Security Applications & Devices

Question 1

IDS & IDS Alerts

Answer 1

Intrusion Detection System:
Passively monitors network and alerts/identifies attacks
HIDS = Host-based | NIDS = Network-based
Signature, Policy, Anomaly-based

True Positive: Malicious activity is identified as an attack
False Positive: Legitimate activity is identified as an attack
True Negative: Legitimate activity is identified as legitimate traffic
False Negative: Malicious activity is identified as legitimate traffic

Question 2

DLP & 3 Types of DLPs

Answer 2

Data Loss Prevention (Software or Hardware):
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS)

Network DLP System
Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit

Storage DLP System
Software installed on servers in the datacenter to inspect the data at rest

Cloud DLP System
Cloud software as a service that protects data being stored in cloud services

Question 3

Securing BIOS

Answer 3

1. Flash the BIOS
2. Use a BIOS password
3. Configure the BIOS boot order
4. Disable the external ports and devices
5. Enable the secure boot option

Question 4

Securing NAS/SAN

Answer 4

1. Use data encryption
2. Use proper authentication
3. Log NAS access

Question 5

SED

Answer 5

Self-Encrypting Drive:

Storage device that performs whole disk encryption by using embedded hardware

Question 6

Disk Encryption Software

Answer 6

Apple: FileVault
Windows: BitLocker

Question 7

TPM

Answer 7

Trusted Platform Module:
Chip residing on the motherboard that contains an encryption key

If your motherboard doesn’t have TPM, you can use an external USB drive as a key

Question 8

HSM

Answer 8

Hardware Security Module:

Physical devices that act as a secure cryptoprocessor during the encryption process

Question 9

EPP

Answer 9

Endpoint Protection Platform:
A software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption

Question 10

EDR

Answer 10

Endpoint Detection & Response:
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Doesn’t use signature-based protection
Behavioral analysis, ML, process monitoring
Lightweight agent on the endpoint
Root cause analysis

Question 11

UEBA

Answer 11

User & Entity Behavior Analytics:
A system that can provide automated identification of suspicious activity by user accounts and computer hosts

UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence (AI) and machine learning

Many companies are now marketing advanced threat protection (ATP), advanced endpoint protection (AEP), and NextGen AV (NGAV) which is a hybrid of EPP, EDR, and UEBA