Módulo 10 - Protocol, App and Cloud Security Flashcards
List:
Components of virtualization
- Physical machine (host OS)
- Virtual machine (guest OS)
- Virtual hard disk (VHD)
- Hypervisor
- Containerization
List:
Advantages of virtualization
- Flexibility
- Security
- Testing
- Server consolidation
- Isolation (sandboxing)
- Application virtualization
List:
Disadvantages of virtualization
- Security issues
- Bottleneck
- Complexity
- Server sprawl
List:
Load balancing methods in virtualization
- Resource pooling
- Workload balancing
Define:
Virtualization
The process of installing and running multiple operating systems concurrently on a single physical machine.
Define:
Virtual machine (VM)
A software implementation of a computer that executes programs like a physical machine, also known as a guest operating system.
Define:
Hypervisor
A thin layer of software allowing virtual machines to interact with hardware without using the host OS. Types include Type I (bare-metal) and Type II (hosted).
Define:
Containerization
A virtualization method enforcing resource separation at the OS level by creating isolated containers for applications or OS distributions.
Define:
VM escape
A vulnerability where an attacker breaks out of a VM’s isolated environment and gains access to the host system or other VMs on the same host.
Define:
Resource pooling (in virtualization)
Creating shared logical pools of CPU and memory resources from multiple physical machines within the hypervisor to allocate resources to VMs.
Define:
Sandboxing
Isolating a virtual machine from the network to test applications, updates, or malware without risking production environments.
Define:
Load balancing
A technique that distributes workloads across multiple resources to improve performance, ensure high availability, and provide fault tolerance.
Define:
Server sprawl
A condition where managing a large number of virtual machines delays patching and security updates, increasing administrative complexity.
Acronym:
VHD
Virtual Hard Disk
List:
Important facts about virtual networks
- Virtual machines support unlimited virtual networks.
- Multiple virtual networks can share a single physical network adapter.
- Network configuration depends on host OS and physical hardware.
- Resources are partitioned into virtual devices with defined capacities.
- Bandwidth is split into independently secured channels.
- Virtual DHCP server assigns IPs to virtual machines.
- OS on virtual machines must be network-configured.
- Internal network virtualization uses software to emulate a network.
- External network virtualization combines or segments LANs.
List:
Network virtualization service providers
- VMware
- Microsoft
- Citrix
List:
Virtual networking terms
- Virtual local area network (VLAN)
- Virtual area network (VAN)
- Virtual private network (VPN)
- Virtual machine (VM)
List:
Virtual networking devices
- Virtual switch (vSwitch)
- Virtual router (vRouter)
- Virtual firewall appliance (VFA)
- Virtual machine monitor/hypervisor (VMM/hypervisor)
Define:
Virtual network
A network comprising virtual and physical devices, enabling efficient deployment and management of network services and resources.
Define:
Virtual switch (vSwitch)
Software that facilitates communication between virtual machines by checking data packets before forwarding them to a destination.
Define:
Virtual router (vRouter)
A software-based function replicating a physical router, providing flexibility to move routing functions within a network.
Define:
Virtual firewall appliance (VFA)
Software acting as a network firewall, providing packet filtering and monitoring for virtual environments.
Define:
Virtual local area network (VLAN)
A logical partitioning of a physical LAN, enabling several physical LANs to function as a single network or vice versa.
Define:
Virtual area network (VAN)
A virtual LAN running on a physical LAN, enabling communication between guest virtual machines on separate physical hosts.
Define:
Virtual private network (VPN)
A secure tunnel over another network, connecting multiple remote endpoints, with multipoint VPNs connecting more than two endpoints.
Define:
Hypervisor
Software, firmware, or hardware creating and running virtual machines by managing the virtual platform and guest OS execution.
Define:
Internal network virtualization
The use of software containers or pseudo-interfaces to emulate a physical network, improving efficiency by isolating applications.
Define:
External network virtualization
The combination or segmentation of LANs to create virtual networks, improving efficiency and flexibility across large networks.
Acronym:
VLAN
Virtual Local Area Network
Acronym:
VAN
Virtual Area Network
Acronym:
VPN
Virtual Private Network
Acronym:
VMM
Virtual Machine Monitor
List:
Characteristics of cloud computing
- Delivery of common business applications via web services
- Connection over the internet or a LAN
- No end-user knowledge of physical infrastructure needed
List:
Types of clouds
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
List:
Cloud computing service models
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
- Security as a Service (SECaaS)
List:
Cloud security risk reduction actions
- Zero Trust
- Cloud Access Security Broker (CASB)
- Segregate centrally stored data
- Patches Mamagemnt
- Service management
- Security monitoring
- Encryption
- Penetration testing
- Comply with regulatory measures
List:
Advantages of Virtual Desktop Infrastructure (VDI)
- Workstation hardware costs
- Centralized data protection and backup
- Remote access
- Fast snapshots deploy
- No lost devices
Define:
Cloud computing
The provision of software, data access, computation, and storage services via the internet without requiring end-user knowledge of physical infrastructure.
Define:
Public cloud
A cloud accessible by anyone, with resources made available by a service provider, often for free or with a fee.
Define:
Private cloud
A cloud restricted to a single organization, hosted internally or by a third party, with secure, exclusive access to resources.
Define:
Hybrid cloud
A combination of public, private, and community cloud resources, integrating their functionalities.
Define:
Security as a Service (SECaaS)
A cloud model providing security services such as authentication, anti-virus, intrusion detection, and penetration testing, integrated into a corporate infrastructure.
Define:
Cloud Access Security Broker (CASB)
A tool or service ensuring communication and access to cloud services comply with organizational security policies and procedures.
Define:
Attack surface
All points at which a malicious threat actor could attempt to exploit vulnerabilities in a system.
Define:
Supply chain attack
An attack where a threat actor infiltrates a target indirectly through vulnerabilities in its supply chain, such as cloud service providers or hardware vendors.
Define:
Virtual Desktop Infrastructure (VDI)
A virtualization method hosting user desktops on data center hardware, allowing access via thin clients with enhanced security and flexibility.
Acronym:
IaaS
Infrastructure as a Service
Acronym:
PaaS
Platform as a Service
Acronym:
SaaS
Software as a Service
Acronym:
SECaaS
Security as a Service
Acronym:
CASB
Cloud Access Security Broker
List:
Measures for securing cloud storage
- Implement security controls like in physical datacenters
- Use data classification policies
- Assign information to storage, handling, and access categories
- Assign security classifications based on sensitivity and criticality
- Use tools to securely dispose of data when no longer needed
List:
Advantages of cloud storage
- Pay only for storage used
- Cuts energy consumption by up to 70%
- Offers off-premises, on-premises, or hybrid storage options
- Provides intrinsic storage availability and data protection
- Shifts storage maintenance tasks to the provider
- Allows VM image transfer between cloud and on-premises locations
- Serves as a natural disaster backup with globally distributed servers
Define:
Cloud storage
A data storage model provided by a third party as a service, utilizing distributed resources to offer redundancy, durability, and scalability.
Define:
Cloud Access Security Broker (CASB)
A gatekeeper that enforces security policies on cloud storage, focusing on visibility, compliance, access control, encryption, and loss prevention.
Define:
Federated storage cloud architecture
A cloud storage design where distributed resources act as one unified system for redundancy and fault tolerance.
Define:
Object storage architecture
A cloud storage system with intrinsic availability and data protection, ideal for reducing costs and effort in managing availability and recovery.
List:
Mobile device connection types
- Cellular
- WiFi
- Bluetooth
- NFC
- ANT
- Infrared
- USB
- SATCOM (satellite)
List:
Mobile device security considerations
- Device content management
- Remote wipe
- Geofencing
- Geolocation management
- Screen lock with passwords
- Push notification management
- Password storage and management
- Biometrics
- Full device encryption
List:
Application management considerations
- Rooting/jailbreaking/sideloading
- Flashing custom firmware
- Carrier unlocking
- OTA firmware and app updates
- Camera usage and geolocation in pictures
- SMS/MMS protocols
- Connection to external media
- USB OTG
- Microphone usage for recording
- Tethering
List:
Security mechanisms for iOS apps
- Sandboxed apps
- Digital signatures from Apple or certified third parties
- Encryption APIs for app data (AES, RC4, 3DES)
List:
Security mechanisms for Windows RT apps
- Modules must be digitally signed by Microsoft
- Anti-buffer-overflow memory restrictions
- Data Execution Prevention (DEP)
- Address Space Layout Randomization (ASLR)
- SafeSEH and sacrificial canary values
List:
Best practices for mobile app security
- Use apps only from reputable sources
- Avoid jailbreaking or sideloading apps
- Use app whitelisting via MDM solutions
Define:
Geofencing
Restricting a mobile device to a particular geographical area.
Define:
Credential managemen
The ability to store usernames and passwords for various resources, enabling automatic login to network resources or websites.
