"Remember this" Study Guide Notes - Securing Hosts and Data

Question 1

Hardware Security Module (HSM)

Answer 1

A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Many server-based applications use an HSM to protect keys.

Question 2

Trusted Platform Module (TPM)

Answer 2

A hardware chip on the motherboard included on many newer laptops and it provides full disk encryption. A TPM includes a unique RSA asymmetric key. When a user activates the TPM, it creates a storage root key, which the TPM uses to generate and store other cryptographic keys.

Question 3

Server Hardening

Answer 3

Hardening a server makes it more secure from its default installation. Disabling unnecessary services and protocols reduces the attack surface of a system and improves its overall security posture.

Question 4

Baseline Imaging

Answer 4

Standardized images include mandatory security configurations. This ensures systems start in a secure state and reduces overall costs. Administrators are able to identify anomalies by comparing settings, services,
and applications in the image with settings, services, and applications on live computers.

Question 5

Software Baselines

Answer 5

Host software baselines provide a list of approved software and a list of software installed on systems. Administrators can use this to identify unauthorized software installed on systems. Unauthorized software is not maintained and can easily become vulnerable without patching.

Question 6

Baseline Reporting

Answer 6

Baseline reporting provides a report after comparing baselines with current systems. Administrators use baseline reporting for security baselines, operating system baselines, application configuration baselines, and software baselines.

Question 7

Application Whitelisting

Answer 7

Application white-listing identifies authorized software for workstations, servers, and mobile devices. It prevents users from installing or running
software that isn’t on the list.

Question 8

Server Virtualization

Answer 8

Virtualization allows multiple virtual servers to operate on a single physical server. It provides increased availability with lower operating costs. Additionally, virtualization provides a high level of flexibility when testing security controls, updates, and patches because they can easily be reverted using snapshots.

Question 9

VLANs

Answer 9

Virtual local area networks (VLANs) separate or segment traffic on physical networks. You can also create VLANs using virtual switches within a virtual environment hosted on a physical server.

Question 10

Patch Management

Answer 10

Patch management procedures ensure that operating systems and applications are up to date with current patches. This protects systems against known vulnerabilities.

Question 11

Static Network Environment Controls

Answer 11

Incorporating control redundancy and diversity into security designs is a key method of protecting static environments such as supervisory control and data acquisition (SCADA) systems. Networks holding SCADA systems can be protected using virtual local area networks (VLANs) to segment traffic and network-based intrusion protection systems (NIPS) to block unwanted
traffic.

Question 12

Mobile Security

Answer 12

Mobile device security includes device encryption to protect the data, screen locks to help prevent unauthorized access, and remote wipe capabilities to delete all data on a lost phone. Radio-frequency identification (RFID) methods are often used for inventory control.

Question 13

BYOD Security Concerns

Answer 13

Data security is a significant concern related to BYOD policies. You can use VLANs to isolate mobile devices from the primary network, while still granting them access to the Internet.

Question 14

Mobile Device Management (MDM)

Answer 14

Mobile device management tools help ensure systems are up to date with current patches and have up-to-date antivirus installed. These tools often block devices that are not up to date.

Question 15

Application Security (Geo-Tagging)

Answer 15

Geo-tagging adds geographical information to files such as pictures when posting them on social media sites. Criminals can exploit this information when watching a specific person.

Question 16

Data Protection

Answer 16

The primary methods of protecting the confidentiality of data (including data at rest and data in transit) are with encryption and strong access controls.

Question 17

Data Protection Types

Answer 17

File-and folder-level protection protects individual files. Full disk encryption protects entire disks, including USB flash drives and drives on mobile devices. Database column encryption protects individual fields within a
database.

Question 18

Data Loss Prevention (DLP) systems

Answer 18

A network-based data loss prevention (DLP) system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in email and reduce the risk of internal users emailing sensitive data outside the organization. Similarly, endpoint DLP solutions can prevent users from copying or printing sensitive data.

Question 19

Cloud Computing Types

Answer 19

Applications such as web-based email provided over the Internet are Software as a Service (SaaS) cloud-based technologies.

Platform as a Service (PaaS) provides customers with a fully managed platform, which the vendor keeps up to date with current patches.

Infrastructure as a Service (IaaS) provides customers with access to hardware in a self-managed platform. Customers are responsible for keeping an IaaS system up to date.

Question 20

Security Policy

Answer 20

Written security policies are management controls that identify a security plan. Other security controls, such as technical, operational, and additional management controls, enforce security polices.

Question 21

Mandatory Vacations

Answer 21

Manditory vacation policies require employees to take time away from their job. These policies help to deter frad and discover malicious activities while the employee is away.

Question 22

Separation of Duties

Answer 22

Separation of duties prevents any single person or entity from being able to complete all the functuons of a critical or sensitive process by dividing the task between employees. This helps prevent fraud that can occur if a single person prints and signs checks.

Question 23

Job Rotation

Answer 23

Job rotation policies require employees to change roles on a regular basis.

Employees might change roles temporary, such as for three to four weeks, or permanently. This helps ensure employees cannot continue with fraudulent activity indefinitely.

Question 24

Clean desk policy

Answer 24

A clean desk policy requires users to orginize their areas to reduce the risk of possible theft.

It reminds users to secure sensitive data and may include a statement about not writing down passwords.

Question 25

Two account Requirement for Administrators

Answer 25

Requiring administrators to use two accounts, one with administrator privleges and the other with regular user privleges, helps prevent privlege escliation attacks.

Users should not use shared accounts.

Question 26

Third Party Security Conserns

Answer 26

When working withthird parties or as a third party, it’s important to protect data.

Most non-disclosure agreements prohibit sharing days unless you are the data owner

Question 27

Inreropability Agreements

Answer 27

A Memorandum of Understanding (MOU) defines responsibilities of each party, but is not as strict as a Service Level Agreement (SLA) or Interconetivity Security Agreement (ISA).

If the partirs will be handling sensitive data, they should include an ISA to insure strict guidelines are placed to protect the data while in transit.

Question 28

Change Management

Answer 28

Change management defines the process and accounting structure for handeling modifications and upgrades

The goals are to reduce risks related to unintended outages.

Question 29

Personally Identifiable Information (PII)

Answer 29

Personally Identifiable Information (PII) includes information such as full name , birthdate, biometric data, and identifying numbers such as a SSN.

Organizations have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies.

Question 30

P2P secirity Issues

Answer 30

Data leakage occurs when users install P2P software and unintentially share files.

Organizations often block P2P Software at the firewall.

Question 31

Incident Response

Answer 31

An incident response policy defines an incident and incident response procedures.

Incident response porcedures start with prepation to prepare for and prevent incidents. Preparation helps prevent 8ncidents such as malware infections.

Personnel review the policy, and in response to lessons learned after incidents.

Question 32

Incedent Response Procedures

Answer 32

Outlined in NIST SP 800-61 Rev 2

“Computer Security Incident Handeling Guide”

After identifying an incident, personnel attempt to contain or isolate the problem. This is often as simple as disconnecting a computer from a network. Reviewing lessons learned allows personnel to analyze the incident and the response with a goal of preventing a futire occurence.