Last Concepts Flashcards

1
Q

What are Typical Cloud based attacks?

A
  • Weak Authentication
  • Misconfiguration
  • Insufficient Network Segmentation
  • Poor Access Controls
  • Side- Channel Attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CASB: Functions and Implementations

A

Cloud Access Security Broker

  • Enterprise Management software
  • Designed to mediate Access to cloud services
  • Provides Visibility into how clients and othe rnetwork nodes are using cloud services

Functions:
* SSO, Access Control, Authentication
* Maleware Scan
* Monitor audit user and resource activity
* Mitigate Dara exfiltration

Implemented:
* Forward Proxy
* Reverse Proxy
* API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Netflow: Sources and Features

A
  • Flow collector
  • Network Security
  • Records Metadata and statistics about network traffic, rather then each frame
  • CISCO
  • Redeveloped as IP Flow Information Export (IPFIC) IETF-standard

Sources:
* Switches, Routers, Firewalls, web proxies

Features:
* Highlighting of trends in traffic
* Allerting based on anomalies
* Identification of traffic patterns revealing rogue user behavior, maleware in transit, tunneling or bandwith exceeding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Rootkit and what it does

A
  • Class of Malware
  • Modifies system files
  • Kernel level
  • Conceales presence

What it does:
* Runs with SYSTEM level privileges
* Compromises system files and programming interfaces:
- Local shell processes such as Explorer, taskmgr, tasklist, netstat no longer reveal its presence
* May contain tools for containing system logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cipher Suite

A

Algorithms supported by both the client and server to perform different encryption and hashing operations required by protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Main Features of TLS 1.3

A

Removing ability to perform Downgrade Attacks:

  • Preventing use of unsecure features and algorithms
  • Changes in handshake protocol to reduce number of messages and speed up connections
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TLS and its implementation

A
  • Used within HTTP application
  • Secure other Application protocols
  • VPN

Implementation
* Server is assigned digital certificate, signed by trusted CA
* Server uses its key pair and TLS protocol to aggree on mutually supported cyphers and negotiate encryped communication session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SNMP

A

Framework for management and monitoring

Consists of:

Agents
* maintains database (MIB) that holds statistics relating activities of device
* Process running on switch, router, server

Monitors
* Software Program
* Provides location from which network activity can be overseen
* monitors all agents

Use SNMP v3 whenever possible:
encryption, strong user based authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SMTPS

A
  • Message delivery
  • can be secured using TLS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

POP3S

A
  • Mailbox Protocol
  • Store messages delivered by SMTP on a server
  • Downloads messages to recipients email clienth
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Email Security

A
  • Three main technologies
  • Verificating authenticity of Emails
  • Preventing phishing and Spam

SPF
* Email Authentication Method
* Detect and prevent sender address forgery
* Verifying senders IP

DKIM
* Leverages encryption features to enable email verification
* Allowing sender to sing emails using digital signature

DMARC
* Uses results of SPF and DKIM
* moving messages to quarantine, spam rejection or message tagging
* reporting capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IMAPS

A
  • Supports permanent connections to server
  • Connects multiple clients to same mailbox simultaneously
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HSTS

A

HTTP Strict Transport Security
* Web security Policy Mechanism
* Forces Web browsers to interact with with websites ONLY over HTTPS

Helps protect:
* Downgrade Attacks, Cookie Hijacking, On-path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

S/MIME

A
  • Protocol securing Email communications
  • Encrypts Emails and enables sender authentication to ensure confidentiality and integrity
  • PKI techniques to secure Emaio content
  • Digital signatures to support sender verification

But:
* complicated to implement
* prone to misconfiguration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Email Gateway

A
  • Controlpoint for all incoming and outcoming email traffic

Several security measures:
* Anti-spam filters
* Anti Virus scanners
* threat detection algorithms
* DMARC, SPF, DKIM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DNSSEC

A
  • Providing validation process for DNS responses
  • Help mitigate spoofing, poisioning attacks by providing validation process

How does it work?
Authoritative server for the zone creates a “package” of resource records (called an RRset) signed with a private key (the Zone Signing Key). When another server requests a secure record exchange, the authoritative server returns the package along with its public key, which can be used to verify the signature.

