each OS has different methods of assisting users in keeping their systems up to date
Patch management
As more and more applications are added, from a wider and wider selection of vendors, the process of keeping track of what software is up to date and which programs require updating is a challenge
The key to making this work is to ensure that the solution chosen covers the apps you use, and you properly enroll the apps with the program so it knows what to update
Third-party updates
Many software vendors now equip their software with an ____ ______ function that calls home, gets the update, and installs it automatically
Auto-update
? are methods of implementing cryptographic protection on hard drives and other similar storage media with the express purpose of protecting the data, even if the drive is removed from the machine
Self-encrypting drive (SED)/full-disk encryption (FDE)
is used for applying hardware-based encryption to mass storage devices, hard drives (rotating media), solid state drives, and optical drives
Having a standard has the advantages of interoperability between vendors and can be OS independent
Opal
?is the concept that if one has trust in a source’s specific security functions, this layer can be used to promote security to higher layers of a system
A hardware root of trust
? is a hardware solution on the motherboard, one that assists with key generation and storage as well as random number generation
Trusted Platform Module (TPM)
? refers to the quarantine or isolation of a system from its surroundingsIt has become standard practice for some programs with an increased risk surface to operate within a ?, limiting the interaction with the CPU and other processes, such as memory
Sandboxing
involves the use of devices that move loads across a set of resources in an effort not to overload individual servers
Load balancing
Two or more servers work together to distribute the load in an ? load-balancing configurationIf a server fails, service interruption or traffic loss may result
Active/active
All traffic is sent to the active server in an active/? configurationIf the active server fails, the ? server is promoted to active
Active/passive
When a load balancer moves loads across a set of resources, it decides which machine gets a request via a ? algorithm
There are a couple of commonly used ? algorithms: affinity-based ? and round-robin scheduling
Scheduling
that allow for multiple systems to be reflected as a single IP address
Virtual IP
is the condition where a system connects to the same target in a load-balanced system
This can be important for maintaining state and integrity of multiple round-trip events
Persistence
is where you have configured the network devices to limit traffic access across different parts of a network
This can be done to prevent access to sensitive machines, but also aids in network traffic management
Network segmentation
What is a logical implementation of a LAN and allows computers connected to different physical networks to act and communicate as if they were on the same physical network
Virtual local area network (VLAN)
The zone that is between the untrusted Internet and the trusted internal network is called the screened subnet
DMZ
Public internet ~ firewall ~ screened subnet ~ firewall ~ main server
refers to network data flows within an enterprise network
North-south traffic refers to data flowing between the enterprise network or data center and the outside of the network
East-west traffic
An ? is an extension of a selected portion of a company’s intranet to external partnersThis allows a business to share information with customers, suppliers, partners, and other trusted groups while using a common set of Internet protocols to facilitate operations
Extranet
An ? describes a network that has the same functionality as the Internet for users but lies completely inside the trusted area of a network and is under the security control of the system and network administrators
Intranet
What is a security model centered on the belief that you should not trust any request without verifying authentication and authorization
What implementations require strict identity verification for every account trying to access resources, regardless of their location
Zero Trust
What technologies allow two networks to connect securely across an unsecure stretch of network by tunneling across the intermediate connections
Virtual private network (VPN)
What VPNs are a means to avoid this issue using pre-established connection parameters and automation When an Internet connection is made, this VPN client automatically establishes a VPN connection
Always-On
What is a form of VPN where not all traffic is routed via the VPN?
What solution routes all traffic over the VPN, providing protection to all networking traffic?
Split tunnel/full tunnel
? is when a user requires access to a network and its resources but is not able to make a physical connection
? communication links are network connections to two or more networks across an intermediary network layer
Remote access vs. site-to-site
What is a set of protocols developed to securely exchange packets at the network layer in
transport mode (end-to-end), security of packet traffic is provided by the endpoint computers
In tunnel mode (portal-to-portal), security of packet traffic is provided between endpoint node machines in each network and not at the terminal host machines?
IPSec
What is an application of encryption technology developed for transport-layer protocols across the Web
This protocol uses public key encryption methods to exchange a symmetric key for use in confidentiality and integrity protection as well as authentication
TLSSecure Sockets Layer (SSL)/Transport Layer Security (TLS)
What is the current version of the ? protocol standard
This doesn’t require browser plugins and is considered a secure remote access alternative to using SSL/TLS VPNs
HTML5
What is an Internet standard and came from the ____ _ a L2P Forwarding protocol, a Cisco initiative designed to address issues with Point-to-Point Tunneling Protocol (PPTP
Layer 2 tunneling protocol (L2TP)
is a protocol for the translation of names into IP addresses
DNSSEC (Domain Name System Security Extensions) is a set of extensions to the ? protocol that, using cryptography, enables origin authentication of ? data, authenticated denial of existence, and data integrity
The Domain Name System (DNS)
What refers to the management of the endpoints on a case-by-case basis as they connect?
Network access control (NAC)
NAC agents are installed on devices that connect to networks in order to produce secure network environmentsWith agentless NAC, the NAC code resides not on the connecting devices, but on the network, and it’s deployed to memory for use in a machine requesting connection to the network
Agent and agentless
What are physically separate connections, via separate interfaces that permit the active management of a device even when the data channel is blocked for some reason
Out-of-band management
Port address ? based on Media Access Control (MAC) addresses can determine whether a packet is allowed or blocked from a connection
Port security
Flood guards are commonly implemented in firewalls and IDS/IPS solutions to prevent DoS and DDoS attacks
Broadcast Storm Prevention
An attacker can issue multiple BPDU packets to a system to force multiple recalculations that serve as a network denial of service attack
To prevent this form of attack, edge devices can be configured with ? guards that detect and drop these packets
Bridge Protocol Data Unit (BPDU)
To prevent loops, a technology called spanning trees is employed by virtually all switches
STP allows for multiple, redundant paths, while breaking loops to ensure a proper broadcast pattern
Loop prevention
What is a defensive measure against an attacker that attempts to use a rogue DHCP device
? prevents malicious DHCP servers from establishing contact by examining DHCP responses at the switch level and not sending those from unauthorized DHCP servers
Dynamic Host Configuration Protocol (DHCP) snooping
What is the selective admission of packets based on a list of approved Media Access Control (MAC) addresses
Employed on switches, this method is used to provide a means of machine authentication
Media access control (MAC) Filtering
What are hardened systems often used to protect and provide a means to access resources in a screened subnet
Jump servers
What can be used to filter out undesirable traffic and prevent employees from accessing potentially hostile websites?
What takes requests from a client system and forwards them to the destination server on behalf of the client?
Proxy servers
What proxy operates to forward requests to servers based on a variety of parameters, as described in the other portions of this section
Which proxy can be used to bypass firewall restrictions, act as a cache server, and change your IP address? (more useful before widespread adoption of NAT
Forward
Which proxy is typically installed on the server side of a network connection, often in front of a group of web servers, and intercepts all incoming web requests?
Reverse
