Lessons 10-14 Flashcards
CENTRALIZED COMPUTING
All processing and data storage are managed and controlled by the central server or mainframe rather than on individual devices.
CLIENT-SERVER
is a network architecture where a server provides resources or services, and a client accesses and uses those resources or services.
INDUSTRIAL CONTROL SYSTEMS ICS
Are networked devices and software used to monitor and control industrial processes, such as manufacturing, power generation, and water treatment.
Supervisory control and data acquisition (SCADA)
is a specialized ICS system that is designed for monitoring and controlling large-scale industrial processes.
CLOUD COMPUTING
Is the delivery of computing services other than the internet (the cloud) that scale to business needs.
MICROSERVICES
Is composed of small independent services that communicate with each other over a network, enabling greater scalability and flexibility.
Resilience
if there are failures how well can we recover
Provisioning
the process of setting up and configuring resources, services, or devices so they are ready for use.
SOFTWARE AS A SERVICE SaaS
a cloud computing service where software applications are delivered over the internet on a subscription basis. Users can access these applications via a web browser without needing to install or maintain the software themselves. Examples include Gmail, Microsoft Office 365, and Salesforce.
PLATFORM AS A SERVICE PaaS
is a cloud computing service that provides a platform allowing customers to develop, run, and manage applications without dealing with the underlying infrastructure.
INFRASTRUCTURE AS A SERVICE IaaS
is a cloud computing service that provides virtualized computing resources over the internet. This includes virtual machines, storage, and networking, allowing users to rent and manage the infrastructure they need for their applications, without having to invest in and maintain physical hardware.
ANYTHING AS A SERVICE XaaS
Represents the growing type of services available over the internet via cloud computing as opposed to being provided locally, or on-premises.
CSP
cloud service provider
Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). These providers host and manage the infrastructure and platforms, allowing users to access and use them on a pay-as-you-go basis.
Public cloud
Provisioned for public use. Considerations include- location, multi-tenancy
Private cloud
Provisioned for the exclusive use of a single organization. Considerations-scalability
Community cloud
Provisioned for the exclusive use by a well-defined group. Considerations- multi-tenancy
CLOUD BURSTING
Is the on-demand and temporary use of the public cloud when demand exceeds resources available in the private cloud or on-premises infrastructure.
Physical layer
Consists of data centers with thousands of servers, storage devices, and networking equipment.
Abstract Layer
Includes the EC2 instances (virtual machines), S3 storage (abstracted storage service), and VPC (virtual private cloud for networking).
CLOUD SECURITY GROUPS
are a feature used in cloud computing environments to control inbound and outbound traffic to and from virtual machines (VMs) or other cloud resources.
CLOUD CONTAINER
Containers offer a logical packaging mechanism in which applications can be abstracted from the environment in which they run
Containers can virtualize CPU, memory, storage, network resources at the OS-level (lightweight)
region
set of connected data centers deployed within a defined perimeter
Availiability zone
zone is made up of one or more data centers equipped with independent power, cooling and networking
instance
is a virtual server created and managed on a cloud platform. Instances provide computing power and can run applications just like physical servers but with the flexibility and scalability of the cloud.
rapid elasticity
adapt to changing workload demands by auto-provisioning and de-provisioning pooled resources to match the current demand.
resource pooling
the practice of sharing physical or virtual resources (like servers, storage, and networks) among multiple users or applications.
measured service
metering capability
AUTOMATION
Is the application of technology, programs, robotics or processes to achieve outcomes with minimal human input.
Orchestration
is the integration of disparate tools and platforms for an automated response.
Scalability
is the ability of the system to automatically accommodate larger loads by adding resources- either making hardware stronger(scale up) or adding additional nodes (scale out)
Elasticity
is the ability to fit the resources needed to cope with loads dynamically. When the load increases, more resources are added and when demand decreases, resources are removed.
Infrastructure-as-code
using code to manage configurations and automate provisioning
Serverless computing
dynamic allocation of resources to execute a specific piece of code.
Containerization
is a technology that allows applications to be packaged and run in isolated environments called containers
Software-defined-networking
using software to manage and configure the network infrastructure
VIRTUALIZATION
Is technology that creates multiple environments from a single, physical hardware system
Virtualization sprawl-
occurs when the number of virtual systems is out of control-potentially unmanaged, unnecessary, and not in compliance with licensing agreements. Virtual devices should be treated the same as physical systems
Virtual machine escape
occurs when a VM and the host OS interact. This should NEVER happen.
Virtual desktop infrastructure VDI
is Virtualization technology that hosts a desktop OS on a centralized server in a data center.
HYPERVISORS
Are software or firmware components used to virtualize system resources
Type 1- bare metal/native hypervisors run directly on the system hardware. Direct access to hardware. No OS to load as the hypervisor is the OS
Type 2- hosted hypervisors run on a host OS that provides Virtualization services. Type 1 is faster and more efficient but with greater hardware requirements and expense.
EMBEDDED SYSTEMS
Is an electronic product that contains a microprocessor and software designed to perform a specific task.
Industrial control systems ICS-
are embedded systems that monitor and control industrial processes that exist in the physical world. They are either data driven or operated remotely
Supervisory control and data acquisition SCADA
monitor complex systems spread out over large areas (gasoline, natural gas, electricity, water, waste)
System on a chip SoC
The chips are inexpensive and profit margins slim
There is little incentive to maintain/update chip firmware
Real-time OS RTOS
Strong incentive to use open-source OS
The RTOS may be outdated
Often patches are not available, if available expertise to install is rare.
active side channel- embedded system attack
uses a voltage glitch on the power supply to cause a program malfunction
steppingstone- embedded system attack
is a type of cyber attack where an attacker compromises a less secure system (the “stepping stone”) to gain access to a more secure target.
Rasberry Pi
a small, affordable single-board computer developed by the Raspberry Pi Foundation. It’s designed to promote computer science education and can be used for various projects and applications, including programming, electronics, and DIY projects.
INTERNET OF THINGS IoT
Refers to a network of physical objects or “things” embedded with sensors, software and connectivity that enable the, to exchange data with other connected devices and interacts with users of the internet (smart devices)
Industrial internet of things IIoT
the applications of Iot in industrial settings to improve efficiency, productivity and safety. The use of connected sensors, devices, and machines in manufacturing, logistics and other industrial settings to collect, analize, and share data in real time
EDGE COMPUTING
a technology that processes data close to where it is generated, rather than sending it to a central data center or cloud. This reduces latency, saves bandwidth, and allows for faster decision-making and real-time applications.
Sensor-
a component that detects and responds to changes in an environment
Actuator
takes the electrical input and turns it into a physical action
Wireless Transceiver
sends and receive RF signals over the air- NFC,WLAN,RFID,GSM
True positive
Normal or expected activity is correctly identified- GOOD
False positive
Normal or expected activity is incorrectly identified as abnormal or unexpected- PROBLEMATIC
True negative
Abnormal or unexpected activity is correctly identified- GOOD
False negative
Abnormal or unexpected activity is incorrectly identified as normal or expected- DANGEROUS
Fail-open
means that the network device allows network traffic to continue to flow even if the device fails.
Fail-closed
the network device blocks network traffic even if the device fails-
inline device
sits directly in the path of network traffic and activity and actively processes data packets as they pass through , IPS firewalls and load balancers
A collector
is a device that performs targeted collection which feeds into an aggregation or correlation engine
NAC
NETWORK ACCESS CONTROL
Is the process of controlling access, identifying suspicious behavior, and preventing data exfiltration
Intrusion detection system IDS
can analyze and monitor network traffic
Intrusion prevention system IPS
can analyze and monitor, and proactively deny network traffic
Pattern matching
based on established known patterns and signatures. Signatures must be updated frequently
Rule-based
analyze behavior for violations or preconfigured set of rules.
Behavior-based
focus on deviations from normal patterns of behavior rather than specific attack signatures or rules.
Heuristic
use a set of predefined rules and algorithms to identify anomalous behavior and patterns which can be adapted and updated over time
JUMP SERVER
Also known as a jump host or bastion host, is a hardened computer system or server that provides secure access to other computers or systems within a network
*Usually deployed in a screened subnet to provide an additional layer of security. Users can access the jump server through a secure connection, such as SSH or a VPN, then use the jump server as a gateway to access other systems within the network
PROXY SERVER
Is an intermediary machine between a client and a server. Which is used to filter or fetch and cache requests made by the client
TYPE OF PROXY SERVERS
- Forward- client (browsers) are configured to send requests to the proxy server, the proxy server receives the request, fetches content and stores a copy for future use (static)
- Transparent- same as forward proxy except that the client (browser) does not need to be configured. The proxy server resides on the gateway and intercepts requests.
