Section 2.5 Flashcards
what are some ways to segment the network?
Network segmentation can happen through physical segmentation, VLANs, or virtual networks.
What are some reasons for segmenting the network?
- Increased performance
- Increased security
- Due to compliance
What is an ACL?
ACL stands for Access Control Lists. This provides a way to allow or disallow traffic through the network or OS.
What is EFS?
EFS is the Encrypted File System capability that’s part of the Windows system.
What is FDE?
FDE stands for Full Disc Encryption. An example of it is Bitlocker.
What is a SIEM?
SIEM stands for Security Information and Event Manager. It’s a security solution that provides real time analysis, monitoring and management of security related data from various sources.
What is a posture assessment?
A posture assessment checks the system to make sure the latest security patches have been updated (such as OS Patch, EDR (Endpoint Detection and Response) version, etc)
What is an EDR?
EDR stands for Endpoint Detection and Response.
EDR can detect a threat through signatures, behavioral analysis (watching what the user or application does), machine learning, process monitoring and more.
In addition it investigates threats to perform a root cause analysis of the threat.
Lastly, if the EDR recognizes malicious code, EDR will isolate the system, quarantine the threat and rollback to a previous configuration.
What is a Host-based Firewall?
A host based firewall is a software based firewall that is installed in each individual system. This way each system can configure what traffic to allow and disallow.
Although, the host based firewall is installed in each system, it can be managed from a central point as well.
What is HIPS?
HIPS stands for Host-based Intrusion Prevention System and it’s used to recognize and block known attacks, secure OS and application configs, validate incoming traffic, etc.
