Security+ 3 Flashcards
Certificate Issues : Expired Certificate = wasnt properly renewed .. Mismatched Names = when a dig. certificates name doesnt match the name of the server - this could occur because error in server config or site is fake.
Untrusted CAs = exercise extreme caution when seeing this warning anyone can make a certificate.
Revoked Certificate = means either owner or certificate authority believes certificate was compromised and no longer trusts it.
Cryptographic Errors = using weak cryptography.
Weak Algorithm avoid using DES/RC4; Weak Hash Functions avoid using MD4/MD5/SHA-1.
Wireless controllers can help with issues with devices having interference or placement etc …
Certificate Etc …
Request for Change (RFC) in change management includes : description of change, expected impact of change, risk assessment, rollback plan, identity of those involved, proposed schedule, affected configured items. Changes must be approved by relevant authorities. For major changes the CAB may review and approve the change. Routine changes may be pre-approved.
RFC
Minimization Principle : collect minimal info and store it only as long as it is needed.
Masking = removes portions of sensitive info to reduce its sensitivity.
Trusted OS = OS’s that have gone through accredited process by govt. agencies known as common criteria. Very few OS go through this process it only matters to very secure defense applications.
Configure all anti-malware software to report results directly to either a security info and event management system or a specialized malware solution. This will analyze the malware findings.
Send Application control logs to your SIEM or log repository for analysis. Apply patches to applications also.
Info …
Removable Media Control = can limit or block access to usb devices, can track all times user copies data to removable device. Send logs to SIEM or log repository for analysis.
DEP (Data Execution Prevention) = microsoft tech. that enforces specific restrictions on acceptable locations for executable code. DEP prevents attacks that attempt to execute code from space assigned to a process w/o permission of admin.
info …
MDM (Mobile Device Management) = manage security settings on many mobile devices simultaneously, admins may create and enforce policies from central console to apply to multiple devices. Allows remote wiping, and revoking users access to a device, prevents users from modifying security settings, disable the ability to remove storage of a device. Admins may use whitelist/blacklist approach to allow which apps can be used with devices. Some do storage segmentation : separating portions of device storage for business use, personal use, and sensitive use. Containerization = when sensitive info on device is contained and cant be accessed by outside apps etc … Content Management Controls = prevents use of sensitive info outside the controlled environment.
MDM …
Context-Aware Authentication : changes authentication requirements using real time risk assessment based on characteristics of users request and operating environment.
Geofencing technique when user is in physical location safe authentication can be more relaxed but in place deemed not safe authentication can be increased. Can go by type of request, specific device, privileged access rights, and user behavior.
Authentication Etc …
Mobile Device Tracking Steps for org. : Device Request, Ordering and Receiving, Initial Config., Device Assignment, Device Non-use.
Geotagging = to know location of user.
CYOD (Choose Your Own Device) : user selects which type of phone they want and then the company purchases and manages the phone for them.
COPE (Company Owned, Personally Enabled) = can customize phone to some extent based on what user wants.
mobile info …
Network Firewalls : hardware devices that regulate connections between 2 networks. IPS/IDS have host-based and network based; send host firewall and host IDS/IPS logs to SIEM or log repository for analysis.
File Integrity Monitoring = monitors any changes to a file system of an endpoint or server and reports those changes to an administrator for investigation. They do this by using cryptographic hash functions, by running every monitored file through a cryptographic hash function and keep the resulting hash in secure location. They do periodic checks and compare new hash values to old hash values to see if any changes were made. If some .exe change that should be alerted and dealt with. If patches were made then file alerts would be normal but no patches with alerts would cause suspicion.
info …
Fat Access Points : contain all hardware/software needed to operate a wireless network. Thin Access Points : rely on wireless controllers for configuration and to serve as boss of wireless network.
SSL works similar to TLS but is not as secure TLS is more secure.
video and voice communication should use TLS encryption when possible.
VoIP should use SRTP (Secure RTP). use NTPsec, use POP port 995, IMAP port 993, and SMTP port 465.
Encrypt email messages and attachments with S/MIME. Use DNSSEC to add digital sig.’s to DNS. Use LDAPs (Secure).
FTPS adds TLS … SFTP tranfers files over SSH. SCP command line file transfer SSH.
info
SSL/TLS accelerators : designed to complete the SSL/TLS handshaking process, when a device begins this process it hands over control to accelerator, completes handshake and returns control to CPU for handling remainder of session. Greatly improves performance.
HSMs = can create and manage encryption keys
info …