Domain 3.0: Implementation Flashcards
How to make LDAP confidential and secure?
Use TLS technology over port 636
HTTP
Unencrypted web traffic over port 80
HTTPS
Encrypted web traffic over port 443
Port # for FTP
Port 22
Port # for SSH
Port 22
Port security
Layer 2 traffic control feature that enable individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port
Loop protection
Makes additional checks in Layer 2 switched networks
Flood guard
Firewall feature to control network activity associated with DoS attacks.
Static code analysis
White-box software testing process for detecting bugs early in the program development
Dynamic code analysis
Based on observing how the code behaves during exection.
Fuzzing
Black-box software testing process by which semi-random data is injected into a program or protocol stack to detect bugs
Sandboxing
Safe execution environment for untrusted programs
What are the recommendation for test environments?
They should be isolated from development environments.
What is staging environment?
They reduce risk of introducing issues before solutions are deployed in production.
What is baselines?
They establish pattern of use that later use help identify variations that identify unauthorized access attempts.
Smart Cards
They used embedded systems with an operating system on the included chip.
Waterfall SDLC model
SDLC –> Software Development Life Cycle
Waterfall SDLC model starts with a defined set of requirements and a well-developed plan, and adjustments are confined to the current development stages.
Agile SDLC model
It starts with less rigorous guideline and allows for adjustments during the process.
Secure DevOps
They include security in the SDLC, ensuring that security is built in during the development process.
CI server
CI stands for Continuous integration
A CI Server continually compiles, builds and test each new version of code committed to the central repository without user interaction.
Immutability
Valuable program, configuration, or server will never be modified in place.
System Hardening
Disabling unnecessary ports and services
How to keep attackers from exploiting software bugs?
An organization must continually apply manufacturers’ patches and updates
Common used services and associated ports
Port Service 15: Netstat 20 & 21: FTP 22: SSH, SFTP, SCP 23: Telnet 25: SMTP 53: DNS 80: HTTP 123: NTP 389: LDAP 443: HTTPS 636: LDAPS 989 & 990: FTPS 1812: RADIUS 3389: RDP