Module 4 Flashcards
What is Source code?
Source code: Programming code in text format compiled into software you can run
What does closed source mean?
Closed source: Describes software that gives the end user little to no access to the source code and limited freedom to change and implement that software based on a very restrictive license compared to open-source licenses. Examples: Microsoft, UNIX, IBM z/OS
What is Linux Kernel?
Linux kernel: A foundational Linux component responsible for the low-level interface between an operating system and hardware
what is Bootloader?
Bootloader: Code run by a computer after it starts. The bootloader can then be pointed to the Linux kernel on storage/disk to start the Linux kernel (i.e., bootstrapping).
What are drivers?
Drivers: Software that makes computer devices available for use by applications. File system drivers “present” the filesystem to applications that save files.
What does the network do?
Network: Allows applications to communicate from a computer to other computers over wired (Ethernet) and wireless networks (IEEE 802.11)
What are Linux Security Modules do? (LSM)
Linux Security Modules (LSM): Primarily designed as enhanced access control
mechanisms called mandatory access control (MAC); including AppArmor, SELinux, Smack, and TOMOYO. Do not confuse this MAC with the layer 2 media access control addresses in Ethernet.
What are Processes, instances, and threads?
Processes, instances, and threads: Hardware resources and “time” to run (i.e., an instance) allocated by an operating system when code is run. This process can perform multiple activities, which are known as threads.
What are sessions?
Sessions: Consists of a group of processes. When users log in, applications and services
(known as daemons) are instantiated and grouped into process groups.
What does tty, pty: Teletype and pseudo-teletype mean?
tty, pty: Teletype and pseudo-teletype; terminal types used for interactive CLI and GUI applications
What is a Service (daemon)?
Service (daemon): A process that involves no interaction with a user
What are Applications?
Applications: Any process that the user can interact with
What is a password?
Password: A series of characters known by a user and used in conjunction with user
accounts to ensure a user’s identity
What is a login prompt?
Login prompt: Triggers applications and services (daemons) to instantiate and group into process groups when a user logs in
What is a Command-line interface (CLI)?
Command-line interface (CLI): A user interface that allows for typing commands within a Linux system; starts on bootup or launches from the graphical user interface (GUI) via the terminal emulator application
What is a Graphical user interface?
Graphical user interface (GUI): A user interface that provides interaction with a windowed environment to launch applications with a pointing device (e.g., a mouse); generally starts on
bootup
What is a GNU Core Utilities (coreutils)
GNU Core Utilities (coreutils): A foundational Linux component that provides common
commands integrated with the command-line interface (CLI). The coreutils package contains many common commands that include but are not limited to ls, mv, cp, touch, cat, and pwd.
What is a X server?
X server: A foundational Linux distro component that provides a graphical user interface
(GUI)
What is a Package Management?
Package management: A foundational component that provides software and service installation, updates, and removal
What does Client mean in regards to Lenux or networking?
Client: Requests resources or services from a server
What does a Server do?
Server: Provides resources or services for a client
How do computers use protocols?
Protocols: Used by computer systems to agree on how to communicate with one another over a network
What are Vulnerabilities?
Vulnerabilities: Weakness in software or a system
What are threats?
Threats: Actor that seeks to exploit vulnerabilities
What are exploits?
Exploits: An action taken by an actor to compromise a system by using vulnerabilities
what is ransomware?
Ransomware: Malware used to deprive organizations of access to their information until they pay a ransom
What is a bot?
Bot: A system infected by malware that allows for remote command and control (C&C) of the infected systems
What does C&C mean?
C&C: Command and control or C2; refers to systems that control already infected systems (bots) to launch various attacks (e.g., a DDoS or a coin-mining operation)
How does a worm work and what is it?
Worms: Malware that propagates by detecting other systems on a network with specific vulnerabilities and then by replicating its code on the system to exploit those vulnerabilities
What does DDoS stand for and what does it do?
Distributed Denial of Service (DDoS): An attack that uses C&C and bots to send traffic to systems that overwhelm those systems
What is Kali Linux?
Kali Linux: A popular Linux distro that includes many useful security tools
What is Endpoint Security?
Endpoint security: Security controls installed on endpoint systems, such as computers
What is Anti-Malware?
Anti-Malware: Software or tools designed to detect, prevent, and remove malicious
software (malware) from computer systems, protecting them from cyber threats such as
viruses, ransomware, and spyware
What is ClamAV?
ClamAV: A toolkit and malware detection engine that can quickly scan files
How does a firewall work?
Firewall: A system or device that has configurable rules that protect systems from other hosts on the network
What are iptables?
iptables: A firewall software package for Linux systems
What doe DDoS mitigation mean?
DDoS mitigation: The people, processes, and technology involved in thwarting a DDoS attack
What is ClamAV ?
ClamAV is an open source (GPLv2) anti-virus toolkit, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.
Tip: ClamAV is not a traditional anti-virus or endpoint security suite. For a fully featured modern endpoint security suite, check out Cisco Secure Endpoint.
ClamAV is brought to you by Cisco Systems, Inc.
what is hardening?
Hardening: An all-encompassing term that describes tools, controls, and processes used to increase infrastructure security
What is user configuration?
User configuration: Proper password rules and user setup, which are critical to server
security and required in modern server software
What are business requirements in regards to security?
Business requirements: The processes, assets, people, and practices that are necessary for a business to operate and that must be considered when assessing security updates
What is over hardening?
“Over hardening”: Occurs when the application of security controls impacts the ability of users to work on a system (i.e., availability is impacted)
What is under hardening?
“Under hardening”: Occurs when there are insufficient security controls in place to address risks identified in the risk management process
What is access control?
Access control: A security control that endeavors to limit access to individuals who need permission to obtain specific information
What is baselining?
Baselining: A standard set of security configurations applied to a set of similar systems in an organization
What are security controls?
Security controls: Any administrative, technological, or physical controls used to implement proper security
What is a host firewall?
Host firewall: A generic term for a firewall installed on a host system. Example:
iptables/nftables
What is patching?
Patching: Software updates that remediate security vulnerabilities
