Sec + Flashcards
A new E- commerce company is interested in being PCI DSS compliant. What are the three most common rules?
Testing security systems and processes regularly
All user accounts must be unique
Never store CVV
What is ISO 27001
Information Security Management Systems
What is ISO 27701
Privacy Information Management
What is ISO 27002
Information Security Best Practices
What is ISO 31000
Risk Management Best Practices
An Employee installed a new service on the domain controller without consent or approval from the IT department and change managment. What is this type of threat?
Shawdow IT: refers to information technology syustems deployed by departments othert than the central IT department
What kind of threat compromises a system and maintains a long term remore access without being detected
APT Advanced Persistent Threat
MITRE ATT&CK
globally accessible knowledge base of adversary tatics and techniques based on real-word observations
which should a security manager review that would allow them to remain proactive in understanding the types of threats their company faces
ISAC Industry specific groups on sharing threat information
What does Netstat do?
shows all active connections and open/listening ports
can show what is currently running prcoiesses/services opened those connections/ports (-o)
Attacker uses one comprosed network device to access another network device
pivoting
attacker gains permissions/access to files, folders or systems they shouldnt have access to
Privaliage escaltion
walking around a building to discover where security devices are or scanning a network to deteremine what computers/devices are on it
footprinting
hides malware on the device in such a way that it wil remain after a restart or after basic attempts are made to remove it
Persistence
What type of scan can access the device and see how it is configured. Giving a detailed and accurate scan, with minimal risk
Credentialed
List of known vulerabilities and attributes, including affected platforms
CVE Common Vulnerability Enumerations
assigns severity scores to vulerabilities which allows prioritization of response and manage resouces
CVSS Common Vulnerability Scoring System
Packet scans =
Wireshark
Red Team
Attackers
Blue Team
defenders
White team
monitors and rule makers
Purple team
but attack and defend collaboration
Service/SW that gathers network and application logs in real-time and analyzes them
SIEM Security Information and Event Management
autoamtes and improves response time when a SIEM detects a threat/anomaly on the network
SOAR Security Orchestration Automation and response (Next gen SIEM)
native SW
Basic vuilnerability scanning
maps network
NMAP (Network mapper) scans network and determines what services are running on any host that is detected and can do basic vulnerability scans
DNSEnum
Command-line tool that automatically identies basic DNS records
20/21
FTP TCP
22
SSH TCP: Encrypted CLI to remote devices (SCP and SFTP use this)
23
TelNet TCP:Plaintext CLI to remore deviceds (not secure)
25
SMTP TCP: Outgoing email (plaintext)
49
TACACS TCP or UDP: AAA system for network access control
53
DNS TCP : Queries
DNS UDP: Zone Transfers
69
TFTP TCP: web traffic, plaintext, no encryption
80
HTTP TCP: Web traffic, plaintext, no encryption
88
Kerberos TCP/UDP: Network authentication
110
POP3 TCP: Incoming email, plaintext, no encryption
123
NTP UDP: Netowrk time protocol
137-137.445
SMB Either: Server Message block, NetBIOS
143
IMAP TCP: Incoming email, plaintext, no encryption
161-162
SNMP UDP: Simple Network management protocol
389
LDAP Either: Directory Access, no encryption
443
HTTPS TCP: Web traffic, encrypted with SSL/TLS
587
SMTPS TCP: Outgoing email, encrypted with SSL/TLS
636
LDAPS TCP: Directory access, encrypted with SSL/TLS
993
IMAPS TCP: incoming email, encrypted with SSL/TLS
995
POP3S TCP: Incoming email, encrypted with SSL/TLS
1812
RADIUS UDP: AAA, Authentication and Authorization
1813
AAA, Accounting
3389
RDP TCP: Remote Desktop Protocol, encrypted