Domain 3.0: Implementation Flashcards
How to make LDAP confidential and secure?
Use TLS technology over port 636
HTTP
Unencrypted web traffic over port 80
HTTPS
Encrypted web traffic over port 443
Port # for FTP
Port 22
Port # for SSH
Port 22
Port security
Layer 2 traffic control feature that enable individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port
Loop protection
Makes additional checks in Layer 2 switched networks
Flood guard
Firewall feature to control network activity associated with DoS attacks.
Static code analysis
White-box software testing process for detecting bugs early in the program development
Dynamic code analysis
Based on observing how the code behaves during exection.
Fuzzing
Black-box software testing process by which semi-random data is injected into a program or protocol stack to detect bugs
Sandboxing
Safe execution environment for untrusted programs
What are the recommendation for test environments?
They should be isolated from development environments.
What is staging environment?
They reduce risk of introducing issues before solutions are deployed in production.
What is baselines?
They establish pattern of use that later use help identify variations that identify unauthorized access attempts.
Smart Cards
They used embedded systems with an operating system on the included chip.
Waterfall SDLC model
SDLC –> Software Development Life Cycle
Waterfall SDLC model starts with a defined set of requirements and a well-developed plan, and adjustments are confined to the current development stages.
Agile SDLC model
It starts with less rigorous guideline and allows for adjustments during the process.
Secure DevOps
They include security in the SDLC, ensuring that security is built in during the development process.
CI server
CI stands for Continuous integration
A CI Server continually compiles, builds and test each new version of code committed to the central repository without user interaction.
Immutability
Valuable program, configuration, or server will never be modified in place.
System Hardening
Disabling unnecessary ports and services
How to keep attackers from exploiting software bugs?
An organization must continually apply manufacturers’ patches and updates
Common used services and associated ports
Port Service 15: Netstat 20 & 21: FTP 22: SSH, SFTP, SCP 23: Telnet 25: SMTP 53: DNS 80: HTTP 123: NTP 389: LDAP 443: HTTPS 636: LDAPS 989 & 990: FTPS 1812: RADIUS 3389: RDP
TPM chips
Secure cryptoprocessor used to authenticate hardware devices
File integrity checker
Tool that computes cryptographic hash and compares the result to known good value to ensure that the file has not been modified.
Signature-based method
They detects known signatures or patterns
VPN concentrator
They are used to allow multiple external users to access internal network resources using secure features that are built in to the device. They are deployed when a single device needs to handle a very large of VPN tunnels.
NAC
Network Access Control offers a method of enforcement which helps ensure that computers are properly configured.
Zero trust
It’s a model that provides granular and dynamic access control, regardless of where the user or application resides and does not place trust in the entire network.
Screened subnet
Small network between internal and the Internet that provides a layer of security and privacy.
What is effective control to implement to mitigate the effect of a network intrusion?
Network segregation, isolation and segmentation.