Module 11: Storage Infrastructure Security (Security Controls) Flashcards
What is a firewall?
security control designed to examine data packets traversing a network and compare them to filtering rules
What is a filtering rule?
may use various filtering parameters such as source address and protocols
can be set for both incoming and outgoing traffic
What determines the effectiveness of a firewall?
how robustly and extensively the security rules are defined
What happens if an unauthorized packet is picked up by the firewall?
dropped and not allowed to continue to the requested destination
What is a demilitarized zone?
a control to secure internal assets while allowing Internet based access to selected resources
How are servers setup in a demilitarized zone?
servers that need Internet access are placed between two firewalls
servers in demilitarized zone may or may not be allowed to communicate with internal resources
What traffic is allowed to go through the demilitarized zone?
application specific ports are allowed through firewall to the demilitarized zone
What isn’t allowed to go through the demilitarized zone?
no internet based traffic is allowed to go through the second firewall and gain access to the internal network
What is IDPS?
intrusion detection - process of detecting events that can compromise the confidentiality of IT resources
What is an IDS?
Intrusion Detection System - security tool that automates the detection process
What is an IPS?
Intrusion Prevention System - tool that has the capability to stop the events after they have been detected by the IDS
What are the key techniques used by an IDPS?
signature based detection
anomaly based detection
What is signature based detection?
IDPS relies on a database that contains known attack patterns or signatures and scans events against it
What is anomaly based detection?
IDPS scans and analyzes events to determine whether they are statistically different from events normally occurring in the system
What is a VPN?
virtual private network - provides a secure connection to the IT resources - secures site to site connection
What is a remote access VPN?
a remote client initiates a remote VPN connection request - VPN server authenticates and provides the user access to the network
What is a site to site VPN?
remote site initiates a site to site VPN connection - VPN server authenticates and provides access to internal network
What is Identity and Access Management (IAM)?
process of managing users identifiers and their authentication/authorization to different IT resources
What is multifactor authentication (MFA)?
uses more than one factor to authenticate a user
What is OAuth?
enables a client to access protected resources from a resource server on behalf of a resource owner
EX: giving Linkedin access to FB
What are the 4 parts involved in authorization control?
resource owner
resource server
client
authorization server
What is OpenID?
standard for authentication in which an organization uses authentication services from an OpenID third party provider
What is an OpenID provider?
maintains user credentials on their authentication system and enables relying parties to authenticate user requests
What is role based access control (RBAC)?
an approach to restrict access to the authorized users based on their respective roles
minimum privileges assigned to each role
What does separation of duties mean in RBAC?
ensures that no individual can both specify an action and carry it out
What is mobile device management (MDM)?
control that resrtricts access to an organizations resources only to authorized mobile devices
What is data encryption?
cryptographic technique in which data is encoded and made indecipherable
What is data in flight?
refers to data that is being transferred over a network
What is data at rest?
refers to data this stored on a storage medium
What is the main rule when it comes to data encryption?
data should be encrypted as close to its origin as possible
What are Transport Layer Security (TLS) and Secure Socket Layer (SSL)
application layer protocols that provide encrypted connection for client server communication
What is data shredding?
process of deleting data or residual representations of data which makes it unrecoverable
What are the 3 main data shredding techniques?
phyiscally destroying
degaussing
overwriting
What is degaussing?
process of decreasing or eliminating the magnetic field of media
What is overwriting?
overwriting the disks several times with invalid data
What is penetration testing?
evaluates systems and apps to find vulnerabilities and threats an attacker can exploit