16
Q

How should data be securely erased from an SSD, and why is it different from HDD erasure methods?

A

Securely erasing data from an SSD typically involves using the manufacturer’s tools or commands like:
* Secure Erase
* Enhanced Secure Erase,

which trigger the SSD’s built-in erasure routines.

This process is different from HDD erasure due to SSDs’ wear-leveling mechanisms, which make traditional data overwriting methods ineffective.

17
Q

Parsing

A
  • Software Component
  • Breaks fown data into smaller elements for analysis
  • Used in IDS, SIEM and Antivirus
18
Q

Watermarking

A
  • Embedd information into digital media
  • Protect copyrights, verify authentication, trace unauthorized distribution
  • Enables tracking of sensitive information
19
Q

USB What is USB tethering, and what security implications does it have for a network?

A

USB tethering is a method to share a device’s internet connection with another device via a USB cable.

The security implications include:
* potential unauthorized access to the network
* bypassing network security measures
* exposing the network to vulnerabilities from the tethered device.

20
Q

Service Set Identifiers (SSIDs) in wireless networking and their importance in network security.

A
  • Each Network is identified to users by service set identifiers (SSID)
  • Can be used in Rogue Acces points and evil twin attacks to mimic and spoof legitimate network
21
Q

NAC

A

Network Access Control
* Authenticates Users and devices before network access
* ALSO checks and enforces compliance with established security policies
* Devices mus meet minimum set of security standards before access

  • Leverages dynamic VLAN assignment based on user identity, attributes, device types, location and health check
  • NAC can automatically quarantine device in VLAN
22
Q

NAC Agent vs. Agentless

A

Agent
* Software agent installed on device
* communicates with NAC platform
* detailed information about devices status and compliance level

Automatic Remediation:
Updating software, disabling specific settings

Can be persistent:
Installed as software
Nonpersistent:
loaded into memory during posture assessment but not installed

Agentless
* Port-based NAC or Network scans to evaluate devices
* DHCP fingerprint to identify type and configuration
* Not as detailles but can be used with any device that connects to network

23
Q

Screened Subnet

A
  • Also known as perimeter Network
  • Creates additional layer of protection between internal network and Internet

Neutral Zone:
* Seperating public facing server from sensitive internal network resources
* Ofen hosts web, email, DNS, FTP services

Firewalls
1. between internet and screened subnet, allow traffic to services hosted in subnet
2. between screened subnet and internal network, block most traffic to network

Example of network segmentation

24
Q

Fileless Malware

A
  • Uses Memory resident techniques to run own processes
  • Within host process or DLL
  • Lightweight Shell code
  • Uses legitimate system scripting tools: PowerShell and WMI
25
Q

DLL Injection

A

DLL injection is a technique used by attackers to run unauthorized code within the address space of another process by forcing it to load a dynamic-link library (DLL). This can compromise system security by allowing attackers to execute malicious actions or escalate privileges within the context of legitimate applications, often bypassing security measures and controls.

26
Q

Buffer Overflow

A
  • More data written to buffer than it can hold
  • Causing data to overflow in adjacent memory space

Can lead to:
Arbitrary code execution
System crashes
Privilege escalation

27
Q

How do infrared, ultrasonic, and pressure sensors contribute to physical security systems?

A

Infrared
* Detect heat and movement

Ultrasonic
* Soundwaves to detect objects and movement

Pressure sensors
* Weight and force on surface

28
Q

RAID/SAN/NAS

A
  • DATA storage and management

RAID
* Redundant Array of Independent Disks
* Storing same Data in different places on multiple hard Disks
* Protect data in case of DIsk Failure

29
Q

Proximity reader

A
  • Device used in Access control systems
  • Read data from card or token that is held near
  • Without needing physical contact
30
Q

Degaussing

A
  • Reducing or Eliminating data stored on magnetic storage medium
  • Harddrives, Tapes
31
Q
A