Mitigation Techniques Flashcards

1
Q

IPS signature management

A

• You determine what happens when unwanted traffic
appears
• Block, allow, send an alert, etc.

• Thousands of rules - Or more

  • Rules can be customized by group
    • Or as individual rules
  • This can take time to find the right balance
    • Security / alert “noise” / false positives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Device hardening

A
  • No system is secure with the default configurations
  • You need some guidelines to keep everything safe

• Hardening guides are specific to the software or
platform
• Get feedback from the manufacturer or Internet
interest group

• Other general-purpose guides are available online

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The native VLAN

A

• This is different than the “default VLAN”
• The default VLAN is the VLAN assigned to an
interface by default

  • Each trunk has a native VLAN
    • The native VLAN doesn’t add an 802.1Q header
    • Non-trunked frames
  • Native VLAN defaults to VLAN 1
    • But some Cisco management protocols use VLAN 1

• Change the native VLAN number (e.g., VLAN 999)
• Management protocols will continue to use VLAN 1
(even if it’s not formally configured on the trunk)
• Non-trunked traffic will use the native VLAN number
(VLAN 999)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privileged accounts

A
  • Elevated access to one or more systems
    • Administrator, Root

• Complete access to the system
• Often used to manage hardware, drivers, and
software installation

  • Needs to be highly secured
    • Strong passwords, 2FA
    • Scheduled password changes

• User accounts should have limited control
• Role separation with different access rights
• More difficult for a single limited account to breach
security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FIM (File Integrity Monitoring)

A
  • Some files change all the time
    • Some files should NEVER change

• Monitor important operating system &
application files
• Identify when changes occur

  • Windows - SFC (System File Checker)
    • Linux - Tripwire
    • Many host-based IPS options
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Restricting access via ACLs

A

Use device ACLs to limit access to important
infrastructure devices
• Only admins should be able to login

  • Drop all other traffic
    • Define the subnets for the technology teams
  • This is a bit different than setting an application ACL
    • You’re dropping traffic for non-authorized users
    • Used mostly for access to management interfaces
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Honeypots

A
  • Attract the bad guys - and trap them there
    • The bad guys are probably a machine
    • Makes for interesting recon
  • Honeypots / Honeynet - a network of honeypots
    • Many different options
    • http://www.projecthoneypot.org/, honeyd

• Constant battle to discern the real from the fake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Penetration testing

A
  • Pentest
  • Simulate an attack
  • Similar to vulnerability scanning
  • Except we actually try to exploit the vulnerabilities
  • Often a compliance mandate
  • Regular penetration testing by a 3rd-party

• National Institute of Standards and Technology
Technical Guide to Information Security Testing and
Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly