Domain 7 - Security Operations Flashcards
These allow access to objects such as files.
Permissions
These refer to the ability to take actions.
Rights
the combination of both rights and permissions.
Privileges
This imposes the requirement to grant users access only to data or resources they need to perform assigned work tasks.
need to know principle. data = need to know
This states that subjects are granted only the privileges necessary to perform assigned work tasks and no more.
principle of least privilege. actions = least privilege
This refers to the amount of privileges g t ranted to users, typically when first provisioning an account. In other words, when administrators create user accounts, they ensure the accounts are provisioned with the appropriate amount of resources, and this includes privileges.
Entitlement
In the context of least privilege, this refers to the amount of privileges that users collect over time. For example, if a user moves from one department to another while working for an organization, this user can end up with privileges from each department.
Aggregation
This extends the trust relationship between the two security domains to all of their subdomains. Within the context of least privilege, it’s important to examine these trust relationships, especially when creating them between different organizations.
Transitive Trust
This ensures that no single person has total control over a critical function or system. This is necessary to ensure that no single person can compromise the system or its security. Instead, two or more people must conspire or collude against the organization, which increases the risk for these people.
Separation of duties
These models provide fully functional applications typically accessible via a web browser. For example, Google’s Gmail
Software as a Service (SaaS)
These models provide consumers with a computing platform, including hardware, an operating system, and applications. In some cases, consumers install the applications from a list of choices provided by the CSP. Consumers manage their applications and possibly some configuration settings on the host. However, the CSP is responsible for maintenance of the host and the underlying cloud infrastructure.
Platform as a Service (PaaS)
These models provide basic computing resources to consumers. This includes servers, storage, and in some cases, networking resources. Consumers install operating systems and applications and perform all required maintenance on the operating systems and applications. The CSP maintains the cloud-based infrastructure, ensuring that consumers have access to leased systems.
Infrastructure as a Service (IaaS)
What are the 5 steps involved in managing a computer security incident response.
Response, Mitigation, Reporting, Recovery, Remediation
This examines the incident to determine what allowed it to happen. For example, if attackers successfully accessed a database through a website, personnel would examine all the elements of the system to determine what allowed the attackers to succeed.
root cause analysis
Attacks that prevent a system from processing or responding to legitimate traffic or requests for resources and objects.
Denial-of-service (DoS) attacks
This is a common DoS attack. It disrupts the standard three-way handshake used by TCP to initiate communication sessions.
SYN flood attack
This is another type of flood attack, but it floods the victim with Internet Control Message Protocol (ICMP) echo packets instead of with TCP SYN packets. More specifically, it is a spoofed broadcast ping request using the IP address of the victim as the source IP address.
smurf attack
These are similar to smurf attacks. However, instead of using ICMP, this attack uses UDP packets over UDP ports 7 and 19. This attack will broadcast a UDP
packet using the spoofed IP address of the victim. All systems on the network will then send traffic to the victim, just as with a smurf attack.
Fraggle attacks
This floods a victim with ping requests. This can be very effective when launched by zombies within a botnet as a DDoS attack.
ping flood attack
This attack employs an oversized ping packet. Ping packets are normally 32 or 64 bytes, though different operating systems can use other sizes. This attack changed the size of ping packets to over 64 KB, which was bigger than many systems could handle. When a system received a ping packet larger than 64 KB, it resulted in a problem. In some cases
the system crashed.
ping-of-death attack
An attacker fragments traffic in such a way that a system is unable to put data packets back together.
teardrop attack
This occurs when the attacker sends spoofed SYN packets to a victim using the victim’s IP address as both the source and destination IP address. This tricks the system into constantly replying to itself and can cause it to freeze, crash, or reboot.
land attack
This refers to an attack on a system exploiting a vulnerability that is unknown to others.
zero-day exploit
Any script or program that performs an unwanted, unauthorized, or unknown activity on a computer system.
Malicious code