Define:
App whitelisting
The process of defining specific apps that are allowed on a device, often enforced using mobile device management (MDM) solutions.
Define:
Geo-tagging
The embedding of GPS coordinates within files, such as images or videos, which can pose privacy and security risks.
Define:
Sideloading
The process of installing apps from third-party app stores or websites instead of official app stores.
Acronym:
NFC
Near Field Communication
Acronym:
ANT
Adaptive Network Topology
Acronym:
MDM
Mobile Device Management
Acronym:
OTA
Over-the-Air
List:
Mobile device security settings options
- Manually configure security settings on each device
- Distribute security settings via configuration profiles for iOS
- Use an MDM solution to push security policies over a network
List:
Operating systems supported by Windows Intune
- Apple iOS 8.0 and later
- Mac OS X 10.9 and later
- Windows > 8.1
- Google Android 4.0
List:
Windows Intune configurations
- Intune Standalone (cloud-only)
- Hybrid MDM with Configuration Manager
List:
Windows Intune management portals
- Account Portal
- Admin Portal
- Company Portal
List:
Tasks for configuring Windows Intune
- Add Intune users
- Define Intune policies
- Manage users and groups
- Enroll computers
- Enroll mobile devices
Define:
Windows Intune
A cloud-based MDM solution from Microsoft that enables remote management and security for mobile devices and Windows systems.
Define:
Intune Standalone
A cloud-only deployment of Windows Intune managed via a web console accessible over the internet.
Define:
Hybrid MDM with Configuration Manager
A deployment combining Windows Intune’s MDM capabilities with Configuration Manager for content and device administration.
Define:
Apple Push Notification Service (APNs)
A service required for managing iOS devices through MDM solutions, enabling notifications and enrollment actions.
Acronym:
MDM
Mobile Device Management
Acronym:
APNs
Apple Push Notification Service
Acronym:
EMS
Enterprise Management + Security
List:
Functions of Mobile Device Management (MDM)
- Track the device
- Push apps and updates
- Manage security settings (e.g., lock screens, passwords)
- Remotely wipe the device
List:
Functions of Mobile Application Management (MAM)
- Install and uninstall apps remotely
- Update apps as needed
- Limit app functionality as needed
List:
Device types managed by Unified Endpoint Management (UEM)
- Workstations
- Printers
- Mobile devices
- IoT devices
- Wearable devices
List:
Phases in the Intune Application Life Cycle
- Add
- Deploy
- Configure
- Protect
- Retire
List:
App deployment and update methods
- App catalog
- Self-service portal
- Remote management
Define:
Mobile Device Management (MDM)
A solution that allows IT administrators to remotely manage and enforce policies on mobile devices, focusing on the device itself.
Define:
Mobile Application Management (MAM)
A solution that manages applications on mobile devices, enabling control over app installation, updates, and functionality.
Define:
Enterprise Mobility Management (EMM)
A solution combining MDM and MAM to manage both device hardware and applications, addressing challenges of diverse device ecosystems.
Define:
Unified Endpoint Management (UEM)
A comprehensive solution that combines traditional device management and enterprise mobility management to manage all endpoint types in a single system.
Define:
App catalog
A method that defines the apps users can and cannot use, assigning apps to users or devices via groups for streamlined management.
Define:
MAM-WE
A Mobile Application Management configuration allowing app and data protection on devices enrolled with third-party EMM providers.
Define:
Conditional access (in Intune)
Access control based on app protection policies, restricting user actions like copying data or installing apps on rooted devices.
Acronym:
MAM
Mobile Application Management
Acronym:
EMM
Enterprise Mobility Management
Acronym:
UEM
Unified Endpoint Management
Acronym:
MAM-WE
Mobile Application Management Without Enrollment
List:
BYOD security issues
- Malware propagation
- Loss of sensitive data control
- Malicious insider attacks
- Device management
- Support responsibilities
List:
Deployment model alternatives to BYOD
- Corporate-owned device
- Corporate-owned, personally enabled (COPE)
- Choose your own device (CYOD)
- Virtual desktop infrastructure (VDI)
Define:
Malware propagation (BYOD issue)
The risk of infected user devices spreading malware when connected to the organization’s network.
Define:
Loss of sensitive data control (BYOD issue)
The risk of sensitive organizational data being copied to personal devices and exposed due to weak security, theft, or malware.
Define:
Malicious insider attacks (BYOD issue)
Threats posed by users intentionally misusing personal devices to steal or capture sensitive information.