- Reverse- appears to the client just like a regular web server. The proxy caches all the static answers from the web server and replies to the clients from its cache to reduce the load on the web server
pre-admission policy
Policies that determine whether a device can access the network before it is granted access.
pos-admission policy
Policies that monitor and control the behavior of devices after they have been granted access to the network.
Firewalls
- Isolate network segments and traffic by controlling ingress and egress access. Various types of firewalls incorporate additional and or specialized features and functionality
- Firewalls are a deterrent control because a hardened appearance can discourage attackers
- Firewalls are a preventative control because they can be configured to restrict ingress and egress network traffic
OSI Model
is a conceptual framework used to understand and standardize how different networking protocols interact. It divides the communication process into seven distinct layers:
1. Physical Layer:
Function: Transmits raw bit streams over a physical medium.
Examples: Cables, switches, and network interface cards (NICs).
- Data Link Layer:
Function: Provides node-to-node data transfer and handles error correction from the physical layer.
Examples: Ethernet, MAC addresses. - Network Layer:
Function: Manages data routing, forwarding, and addressing between devices on different networks.
Examples: IP addresses, routers. - Transport Layer:
Function: Ensures complete data transfer with error checking and data flow control.
Examples: TCP (Transmission Control Protocol), UDP (User Datagram Protocol). - Session Layer:
Function: Manages and controls the connections (sessions) between computers.
Examples: Session establishment, maintenance, and termination. - Presentation Layer:
Function: Translates data between the application layer and the network format, and handles data encryption and decryption.
Examples: SSL/TLS, data compression formats. - Application Layer:
Function: Provides network services directly to applications.
Examples: HTTP, FTP, SMTP.
Stateful firewall
inspects headers and packet payload and keeps track of the state of the entire connection from start to finish.
Stateful firewalls operate at the transport layer of the OSI model (L4) . Use case: more granular control
Stateless Packet filtering
inspect each packet individually and decide whether a packet is allowed or denied based on the header information (protocol, source, destination, port). Packet-filtering firewalls operate at the Network layer of the OSI model (L3). Use case: fast, efficient, low resource utilization, low cost.
Next Generation NFGW firewall
inspect the entire transaction; do surface-level and deep packet inspection; and incorporate additional security features and application controls. Next-gen firewalls operate at the application layer of the OSI model (L7).
Unified threat management UTM firewall
is the evolution of a firewall into an all-inclusive device performing multiple security functions (firewall, gateway, anti-malware) UTMs typically operate at multiple layers of the OSI model- L3, L4 and L7
Virtual Firewall
designed to protect virtualized environments such as cloud infrastructure and VMs. virtual firewalls operate within the virtualized environment and provide security at the application layer of the OSI model (L7) to protect against attacks targeting the virtualized environment
Deny by default
if not explicitly denied, then access is denied
FIREWALL ACCESS CONTROL LIST ACL
Rules are processed in order from top to bottom. The last rule of an ACL is to block any traffic not previously allowed.
1. Permission- allow (permit) or deny
2. Protocol- UDP, TCP, IP
3. Port- listening port (port 80 is HTTP)
4. Source IP- where the traffic is coming from (host, range, wildcard, any)
5. Destination IP- where the traffic is going to (host, range, wildcard, any)
SECURE PROTOCOL
A set of rules and procedures designed to ensure secure communication between two or more parties over a network or the internet. The objective is confidentiality, integrity, authentication, non-repudiation, or any combination thereof.
Transport layer security TLS
*. History- introduced in 1999 TLS is used to establish a secure communication channel by using a cryptographic key exchange. Communicates on port 443
* Current state- replacement for SSL. provides integrity. TLS uses block encryption cipher and includes advanced security features and improved algorithms. The current version is TLS 1.3. IETF has officially declared both TLS 1.0 and 1.1 weak and should not be used.
