Lesson 10: Assess Endpoint Security Capabilities Flashcards
Define ‘Device Hardening’
The practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to default configurations.
What is the role of base practice baselines in device hardening?
Best practice baselines provide a standard set of guidelines or checklists for configuring devices securely.
What is the essential principle of best practice baselines in device hardening to reduce attack surface?
Principle is of least functionality; that a system should run only the protocols and services required by legitimate users and no more.
What are examples of device hardening?
Disabling excess interfaces; Disabling unnecessary services/ports; Disk encryption; Patch management cycle.
Define ‘Baseline deviation reporting’
Testing the actual configuration of hosts to ensure that their configuration settings match the baseline template.
What is a windows tool to test baseline deviation?
Microsoft Baseline Security Analyzer (MBSA)
How does segmentation enhance a network’s security?
Reduces the potential impact of a cybersecurity incident by isolating systems and limiting the spread of an attack or malware infection.
Define ‘device isolation’
Segregating individual devices within a network to limit their interaction with other devices and systems.
What is the purpose of device isolation?
Prevents the lateral spread of threats should a device become compromised.
Define ‘antivirus’
Signature based software detection and prevention.
Define ‘Full disk encryption (FDE)’
Encryption of all data on a disk by the OS.
Where is the key used to encrypt data stored when using Full disk encryption (FDE)?
Stored in a Trusted Platform Module (TPM).
Define a ‘self-encrypting drive (SED)’
A disk drive where the controller can automatically encrypt data that is written to it instead of relying on the OS.
What is the name of the key that a self-encrypting drive (SED) uses in encrypt data?
Symmetric data/media encryption key (DEK/MEK) for bulk encryption
What is the name of the key that encrypts the symmetric data/media encryption key (DEK/MEK)?
Authentication key (AK) or Key Encryption Key (KEK).
Define an ‘authentication key (AK) or Key Encryption Key (KEK)’
Private key that is used to encrypt the symmetric bulk media encryption key (MEK).
When implementing a self-encrypting drive (SED), how does a user access the encrypted data on the drive?
A user must authenticate with a password to decrypt the MEK and access the media.
What is used to facilitate auto-updates in Linux?
yum-cron or apt unattended-upgrades
What is the purpose of testing patches before applying them to systems in production?
Identify potential issues or conflicts arising from the patch, ensuring that it does not introduce new vulnerabilities or disrupt critical operations; Mitigate the risk of unintended consequences.
What is a ‘endpoint detection and response (EDR)’ product?
Software agent that collects system data and logs for analysis to provide early detection of threats.
What is the purpose/function of endpoint detection and response (EDR)?
To provide real time and historical visibility into the compromise, contain the malware within a single host, and facilitate remediation of the host to its original state.
What is the difference between ‘Extended detection and response (XDR)’ and ‘endpoint detection and response (EDR)’
Extends protection beyond endpoints by incorporating data from the network, cloud platforms, email gateway, firewall, and other essential infrastructure components.
Define ‘Host-based intrusion detection system (HIDS)’
Type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.
Define ‘host-based intrusion prevention system (HIPS)’
Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching.
