Lesson 17: Explaining Organizational and Physical Security Concepts Flashcards
Define configuration management
Identifying and documenting all the infrastructure and devices installed at a site
What are the different aspects of configuration management?
- Service assets
- Configuration Item (CI)
- Baseline Document
- Configuration management system
Define a service asset
Things, processes, or people that contribute to the delivery of an IT service. Each asset must be identified by some sort of label.
Define a configuration item (CI)
An asset that requires specific management procedures for it to be used to deliver the service. CIs are defined by their attributes.
Define a baseline document
Approved or authorized state of a CI; This allows auditing processes to detect unexpected or unauthorized change. A baseline can be a configuration baseline (the ACL applied to a firewall, for instance) or a performance baseline.
What is a configuration baseline?
Settings for services and policy configuration for a network appliance or for a server operating in a particular application role.
Define a configuration management system (CMS)
A Configuration Management System (CMS) is the tools and databases that collect, store, manage, update, and present information about CIs.
Define change management
Process for approving, preparing, supporting, and managing new or updated business processes or technologies.
Summarize a standard change management process
The need or reasons for change and the procedure for implementing the change is captured in a Request for Change (RFC) document and submitted for approval. The RFC will then be considered at the appropriate level and affected stakeholders will be notified.
What is the purpose of a request for change (RFC) document?
To have the pending changes in writing and allows for approval at appropriate level.
Define a standard operating procedure (SOP)
Documentation of best practice and work instructions to use to perform a common administrative task.
Define an audit report
Detailed and specific evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported to ensure that the target of the audit is in compliance with the organization’s policies, regulations, and legal responsibilities.
What is the difference between an audit report and an assessment report?
An audit report focuses on identifying and documenting assets, an assessment report evaluates the configuration and deployment of those assets, such as deviation from baseline configuration or performance.
What is system life cycle?
Method to track the life cycle phases of one or more hardware, service, or software systems.
What are the types of physical network diagrams?
- Floor plan
- Wiring Diagram
- Distribution Frame
- Wireless Site Survey
What is the purpose of a distribution frame diagram?
A port location diagram identifies how wall ports located in work areas are connected back to ports in a distribution frame or patch panel and then from the patch panel ports to the switch ports.
What are the two types of distribution frames?
- Intermediate Distribution Frame (IDF)
- Main Distribution Frame (MDF)
Define an Intermediate Distribution Frame (IDF)
Passive wiring panel providing a central termination point for access layer switches that serve a given area, such as a single office floor. Each IDF has a trunk link to the MDF.
Define a Main Distribution Frame (MDF)
Passive wiring panel providing a central termination point for cabling. A MDF distributes backbone or “vertical” wiring through a building and connections to external access provider networks.
What are types of logical network diagrams
- Physical layer
- Data link layer (L2)
- IP Layer (L3)
- Application layer (L4)
What information would be included in a physical layer (L1) logical diagram
Asset IDs and cable links
What information would be included in a data link layer (L2) logical diagram?
Interconnections between switches and routers, with asset IDs (or the management IP of the appliance), interface IDs, and link-layer protocol and bandwidth
What information would be included in a logical network (L3) diagram?
IP addresses of router interfaces (plus any other static IP assignments) and firewalls, plus links showing the IP network ID and netmask, VLAN ID (if used), and DHCP scopes.
What information would be included in a logical application layer (L4) diagram?
Server instances and TCP/UDP ports in use. You might also include configuration information and performance baselines.
Define an incident response plan (IRP)
Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incidents.
Define an incident
When security is breached or there is an attempted breach
What are the main goals during incident response?
- Protect confidential data and minimize impact
- Preserve evidence
- Follow-up analysis to prevent reoccurrence
What is the main conflict when planning incident response?
Protecting data and minimizing impact while preserving evidence for analysis against efficiency and business continuity.
Define a disaster recovery plan (DRP)
Documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
What is the purpose of a disaster recovery plan (DRP)
- Identify scenarios for natural and non-natural disasters and options for protecting systems.
- Identify tasks, resources, and responsibilities for responding to a disaster. Disaster recovery focuses on tasks such as switching services to failover systems or sites and restoring systems and data from backups.
Define a business continuity plan (BCP)
Collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
How is a business continuity plan created?
By performing business impact analysis (BIA) and IT contingency planning (ITCP)
What is the role of Business Impact Analysis (BIA) when creating a business continuity plan (BCP)?
Identifies mission essential and primary business functions and the risks that would arise if the organization cannot fulfill them.
What is the role of IT contingency planning (ITCP) when creating a business continuity plan (BCP)?
Ensures that the business’ processes are supported by resilient IT systems, working to identify and mitigate all single points of failure from a process or function
What is the purpose of a security policy?
Establishes a duty for each employee to ensure the confidentiality, integrity, and availability of any data assets or processing systems that they use as part of their job
What are the best practice security measures that should be taken during the onboarding process?