Define:
Device management (BYOD issue)
The challenge of defining responsibility for updates, anti-malware, and overall maintenance of personal devices used on-site.
Define:
Support (BYOD issue)
The need to address who provides support for personal devices and apps used for organizational purposes.
Define:
Corporate-owned device model
A strategy where the company provides devices, enabling greater control and monitoring of security while restricting usage to workplace purposes.
Define:
Corporate-owned, personally enabled (COPE) model
A deployment model allowing employees to use company-owned devices for both corporate and personal purposes while maintaining strong security controls.
Define:
Choose your own device (CYOD) model
A strategy offering employees a limited selection of corporate-owned devices, balancing user choice with enhanced security measures.
Define:
Virtual desktop infrastructure (VDI)
A technology enabling mobile devices to connect to a virtualized desktop, enhancing security and data protection by processing data on central servers.
Acronym:
BYOD
Bring Your Own Device
Acronym:
COPE
Corporate-Owned, Personally Enabled
Acronym:
CYOD
Choose Your Own Device
Acronym:
VDI
Virtual Desktop Infrastructure
List:
Common smart home appliances
- Refrigerators
- Dishwashers
- Microwaves
List:
Security steps for embedded devices
- Regularly update firmware manually (if supported)
- Segment the network using VLANs
- Encrypt all network communications
Define:
SCADA
Supervisory Control and Data Acquisition systems are specialized computers that gather, analyze, and manage industrial automation equipment.
Define:
Real-time operating system (RTOS)”
An OS designed to serve real-time applications with strict time constraints, often critical to entire system operations.
Define:
System on a Chip (SoC)
An integrated circuit that includes all typical computer system components, commonly used in hobbyist projects like Raspberry Pi.
Define:
Multi-function display (MFD)
A configurable screen with buttons used to display and interact with data, commonly found on airplanes, helicopters, and ships.
Define:
Voice over IP (VoIP)
A protocol optimized for transmitting voice data over packet-switched IP networks, allowing phone calls through the internet.
Define:
Field Programmable Gate Array (FPGA)
An integrated circuit configured post-manufacture by the customer using a hardware description language (HDL).
Define:
Unmanned Aerial Vehicle (UAV)
Aircraft that operate without a human pilot onboard, used for military, search and rescue, weather monitoring, and recreation.
Define:
Arduino
An open-source hardware and software platform for building digital devices and interactive objects, featuring single-board microcontrollers.
Acronym:
SCADA
Supervisory Control and Data Acquisition
Acronym:
RTOS
Real-Time Operating System
Acronym:
SoC
System on a Chip
Acronym:
MFD
Multi-Function Display
Acronym:
FPGA
Field Programmable Gate Array
Acronym:
VoIP
Voice over IP”
List:
Common email threats
- Virus
- Spam
- Open SMTP relay abuse
- Phishing
List:
Best practices for controlling spam
- Enable spam filters on clients and email servers
- Enable antivirus scanning for attachments
- Disable preview screens in email clients
- Avoid clicking unsubscribe links in unsolicited emails
- Install server-level anti-spam software
- Avoid posting full email addresses on the web
List:
Protocols for mitigating phishing and spam
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting & Conformance (DMARC)
List:
Functions provided by S/MIME and PGP
- Authentication
- Message integrity
- Non-repudiation through digital signatures
- Privacy through encryption
Define:
SPF (Sender Policy Framework)
An email authentication method that verifies the sender’s IP address against a list of authorized IPs published in the DNS TXT records of the sender’s domain.
Define:
DKIM (DomainKeys Identified Mail)
A protocol that uses digital signatures to verify the integrity and authenticity of email messages by checking the signature against a DKIM record in the sender’s DNS.
Define:
DMARC (Domain-based Message Authentication, Reporting & Conformance)
A protocol that uses SPF and DKIM checks to define rules for handling emails and provides reporting on unauthorized email activity.
Define:
S/MIME
Secure/Multipurpose Internet Mail Extensions, a protocol that uses X.509 certificates for email encryption and digital signatures to ensure authentication, integrity, and privacy.
Define:
PGP
Pretty Good Privacy, a system for email encryption and digital signatures that uses either a web of trust or trust signatures for certificate validation.
Acronym:
SPF
Sender Policy Framework
Acronym:
DKIM
DomainKeys Identified Mail
Acronym:
DMARC
Domain-based Message Authentication, Reporting & Conformance
Acronym:
S/MIME
Secure/Multipurpose Internet Mail Extensions
Acronym:
PGP
Pretty Good Privacy
