Sec + Flashcards
TPM
Trusted Platform Module
- Chip residing on the motherboard that contains an encryption key
AAA
Authentication, Authorization, Accounting
Authentication
▪ When a person’s identity is established with proof and confirmed by a system
● Something you know
● Something you are
● Something you have
● Something you do
● Somewhere you are
Multipartite virus
Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer
Polymorphic virus
Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection
Metamorphic
Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)
Rootkit
Software designed to gain administrative level control over a system without detection § DLL injection is commonly used by rootkits to maintain their persistent control …removal of a rootkit is difficult and the best plan is to reimage the machine
DLL Injection
ROOT KIT Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime
Driver Manipulation
ROOT KIT An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level § A shim is placed between two components to intercept calls and redirect them
Threat Vector
§ Method used by an attacker to access a victim’s machine
Attack Vector
Method used by an attacker to gain access to a victim’s machine in order to infect it with malware
Software Firewalls
Personal Firewalls § Software application that protects a single computer from unwanted Internet traffic § Host-based firewalls § Windows Firewall (Windows) § PF and IPFW (OS X) § iptables (Linux)
DLP
Data Loss Prevention (DLP)
§ Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data § Software or hardware solutions
Securing BIOS
Basic Input Output System
§ Firmware that provides the computer instructions for how to accept input and send output § Unified Extensible Firmware Interface (UEFI) § BIOS and UEFI are used interchangeable in this lesson
o 1. Flash the BIOS o 2. Use a BIOS password o 3. Configure the BIOS boot order o 4. Disable the external ports and devices o 5. Enable the secure boot option
NAS
Network Attached Storage (NAS)
§ Storage devices that connect directly to your organization’s network § NAS systems often implement RAID arrays to ensure high availability
SAN
Storage Area Network (SAN)
§ Network designed specifically to perform block storage functions that may consist of NAS devices
§ 1. Use data encryption
§ 2. Use proper authentication
§ 3. Log NAS access
SED
Self-Encrypting
DriveStorage device that performs whole disk encryption by using embedded hardware
HSM
Hardware Security Module
§ Physical devices that act as a secure cryptoprocessor during the encryption process
Network attached or adaptor card
expensive!
BlueJacking
Sending info over bluetooth
Blue Snarfing
Taking info over bluetooth
MDM
Mobile Device Management
Centralized software solution for remote administration and configuration of mobile devices
o MDM can prevent certain applications from being installed on the device
Least Functionality
Process of configuring workstation or server to only provide essential applications and services
TOS
Trusted Operating System (TOS)
§ An operating system that meets the requirements set forth by government and has multilevel security § Windows 7 (and newer) § Mac OS X 10.6 (and newer) § FreeBSD (TrustedBSD) § Red Hat Enterprise Server
GPO
Group Policy objectives (GPOs) aid in the hardening of the operating system
o Group Policy § A set of rules or policies that can be applied to a set of users or computer accounts within the operating system § Access the Group Policy Editor by opening the Run prompt and enter gpedit § Password complexity § Account lockout policy § Software restrictions § Application restrictions
NTFS
New Technology File System is the default file system format for Windows and is more secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32
Virtualization Sprawl
§ Occurs when virtual machines are created, used, and deployed without proper management or oversight by the system admins
LSO
Locally Shared Object (LSO)
§ Also known as Flash cookies, they are stored in your Windows user profile under the Flash folder inside of your AppData folder
SDLC
Software Development Life Cycle
Waterfall- Rigid
Agile - Time-boxed or small increments to allow more adaptivity to change.
SEH
Structured Exception Handling (SEH)
§ Provides control over what the application should do when faced with a runtime or syntax error
ASLR
Address Space Layout Randomization • Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits
XSS
Cross-Site Scripting (XSS)
§ Occurs when an attacker embeds malicious scripting commands on a trusted website
§ Stored/Persistent
• Attempts to get data provided by the attacker to be saved on the web server by the victim
§ Reflected
• Attempts to have a non-persistent effect activated by a victim clicking a link on the site
§ DOM-based
• Attempt to exploit the victim’s web browser
§ Prevent XSS with output encoding and proper input validation
XSRV/CSRF
Cross-Site Request Forgery (XSRF/CSRF)
§ Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated
§ Prevent XSRF with tokens, encryption, XML file scanning, and cookie verification
SQL Injection
SQL Injection
§ Attack consisting of the insertion or injection of an SQL query via input data from the client to a web application
ACL
Access Control List § An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics § IP Spoofing is used to trick a router’s ACL
NAC
Network Access Control (NAC)
§ Security technique in which devices are scanned to determine its current state prior to being allowed access onto a given network
§ If a device fails the inspection, it is placed into digital quarantine
IEEE 802.1x standard is used in port-based NAC
PBX
Public Branch Exchange (PBX) § Internal phone system used in large organizations
QoS
Quality of Service
DLP
Data Loss Prevention
§ Systems designed to protect data by conducting content inspection of data being sent out of the network § Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS)
§ DLP is used to ensure your private data remains secure
UTM
Unified Threat Management
o Relying on a firewall is not enough
o Unified Threat Management
§ Combination of network security devices and technologies to provide more defense in depth within a single device
§ UTM may include a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN § UTM is also known as a Next Generation Firewall (NGFW)
DaaS
Desktop as a Service
Provides a full virtualized desktop environnment from within a cloud-based service. VDI (virtualized Desktop Infrastructure.
Hyperconvergence
in Cloud Computing allows providers to fully integrate the storage, network, and servers
VDI
Virtual Desktop Infrastructure (VDI) § VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server
DC
Domain Controller § A server that acts as a central repository of all the user accounts and their associated passwords for the network
Well Known Ports
Well-Known Ports § Ports 0 to 1023 are considered well-known and are assigned by the Internet Assigned Numbers Authority (IANA)
Registered Ports
Ports 1024 to 49,151 are considered registered and are usually assigned to proprietary protocols
Dynamic or Private Ports
Ports 49,152 to 65,535 can be used by any application without being registered with IANA
DoS
Denial of Service (DoS) § Term used to describe many different types of attacks which attempt to make a computer or server’s resources unavailable
- Flood Attacks
- Ping of Death
- Teardrop Attack
- Permanent DoS
- Fork Bomb
Smurf Attack
§ Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing
Fraggle Attack
Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets SYN Flood
SYN Flood
Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake
XMAS Attack
§ A specialized network scan that sets the FIN, PSH, and URG flags set and can cause a device to crash or reboot
Ping of Death
An attack that sends an oversized and malformed packet to another computer or server
Teardrop Attack
Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine
Fork Bomb
Attack that creates a large number of processes to use up the available processing power of a computer