Section 1.2 Flashcards
(27 cards)
What is the CIA Triad?
It’s a combination of principles to describe the fundamentals of security.
What does the C, I and A stand for?
C: Confidentiality
- Prevent disclosure of information to unauthorized individuals or systems
I: Integrity
- Messages can’t be modified without detection
A: Availability
- Systems and networks must be up and running
What is Confidentiality?
Definition: Certain information should only be known to certain people
Encryption is used to encode messages so only certain people can read it.
Access control are used to restrict access to resources.
Two-factor authentication is used to confirm the correct user is getting access to the resource
What is Integrity?
Definition: Data is stored and transferred as intended, without any changes.
Hashing is used to compare the hash of the sender with the receiver to make sure the same hash is found.
Digital signatures take hash and encrypts it to verify the integrity of data.
Certificates are used to identify devices/people
What is Availability?
Definition: information is accessible to authorized users
Redundancy: build services that will always be available
Fault tolerance: System should continue to run even when failure occurs
Patching: Ensuring stability and closing security holes
What is non-repudiation?
Non repudiation means that you cannot deny what you’ve done by using proof of integrity and proof of origin with high assurance of authenticity.
What is proof of integrity?
Proof of integrity means that we can verify the data that we received is exactly the same data that was originally sent.
This means that the data remains accurate and consistent.
What is a hash?
A hash is a short string of text that we can create based on data that is contained within the plaintext.
If any of the plaintext data changes, then the hash would also change.
It’s used to verify integrity of the data that was received is the same as the data that was sent.
What is proof of origin?
Proving the source of the message.
Digital signatures are used to verify proof of origin. Digital signatures use a private key that is only known to the person sending the data. To verify the private key, a public key associated with the private key is used.
What is authentication?
Proving you are who you say you are by using username/password or other authentication factors.
What is authorization?
Based on the identification and authentication, what access do you have in the system.
How to authenticate a device?
A digitally signed certificate can be put in the device. VPNs can verify that the device is a company device.
What is a CA?
A Certificate Authority (CA) is a device that manages all of our certificates in our environment.
What is a Gap Analysis?
A gap analysis is a comparison of where we are vs where we want to be.
What does Zero Trust mean?
Zero trust means that you have to authenticate each time you have to get access to a particular resource.
Nothing is trusted and everything needs to be verified.
What is meant by Planes of Operation?
In Zero Trust security model, the planes of operation, the Data Plane, Control Plane and Management Plane are important to enforce the “never trust, always verify” principle.
What is Data Plane?
The data plane is the part of the device that is performing the actual security process. This is where data packets are transmitted between devices.
What is the Control Plane?
This is where we manage the actions of the data plane. In here policies and rules are defined. Also, in here its determined how packets should be forwarded.
What is adaptive identity?
This is where we exam the identity of an individual and applying security controls based on not just what the user is telling us, but other information that we have available for this authentication process.
For example:
- Someone who’s requesting data that’s located in United States, is using an IP address that’s in China. This means that we would need to add additional security measures to confirm the individual is who they say they are.
What is threat scope reduction?
This is the process of limiting the possible entry points to an environment.
What are security zones?
Security zones look at where are we connecting from, and where are we trying to connect to.
For example you can separate different company functions in security zones, or you can separate untrusted security zone with trusted security zones.
Then you can set up rules such as blocking all access from any untrusted zone to a trusted zone.
What is a policy enforcement point (PEP)?
The policy enforcement point is a gatekeeper. All traffic must pass through the PEP to determine what traffic is allowed and blocked.
What is a Policy Decision Point?
The policy decision point is the process for making an authentication decision. (allow or block traffic coming from somewhere)
What is a Honeypot?
A honeypot is a way to attract attackers to your system and keep them stuck in the system to see what type of attacks they’re trying to use to attack the system.
Honeypots are not part of the production environment, but instead a virtual world build to attract attackers.
