Module 3 Flashcards
Mitigating Threats
Security network organization to keep you informed-
SANS, Mitre, FIRST, SecurityNewsWire, ISC^2, and CIS
What does information security deal with?
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
What does the CIA triad consist of?
Three components of information security: Confidentiality, Integrity, and Availability
Who is responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information?
Network security professionals
There are 14 network security domains specified but the ISO/IEC that serve as what?
A common basis for developing organizational security standards
What provides as analogies for understanding approaches to network security?
The Security Onion and security Artichoke
Why are penetration tools used by security personnel?
To validate network security
What allows the exchange of latest threat information?
Threat intelligence services like Cisco Talos
What might various tools, software, and services help with?
Mitigation of malware, reconnaissance, DoS and address spoofing attacks
What does the Cisco Network Foundation Protection framework (CoPP) provide?
Comprehensive guidelines for protecting the network infrastructure by addressing security at the control plane, management plane, and data plane (forwarding plane) of network devices
What Layer 2 security tools are integrated into the Cisco Catalyst switches?
Port security, DHCP snooping, DAI, and IPSG
What do the 14 network security domains do?
THey serve as a common basis for developing organizational security standards and effective security management practices
What can also help facilitate communication between organizations?
The 14 network security domains
In networking, what do policies define?
They define the activities that are allowed on the network
What policies may be included in a security policy?
-Identification and authentication policy
-Password policies
-Acceptable use policy
-Remote access policy
-Network maintenance policy
-Incident handling procedures
What would a threat actor do with a Security Onion defense-in-depth approach?
They would have to peel away at the network’s defense layer by layer, similar to peeling an onion
How is a security policy a “living document”?
The document is regularly updated as technology, business, and employee requirements change
Why has the Security Onion changed into the Security Artichoke?
The changing landscape of networking, such as the evolution of borderless networks
What would a threat actor do with a Security Artichoke defense-in-depth approach?
The threat actor wouldn’t need to peel away each layer like the Security Onion. They would only need to remove certain “artichoke leaves”
What has been developed to help validate the security of a network and its systems?
Network penetration testing tools
What are the different types of penetration testing tools?
-Password crackers
-Wireless hacking tools
-Network scanning and hacking tools
-Packet crafting tools
-Packet sniffers
-Rootkit detectors
-Fuzzers to search for vulnerabilities
-Forensic tools
-Debuggers
-Hacking operating systems
-Encryption tools
-Vulnerability exploitation tools
-Vulnerability scanners
What do threat intelligence services do?
They allow the exchange of threat information such as vulnerabilities, IOCs, and mitigation techniques
(ex. Cisco Talos Threat Intelligence Group)
What are the best practices used for securing a network?
-Develop a written security policy
-Educate employees
-Control physical access to systems
-Use strong passwords and change them often
-Encrypt and password- protect sensitive data
-Implement security hardware and software
-Perform backups and test the backup files
-Shut down unnecessary services and ports
-keep patches up-to-date
-Perform security audits and tests
What is the primary mean of mitigating virus and Trojan horse attacks?
Antivirus software
