Lesson 12 + 13

Question 1

hardware Root of Trust (RoT) or trust anchor

Answer 1

hardware Root of Trust (RoT) or trust anchor is a secure subsystem that is able to provide attestation.

The RoT is usually established by a type of cryptoprocessor called a trusted platform module (TPM)

Attestation means that a statement made by the system can be trusted by the receiver.

Question 2

Attestation

Answer 2

Attestation means that a statement made by the system can be trusted by the receiver.

Question 3

TPM

Answer 3

TPM is a specification for hardware-based storage of encryption keys, hashed passwords, and other user and platform identification information.

The TPM is implemented either as part of the chipset or as an embedded function of the CPU.

Each TPM is hard-coded with a unique, unchangeable asymmetric private key called the endorsement key.

TPM also supports the concept of an owner, usually identified by a password

Question 4

Secure boot

Answer 4

Secure boot is designed to prevent a computer from being hijacked by a malicious OS.

Secure boot requires UEFI, but does not require a TPM

Question 5

unified extensible firmware interface (UEFI)

Answer 5

UEFI provides code that allows the host to boot to an OS. UEFI can enforce a number of boot integrity checks.

Question 6

A trusted or measured boot

Answer 6

A trusted or measured boot process uses platform configuration registers (PCRs) in the TPM at each stage in the boot process to check whether hashes of key system state data (boot firmware, boot loader, OS kernel, and critical drivers) have changed.

Question 7

Boot attestation

Answer 7

Boot attestation is the capability to transmit a boot log report signed by the TPM via a trusted process to a remote server, such as a network access control server.

The boot log can be analyzed for signs of compromise, such as the presence of unsigned drivers.

The host can be prevented from accessing the network if it does not meet the required health policy or if no attestation report is received

Question 8

Memorandum of understanding (MOU)

Answer 8

agreement to express an intent to work together

Question 9

Business partnership agreement (BPA)

Answer 9

BPA - the partner agreements that large IT companies (such as Microsoft and Cisco) set up with resellers and solution providers.

Question 10

Non-disclosure agreement (NDA)

Answer 10

Legal basis for protecting information assets. NDAs are used between companies and employees, between companies and contractors, and between two companies.

Question 11

Service level agreement (SLA)

Answer 11

A contractual agreement sets out the detailed terms under which a service is provided.

Question 12

Measurement systems analysis (MSA)

Answer 12

quality management processes, such as Six Sigma, make use of quantified analysis methods to determine the effectiveness of a system.

Question 13

hardening

Answer 13

The process of putting an operating system or application in a secure configuration is called hardening.

Question 14

Host-based intrusion detection systems (HIDS)

Answer 14

provide threat detection via log and file system monitoring.

Question 15

An endpoint protection platform (EPP)

Answer 15

An endpoint protection platform (EPP) is a single agent performing multiple security tasks, including malware/intrusion detection and prevention, but also other security features, such as a host firewall, web content filtering/secure search and browsing, and file/message encryption.

Question 16

data loss prevention (DLP) agent

Answer 16

data loss prevention (DLP) agent. This is configured with policies to identify privileged files and strings that should be kept private or confidential, such as credit card numbers. The agent enforces the policy to prevent data from being copied or attached to a message without authorization.

Question 17

endpoint detection and response (EDR)

Answer 17

endpoint detection and response (EDR) - provide real-time and historical visibility into the compromise, contain the malware within a single host, and facilitate remediation of the host to its original state.

Question 18

embedded system

Answer 18

embedded system is a complete computer system that is designed to perform a specific, dedicated function.

Embedded systems can be characterized as static environments. A PC is a dynamic environment.

Embedded systems are normally based on firmware running on a programmable logic controller (PLC).

Question 19

System on chip (SoC)

Answer 19

System on chip (SoC) is a design where all these processors, controllers, and devices are provided on a single processor die (or chip).

Arduino, Rasperberry PIs are examples of SoC boards.

Question 20

field programmable gate array (FPGA)

Answer 20

field programmable gate array (FPGA) is a type of controller that the end customer can configure the programming logic of the device to run a specific application.

Question 21

application-specific integrated circuits (ASICs)

Answer 21

application-specific integrated circuits (ASICs) used in Ethernet switches. ASICs are expensive to design, however, and work only for a single application, such as Ethernet switching.

Question 22

Operational Technology (OT) network.

Answer 22

A cabled network for industrial applications is referred to as an operational technology Operational Technology (OT) network.

