Objective 2 Flashcards
(29 cards)
Based on military principle more difficult for enemy to defeat complex and multi-layered defense system than to penetrate single barrier
Defense-In-Depth
Attempts to stop attacks before they happen
Protect
Assists in detecting ongoing attack
Detect
Helps successfully stop or deter attack
React
What are the Defense-In-Depth categories?
Protect, Detect, and React
What does Defense-In-Depth need to balance?
People, Technology, and Operations
Focuses on all elements required to sustain organization’s security posture a day-to-day basis
Operations
Includes traffic analysis, monitoring unprotected communications, decrypting weakly encrypted traffic, and the capture of authentication information (e.g., passwords)
Passive Attack
Includes attempts to circumvent or break protection features, introduce malicious code, or steal or modify information
Active Attacks
Consists of regular individuals attaining close physical proximity to networks, systems, or facilities for purpose of modifying, gathering, or denying access to information
Close-in Attacks
Intentionally eavesdrop, steal or damage information, use information in fraudulent manner, or deny access to other authorized users
Malicious Insider Attack
Attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as “getting the job done’’
Non-Malicious Insider Attack
Focuses on malicious modification of hardware or software at factory or during distribution
Distribution Attacks
Software or hardware-based network security system controlling incoming and outgoing traffic
Firewalls
Technique used to control network access by monitoring outgoing and incoming packets and either allowing or blocking them
Packet Filtering
Network device or software acting on behalf of clients to retrieve requested content from an origin content server
Proxy Services
An Internet standard, enabling a LAN to use one set of IP addresses for internal traffic and a second set for external traffic
Network Address Translation
Process of monitoring network and computer systems for signs of incidents in violation of computer security policies
Intrusion Detection
System scanning, auditing, and monitoring the security infrastructure for signs of attacks in progress
Intrusion Detection Systems
Used to control, prevent, identify, and report vulnerabilities at host and network level
Internal Control
Allows user to log into specific machine and allows access to resources on that machine only
Local User Account
Valid on any computer in domain for which account was created
Domain User Account
Controls access to object such as file or folder
Permissions
Enables user account or group to perform predefined tasks
Rights
