Network Segmentation; Patch Management; and Intrusion Detection Flashcards

1
Q

True of False

A firewall should not be paired or used with a DMZ

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True of False

A network bridge can connect two independent networks

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True of False

A router can be used for security instead of a firewall

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True of False

Distributing security appliances provides defense-in-depth to key assets like controllers

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Protection Mechanisms protect against malicious code to:

A
  • Prevent
  • Detect
  • Report
  • Mitigate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How could you test your Security System?

A

EICAR Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Importance IACS Patching

A
  • IACS and the software it relies on is highgly vulnerable
  • New vulnerabilites are discovered and published almost daily
  • Malware authors take advantage of these vulnerabilities to exploit systems
  • Old malware still works on unpatched systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IACS Patching Challenges

A
  • Patches are changes
  • Changes may impact safety, reliability, certification and performance
  • Must be parto of change and configuration management process
  • Patching is very resource intensive
  • Infrequent maintenance outages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Patch Management

A
  • Information Gathering
  • Monitoring and Evaluation
  • Patch Testing
  • Patch Deployment
  • Verification & Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Patch Management

Information Gathering

A
  • Inventory
  • Supplier relantionships
  • Suportability
  • Assess existing environment
  • Categorize and classify assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Patch Management

Monitoring and Evaluation

A
  • Monitor & ID patches
  • Determine applicability
  • Risk Assessment
  • Decision
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Patch Management

Patch Testing

A
  • File authenticity
  • Review changes
  • Install procedure
  • Qualifications & verification
  • Removal procedure
  • Risk mitigation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Patch Management

Patch Deployment

A
  • Notification
  • Preparation
  • Scheduling
  • Deployment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Patch Management

Verification & Reporting

A
  • Verification
  • Training
  • Documentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False

Only asset owners are involved with patch management

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Malicious code protection should use a mix of deployment systems

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

True or False

Patching is an important tool for mitigation

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

True or False

Necessary patches are easy to track and implement

A

False

19
Q

True or False

Patching is a risk management issue

A

True

20
Q

True or False

Patch Deployment should be followed by Verification and Reporting

A

True

21
Q

True or False

It is possible to achieve 100% Malicious Code Protection

A

False

22
Q

True or False

Product suppliers and service providers are responsible for discovery of vulnerabilites

A

True

23
Q

Instruction Detection Systems (IDS)

A

Tools to detect attemps to break into or misuse a computer system
* Security service monitors and analyze system events for the purpose of finding and providing real time warnings of attemps to access system resources in an unauthorized manner
* Allows system admins to respond to potential security issues
* If firewalls and access control systems are the lock on the door, IDS is the burglar alarm

24
Q

Intrusion Prevention System (IPS)

A

Add de ability to act on intrusion detection by automatically blocking malicious activity.

IPS generally not used within IACS zones

25
Q

NIDS

A
  • Monitor network traffic
  • Pre-defined rules (signatures based)
  • Behaviors (heuristics-based)
  • Passive Sniffing
  • Inline Deployment
26
Q

HIDS

A
  • Monitor host
  • Pre-defined rules (signatures based)
  • Behaviors (heuristics-based)
  • Passive Sniffing
27
Q

Types of IDS

A
  • NIDS: Network Intrusion Detection
  • HIDS: Host Intrusion Detection
28
Q

IDS Issues

A
  • False positives
  • Deployment and operational costs
  • Only effective against known vulnerabilites
  • Limited signatures for control systems protocols
  • Requires continuos care and feeding
29
Q

Unified Threat Management (UTM)

A

Single appliance, multiple features. UTM resembles a multi-tool by providing multiple security functions with a single installation.

30
Q

Single appliance with multiple security features

A

UTM: Unified Threat Management

31
Q

Tools to detect attemps to break into or missuse a computer system

A

IDS: Intrusion detection system

32
Q

Adds the ability to act on intrusion detection by automatically blocking malicious activity

A

IPS: Intrusion Prevention System

33
Q

Symmetric Crypthographic Algorithms

A
  • DES: Data Encryption Standard
  • Triple DES (3DES)
  • AES: Advanced Encryption Standard
34
Q

Asymmetric Crypthographic Algorithms

A
  • RSA
  • Diffie-Hellman
  • Elliptic Curve
35
Q

True or False

Only asset owners are involved with patching

A

False

Requires
* Asset owners
* Integrators
* Maintainers
* Products suppliers

36
Q

True or False

Asymmetric keys use the same shared key and require lower bandwidth overhead

A

False

37
Q

True or False

Hashes are changes wich may impact safety, reliability, certification and performance.

A

False

Hashes are changes wich may impact safety, reliability, certification…

38
Q

True or False

Cryptography uses ciphers or algorithms for encrypting and decrypting messages.

A

True

39
Q

What does NIDS stand for?

A

Network Intrusin Detection System

40
Q

What is an Intrusion Detection System (IDS)?

A

Tools to detect attemps to break into or missuse a computer system

41
Q

True or False

The two main types of Intrusion System are Network and Host-based

A

True

42
Q

Which cryptographic system requires two separate keys, one which is secret and one which is public?

A

Asymmetric

43
Q

True or False

Hashing involves creating unique identifier of some chunk of data

A

True