Misconfiguration Flashcards

1
Q

What are the main factors which make secure configuration difficult?

A

Personal factors: lack of knowledge, lack of experience, other priorities
Environmental factors: Sole responsibility, insufficient Q/A, Time pressure
System factors: Usage of defaults, complexity of the system, legacy support

Also: imprecise laws!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the idea behind SCAP (Security Content Automation Protocol) and what are its main components?

A

Idea: standard to enable automated vulnerability management, measurement, and policy compliance evaluation
Components:
- Common Vulnerabilities and Exposures (CVE)
- Extensible Configuration Checklist Description Format (XCCDF)
- Open Vulnerability and Assessment Language (OVAL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the idea behind the center for internet security (CIS)?

A
  • publishes security configuration guides (CIS workbench)

- users can contribute to benchmarks by adding rules / changing rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some open problems with security configuration?

A
  • how to automate the process? some approaches: OpenSCAP (Linux), Scapolite (Windows)
  • how to track differences between CIS guides and our policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly