Fundamentals of Security Flashcards
What is the differences between information security and information system security?
Information security refers to protecting actual data and
Information system security refers to protecting the actual devices/ systems that store data.
What are the 4 main types of security controls?
Managerial control/ Administrative controls -
Technical controls -
Operational controls -
Physical controls -
Give me few examples of techniques to keep data confidential.
- Encryption
- Implementing access controls
- Data masking
- tokenization
- User training and awareness
- Implementing physical controls to block unauthorized access
How we can maintain integrity of data?
- using hashing algorithms
- checksum
- reviewing logs
- Digital signatures
- Access controls
What is non-repudiation and it’s concept is achieved?
It refers to the concept that if someone has taken some action, they cannot deny it.
In email communication, it is ensured using Digital Signatures.
What are different ways to authenticate someone? What are its factors?
- Something you know - like a password or pincode. Or it could be KBA (Knowledge based authentication like answering security questions)
- Something you have -
Like having a access card, or
using token fob/key token - Something you are - involves biometrics
Define something you have authentication factor.
- We might have a access card. Access card uses NFC or RFID (Radio Frequency Identification) technology in them. Normally these cards have a microchip in them that has a certificate with a private key.
- We may also use key fob/token fob.
Note there is a software implementation of key fob as well. Two open source protocols are available to implement software key-fob technology.
1st is HOTP (Hash based one time password)
2nd is TOPT (Time based one time password)
What technologies/tools we can use to implement accounting in our networks?
Syslog servers
SIEM - Security Incident and Event Management tool
Network Protocol analyzers
Define technical controls.
There are the controls are implemented once like implementing ACLs in firewalls, and they will do their work automatically after.
Define Managerial or Administrative controls.
Managerial controls are administrative in nature. It involves strategic planning and governance side of security.
Like planning the incident response plans, or making security policies, procedures and guidelines.
What are operational controls?
Operational controls are related to day-to-day activities and it involves human participation.
Ex - employees following clean-desk policy or making sure that their LAN password length is at-least 12 characters long.
Other examples of operational controls are back-up procedures, Account reviews, user training programs
What are the different types of security controls?
Preventative controls
Detective controls
Deterrent controls
Corrective controls
Compensating controls
Directive controls
What is the use of compensative controls?
Compensative controls are used where primary control mechanisms fail or are not effective.
What is GAP analysis and what are different steps involved in it?
Gap analysis refers to the process of finding differences between the organizations current state and its desired state.
It involves following steps -
- Finding the scope of the GAP analysis
- Evaluating/analyzing the current state of the organization as per defined-scope
- Finding out the gaps between the current state and the desired state/goal
- Developing a plan to bridge the gap
What are 2 types of GAP analysis?
Technical GAP analysis
Business GAP analysis
What is the concept of Zero trust?
Todays networks are decentralized. So companies goal is to implement the zero trust in their organization.
It demand the verification of every device, user and transaction within the network, regardless of its origin.
What is a common goal of fault tolerance and redundancy techniques?
To remove the SPOF (Single Point Of Failure)
Define hping command.
Hping is command is used in linux (SAYAD).
With hping command, we can send message using TCP, UDP, and ICMP protocol.
Define ifconfig command
This command is used in Linux to see the TCP/IP suite information.
Command is
ifconfig eth0 promisc
What do we use netstat command for?
netstat command is used to see TCP/IP connections.
To get more information about it, use :
netstat /? -> In windows
What do we use tracert command for?
tracert command is used to find the path that a packet takes to reach it destination.
This command is used in Windows and gives use the IP address of each hop in the packet path.
Linux equivalent command is traceroute
What is pathping command?
Pathping command is combination of ping and tracert
Define journalctl command.
This command is used to get the log entries that journald protocol has collected from different sources.
What are some of the connection states of netstat command?
Close_WAIT -> Waiting for a connection termination request
Time_WAIT -> This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgement of the connection.
SYN_SENT -
SYN_Received -
What tool in windows can we use to view logs?
We can Windows Event Viewer.
Using it, we can view following kind of logs-
Security logs
Application logs
System logs
Define Syslog protocol.
It is a logging protocol that defines a general format for logs and it defines rules to transport the log data to some centralized logging server.
With this protocol, we can connect log data from different sources.
For unencrypted log messages, this protocol uses UDP port 514.
For send encrypted messages, it uses TCP port with port number 6514 with Transport Layer Security.
This protocol stores log data in plain text at /var/log/syslog
What is the use of logger command.
We can use logged command to timestamp some event like when the backup was created.
It will add this entry in /var/log/syslog
What are some other alternatives of using Syslog protocol.
syslog-ng
rsyslog
nxlog is another log management tool and is similar to rsyslog and syslog-ng
What is most secure method out of different biometric methods?
Iris and Retina scans
Iris is preferred.
What is Account Management?
It is the process of creating account, managing accounts, suspending and terminating them.
What are different types of account types?
User accounts :
Admin Accounts :
Device accounts :
Service accounts : Some applications and services need to run under the context of an account and a service account fills this need.
Guest Accounts:
Third Part Accounts:
Shared and Generic accounts :
What is PAM?
PAM stands for privileged Access Management.
It recommends to use 2 accounts by administrators.
How and why do we use Kerbros in Enterprise systems?
It is used to implement SSO solution in Enterprise networks.
SSO should always be implemented with other kind of MFA.
kerbros is a network authentication protocol within Microsoft Windows Active Directory domain.
Kerbros has 3 components :
- Some Key Distribution Centre server that generates TGT (Ticket granting tickets)
- Time Synchronization.
- a database of users and objects. In Windows systems, this database is Active Directory.
How can we implement SSO over the internet over different networks/systems/environments?
One way of implementing SSO among different environments is by creating a federation of companies in which 2 different companies create a Federated Access Management system.
One way of implementing Federated Access Management system over the internet is using SAML (Security Assertion Markup Language)
Define SAML.
SAML is Security Assertion Markup Language.
It is a protocol with which we can implement SSO over the internet.
It involves 3 entities :
- Principle - Typically a user
- Service Provider
- Identity provider
Another alternative to using SAML is openID connection (OIDC) - it uses JSON Web Token (JWT) messages instead of XML used in SAML.
What is Oauth?
It is an open standard for authorization many companies use to provide secure access to protected resources.
What are different motivations behind threat actors?
- Data exfiltration
- War
- Service Disruption
- Espionage
- Social cause / Philosophical or Political Beliefs
- Revenge
- Ethical hacking
- Blackmail
- Financial Gain
What are different threat actor attributes?
Internal VS external
Level of Sophistication And capability
Resources and Funding
Who are unskilled attackers and what are their motives?
These are also called Script-kiddies
They don’t have financial again motive but their motive might include learning new tool.
Who is a Hactivist
An Hactivist is an individual or group of people who might hack systems due to some social cause or to promote a Social change.
They can end up doing following things:
- Doxing - it is process in which a threat actor publicly release someone individuals personal information
- Denial Of service
- Website Defacement
- Leaking of sensitive information
Who are Organized crime group?
These are group of hackers who are very sophisticated and hight level of expertise. Their main motive is financial gain.
Example of such group is FIN7, carbanak
Who are Nation State actors?
These are the state sponsored threat actors who spy on individuals, group of people or other state to gain sensitive information or classified information.
These nation state threat actors usually use “False flag attack” in which they try to hide the attack origin.
What is shadow IT?
This term refers to the scenario when someone make use of devices, applications, processes without IT approval in a corporate environment. This action might lead to increased number of vulnerabilities in a corporate network.
For example - Someone might install an application without approval on their system.
Define term attack vector and attack surface area.
Attack surface area refers to all the vulnerabilities in the organizational network.
Attack vector refers to specific mean or path by which an threat actor can penetrate a network to steal data or to enter malicious data.
Give me some examples of attack vector.
Messages (email message, text message)
Files
Images
Unsecured network
Social media
Removable devices
Voice calls
What are Blueborne and Bluesmack attacks?
Blueborne attack - It is an attack in which a threat actor exploits a number of vulnerabilities in Bluetooth and it can allow can attacker to take over devices or spread malware.
Bluesmack - It is a type of denial of service attack that targets bluetooth enabled devices.
What are different tools with which we can learn TTPs (Tools, Tactics and procedures) of threat actors?
By using following -
Honeypots
Honeynets
Honeytokens
Honeyfiles