Section 5 Flashcards
What is business continuity planning
refers to the plans you put in place to ensure that critical business functions can continue in a state of emergency
What is disaster recovery planning
refers to the plans you put in place to prepare for a potential disaster, including what exactly to do during and after a disaster strikes, such as evacuation routes posted on maps throughout the facility or signage indicating meeting places in the case of an evacuation.
What are deterrent measures
aim to discourage those who might violate your security
What are detective measures
alert you to potential intrusions
What are preventive controls
physically prevent intrusions from taking place.
What is network segmentation
divide it into multiple smaller networks called subnets. You can control the flow of traffic between subnets, allowing or disallowing it based on a variety of factors or even blocking the flow of traffic entirely if necessary.
What are network chokepoints
locations where you can inspect, filter, and control the traffic.
What is packet filtering
the firewall looks at the contents of each packet in the traffic individually and either allows or disallows it based on the source and destination IP addresses, the port number, and the protocol being used.
What are deep packet inspection firewalls
they can analyze the actual content of the traffic that flows through them. deep packet inspection firewalls can reassemble the contents of the traffic to see what it will deliver to the application for which it’s destined.
What is a demilitarized zone (DMZ)
a layer of protection that separates a device from the rest of a network.
What are signature-based IDS
They maintain a database of the signatures that might signal an attack and compare incoming traffic to those signatures.
What are anomaly-based IDS
work by determining the normal kinds of traffic and activity taking place on the network. They then measure the present traffic against this baseline in order to detect patterns that aren’t present in the traffic normally
What are packet crafting attacks
use packets of traffic that carry attacks or malicious code but are designed to avoid detection by IDS, firewalls, and other similar devices.
What are the 2 terms for client and server when talking about VPNs
the VPN client application and the VPN concentrator
What are rogue access points
unauthorized wireless access points
What are the 2 different types of scanners
port scanners and vulnerability scanners
What are honeypots
look legitimate but are fake and display vulnerabilities or materials that would be attractive to an attacker. Able to see all activity
What are honeypots
look legitimate but are fake and display vulnerabilities or materials that would be attractive to an attacker. Able to see all activity of attacker. networks of honeypots are called honeynets
What are honeynets
networks of honeypots with some sort of centralized instrumentation for monitoring all of the honeypots
What is Scapy
a tool used to map the topology of firewalls and help you locate vulnerabilities in them
What is Scapy
a tool used to map the topology of firewalls and help you locate vulnerabilities in them as well as specially crafting ICMP packets to evade some of the normal measure put in place to prevent you from seeing devices behind firewalls
What is the attack surface
the sum of available avenues though which your OS might be attacked
What are the six primary means of OS hardening
remove unnecessary software, remove unneeded services, alter default accounts, use principles of least privilege, perform updates, implement logging and auditing
What is executable space protection
a technology that prevents the OS and apps from using certain portions of the memory to execute code.
What is address space layout randomization (ASLR)
a technique that shifts the contents of the memory in used around so that tampering with it is even more difficult
What is a buffer overflow attack
works by inputting more data than an application is expecting and then the leftover data is put into memory which can be executed as malware