Last Concepts Flashcards
What are Typical Cloud based attacks?
- Weak Authentication
- Misconfiguration
- Insufficient Network Segmentation
- Poor Access Controls
- Side- Channel Attacks
CASB: Functions and Implementations
Cloud Access Security Broker
- Enterprise Management software
- Designed to mediate Access to cloud services
- Provides Visibility into how clients and othe rnetwork nodes are using cloud services
Functions:
* SSO, Access Control, Authentication
* Maleware Scan
* Monitor audit user and resource activity
* Mitigate Dara exfiltration
Implemented:
* Forward Proxy
* Reverse Proxy
* API
Netflow: Sources and Features
- Flow collector
- Network Security
- Records Metadata and statistics about network traffic, rather then each frame
- CISCO
- Redeveloped as IP Flow Information Export (IPFIC) IETF-standard
Sources:
* Switches, Routers, Firewalls, web proxies
Features:
* Highlighting of trends in traffic
* Allerting based on anomalies
* Identification of traffic patterns revealing rogue user behavior, maleware in transit, tunneling or bandwith exceeding
Rootkit and what it does
- Class of Malware
- Modifies system files
- Kernel level
- Conceales presence
What it does:
* Runs with SYSTEM level privileges
* Compromises system files and programming interfaces:
- Local shell processes such as Explorer, taskmgr, tasklist, netstat no longer reveal its presence
* May contain tools for containing system logs
Cipher Suite
Algorithms supported by both the client and server to perform different encryption and hashing operations required by protocol
Main Features of TLS 1.3
Removing ability to perform Downgrade Attacks:
- Preventing use of unsecure features and algorithms
- Changes in handshake protocol to reduce number of messages and speed up connections
TLS and its implementation
- Used within HTTP application
- Secure other Application protocols
- VPN
Implementation
* Server is assigned digital certificate, signed by trusted CA
* Server uses its key pair and TLS protocol to aggree on mutually supported cyphers and negotiate encryped communication session
SNMP
Framework for management and monitoring
Consists of:
Agents
* maintains database (MIB) that holds statistics relating activities of device
* Process running on switch, router, server
Monitors
* Software Program
* Provides location from which network activity can be overseen
* monitors all agents
Use SNMP v3 whenever possible:
encryption, strong user based authentication
SMTPS
- Message delivery
- can be secured using TLS
POP3S
- Mailbox Protocol
- Store messages delivered by SMTP on a server
- Downloads messages to recipients email clienth
Email Security
- Three main technologies
- Verificating authenticity of Emails
- Preventing phishing and Spam
SPF
* Email Authentication Method
* Detect and prevent sender address forgery
* Verifying senders IP
DKIM
* Leverages encryption features to enable email verification
* Allowing sender to sing emails using digital signature
DMARC
* Uses results of SPF and DKIM
* moving messages to quarantine, spam rejection or message tagging
* reporting capabilities
IMAPS
- Supports permanent connections to server
- Connects multiple clients to same mailbox simultaneously
HSTS
HTTP Strict Transport Security
* Web security Policy Mechanism
* Forces Web browsers to interact with with websites ONLY over HTTPS
Helps protect:
* Downgrade Attacks, Cookie Hijacking, On-path
S/MIME
- Protocol securing Email communications
- Encrypts Emails and enables sender authentication to ensure confidentiality and integrity
- PKI techniques to secure Emaio content
- Digital signatures to support sender verification
But:
* complicated to implement
* prone to misconfiguration
Email Gateway
- Controlpoint for all incoming and outcoming email traffic
Several security measures:
* Anti-spam filters
* Anti Virus scanners
* threat detection algorithms
* DMARC, SPF, DKIM