SECURE SOCKET LAYER SSL
- History- developed in 1995 by Netscape, SSL is used to establish a secure communication channel by negotiation using a stream cipher. SSL communicates on port 443
- Current state- SSL is outdated so in 2015 SSl 3.0 was deprecated to the internet engineering task force (IETF) due to numerous security vulnerabilities discovered over the years. SSL 2.0 &3.0 should be disabled. When they are enabled they make your system vulnerable to a downgrade attack. Most browsers no longer support SSL
IP SECURITY IPsec
Is a protocol suite used to secure IP communication by providing authentication, integrity, and confidentiality services.
* Operates at the network layer (L3) and can be used to encrypt data being sent between any systems that can be identified by an IP address
Tunnel mode -ipsec mode
the entire original IP packet is encapsulated to become the payload of a new IP packet. A new IP header is added on top of the original Ip packet
Transport mode- ipsec mode
The payload is encrypted but not the IP header. Has less overhead but can be less secure.
VIRTUAL PRIVATE NETWORK VPN
Designed to facilitate secure remote access communication over a public network
Full tunneling- vpn
requires all traffic to be routed over the VPN
Split tunneling- vpn
allows the routing of some traffic over the VPN while letting other traffic directly access the internet
SOFTWARE-DEFINED WIDE AREA NETWORK (SD-WAN)
A technology that enables the creation of a software-defined network overlay over an existing wide area network WAN
* SD-WAN focuses on providing software defined application routing to the wide area network
CATEGORIES OF DATA TYPES
- Regulated- data that is protected by law, or industry standards
- Personally identifiable- data that can be used to identify a specific person
- Intellectual property- intangible creations
- Contractually protected- data that is specified in a contract or agreement
- Organizationally classified- data meets classification criteria
REGULATED DATA
Data that is subject to certain laws, regulations, or industry standard that govern its collection, use, storage, and disclosure
Jurisdiction
the power or right of a legal or political agency to exercise its authority over a person, subject matter or territory
COMPLIANCE
Acting in accordance with applicable rules, laws, policies, and obligations
PERSONALLY IDENTIFIABLE INFORMATION PI
Data that can be used to identify a specific person. Compromise of PI can result in identity theft, fraud, or other malicious uses.
Persons name, address, date of birth, SSN, passports number, driver license, phone number, email, biometric data.
GDPR- General data protection regulation
protects people in the EU and EEA from unlawful data collection or processing and works to increase consent requirements and to provide enhanced user rights.
INTELLECTUAL PROPERTY
A branch of law that deals with the protection of intangible creations (books, powerpoints, art)
INTELLECTUAL PROPERTY (IP) PROTECTIONS
- Patent- gives the owner the legal right to exclude others from making, using, or selling an invention for a period of time, in exchange for publishing a public disclosure of the invention.
- Trademark- intended to protect recognizable names, icons, shapes, colors, and sounds used to represent a brand or company.
- Copyright- intended to allow the creator of certain types on original works to benefit from being created and compensated for thor work
- Trade secret- proprietary business and technical information , processes, designs, or practices that are confidential to a business.
Freeware
copyrighted software that is available at no cost for unlimited usage. Developer retains all rights and controls distribution
Shareware
copyrighted software that is available at no cost for unlimited usage. Users are encouraged to share the software to promote larger distribution and sales.
Open source
the copyright holder grants users the rights to use, study, change, and distribute the software to anyone and for any purpose
Commercial off the shelf (COTS)
copyrighted software that a company designs and develops to sell or license. The company retains all rights to the program and controls distribution
AI-GENERATED INTELLECTUAL PROPERTY
On March 15, 2023 the US copyright office announced that works created with the assistance of AI may be copyrightable, provided the work involves sufficient human authorship
* According to the policy statement, works created by AI without human intervention cannot be copyrighted.
CLASSIFICATION
Is the process of organizing assets by criticality and sensitivity
Sensitivity & Criticality
- based on the impact of asset exposure
- is based on the impact of asset loss used for disaster recovery and business continuity planning
LABELING
Is the vehicle for communicating the assigned classification to custodians, users, and applications.
* Labels can be electronic, print, audio, or visual
HANDLING STANDARDS
Inform custodians and users how to protect information they use and systems they interact with
SECURITY CLEARANCE
Is a determination made by the government that an individual is eligible to access classified information up to a certain level of classification
DATA MANAGEMENT
Planning and execution of policies and practices that protect data confidentiality, integrity and availability throughout its lifecycle.
Data owners
are responsible for oversight and decisions related to classification, access control, and protection
Data custodians
responsible for advising, implementing, and monitoring data protection controls.
data Encryption
transforms plaintext into encrypted text that only the intended person can decrypt (confidentiality)
Hashing
creating a one-way-fixed-length representation used for comparative purposes (ensure integrity)
DATA MASKING
A technique used to protect sensitive data by replacing it with fictional or de-inclined data
* Techniques include: replacing identifiable data with symbols, shuffling the data, or applying data substitution methods that maintain the format of the original data while hiding its conten
TOKENIZATION
Is a techniques to secure and desensitize data by replacing the original data with an unrelated value of the same length and format
DATA OBFUSCATION
Is the act of making a data set difficult to understand or find by unauthorized users.
Data abstraction
is the programming process of creating a data type that hides the details of data representation. Separating the interface from the implementation.
BACKUP AND RECOVERY
These processes ensure that accurate and reliable copies of data and system configurations are created, maintained, and tested.
Network-attached Storage (NAS)
a file dedicated storage device that connects over the ethernet. Relatively inexpensive to add additional NAS devices
Storage Area Network (SANs)
provides network access to storage devices. It creates an image by mirroring a production disk to another disk inside the storage array.
Disk shadowing-
data is written to and read from two or more independent disks. The process is transparent to the user.
Electric vaulting
copies files as the change and periodically transmits them to a secure backup location
Remote journaling
copies and periodically transmits transaction logs to a backup location
Asynchronous Replication
an automated process that streams copies of data to the 2nd location. Write is considered complete as soon as local storage commits remote storage updated with a light time lag.
Synchronous Replication
an automated process that streams copies of data to the 2nd location. Both write operations(local and remote) must successfully completed before the system can proceed. Guaranteed zero data loss.
Redundancy-
is the duplication of critical components or functions with the intention of increasing reliability and mitigating the risks associated with single point of failure (SPOF)
RAID
The Redundant Array of Independent Disks (RAID) is a data storage virtualization
technology. RAID combines multiple disk drive components into one or more logical units for the purpose of fault tolerance (data redundancy) or performance improvement.
Clustering
groups multiple systems together to form a single logical unit or cluster
Disk Mirroring
the process of writing data on two partitions on separate disks
Disk Striping
the process of dividing data into blocks and spreading the data blocks across multiple storage devices.
UPS battery backup
uninterruptible power supply, provides backup power when a regular power source fails, or voltage drops to an unacceptable level. Battery is finite
Alternate routing
multiple paths for data to travel between two points. The network can automatically reroute traffic to an alternate path if the primary path becomes unavailable or congested.
Diverse routing
data is transmitted over multiple geographically diverse paths or routes
Cold site
that has basic HVAC . no server related or communications equipment
Warm site
has HVAC,servers and communication infrastructure and equipment. Systems need to be configured (updataed) and data needs to be restored.
Hot site
Had HVAC, servers, and communication infrastructure and equipment. Fully configured and ready to operate, data has been replicated.
Mirrored site
identical or nearly identical site that is operational in concert with the primary site on a load-balancing basis.
DRaaS
disaster recovery as a service offers full recovery in a cloud-based environment
CONTINUITY OF OPERATIONS
The capability of a business to continue to operate in adverse (disaster) conditions
Disaster recovery plans (DRP)
focuses on the recovery and restoration of technology, physical plant, and personnel
Business continuity Plans(BCP)
focuses on the overall strategy for sustaining business activities during a disaster and subsequent recovery period.
Tabletop testing approach
a hypothetical group workshop that focuses on the application of plans and procedures as well as identifying gaps in their preparedness.
Failover testing approach
performed to evaluate the ability of a system or application to recover from a failure and switch to a backup or secondary system or component seamlessly
Simulation testing approach
DRP & BCP plans are executed in a controlled environment to simulate a real-world disaster or outage. The simulation can be done at different levels of granularity.
PARALLEL PROCESSING
Is a complex and costly strategy to ensure uninterrupted business operations during unexpected events or disruptions
PLAN AUDIT
Provides management with an independent assessment of the effectiveness of the plans, procedures, training, and testing, as well as a strategic alignment assurance.
SECURE BASELINE
A predefined set of security configurations ad practices that are considered the minimum level of protection for a system or network
HARDENING
The ongoing process of configuring security settings, applying security patches, and implementing the least functionality to reduce the system footprint, minimize vulnerabilities and exposure to threats, and enhance resilience.
WPAN
wireless personal area network (bluetooth)
802.15 IEEE standard
WLAN
wireless local area network
802.11 IEEE standard
WMAN
wireless metro area network
802.16 IEEE standard
PERFECT FORWARD SECRECY (PFS)
Is a protocol property that effectively protects past sessions against future compromises
WIRELESS SITE SURVEY
the process of planning and designing a wireless network to ensure optimal coverage and performance.
WIRELESS ACCESS POINT
WAP or AP acts as a central transmitter and receiver or wireless signals
Omnidirectional antenna-
radiates transmissions out and receives transmissions in from all directions (360 degrees) generally inside a building
Directional antenna
focuses the signal in a specific direction. Generally used to connect buildings
Wi-Fi heat map
a visual representation of the wireless signal coverage and strength
PREDICTIVE SITE SURVEY
Uses software to model the environment
* Building and floor plans are loaded into predictive site survey software to develop wireless network designs
SSID
A set service identifier- is a code that identifies a wireless access point
* All wireless devices that want to communicate on a network must have their SSID set to the same value as the WAP SSID to connect.
warstorming
using a drone and a Wi-Fi equipped device to detect Wi-Fi networks
Warchalking
drawing of symbols in public places to advertise a Wi-Fi network
MOBILE DEVICE MANAGEMENT MDM
encompasses deploying, securing, monitoring, and managing mobile devices in the workplace
Unified endpoint management (UEM)
extends the functionality of MDM to IoT devices and wearables
Mobile Application management (MAM)
focuses on the management of mobile applications
DEVICE OWNERSHIP TYPES
BYOD- bring your own device- users use their personally owned devices for both professional and personal use.
COPE- company issues personal enables- users get issued a company wonder device for both professional and personal use.
COBO- company issued business only- users get issued a company owned device for professional use only.
Geolocation-
process of determining the devices location based on GPS, cell triangulation, or Wi-Fi proximity. Active device tracking, locate a lost device
Containerization
use of a secure virtual container used to segregate high risk applications (email, browser). Also used to segregate and encrypt confidential data
Storage segmentation
segment personal and corporate data. Enforces access and encryption policies by storage location and folders.
Full device encryption FDE
requires the entire device to be encrypted including removable media.
DLP Data Loss Prevention
a set of strategies and tools used to prevent sensitive information from being lost, misused, or accessed by unauthorized users.
APPLICATION SECURITY
Is the process of developing, adding and testing security features within applications to minimize the risk of unauthorized access (confidentiality), modification (integrity), and downtime(unavailability)
SECURE STAGING
The process of planning, scheduling, and controlling the movement of developed or acquired code.
DEV-TEST-STAGE-PROD
- Dev- the development environment is used for code development, proof of concept, experimentation, customization and early-stage testing
- Test- the testing environment is used to merge code, ensure quality, isolate bugs, and measure performance and functionality.
- Stage- the staging environment is used to ensure that the application behaves as expected and confirms that it does not adversely impact existing applications.
- Prod- the production environment is the “live” environment that hosts the application. It is the endpoint in the release management process.
SECDEVOPS
SecDevOps (security, development, and operations) promotes collaboration between development, operations, and security teams
Fuzz testing or fuzzing
an automated testing technique used to discover coding errors and security loopholes by inputting invalid, unexpected, or semi-random data, called fuzz, and monitoring the application response.
Security automation
automating attacks against pre-production code and continuous vulnerability testing against production code
Continuous integration (CI)
continuous merging of source code. If a failure is seen, the team is expected to refocus and fix the build before making any additional code changes.
SECURE CODING
The practice of writing code in a way that prioritizes security minimizes vulnerabilities, and reduces the risk of exploitation by attackers.
