Security concepts in enterprise environment Flashcards

1
Q

Configuration management

A

Diagrams
Baseline configuration
Standard naming conventions
Internet protocol (IP) schema

The process through which an organization’s information systems components are kept in a controlled state that meets the organization’s requirements, including those for security and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Diagrams

A

Diagrams are the best way to capture the complex relationships between network elements. Diagrams can be used to show how CIs are involved in business workflows, logical (IP) and physical network topologies, and network rack layouts. Remember, it is not sufficient simply to create the diagram, you must also keep the diagram up to date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Baseline configuration

A

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.
A baseline configuration is the template of settings that a device, VM instance, or other CI was configured to, and that it should continue to match. You might also record performance baselines, such as the throughput achieved by a server, for comparison with monitored levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Standard naming conventions

A

A Configuration Item (CI) is an asset that requires specific management procedures for it to be used to deliver the service. Each CI must be identified by some sort of label, ideally using a standard naming convention. CIs are defined by their attributes and relationships, which are stored in a configuration management database (CMDB).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internet protocol (IP) schema

A

The Internet addressing scheme consists of Internet Protocol (IP) addresses and two special cases of IP addresses: broadcast addresses and loopback addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data sovereignty

A

In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.

Refers to a jurisdiction preventing or restricting processing and storage from taking place on systems do not physically reside within that jurisdiction. Data sovereignty may demand certain concessions on your part, such as using location-specific storage facilities in a cloud service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data protection

A
Data loss prevention (DLP)
Masking
Encryption
At rest
In transit/motion
In processing
Tokenization
Rights management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data loss prevention (DLP)

A

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Automate the discovery and classification of data types and enforce rules so that data is not viewed or transferred without a proper authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Masking

A

A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.

Can mean that all or part of the contents of a field are redacted, by substituting all character strings with “x” for example. A field might be partially redacted to preserve metadata for analysis purposes. For example, in a telephone number, the dialing prefix might be retained, but the subscriber number redacted. Data masking can also use techniques to preserve the original format of the field. Data masking is an irreversible deidentification technique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Encryption

A

Applying encryption at the table, field, or record level via a database management system rather than via the filesystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

At rest

A

Information that is primarily stored on specific media, rather than moving from one medium to another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In transit/motion

A

Information that is being transmitted between two hosts, such as over a private network or the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In processing

A

Information that is present in the volatile memory of a host, such as system memory or cache.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tokenization

A

A deidentification method where a unique token is substituted for real data.

Means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate to the production database. An authorized query or app can retrieve the original value from the vault, if necessary, so tokenization is a reversible technique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Rights management

A

Information Rights Management (IRM) feature in their Office productivity suite, SharePoint document collaboration services, and Exchange messaging server. IRM works with the Active Directory Rights Management Services (RMS) or the cloud-based Azure Information Protection. These technologies provide administrators with the following functionality:

Assign file permissions for different document roles, such as author, editor, or reviewer.
Restrict printing and forwarding of documents, even when sent as file attachments.
Restrict printing and forwarding of email messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Geographical considerations

A

Geographic access requirements fall into two different scenarios:

Storage locations might have to be carefully selected to mitigate data sovereignty issues. Most cloud providers allow choice of data centers for processing and storage, ensuring that information is not illegally transferred from a particular privacy jurisdiction without consent.
Employees needing access from multiple geographic locations. Cloud-based file and database services can apply constraint-based access controls to validate the user’s geographic location before authorizing access.

17
Q

Response and recovery controls

A

Response and recovery controls refer to the whole set of policies, procedures, and resources created for incident and disaster response and recovery. These controls are critical to cybersecurity, but they become increasingly difficult to provision at scale. Effective response and recovery depend heavily on how well-organized IT systems are at the site level. Without effective organizational policies to govern change and configuration management, response and recovery is much harder.

18
Q

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection

A

While the acronym SSL is still used, the Transport Layer Security versions are the only ones that are safe to use. A server can provide support for legacy clients, but obviously this is less secure. For example, a TLS 1.2 server could be configured to allow clients to downgrade to TLS 1.1 or 1.0 or even SSL 3.0 if they do not support TLS 1.2.

A downgrade attack is where a man-in-the-middle tries to force the use of a weak cipher suite and SSL/TLS version.

TLS version 1.3 was approved in 2018. One of the main features of TLS 1.3 is the removal of the ability to perform downgrade attacks by preventing the use of unsecure features and algorithms from previous versions. There are also changes to the handshake protocol to reduce the number of messages and speed up connections.

19
Q

Hashing

A

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

20
Q

API considerations

A

HTTP is now used less to serve static web pages, and more to create web applications, often as part of a cloud product. An enterprise might use both public web applications over the Internet and private ones. The primary means of configuring and managing a web application is via its application programming interface (API). For example, an application might allow a user account to be created via a URL:

https://example.foo/api/users?api_key=123456

The developer uses the POST method to submit data to the URL with the required parameters coded into the request body, often in JavaScript Object Notation (JSON).

21
Q

Site resiliency

A

Hot Site
Cold Site
Warm Site

Enterprise-level networks often provision resiliency at the site level. An alternate processing or recovery site is a location that can provide the same (or similar) level of service. An alternate processing site might always be available and in use, while a recovery site might take longer to set up or only be used in an emergency.

Operations are designed to failover to the new site until the previous site can be brought back online. Failover is a technique that ensures a redundant component, device, application, or site can quickly and efficiently take over the functionality of an asset that has failed.

22
Q

Hot Site

A

A fully configured alternate network that can be online quickly after a disaster.

23
Q

Cold Site

A

A predetermined alternate location where a network can be rebuilt after a disaster.

24
Q

Warm Site

A

A location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

25
Q

Deception and disruption

A
Honeypots
Honeyfiles
Honeynets
Fake telemetry
DNS sinkhole
26
Q

Honeypots

A

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.

27
Q

Honeyflies

A

a honeyfile, which is convincingly useful, but actually fake, data. This honeyfile can be made trackable, so that when a threat actor successfully exfiltrates it, the attempts to resuse or exploit it can be traced.

28
Q

Honeynets

A

Honeynet is an entire decoy network. This may be set up as an actual network or simulated using an emulator.

29
Q

Fake telemetry

A

Deception strategy that returns spoofed data in response to network probes.

30
Q

DNS sinkhole

A

Temporary DNS record that redirects malicious traffic to a controlled IP address.