Security Applications & Devices Flashcards

1
Q

IDS & IDS Alerts

A

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Network-based
Signature, Policy, Anomaly-based

True Positive: Malicious activity is identified as an attack
False Positive: Legitimate activity is identified as an attack
True Negative: Legitimate activity is identified as legitimate traffic
False Negative: Malicious activity is identified as legitimate traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DLP & 3 Types of DLPs

A

Data Loss Prevention (Software or Hardware):
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS)

Network DLP System
Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit

Storage DLP System
Software installed on servers in the datacenter to inspect the data at rest

Cloud DLP System
Cloud software as a service that protects data being stored in cloud services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Securing BIOS

A
  1. Flash the BIOS
  2. Use a BIOS password
  3. Configure the BIOS boot order
  4. Disable the external ports and devices
  5. Enable the secure boot option
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Securing NAS/SAN

A
  1. Use data encryption
  2. Use proper authentication
  3. Log NAS access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SED

A

Self-Encrypting Drive:
Storage device that performs whole disk encryption by using embedded hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Disk Encryption Software

A

Apple: FileVault
Windows: BitLocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TPM

A

Trusted Platform Module:
Chip residing on the motherboard that contains an encryption key

If your motherboard doesn’t have TPM, you can use an external USB drive as a key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HSM

A

Hardware Security Module:
Physical devices that act as a secure cryptoprocessor during the encryption process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

EPP

A

Endpoint Protection Platform:
A software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

EDR

A

Endpoint Detection & Response:
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Doesn’t use signature-based protection
Behavioral analysis, ML, process monitoring
Lightweight agent on the endpoint
Root cause analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

UEBA

A

User & Entity Behavior Analytics:
A system that can provide automated identification of suspicious activity by user accounts and computer hosts

UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence (AI) and machine learning

Many companies are now marketing advanced threat protection (ATP), advanced endpoint protection (AEP), and NextGen AV (NGAV) which is a hybrid of EPP, EDR, and UEBA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly