Incorrect Domains Flashcards
Worms
“Replicate” and “Spread”
.12
Fileless Scripts
executing malicious activity while legit programs run.
Memory based not file based
1.2
Logic Bomb
if discovered its already too late
1.2
Rootkit
- Distributed privilege access for a remote user which gives them admin privileges
1.2
Rainbow Table
Rebuilt set of hashes used to crack a password
1.3
Salting
adding additional random data to the password to prevent rainbow table
1.3
Skimming
attaching a fake scanner to a POS system
1.4
Criminal Syndicates
Financial backing and a structure threat conducted over a long period of time
1.5
Shadow IT
The use of IT, devices and sopftware without explicit IT department approval, often done with good intentions
1.5
Adversaries
government funded agencies
1.7
Bulletins
released by vendors or private companies
1.7
False Negative
When there is a vulnerability, but the scanner does not detect it
1.8
Credentialed scan
spots vulnerabilities like non expiring passwords
1.8
True Positive
results of the system scan agree with the manual inspection
1.8
non credentialed scan
Lower privileges than a credentialed scan. find missing patches and some protocol vulnerabilities
1.8
Intrusive Scan
try to exploit vulnerability and should be done in a sandbox
1.8
SIEM
Security Information Event Management
provides real time monitoring, analysis, correlation and notification of potential attacks
Built in log collector like syslog
1.8
SOAR
centralized alert and response automation with threat specific playbooks
1.8
Dashboard
SIEM typically includes a dashboard and collects reports that can be reviewed regularly to ensure that the polices have been enforced and the environment is compliant
1.8
UEBA
User Entity Behavior Analysis
based on the interaction of the user that focuses on their identity data that they would normally access on a normal day
Tracks devices that the user normally uses and the servers that they normally visit
1.8
Pivoting
a compromised system is used to attack another system on the same network
1.8
IaaS
Cloud Service Provider responsible for
- Virtualization
- Servers
- Storage
- Networking
Ex. Azure Virutal Machines
2.2 Summarize Virtualization and Cloud Computing Concepts
PaaS
Cloud Service Provider responsible for
- Virtualization
- Servers
- Storage
- Networking
- OS
- Middleware
- Runtime
Customer is responsible for deployment and management of apps
CSP manages provisioning of configuration, hardware, and OS
Ex. Azure SQL database, API management
2.2 Summarize Virtualization and Cloud Computing Concepts
SaaS
Cloud Service Provider responsible for
- Virtualization
- Servers
- Storage
- Networking
- OS
- Middleware
- Runtime
Customer just configures features. Limited shared responsibility for Applications and Data
CSP responsible for management, operation, and service availability
Office365, SalesForce
2.2 Summarize Virtualization and Cloud Computing Concepts
Containerization
a lightweight, granular and portable way to package applications for multiple platforms
2.2 Summarize Virtualization and Cloud Computing Concepts
IaC
Infrastructure as Code
management of infrastructure (networks, VM, load balancers and topology) described in code
Used in conjunction with continuous integration and continuous delivery
2.2 Summarize Virtualization and Cloud Computing Concepts
SDN
Sofware Defined Networks
Network controlled using software. Separating the control plane from the data plane opens up security challenges that can include a DoS or Man in the middle attack
2.2 Summarize Virtualization and Cloud Computing Concepts
Smart Card
a credit card sized token that contains a certificate and is used for authentication in conjuction with a pin
2.4 Summarize authentication and authorization design concepts
Attestation
the process of confirming the device is an approved device compliant with the company policies. Remote attestation involves checks that occur on a local device and are reported to a verification server (as with an MDM solution)
2.4 Summarize authentication and authorization design concepts
Directory Services
used to store and manage information about objects, such as user accounts, mail accounts and information on resources. LDAP is a common one
2.4 Summarize authentication and authorization design concepts
Federation
collection of domains that have established trust
2.4 Summarize authentication and authorization design concepts
something you have
trusted device
Something you know
pin or password
something you are
biometric
RADIUS
uses UDP and ecnrypts the password only
2.4 Summarize authentication and authorization design concepts
TACACS+
Uses TCP and encrypts the entire password
2.4 Summarize authentication and authorization design concepts
RAID Levels
increases performance of data storage with two or more drives working in Parallel
RAID 0 - striping
RAID 1 - mirroring
RAID 5 - striping with parity
RAID 6 - striping with double parity
RAID 10 - combining mirroring and striping
2.5 Implement Security Resilience
Load Balancers
balances traffic across multiple servers, often used for web traffic
2.5 Implement Security Resilience
Storage Area Network (SAN)
hardware device that contains large number of disks, such as SSDs, usually isolated from the LAN
2.5 Implement Security Resilience
RTO
Maximum amount of time that a process or service is allowed to be down
2.5 Implement Security Resilience
RPO
Point of last known good data prior to an outage that is used to recover systems. Time that can pass before loss exceeds maximum tolerance
2.5 Implement Security Resilience
Non Repudiation
The sender cannot deny sending the message
2.8 basics of cryptographic concepts
Hashing
one way function that scrambles plain text to produce a unique message. No way to reverse if properly designed
Verify of digital signature
generate random numbers
2.8 basics of cryptographic concepts
Steganography
A computer file, message, image or video is concealed with another file, message or video. attacker may hide info this way to exfiltrate data
2.8 basics of cryptographic concepts
ECC
Elliptic Curve Cryptograpghy
small, fast key that is used for mobile device encryption
Lower power devices often uses ECC
2.8 basics of cryptographic concepts
Low Latency
Encryption and decryption should not take a long time.
