Security Concepts

Question 1

What is the CIA Triad?

Answer 1

Confidentiality
Integrity
Availability

Question 2

What does confidentiality mean in the CIA triad?

Answer 2

Prevent disclosure of information to unauthorized individuals or systems

-Encryption
-Access Controls
-Two Factor Authentication

Question 3

What does Integrity mean in the CIA triad?

Answer 3

Messages can’t be modified without detection

-Hashing (map data of arbitrary length to data of a fixed length)
-Digital Signatures
-Certificates
-Non repudiation (Proof of identity)

Question 4

What does Availability mean in the CIA triad?

Answer 4

Systems and networks must be up and running

-Redundancy (Build services that will always be available)
-Fault tolerance (System will run even when failure occurs)
-Patching

Question 5

What are the main functions of a hash?

Answer 5

Represents data as a short string of text (Like a fingerprint)
Verifies that data has not changed.
Does not verify that the person that sent the data is correct.
One character change in data can change the hash drastically

Question 6

What is Identification, Authentication, Authorization, and Accounting (AAA Framework)?

Answer 6

Identification
- This is who you claim to be (Username)

Authentication
- Prove you are who you say you are (Password and other authentication factors)

Authorization
- Based on your identification and authentication, what access do you have.

Accounting
- Resources used: Login time, data sent and received, logout time.

Question 7

How do device certificates work?

Answer 7

• An organization will have a CA (Certificate Authority)
• The organization creates a certificate for a device and signs it by the CA
• When a device logs onto an org’s systems, compare the two certificates; if the device certificate was signed by the CA, then allow access

Question 8

What is Zero Trust

Answer 8

Everything must be verified

-Nothing is inherently trusted.
-Multi-factor authentication, encryption, additional firewalls, monitoring and analytics

Question 9

What is the Data plane when it comes to zero trust

Answer 9

Process the frames, packets, and network data

-Switch, router, firewall

Question 10

What is the Control plane when it comes to zero trust

Answer 10

Manages the actions of the data plane

-Define policies and rules
-determines how packets should be forwarded
-routing tables, session tables, NAT tables

Question 11

PEP

Answer 11

Policy Enforcement Point

-Gatekeeper
-Everything must pass through the PEP
-The step between an untrusted system and a resource
-Allow, monitor, and terminate connections

Question 12

PDP

Answer 12

Policy Decision Point

-The process for making an authentication decision
-Policy Engine (Evaluates access deciosions based on policy and other information sources)
-Policy Administrator (Generates access toklens or credentials, communicates with the PEP)

Question 13

HoneyPots

Answer 13

Attracts attackers and keeps them involved in those systems

Virtual world to explore
Usually attracts bots

Question 14

HoneyNet

Answer 14

Virtualized Network of HoneyPots

-Servers
-Workstations
-routers
-Firewalls

Question 15

HoneyFile

Answer 15

A fake file that has fake information that would look importatnt to an attacker

-Password.txt
-Set alarms to these files

Question 16

HoneyToken

Answer 16

Traceable Data in the Honeynet (If stolen you will know where it came from)

-API Credentials
-Fake Email Addresses
-Database records, browser cookies