Security Apps Flashcards
What’s a personal firewall ?
Network firewall?
Software apps protecting your computer from unwanted internet traffic.
What’s an IDS?
Intrusion Detection System.
A device/software that analyses all data passing through it trying to identify attacks, logging and alerting on anything suspicious.
(HIDS and NIDS)
Signature based detection methods?
Where system looks for a specific string of bytes to alert.
Policy based detection?
Relies on specific declarations from security policy
e.g company might not allow use of Telnet.
Anomaly based detection ?
Analyses current traffic against an established baseline and triggers an alert if outside the statistical average.
E.g if employees work from 9-5 then a large download happens at 2 in the morning it would get flagged.
Alerts True positive... True negative... False positive... False negative...
True positive = when ids correctly identifies an attack
True negative= when ids correctly identifies legitimate traffic
False positive=when ids misidentifies legit activity as an attack
False negative= when ids misidentifies an attack as legit.
What’s an IPS?
Intrusion Prevention System.
Functions as a IDS but can also stop malicious activity being executed.
What are the logs from an IDS used for?
Used to recreate the events after an attack so we can learn from it and how to stop that attack next time.
BIOS and UEFI
What’s flashing the bios?
-Basic Input Output System
Firmware that tells a computer instructions for how to accept input and send output.
-Unified Extensible Firmware Interface(same +)
Controls things like boot order.
Does only basic tasks.
Flashing = updating
Removable media controls
Technical limitations placed on a system against the USB port and other hardware devices.
NAS system
-Network Attached Storage
Storage devices connected directly to the network (Hardware room in office cliche hacker room.)
NAS systems implement RAID arrays for good availability.
SAN
Storage Area Network
-network designed to perform block storage functions consisting of NAS devices combined.
How to Secure a NAS system.
- Use data encryption (full disk data encryption)
- Use proper authentication
- Log NAS access (helps figure out past breaches)
What’s Encryption?
Some software based encryption?
What’s TPM?
Encryption = scrambled data into unreadable information without key.
Hardware based= self encrypting drive (SED) but expensive
Software based= (majority use) e.g FileVault,Bitlocker.
All encryption requires a key to read.
TPM is a hardware chip on a computers motherboard containing encryption key.
What’s AES?
Advanced Encryption Standard
Symmetric key encryption that supports 128 bit and 256 bit keys
BUT full disk encryption lowers performance of your system, so people may rely on file level encryption (EFS)
Also hardware based encryption is faster because the hardware is designed for encrypting
(Hardware Security Module HSM- secure hardware acting as a secure cryptoprocessor)
