Module 4 Flashcards
What is a key risk indicator?
- A metric of the upper and lower bounds of specific indicators of normal network activity
- Ex: Total network logs per second, number of failed remote logins, network bandwith
What is an indicator of compromise (IOC)?
An indicator that malicious activity is occurring but is still in the early stages.
What is predictive analysis?
- An evaluation used for discovering an attack before it actually occurs
What is open source?
Anything that could be freely used without restrictions
What are public information sharing centers?
- A repository by which open source cybersecurity information is collected and disseminated.
- Ex: U.S. Department of Homeland Security
- Cyber Information Sharing and Collaboration Program (CISCP).
What is automated indicator sharing (AIS)? What two tools help to aid AIS?
- A technology that enables the exchange of cyberthreat indicators between parties through computer-to-computer communication.
- Two tools:
- Structured Threat Information Expression (STIX): A language and format used to exchange cyberthreat intelligence.
- Trusted Automated Exchange of Intelligence Information (TAXII): An application protocol for exchanging cyberthreat intelligence over Hypertext Transfer Protocol Secure (HTTPS).
What is closed source?
Proprietary information owned by an entity that has an exclusive right to it
What is a private information sharing center?
Organizations participating in closed source information that restrict both access to data and participation.
Name four different sources of threat intelligence for cybersecurity:
- Vulnerability database
- Threat maps
- File and Code repositories
- Dark Web
What is a vulnerability database?
A repository of known vulnerabilities and information as to how they have been exploited.
What is a threat map?
An illustration of cyberthreats overlaid on a diagrammatic representation of a geographical area.
What are file and code repositories?
A storage area in which victims of an attack can upload malicious files and software code that can then be examined by others to learn more about these attacks and craft their defenses.
What is the dark web?
Part of the web is beyond the reach of a normal search engine and is the domain of threat actors.
What is BIOS?
(Basic input/output system)
- A chip integrated into the computer’s motherboard
- BIOS software would “awaken” and perform the following steps in a legacy BIOS boot:
- BIOS would test various components of the computer to ensure they functioned properly (called the POST or Power-On Self-Test).
- Next, BIOS would reference the Master Boot Record (MBR) that specified the computer’s partition table, which instructed the BIOS where the computer’s operating system (OS) could be located.
- Finally, the BIOS passed control to the installed boot loader, which launched the OS.
What firmware interface eventually replaced the BIOS?
UEFI (Unified Extensible Firmware Interface)
Included benefits such as:
- ability to access hard drives that are larger than two terabytes (TB)
- support for an unlimited number of primary hard drive partitions
- faster booting
- support for networking functionality in the UEFI firmware itself to aid in remote troubleshooting.
What does boot security involve?
- Validating that each element used in each step of the boot process has not been modified
What is the hardware root of trust?
- Security checks that begin with hardware checks.
What is a chain of trust? (when referring to the boot process/boot security)
- Process of validation from the boot software to the software drivers and so on
- (Boot attestation refers to the process of determining that the boot process is valid.)