Section 2: Key Concepts, Identification and Authorization Flashcards
5 things that would make you’re information insecure.
- Not applying security patches or app updates to your system
- using weak passwords such as ‘password”
- Downloading programs from the internet
- Opening email attachments from unknown senders
- Using wireless networks without encryption
4 examples of ways confidentiality could be compromised (ATM example)
- You could lose your laptop containing data
- Someone could look over your shoulder while you enter the password.
- You could send an email attachment to the wrong person
- Attackers could penetrate your system
Two things needed to maintain integrity
- you need to have the means to prevent unauthorized changes to your data
- you need the ability to reverse unwanted authorized changes.
When is integrity particularly important?
when it concerns data that provides the foundation for other decisions
4 examples of things that may cause you to lose availability of your data.
- power loss
- operating system or application problems
- network attacks
- a compromised system
What is it called when an outside party like an attacker causes availability issues.
a DoS attack
(Denial of Service)
What 6 principles make up the Parkerian Hexad?
- Confidentiality
- Integrity
- Availability
- Possession / Control
- Authenticity
- Utility
How is Integrity defined differently in the Parkerian Hexad model than it is in the CIA Triad.
In Parkerian Hexad, integrity doesn’t account for authorized but incorrect modification of data. The data must be whole and completely unchanged from its previous state.
IF you send an email message that’s altered so it appears to have come from a different email than the one it was sent from, which Parkerian Hexad principle was violated?
Authenticity
Which principle of the Parkerian Hexad isn’t necessarily binary in nature?
Utility
What are the 4 categories of attacks?
- Interception
- Interruption
- Modification
- Fabrication
What type or types of attacks primarily affect Confidentiality?
(CIA Triad)
Interception
What type or types of attacks primarily affect Integrity?
(CIA Triad)
- Interruption
- Modification
- Fabrication
What type or types of attacks primarily affect Availability?
(CIA Triad)
- Interruption
- Modification
- Fabrication
What are interception attacks?
1.
2.
3.
- Unauthorized file viewing or copying
- Eavesdropping on phone conversations
- Reading someone else’s email
What kind of data can interception attacks be conducted?
Data at rest and data in motion
Where is data at rest usually stored?
- hard drive
- flash drive
- database
(Can be more)
What kind of protection does data at rest usually have?
some sort of encryption, often at the level of the file or the entire storage device
What kind of protection does data in motion usually have?
encryption, but the encryption protects the network protocol or path used to move data from one place to another lol.
What kind of protections surround data in use?
Permissions and authentication of users
What are interruption attacks?
They make your assets unusable or unavailable either temporarily or permanently
What are modification attacks?
Involve tampering with an asset
What are Fabrication Attacks?
Involve generating data, processes, communications, or other similar material.
What is a threat?
Something that has the potential to cause harm and tends to be specific to certain environments
What is vulnerability?
Weaknesses, or holes that threats can exploit to cause you harm.
What do you need to have risk in an environment?
You must have both a threat and a matching vulnerability that that the threat could exploit.
What are the 5 steps of the risk management process?
- Identify Assets
- Identify Threats
- Assess Vulnerabilities
- Assess Risks
- Mitigate Risks
How would you identify your assets?
Enumerate your assets and evaluate the importance of each one.
Once you’ve identified assets in use, decide which ones are critical business assets.
How would you determine which assets are critical to conducting business?
Generally would require the input of functions that make sue of that asset, those that support the asset itself, and potentially other parties as well.
How would you Identify threats?
After enumerating critical business assets, you can begin to identify threats that might affect them.
What 2 frameworks can be used to assess threats against business critical assets?
- CIA Triad
- Parkerian Hexad
How would you assess vulnerabilities?
Should be done in the context of potential threats.
Any asset can have millions of threats but only a small number will be relevant
How should you assess risks?
Once you’ve identified threats and vulnerabilities for a given asset, you can assess overall risk.
You MUST have a matching threat and vulnerability to have a risk.
What 3 categories are controls divided into?
- physical
- logical
- administrative
What kind of control would a lock be?
physical
what kind of control would a camera be?
physical
what kind of control would heating and air conditioning be?
physical
what kind of control would a backup power generator be?
physical
Logical controls are also called what?
tehchnical controls.
what kind of control is a password?
logical
what kind of control is encryption?
Logical
what kind of control are access controls?
logical
what kind of control is an intrusion detection system?
logical
what do logical controls do?
enable you to prevent unauthorized activities.
which kind of control, if implemented properly and is successful, would an attacker or unauthorized user be unable to access your applications and data without subverting the controls?
logical
what do administrative controls represent?
authority
Administrative controls are useless without what?
