Section 4: Security Applications and Devices Flashcards

1
Q

What are Firewalls?

A

Dedicated pieces of hardware sat at the edge of your network and control inbound/outbound traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do Firewalls control

A

Inbound / Outbound traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Personal Firewalls?

A

Software application that protects a single computer or server from unwanted internet traffic

  • also referred to as Host-Based Firewalls
  • apply set of rules or policies against inbound/outbound traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is port 80?

A

HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is port 443?

A

HTTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is port 22?

A

SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is port 23?

A

Tel Net

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Should you allow traffic from Port 80 & 443 on a personal computer?

A

No, there is no need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does Windows have a built-in Firewall?

A

Yes
- Windows Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 2 types of Windows Firewall?

A
  1. Basic
  2. Advanced
  • Windows Firewall with Advanced Security
  • wf.msc in cmd
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Does OS X have a built-in Firewall?

A

Yes
- PF (terminal version)
- Packet Filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Does Linux have a built-in Firewall?

A

Yes
- iptables
- configured from terminal using different accept / reject rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are Host-Based Firewalls?

A

Same as Personal Firewalls. Installed directly on the computer as a software application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Do Host-Based Firewalls need to be updated regularly?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do Host-Based Firewalls use up in a computer system?

A

Processing Power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Due to Host-Based Firewalls using Processing Power, what do most organisations rely on instead?

A
  1. Hardware Firewall
  2. Network Firewall
  • some routers have built-in firewalls
  • still a good practice to run personal software firewall and network based firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does an IDS do?

A

Intrusion Detection System

  • alerts and logs when a detection occurs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does an IPS do?

A

Intrusion Prevention (Protection) System

  • alerts, logs, and takes action against the intrusion
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is an IDS? (definition)

A

Device or software that monitors a system or network and analyses the data passing through it in order to identify an incident or attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the 2 different varieties of IDS?

A
  1. HIDS
    - Host-based IDS
  2. NIDS
    - Network-based IDS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a HIDS?

A

Host-based IDS
- usually a software
- installed on computer/server
- logs everything suspicious

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a NIDS?

A

Network-based IDS
- hardware installed on network
- traffic goes through that switch
- copy gets passed down to NIDS
- if suspicious, it logs and alerts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the 3 detection methods of IDS/IPS?

A
  1. Signature
  2. Policy
  3. Anomaly-based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How does Signature-based detection work?

