Section 3 Flashcards
What are the 3 types of IDS detection?
Signature
Policy
Anomaly/Statistical (They are the labeled either)
What are the types of DLP?
Hardware and Software
Where can DLP’s be placed?
On an endpoint
At the perimeter of the network
On the datacenter server
In the cloud
What is a BIOS?
Basic Input Output System
It’s firmware (software on a chip)
Modern BIOS is UEFI but people still call it a BIOS
How do we secure the BIOS?
Flash the BIOS (Make sure its up to date) Use a BIOS password Configure the boot order Disable external ports that aren't used Enable secure boot
How do you ensure confidentiality on storage devices?
Encrypt the drives
How can you protect from removable storage devices?
Use Removable Media Controls via group policy editor.
Also use administrative controls.
Use Network Attached Storage
What do you call a group of Network Attached Storage?
Storage Area Network
How do you protect your NAS?
Use Encryption
Use Authentication for access
Log NAS access
What are the two types of encryption? Give an example.
Hardware and Software
Hardware = Self encrypting drive or HSM Software = FileVault in Mac, BitLocker in Windows
What type of encryption do FileVault and BitLocker use?
AES
What are the 5 Endpoint analysis tools?
Anti-Virus Intrusion Detection Systems (HIDS/HIPS) Endpoint Protection Platform (EPP) Endpoint Detection Response (EDR) User Entity Behavioral Analytics (UEBA)
What is an EPP?
Software agent and monitoring. More focused on signature detection.
IDS/IPS
Firewall
DLP
File Encryption
What is EDR?
Software agent, collects system data, logs and monitors. Focused on behavioral analysis. Provides runtime and historical visibility.
What is UEBA?
Automated identification of suspicious activity via user accounts or endpoints. Needs a lot of data to start working. Dependent on AI and ML.