- Background check
- Identity and access management (IAM) - creating user accounts and privileges
- Asset allocation
- Training on polices
What are the best practice security measures that should be taken during the offboarding process?
- Identity and access management (IAM) - disabling user accounts and privileges
- Retrieving company assets
- Returning personal assets
- Resetting generic account credentials
What is the purpose of a password policy?
Promotes user selection of strong passwords by specifying a minimum password length, requiring complex passwords, requiring periodic password changes, and placing limits on reuse of passwords
What is best practice for password length?
12 to 16 characters - passphrases are best
What is best practice for password complexity?
Varying the characters in the password makes it more resistant to dictionary-based attacks
What is best practice for password age/history?
Requiring that the password be changed periodically and preventing the reuse of previously selected passwords
What is the purpose of an acceptable use policy (AUP)?
Policy that governs employees’ use of company equipment and Internet services. ISPs may also apply AUPs to their customers.
What is the purpose of a bring your own device policy (BYOD)?
The mobile is owned by the employee and can be used on the corporate network so long as it meets a minimum specification required by the company (in terms of OS version and functionality). The employee will have to agree on the installation of corporate apps and to some level of oversight and auditing
Define a data breach
The theft or loss of confidential and/or personal information.
What can be leveraged to prevent data breaches or lass of data?
Data loss prevention (DLP) software detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
What is the purpose of a service level agreement (SLA)?
Agreement that sets the service requirements and expectations between a consumer and a provider.
What is typically in service level agreement (SLA)?
Aspects of the service, such as scope, performance characteristics, and responsibilities that are agreed upon between the service provider and the customer.
Define a non-disclosure agreement (NDA)
Agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.
What is a memorandum of understanding (MOU)?
A preliminary or exploratory agreement to express an intent to work together; intended to be relatively informal and not to act as binding contracts.
What are 3 physical means of access control for an area/building/room?
- Badge reader
- Biometric
- Access control vestibule (mantrap)
Define an access control vestibule (mantrap)
Secure entry system with two gateways, only one of which is open at any one time.
What are 3 physical access controls for IT assets?
- Locking racks
- Locking cabinets
- Smart lockers with badge/biometric control
What are the two detection based physical access controls?
- Cameras (with audio as well)
- Asset tags
What type of asset tag allows for electronic tracking?
RFID asset tags allow detection to prevent theft
What are two types of physical alarms
- Circuit based
- Motion detection
Define a circuit based alarm
Sounds when the circuit is opened or closed; this could be caused by a door or window opening or by a fence being cut.
What is the most secure from of circuit based alarm?
Closed-circuit alarm is more secure because an open circuit alarm can be defeated by cutting the circuit.
How does motion detection function?
Alarm is linked to a sensor that detects moving heat sources with microwave radio reflection or passive infrared (PIR).
Define a hardened Protected Distribution System (PDS)
Cabling is routed through sealed metal conduit and subject to periodic visual inspection.
Define data remnants removal
Ensuring that no data is recoverable from hard disk drives (HDDs), flash devices or solid state drives (SSDs), tape media, CD, DVD ROMs, or paper documents before they are disposed of or put to a different use.
What are the main methods of data destruction?
- Incineration
- Pulverization
- Degaussing (HDDs, SSDs)
Define zero-filling
From of sanitization/overwriting which just sets each bit to zero
What is the most secure way to perform zero-filling?
Overwrite the content with one pass of all zeros, then a pass of all ones, and then one or more additional passes in a pseudorandom pattern.
Define secure erase (SE)
Method of sanitizing a drive using the ATA command set to automatically preform a single pass of zero-filling.
What is the downside to secure erase (SE)
Only works for HDDs due to how SSDs write memory
Define Instant Secure Erase (ISE)
Media sanitization command built into self-encrypting HDDs and SSDs that works by erasing the encryption key, leaving remnants unrecoverable.
Define IoT (Internet of Things)
Global network of personal devices, home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity.
What are two types of consumer grade IoT devices?
1.Hub/control system
2. Smart devices
3. Physical access control system (PACS)
What are examples of a Hub/control system?
Devices that require a communications hub to function; wireless speakers/headset
What are examples of smart devices?
Devices are capable of compute, storage, and network functions; smart lightbulb, fridge, thermostat
Define a physical access control system (PACS)
Components and protocols that facilitate the centralized configuration and monitoring of security mechanisms.
What makes up physical access control system (PACS)?
A network of monitored locks, intruder alarms, and video surveillance cameras.
What is a principal requirement of IoT networking technologies?
Low power consumption and low latency.
Define the Z-Wave protocol
A wireless communications protocol used primarily for home automation and creates a mesh network topology
Define Narrowband-IoT (NB-IoT) and its purpose
A low-power version of the Long Term Evolution (LTE) used for sending small packets with low latency
