Security+ 1 Flashcards
Civil law : anything not addressed by criminal law like liability claims, estate probate, contractual disputes etc. Do not equate jail time and must be handled by legislative body, but monetary damages and that someone perform or refrain from an action are possible.
Administrative Law : facilitate effective government.
Private Regulations : compliance is often required by contract. ex : PCIDSS.
FISMA : law that governs information security matters for federal agencies and govt. contractors. It requires creation of security programs of fed. govt. and provides details on controls necessary to run systems categorized by FISMA high, FISMA Moderate, and FISMA low.
Law Etc …
Security Frameworks : collection of standards and practices designed to form a solid approach to information security. They are high level and often focused on identifying risks and responding to attacks.
Reference Architectures : description of specific controls that would achieve an org.’s security objectives. Go into details of how to create secure environment.
NIST CyberSecurity Framework : provides a common language for managing and describing cybersecurity risk, helps identify and prioritize actions to reduce and manage risk that remains. Aligns security actions across control types : policy, business, technical controls.
Security Frameworks Etc …
Baseline Security : Standard Elements = administered by a named individual, protect against unauthorized access, doesnt jeopardize other systems or data, remains under positive control, complies w/data security requirements. System configuration managers automate policy deployment. Monitor the baselines is crucial.
Any change to baseline should include documentation of impact of change on confidentiality, integrity and/or availability of systems and info. or impact on compliance w/other requirements.
Baseline Security …
Defense in Depth : org.’s should use multiple overlapping security controls to achieve each of their security objectives. Eavesdropping prevention : encryption through VPNs, encryption at application layers like HTTPS w/TLS, segmentation w/VLANs. Access Control : network access control, role appropriate VLANs, MAC address filtering, port security. Perimeter : stateful inspection firewall, router access control lists, IPS …
Defense of Depth
Control Type Diversity : using controls from different categories to achieve the same control objective; have Technical Controls (ex : DLP, monitoring, content filtering), Administrative Controls (ex : background checks, NDAs, training), Physical Controls (ex : security guards, etc).
Vendor Diversity : when using 2 different vendors like firewall brands one might be prone to flaw in security another may not, so having 2 firewalls up to protect network would be safer than choosing same vendor of firewall and both having flaw in security.
Control Type / Vendor Diversity …
Data Classification Policies : assign info into categories called classifications, that determine storage, handling and access requirements. Have high low and Med levels of sensitivity and categorized as public and private info. And also based on criticality of info. Be able to dispose of information including HDDs etc …
Compliance Programs : ensure org.’s info security controls are consistent w/laws, regulations and standards that govern the org.’s activities. Org. should perform gap analysis to see where they need to improve on their compliances.
info …
Internet Zone : protects networks and the outside world (firewall). Intranet Zone : end point systems, wireless networks, guest networks, data center networks, etc … DMZ Zone : place systems that must accept connections from outside world.
Extranets : intranet segments accessible by outside parties. Ad Hoc Networks : temporary networks that may bypass security controls.
PAT : allows multiple systems to share same public IP address, assigns unique ports to each communication.
info …
Configuring VLANs : must enable VLAN trunking and this allows switches on different networks to carry the same VLANs; second assign switchports to
VLANs to connect to appropriate VLAN for the user of the device connected to that port. Switching tech. takes care of rest enforcing network segmentation.
Aggregation switch : connect downstream access switches to each other. SPAN ports receive a copy of all traffic seen on switch.
info …
Security Information and Event Management : gather info using collectors, analyze info w/centralized correlation engine, place collectors near systems generating records, place correlation engine in secure location.
Proxy servers and content filters typically belong in the DMZ.
SSL Accelerators : handle difficult cryptographic work of setting up TLS connections.
info …
SDN : allows network admins to treat functionality and implementation details of network as separate and distinct functions. Control Plane : responsible for making routing and switching decisions. Data plane : responsible for carrying out instructions of control plane. SDN separates control plane from data plane, instead of each switch and router making independent decisions on how to route packets these decisions come from an SDN controller. Makes network programmable.
SDN
