Domain 4 Flashcards
SELlinux
Security-Enhanced Linux (SELinux) is a robust security mechanism that operates at the core of many Linux distributions
Netflow
NetFlow (a technology initially developed by Cisco) has since evolved into the IP Flow Information Export (IPFIX) IETF standard, making it accessible beyond Cisco environments. NetFlow defines traffic flows based on shared characteristics, known as keys, and groups them into flow labels
SNMP
The SNMP is a widely used protocol used for network management. It operates with a key component known as the Management Information Base (MIB), which is essentially a database of network information
port 161
Data lose prevention
DLP is an outbound network tool whose role is to prevent PII and sensitive data from leaving the network by email or removable devices.
Agent based collection
uses software agents on individual devices or endpoints within a network.
agentless collection
as the name suggests, operates without the need for specialized agent deployment on endpoints.
SCAP
SCAP is a framework that enables compatible vulnerability scanners to assess whether a computer adheres to a predefined configuration baseline.
False negative
A false negative means that there is a vulnerability that has already been patched, but the scanner does not detect it.
Isolation duration
Isolation duration determines how long a system should remain in quarantine based on the severity of the alert and the steps taken for remediation.
SNMP agent
SNMP agents are software modules or processes running on network devices, such as routers, switches, servers, and even IoT devices.
SNMP Traps
SNMP traps are asynchronous notifications sent by SNMP agents to SNMP managers without a prior request
MITRE attack framework
MITRE is a US government-sponsored company whose aim is to help prevent cyberattacks.
Cyber Kill Chain
Originally developed by Lockheed Martin as a military model designed to identify the steps of an enemy attack, the Cyber Kill Chain (formerly Kill Chain) has since been adapted to build a framework to support cybersecurity teams’ awareness of potential cyberattacks. This framework allows them to trace each step of an attack, granting increasing clarity with the completion of each of the following stages:
Reconnaissance
Calling employees, sending emails, social engineering, dumpster diving
Soar
SOAR is an automated tool that integrates all of your security processes and tools in a central location
MITRE
MITRE is a US government-sponsored company whose aim is to help prevent cyberattacks.
Diamond Model of Intrusion Analysis
This model is a framework for gathering intelligence on network intrusion attacks and comprises four key elements: adversary, capabilities, infrastructure, and victims,
Diamond model
Adversary: This is the threat actor group. The MITRE ATT&CK framework can be used to identify who they are and what attacks they use.
Capabilities: This refers to the exploit an adversary develops to carry out their attack. These are also laid out in the MITRE ATT&CK model.
Infrastructure: This is the path or means by which the attacker can get to the victim. This could be via USB, email, IP address, or remote access.
Victim: This is the person targeted by the adversary.
E-discovery
E-Discovery, the abbreviated form of electronic discovery, is the process of gathering and searching all forms of electronic data such as emails, documents, databases, and various other digital artifacts—all potential pieces of the puzzle crucial as legal evidence.
Eradication
Eliminating the root causes of incidents
Packet capture
Packets are the data that runs up and down our network. By capturing packets, cybersecurity administrators can analyze what is happening on the organization’s network.
Baseline creation
is a technique that involves establishing a record of normal network traffic patterns.
RSA SecurID
RSA SecurID is a renowned hardware token that produces a time-sensitive code, which aids in user authentication.
Google authenticator
Google Authenticator is a software token that generates dynamic, time-based codes, serving as a secondary authentication measure.
Tokens
Tokens utilize cryptographic utilities as secure containers for confidential data (typically incorporating elements such as digital signatures or randomly generated character strings) to authenticate and authorize users securely.
Single sign on
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with a single set of credentials.
Open Authorization (OAuth)
OAuth is an open standard for access delegation that is commonly used for internet-based authentication using tokens.
Saml
SAML is an XML-based standard used to exchange authentication and authorization data between third parties.
Kerberos
Kerberos authentication uses TGTs to obtain service tickets to provide access to network resources without users needing to re-enter credentials.
Federation
Federation services allow identity information to be shared across organizations and IT systems, normally for authentication purposes
Stateless firewalls when to use
Best suited when you need to inspect application traffic and permit or block based on application behavior, a stateful firewall knows the size and format of each type of network packet
Stateless firewalls
Analyzes data deeply, making informed decisions; can prevent DDoS attacks
Stateless firewalls
Basic packet filtering by only checking whether packets are permitted
Stateful firewalls when to use
Use when you want to keep things straightforward, such as allowing or blocking packets without a deep-level analysis of the data in the packets
Active devices
Active devices are a proactive force within your network security arsenal. They actively intervene and act when potential threats are detected. These devices can block or mitigate threats in real time, helping to maintain the integrity and security of your network.
Proxy server
A proxy server is a server that acts as an intermediary between clients seeking resources on the internet or an external network. It serves as a go-between, making requests on behalf of clients while ensuring that external servers do not have direct knowledge of the requesting host.
Proxy server
A proxy server is a server that acts as an intermediary between clients seeking resources on the internet or an external network. It serves as a go-between, making requests on behalf of clients while ensuring that external servers do not have direct knowledge of the requesting host.
Adware
: Secretly monitors and collects user information.
fiduciary duty
A fiduciary duty is the legal responsibility to act solely in the best interest of another party.
data custodian
The data custodian is responsible for the secure storage of data in compliance with data privacy regulations such as GDPR, ISO 27701, or HIPAA. The data custodian protects the data by ensuring it is encrypted, stored, and backed up. They implement the organization’s data retention policy and archive data that is outside of the legal data retention regulations.