A

A specific string of bytes trigger an alarm
- reads through database containing these strings and compares
- constantly searching for specific combination of letters/bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
How does Policy-based detection work?
Relies on specific security policy the user created i.e. No Telnet Authorised - if a system trying to connect to port 23, it will flag, log, and alert
26
How does Anomaly-based (or Statistically Anomaly Based Detection) work?
Analyses current traffic against an established baseline, and triggers an alert if it is outside the statistical average - e.g. monitoring a network - everyone is working 9.5 - but someone is downloading large amounts of data at 2am which is outside the normal baseline - it will be flagged & alerted
27
What are the 4 types of Alert?
1. True Positive 2. True Negative 3. False Positive 4. False Negative
28
What does True Positive mean?
The system is POSITIVE there is a threat and it is TRUE
29
What does True Negative mean?
The system does NOT think there is a threat, and it is TRUE (works as intended)
30
What does False Positive mean?
The system is POSITIVE that there is a threat but it is FALSE, there is no threat
31
What does False Negative mean?
The system does NOT think there is a threat, but it is FALSE, there is a threat and it was not detected.
32
Where does Host-based IDS (HIDS) saves logs?
On the individual's computer
33
What is a good practice to follow regarding HIDS which saves logs on the local machine?
Ensure that you have a syslog server and have those logs routinely get sent to a centralised server - prevents an attacker from modifying/deleting localised logs
34
What are HIDS logs used for after an attack?
To recreate the events of the attack - recreate a 'story' of how the attack happened etc
35
Can web-browsers block JavaScript created pop-ups?
Yes
36
Are pop-ups sometime required for a website to function?
Yes
37
How can malicious attackers use pop-up ads to their advantage?
Purchasing ads (pay per click) and inject them with malicious links/websites/code
38
What is a solution to ad pop-ups?
AdBlocker
39
What is a Content Filter?
It is a filter that can be enabled on a browser which blocks external files containing JavaScript, images, or web pages from loading in a browser
40
What is the best solution for securing yourself from pop-ups or external files containing malicious scripts, images etc?
Keep your browser and its extensions up to date
41
What is Data Loss Prevention (DLP)?
Software or Hardware that monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data
42
What is an Endpoint DLP system?
Software-based client that monitors the data in use on a computer and can help stop a file transfer or alert an admin of the occurrence
43
What are the 2 modes of DLP?
1. Detection Mode (doesn't prevent) 2. Prevention Mode
44
What is a Network DLP system?
Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit
45
What is a Storage DLP system?
Software installed on servers in the datacentre to inspect the data at rest
46
What is a Cloud DLP system?
Cloud software as a service (SaaS) that protects data being stored in cloud services
47
What are the 4 DLP solutions?
1. Endpoint DLP 2. Network DLP 3. Storage DLP 4. Cloud DLP
48
What is a BIOS? (Basic Input Output System)
Firmware that provides the computer with instructions of how to accept input and send output
49
What does UEFI stand for?
Unified Extensible Firmware Interface
50
How do you secure the BIOS?
1. Flash the BIOS 2. Use BIOS password 3. Configure BIOS boot order 4. Disable external ports and devices - i.e. parallel or serial ports 5. Enable Secure Boot Option
51
Should you always encrypt files on removable media?
Yes
52
What are Removable Media Controls?
Technical limitations placed on a system in regards to the utilisation of USB storage devices and other removable media - technical controls in your group policies by denying read and write access - create administrative controls such as policies
53
What is a Network Attached Storage (NAS)?
Storage device that connects directly to your organisation's network - NAS systems often implement RAID arrays to ensure high availability - they are like racks connected to on-prem servers
54
What is a Storage Area Network (SAN) ?
Network design specifically to perform block storage functions that may consist of NAS devices
55
How do you secure NAS properly?
1. Data encryption 2. Proper authentication 3. Log NAS access
56
What is Encryption?
Process that scrambles data into unreadable information - no one can read it except the person that holds the secret key - ensures confidentiality
57
What are the 2 types of encryption?
1. Hardware based 2. Software based
58
What is a Self-Encrypted Drive (SED - hardware) ?
Storage device that performs whole disk encryption using embedded hardware
59
What is the most common method of encryption?
Software
60
What is Mac OS software encryption called?
FileVault
61
What is Win OS software encryption called?
BitLocker
62
How does BitLocker work?
By using a hardware key residing on your motherboard called TPM
63
What is a Trusted Platform Module (TPM)?
Chip residing on the motherboard that contains an encryption key - if you transfer your encrypted drive to another system, you wont be able to decrypt it because you need the TPM module that holds the key
64
What is the encryption standard used by BitLocker and FileVault?
Advanced Encryption Standard (AES)
65
What is Advanced Encryption Standard (AES)?
Symmetric key encryption that supports 128-bit and 256-bit keys
66
What is the benefit of encryption?
Adds layer of security
67
What is the downside of encrypting a hard drive?
Speed and performance is sacrificed
68
What can you use to encrypt a hard drive to not affect speed and performance?
- File level encryption - Hardware based encryption (expensive)
69
What is Encrypting File System (EFS)
Method of individually encrypting specific files instead of the whole disk
70
What is a Hardware Security Module (HSM)?
Physical device that acts as a secure crypto-processor during the encryption process or during digital signing
71
What does Endpoint Analysis include?
1. Monitoring 2. Logging 3. Analysis of your endpoints
72
What is an Endpoint?
Any device used to connect to your network
73
What are Endpoint Security Solutions used for Analysis?
1. Antivirus 2. Host IDS, Host IPS (HIDS & HIPS) 3. Endpoint Protection Platform (EPP) 4. Endpoint Detection Response Platform (EDR) 5. User and Entity Behaviour Analytics (UEBA)
74
What is an AntiVirus?
A software solution capable of detecting and removing virus infections
75
What is a Host Based IDS/IPS?
Type of IDS or IPS that monitors a computer system for unexpected behaviour or drastic changes to the system's state of an endpoint - uses File System Integrity Monitoring - Sees if changes occurred in: - OS files, drivers, applications
76
What is an Endpoint Protection Platform (EPP)
Software agent and monitoring system that performs multiple security tasks such as AV, HIDS/HIPS, firewall, DLP, and file encryption - Swiss army of sec tools - based on signature detection
77
What is an Endpoint Detection and Response (EDR)?
Software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats - based on behaviour and anomaly analysis - aim is to provide runtime and historical visibility into a compromise - best for incident response
78
What is a User and Entity Behaviour Analytics (UEBA)?
A system that can provide automated identification of suspicious activity by user accounts and computer hosts - more about process of analysing data you are getting - anything outside of the baseline it established can be considered suspicious
79
What are 2 UEBA solutions?
1. Microsoft Advanced Threat Analytics 2. SPLUNK