Security Applications and Devices

Question 1

Software Firewalls

Answer 1

Software application that protects a single computer from unwanted Internet traffic. Examples of these types of host-based firewalls are: Windows Firewall (Windows), PF and IPFW (OS X), and iptables (Linux). Many anti-malware suites also contain software firewalls

Question 2

Intrusion Detection System (IDS)

Answer 2

A device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack. Two types are a HIDS or Host-based IDS, and NIDS or Network based IDS.

NIDS can identify an attacker before he can perform a breach, while HIDS acts as a second layer of defense and take action at the endpoint level if the system is breached.

Question 3

HIDS

Answer 3

Host-based IDS looks at particular host-based behaviors (at the endpoint level) including what apps are utilized, what files are accessed, and what information is stored in the kernel logs.

HIDS analyzes logged files for signs of malicious activity, and allows you to examine historical data in order to determine activity patterns which are useful particularly to detect activity from experienced hackers who often vary their methods of intrusion to be more unpredictable and therefor less easily traced.

Question 4

NIDS

Answer 4

Network-based IDS examines the data flow between computers for unusual activity. Allows for a fast response as real-time data monitoring can trigger alerts.

Question 5

Security Information and Even Management - SEIM

Answer 5

A subsection of computer security services that brings together both NIDS and HIDS solutions that provide real-time analysis of security alerts generated by applications and network hardware.

Question 6

Signature-based Detection Method

Answer 6

A specific string of bytes triggers an alert.

Question 7

Policy-based Detection Method

Answer 7

Relies on a specific declaration of the security policy (i.e. “No Telnet Authorized”)

Question 8

Anomaly-based Detection Method

Answer 8

Analyzes the current traffic against an established baseline and trigger an alert if outside the statistical average.

Question 9

True Positive Alert

Answer 9

Malicious activity is identified as an attack.

Question 10

False Positive

Answer 10

Legitimate activity is identified as an attack.

Question 11

True Negative

Answer 11

Legitimate activity is identified as legitimate traffic

Question 12

False Negative Alert

Answer 12

Malicious activity is identified as legitimate traffic.

Question 13

IDS vs. IPS

Answer 13

Intrusion Detection Systems can only alert and log suspicious activity whereas an Intrusion Protection System can also stop malicious activity from being executed.

Question 14

Pop Up Blockers

Answer 14

Most web browsers have the ability to block Java Script created pop-ups.
Sometimes to allow a website to function, pop-ups need to be enabled.
Malicious actors could purchase ads through various networks.

Question 15

Data Loss Prevention - DLP

Answer 15

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
DLP can be in the form of software or hardware solutions.

Question 16

Endpoint DLP System

Answer 16

Software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurrence.

Question 17

Network DLP System

Answer 17

Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit.

Question 18

Storage DLP System

Answer 18

Software installed on servers in the datacenter to inspect the data at rest.

Question 19

Cloud DLP System

Answer 19

Cloud software as a service that protects data being stored in cloud services.

Question 20

BIOS and UEFI

Answer 20

Firmware that provides the computer instructions for how to accept input and send output.
BIOS - Basic Input Output Settings
UEFI - Unified Extensible Firmware Interface
BIOS and UEFI are used to reference similar things.

Question 21

Securing the BIOS

Answer 21

1. Flash the BIOS.
2. Use a BIOS password.
3. Configure the BIOS boot order, removing any unneeded devices.
4. Disable the external ports and devices.
5. Enable the secure boot option.

Question 22

Securing Removable Media Storage

Answer 22

Encrypt files on removable media.
Use technical limitations on computer systems and their use of USB and other removable media (e.g. disable USB ports).
Create administrative controls such as policies (e.g. company policy prohibiting copy/export of data to removable storage devices).

Question 23

Securing Network Attached Storage (NAS) and Storage Area Network (SAN)

Answer 23

Use data encryption.
Use proper authentication.
Log NAS access.

Question 24

Disk Encryption

Answer 24

Encryption adds security, but has lower performance.
Self-Encrypting Drive - Performs whole disk encryption by using embedded hardware.
Software encryption - Most commonly used type of encryption.
Trusted Platform Module (TPM) - Chip residing on the motherboard that contains an encryption key. If your motherboard doesn’t have TPM, you can use an external USB drive as a key.
Hardware Security Module (HSM) - Physical device that acts as a secure crypto-processor during the encryption process.

Question 25

Endpoint Analysis

Answer 25

``` Anti-virus Host-based IDS/IPS (HIDS/HIPS) Endpoint Protection Platform (EPP) Endpoint Detection and Response (EDR) User and Entity Behavior Analytics (UEBA) ```

Question 26

Endpoint Protection Platform

Answer 26

A software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption.

Question 27

Endpoint Detection and Response

Answer 27

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Question 28

User and Entity Behavior Analytics

Answer 28

A system that can provide automated identification of suspicious activity by user accounts and computer hosts. UEBA solutions are heavily dependent on advance computing techniques like AI and machine learning. Many companies are now marketing Advanced Threat Protection (ATP), Advanced Endpoint Protection (AEP), and NextGen AV (NGAV) which is a hybrid of EPP, EDR, and UEBA.

Question 29

Securing Wireless Devices

Answer 29

WiFi Protected Access 2 (WPA2) is the highest level of wireless security. AES - Advanced Encryptions Standard Bluetooth pairing creates a shared link key to encrypt the connection.

Question 30

Mobile Malware

Answer 30

Always update your phone's operating system. Only install apps from the official App Store or Play Store. Do not jailbreak/root device. Only load official store apps.

Question 31

SIM Cloning and ID Theft

Answer 31

SIM = Subscriber Identity Module Cloning allows two phone to utilize the same service and allows attacker to gain access to the phone's data. SIM v1 cards are easy to clone. SIM v2 is much harder. Be careful where you post phone numbers.

Question 32

Bluetooth Attacks

Answer 32

Bluejacking - Sending of unsolicited message to Bluetooth enabled devices. Sends information to a device. Bluesnarfing - Unauthorized access of information from a wireless device over a Bluetooth connection. Takes information from a device.

Question 33

Mobile Device Theft

Answer 33

Always ensure your device is backed up. Don't try to recover your device alone if it is stolen. Remote Lock - Requires PIN or password before someone can use the device. Remote Wipe - Remotely erases the contents of the device to ensure the information is not recoverable.

Question 34

Mobile App Security

Answer 34

Only install apps from office app stores. Use TLS for email apps. Employ an MDM solution. Turn location services off to ensure privacy. Geotagging should be considered when developing organization security policies.

Question 35

Bring Your Own Device

Answer 35

BYOD introduces a lot of security issues to consider. Use of Storage Segmentation is advised to create a clear separation between personal and company data on a single device. Using a MDM solution can prevent certain apps from being installed on the device.

Question 36

Hardening Mobile Devices

Answer 36

Update your device OS to the latest version. Install Antivirus. Train users on proper security and use of the device. Only install apps from the official app stores. Do not root or jailbreak your devices. Only use v2 SIM cards with your devices. Turn off all unnecessary features. Turn on encryption for voice and data. Use strong passwords or biometrics. Don’t allow BYOD. Ensure your organization has a good security policy for mobile devices.

Question 37

Hardening

Answer 37

The act of configuring an operating system securely by updating it, creating rules and policies to govern it, and removing unnecessary applications and services. Mitigate risk by minimizing vulnerabilities to reduce exposure to threats.