Specialized encyrption hardware is a common answer in this scenario
2.8 basics of cryptographic concepts
3.1 Implement Secure Protocols
IPsec
Secure VPN session between two hosts
SSL/TLS and HTTPS
Secure data in transit, secure web browsing
Port 443
LDAPS
Secure directory services information
Port 636
Remote Desktop Protocol
Secure Remote Access
Port 3389
Endpoint Detection and Response (EDR)
integrated endpoint security that combines real time continuous monitoring and collects endpoint data with automated responses
Next Gen Firewalls (NGFW)
Deep packet inspection firewall that adds application-level inspection intrusion prevention, and brings intelligence from outside the firewall
3.1 Implement Secure Protocols
Unified Extensible Firmware Interface (UEFI)
modern version of BIOS that is more secure and needed for a secure boot of the OS
Measured Boot
all components from the firmware, apps, and software are measured and information is stored in a log file. The log file is on the TPM chip on the motherboard
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Protocol
Replaced WEP and TKIP/WPA, now used with WPA2
uses AES Encryption with a 128-bit key
WPA3
uses much stronger 256 bit GCMP for encryption
Simultaneous Authentication of Equals (SAE)
Used with 802.11 authentication method
Used with wpa3 personal and replaced wpa2-PSK
immune to offline attacks and protects against brute force attacks
EAP
An authentication framework that allows for new technology to be compatible with existing wireless or point to point connection tech
802.1x and RADIUS Federation
enables members of one org to authenticate to another with their normal credentials. Trust across multiple raid servers. WAP forwards the devices wireless device credentials to the RADIUS server for authentication
Captive Portals
Wifi redirects users to a webpage when they connect to SSID. User provides additional validation of identity, normally through email or social identity
Site Survey
walking around with a portable wireless device, taking note of signal strength and mapping it
WAP Placement
Want minimal overlap with other WAPS to maximize coverage
Geofencing
Geofencing prevents mobile devices from being removed from the company’s premises
Geotracking
will tell you the location of a stolen device
Sideloading
allows unauthorized software to be run on a mobile device
Rooting and Jailbreaking
remove the vendor restrictions and allow unsupported software to be installed
OCSP
offers a faster way to check a certificate status
Code Signing
when code is distributed, users can trust that it was actually produced by the claimed sender
Pinning
method designed to mitigate the use of fraudulent certs
Key Escrow
Addresses the possibility that a cryptographic key may be lost
Nslookup
verifies the IP address of ahostname in the DNS Sever database
set type= command change the type of records it searches for
nmap
network mapper, good for banner grabbing
Hping
packet generator and anayzer used for auditing firewalls and networks
Netstat
used to see established connecitons, listening ports, and running services
NetFlow
monitors network traffic and helps identify patterns in the network traffic
DLP
policy based protection of sensitive data, based on labels or pattern matches
NAC
Network Access Control
User is authenticated and device checked to confirm patched and complaint before granted access
Containing the incident comes before finding the root cause and full remediation
Air gap
eliminated all network connectivity and protects the network from an attack
Chain of Custody
Tracks the movement of evidence through collection. Documents each person who handled the evidence
Order of Volatility
CPU Cache, ARP cache, Data Flows, RAM, Swapfile or pagefile, hard drive
GLBA act
services of banks lenders and insurance
CSA CCM
Helps potential customers measure the overall risk of a csp
Risk Acceptance
Do nothing, accept the risk
Risk Appetite/ Risk Tolerance
amount of risk willing to accept
Risk Avoidance
cost of mitigating or accepting are higher than the benefits of the service
Heat Map
shows the severity of the situation
Single Loss Expectancy
How much would it cost if it happened one time
Annualize Rate of Occurrence (ARO)
How many times does it happen in one year?
Annualized Loss Expentancy (ALE)
How much will you lose per year
Single Point of Failure
any non-redundant part of a system that if unavailable, would cause the entire system to fail
RPO
age of data that must be recovered from backup storage for normal operation to resume
RTO
the duration of time and a service level within which a bvsuiness process must be restored after a disaster to avoid consequences
Business Impact Analysis (BIA)
looks at the fiancial loss follwoing a disaster
Business Continuity Plan (BCP)
overall org plan for how to continue business. MTTR and MTBF
Disaster Recovery Plan (DRP)
the plan for recovering from an IT disaster and having the infastructure back in operation
MTTR
time determination for how long it will take for a piece of IT to be repaired and back online
MTBF
how long a piece of infrastructure will continue to work before it fails
DNS blackholing
a process that uses a list of known domains/IP addresses belonging to malicious hosts and uses an internal DNS server to create a fake reply
signature kinetics scan
measures the action of a user when signing their name and compares it against a known-good example or baseline
Reverse Proxy
proxy server that appears to any client to be an ordinary web server, but in reality merely acts as an intermediary that forwards the client’s requests to one or more ordinary web servers.
Directing traffic to internal services if the contents of the traffic comply with the policy