Question 23

subscriber identity module (SIM)

Answer 23

subscriber identity module (SIM) The SIM is issued by a cellular provider, with roaming to allow use of other suppliers’ tower relays.

Question 24

Backhaul security

Answer 24

Backhaul security is usually enforced using IPSec.

Question 25

Industrial control systems (ICSs)

Answer 25

Industrial control systems (ICSs) provide mechanisms for workflow and process automation. These systems control machinery used in critical infrastructure, like power suppliers, water suppliers, health services, telecommunications, and national security services.

Question 26

supervisory control and data acquisition (SCADA)

Answer 26

supervisory control and data acquisition (SCADA) system takes the place of a control server in large-scale, multiple-site ICSs.

It typically uses WAN communications, such as cellular or satellite, to link the SCADA server to field devices.

Question 27

smart meter

Answer 27

A smart meter provides continually updating reports of electricity, gas, or water usage to the supplier, reducing the need for manual inspections.

Most meters use cellular data for communication back to the supplier, and an IoT protocol, such as ZigBee, for integration with smart appliances.

Question 28

UAV

Answer 28

unmanned aerial vehicles

Question 29

Way of increasing the security of data in transit for embedded systems

Answer 29

is through the use of wrappers, such as IPSec.

Question 30

Corporate owned, business only (COBO)

Answer 30

Corporate owned, business only (COBO)—the device is the property of the company and may only be used for company business.

Question 31

Corporate owned, personally-enabled (COPE)

Answer 31

Corporate owned, personally-enabled (COPE)—the device is chosen and supplied by the company and remains its property. The employee may use it to access personal email and social media accounts and for personal web browsing

Question 32

Choose your own device (CYOD)

Answer 32

Choose your own device (CYOD)—much the same as COPE but the employee is given a choice of device from a list

Question 33

Enterprise mobility management (EMM)

Answer 33

Enterprise mobility management (EMM) is a class of management software designed to apply security policies to the use of mobile devices and apps in the enterprise

Question 34

Mobile device management (MDM)

Answer 34

Mobile device management (MDM)—sets device policies for authentication, feature use (camera and microphone), and connectivity. MDM can also allow device resets and remote wipes.

Question 35

Mobile application management (MAM)

Answer 35

Mobile application management (MAM)—sets policies for apps that can process corporate data, and prevents data transfer to personal apps.

This type of solution configures an enterprise-managed container or workspace.

Question 36

UEM (unified endpoint management)

Answer 36

UEM (unified endpoint management) - Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Question 37

Context aware authentication

Answer 37

Context aware authentication – Phones can have a feature to disable screen lock if it detects that it is in a trusted location.

Question 38

Indoor Positioning System (IPS)

Answer 38

Indoor Positioning System (IPS)—works out a device’s location by triangulating its proximity to other radio sources, such as cell towers, Wi-Fi access points, and Bluetooth/RFID beacons.

Question 39

Geofencing

Answer 39

Geofencing is the practice of creating a virtual boundary based on real-world geography. Geofencing can be a useful tool with respect to controlling the use of camera or video functions or applying context-aware authentication

Question 40

Sideloading

Answer 40

Sideloading – Unknown sources enable, untrusted apps can be downloaded from a website and installed using the .apk file format on Android devices.

Question 41

Containerization

Answer 41

Containerization - allows the employer to manage and maintain the portion of the device that interfaces with the corporate network.

Question 42

Carrier unlocking

Answer 42

Carrier unlocking—for either iOS or Android, this means removing the restrictions that lock a device to a single carrier.

Question 43

an ad hoc network

Answer 43

an ad hoc network - Wireless stations can establish peer-to-peer connections with one another, rather than using an access point.

Question 44

bluejacking

Answer 44

bluejacking, a sort of spam where someone sends you an unsolicited text (or picture/ video) message or vCard (contact details)

Question 45

Bluesnarfing

Answer 45

Bluesnarfing refers to using an exploit in Bluetooth to steal information from someone else’s phone.

Question 46

Radio Frequency ID (RFID)

Answer 46

Radio Frequency ID (RFID) is a means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else

Question 47

Rich Communication Services (RCS)

Answer 47

Rich Communication Services (RCS) is designed as a platform-independent advanced messaging app, with a similar feature set to proprietary apps like WhatsApp and iMesssage.

These features include support for video calling, larger binary attachments, group messaging/calling, and read receipts.

Question 48

real-time operating system (RTOS)

Answer 48

real-time operating system (RTOS). An RTOS is often used for time-sensitive embedded controllers, of the sort required for the modulation and frequency shifts that underpin radio-based connectivity.