Network Segmentation; Patch Management; and Intrusion Detection Flashcards

1
Q

True of False

A firewall should not be paired or used with a DMZ

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True of False

A network bridge can connect two independent networks

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True of False

A router can be used for security instead of a firewall

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True of False

Distributing security appliances provides defense-in-depth to key assets like controllers

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Protection Mechanisms protect against malicious code to:

A
  • Prevent
  • Detect
  • Report
  • Mitigate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How could you test your Security System?

A

EICAR Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Importance IACS Patching

A
  • IACS and the software it relies on is highgly vulnerable
  • New vulnerabilites are discovered and published almost daily
  • Malware authors take advantage of these vulnerabilities to exploit systems
  • Old malware still works on unpatched systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IACS Patching Challenges

A
  • Patches are changes
  • Changes may impact safety, reliability, certification and performance
  • Must be parto of change and configuration management process
  • Patching is very resource intensive
  • Infrequent maintenance outages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Patch Management

A
  • Information Gathering
  • Monitoring and Evaluation
  • Patch Testing
  • Patch Deployment
  • Verification & Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Patch Management

Information Gathering

A
  • Inventory
  • Supplier relantionships
  • Suportability
  • Assess existing environment
  • Categorize and classify assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Patch Management

Monitoring and Evaluation

A
  • Monitor & ID patches
  • Determine applicability
  • Risk Assessment
  • Decision
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Patch Management

Patch Testing

A
  • File authenticity
  • Review changes
  • Install procedure
  • Qualifications & verification
  • Removal procedure
  • Risk mitigation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Patch Management

Patch Deployment

A
  • Notification
  • Preparation
  • Scheduling
  • Deployment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Patch Management

Verification & Reporting

A
  • Verification
  • Training
  • Documentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False

Only asset owners are involved with patch management

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Malicious code protection should use a mix of deployment systems

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

True or False

Patching is an important tool for mitigation

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

True or False

Necessary patches are easy to track and implement

19
Q

True or False

Patching is a risk management issue

20
Q

True or False

Patch Deployment should be followed by Verification and Reporting

21
Q

True or False

It is possible to achieve 100% Malicious Code Protection

22
Q

True or False

Product suppliers and service providers are responsible for discovery of vulnerabilites

23
Q

Instruction Detection Systems (IDS)

A

Tools to detect attemps to break into or misuse a computer system
* Security service monitors and analyze system events for the purpose of finding and providing real time warnings of attemps to access system resources in an unauthorized manner
* Allows system admins to respond to potential security issues
* If firewalls and access control systems are the lock on the door, IDS is the burglar alarm

24
Q

Intrusion Prevention System (IPS)

A

Add de ability to act on intrusion detection by automatically blocking malicious activity.

IPS generally not used within IACS zones

25
NIDS
* Monitor network traffic * Pre-defined rules (signatures based) * Behaviors (heuristics-based) * Passive Sniffing * Inline Deployment
26
HIDS
* Monitor host * Pre-defined rules (signatures based) * Behaviors (heuristics-based) * Passive Sniffing
27
Types of IDS
* NIDS: Network Intrusion Detection * HIDS: Host Intrusion Detection
28
IDS Issues
* False positives * Deployment and operational costs * Only effective against known vulnerabilites * Limited signatures for control systems protocols * Requires continuos care and feeding
29
Unified Threat Management (UTM)
Single appliance, multiple features. UTM resembles a multi-tool by providing multiple security functions with a single installation.
30
Single appliance with multiple security features
UTM: Unified Threat Management
31
Tools to detect attemps to break into or missuse a computer system
IDS: Intrusion detection system
32
Adds the ability to act on intrusion detection by automatically blocking malicious activity
IPS: Intrusion Prevention System
33
Symmetric Crypthographic Algorithms
* DES: Data Encryption Standard * Triple DES (3DES) * AES: Advanced Encryption Standard
34
Asymmetric Crypthographic Algorithms
* RSA * Diffie-Hellman * Elliptic Curve
35
# True or False Only asset owners are involved with patching
False | Requires * Asset owners * Integrators * Maintainers * Products suppliers
36
# True or False Asymmetric keys use the same shared key and require lower bandwidth overhead
False
37
# True or False Hashes are changes wich may impact safety, reliability, certification and performance.
False | Hashes are changes wich may impact safety, reliability, certification...
38
# True or False Cryptography uses ciphers or algorithms for encrypting and decrypting messages.
True
39
What does NIDS stand for?
Network Intrusin Detection System
40
What is an Intrusion Detection System (IDS)?
Tools to detect attemps to break into or missuse a computer system
41
# True or False The two main types of Intrusion System are Network and Host-based
True
42
Which cryptographic system requires two separate keys, one which is secret and one which is public?
Asymmetric
43
# True or False Hashing involves creating unique identifier of some chunk of data
True