The authority or ability to ensure that people comply with your controls.
They can actively harm you by giving you a false sense of security.
Incident response process consists of what 6 things?
- Preparation
- Detection and analysis
- Containment
- Eradication
- Recovery
- Post-incident activity
Preparation phase of an incident response consists of what?
All of the activities you can perform ahead of time to better handle an incident.
What activities are typically involved in preparation of an incident response?
- Creating policies and procedures that govern indecent response and handling
- Conducting training and education for both incident handlers and those who are expected to report incidences
- Developing and maintaining documentation.
What is the detection and analysis phase?
(3)
Where action begins in an incident response. This is where you:
- Detect an issue
- Decide whether it’s actually an incident
- Respond appropriately
What are the common detection tools you’ll use? (6)
- IDS (Intrustion detection system)
- AV (Antivirus) software
- Firewall logs
- Proxy logs
- Alerts from a security information and event monitoring (SIEM) tool
- Managed security service provider (MSSP)
The analysis portion of detection and analysis in incident response is often a combination of what? (2)
Automation from a tool or service, usually a SIEM tool, and human judgment.
What might human intervention looks like in analyzing incidences?
- A review of logs output by various security, network and infrastructure devices.
- Contact with the party who reported the incident
- General evaluation of the situation.
What is Containment in incident response?
Taking steps to ensure that the situation doesn’t cause any more damage than it already has—or at least lessen any ongoing harm.
What is eradication in incident response?
Attempt to remove the effects of the issue from your environment.
What is recovery in incident response?
Recover the state you were in prior to the incident.
What is post-incident activity?
You’ll attempt to determine specifically what happened, why it happened, and what you can do to keep it from happening again.
What is defense in depth?
Formulate a multilayered defense that will allow you to still mount a successful resistance should one or more of your defensive measures fail.
What is the lowest standard of defenses you would want?
- Data
- Applications
- Host
- Internal network
- External network
What is the goal of defense in depth?
To place enough defensive measures between your truly important asses and the attacker so that you’ll notice that an attack is in progress and have enough time to prevent it.
What is insufficient entropy?
Not enough unpredictability
What are 6 defensive measures for external networks?
- DMZ (Demilitarized zone—subnetwork containing an organizations exposed outward facing services. Acts as the exposed point to an untrusted network)
- VPN
- Logging
- Auditing
- Penetration testing
- Vulnerability analysis
Name 7 defensive measures of network perimeters.
- Firewalls
- Proxy
- Logging
- State full packet inspection
- Auditing
- Penetration testing
- Vulnerability analysis
Name 6 defensive measures for internal networks
- IDS (Intrusion detection system)
- IPS (Intrusion prevention system)
- Logging
- Auditing
- Penetration testing
- Vulnerability Analysis
Name 11 defensive measures for hosts.
- Authentication
- Antivirus
- Firewall
- IDS (Intrusion detection system)
- IPS (Intrustion protection system)
- Passwords
- Hashing
- Logging
- Auditing
- Penetration testing
- Vulnerability analysis
Name 6 defensive measures for applications
- SSO (Single sign on)
- Content filtering
- Data validation
- Auditing
- Penetration testing
- Vulnerability analysis
Name 5 defensive measures for data
- Encryption
- Access controls
- Backups
- Penetration testing
- Vulnerability analysis
Areas of Information Security (8)
- Security and risk management
- Asset security
- Security architecture and engineering
- communications and network security
- identity and access management
- security assessment and testing
- security operations
- software development security
Implicit deny is what?
Common in network security
An ACL rule that blocks all traffic that hasn’t been explicitly allowed via another acl rule.
ACL= Access Control List
What is FISMA (Federal Information Security Act)?
US law that puts together information security framework that government organizations must follow
What is the Gramm-Leach-Bliley Act?
If you’re a financial institution—you must explain your information sharing activities with customer data and making sure you safeguard that data.
How are you proactively securing that Data
What is Due Care?
Often called the “prudent man” rule.
Doing what any responsible person would do, in other works implementing a security measure to mitigate against certain risks.
What is due diligence?
Essentially the management of due care.
Ensuring the implemented security measure was done correctly.
What is gross negligence?
The opposite of due care.
If you’re not performing due care, or what a “prudent man” would do, and you suffer a negative loss, you could be held legally liable, I.e. you acted with gross negligence.