Security Domain Flashcards
I: SECURE 3-TIER APP
Presentation tier
S3 Bucket: Bucket ACLs (read/write, etc.), Encryption (object) – custom key or Amazon default key
CloudFront: OAI (origin access identity), Geo restrictions, Custom headers, Signed URLs, Signed cookies, HTTPS & DDoS
Application tier
API Gateway: Resource policies, Identity pools, Client certificates, Usage plans, Throttling, Caching, API Keys
Lambda: Lambda triggers, Lambda role, Lambda security group, SSM parameter store
Data tier
Amazon RDS: DB security group, DB encryption, Private endpoint, KMS
Additional security
WAF: Layer 7 firewall
I: STATEFUL FIREWALL
Stateful firewall (Security groups) this means any changes applied to an incoming rule will be automatically applied to the outgoing rule. e.g. If you allow an incoming port 80, the outgoing port 80 will be automatically opened. Security group support allow rules only (by default all rules are denied). e.g. You cannot deny a certain IP address from establishing a connection.
I: WAF
WAF (layer 7) is an advanced Firewall system which offers the security from threats, malware, and other vulnerable attacks.
I: IDS
is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
FireEye
CrowdStrike
Zeek
Snort
I: SSL/TLS HANDSHAKE
Client Hello Server. I want to establish secure communication between the two of us. Here are my cipher suits and compatible SSL/TLS version.
Server Hello Client. I have checked your cipher suits and SSL/TLS version. I think we’re good to go ahead. Here are my certificate file and my public key.
Client Let me verify your certificate. Okay, it seems fine, but I need to verify your private key. What I’ll do is, I will generate and encrypt a pre-master (shared secret key) key using your public key. Decrypt it using your private key and we’ll use this master key to encrypt and decrypt the information
Server Done. Now that both the parties know who they’re talking to, the information transferred between them will be secured using the master-key. Keep in mind that once the verification part is over, the encryption takes place through the master-key only. This is symmetric encryption.
Client I’m sending you this sample message to verify that our master-key works. Send me the decrypted version of this message. If it works, our data is in safe hands
Server Yeah, it works. I think we’ve accomplished what we were looking for.
I: HTTP
used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol. There are two main kinds of HTTP messages: requests and responses.
I: TLS/SSL PROCESS
is public key encryption: there are two keys, a public key and a private key, and the public key is shared with client devices via the server’s SSL certificate. When a client opens a connection with a server, the two devices use the public and private key to agree on new keys, called session keys, to encrypt further communications between them.
All HTTP requests and responses are then encrypted with these session keys, so that anyone who intercepts communications can only see a random string of characters, not the plaintext.
I: TLS TERMINATION
SSL should terminate at the load balancer is because it offers a centralized place to correct SSL attacks such as CRIME or BEAST. If SSL is terminated at a variety of web servers, running on different OS’s you’re more likely to run into problems due to the additional complexity. Keep it simple, and you’ll have fewer problems in the long run.
I: HASHING
Meant to verify that a file or piece of data hasn’t been altered, in other words, a checksum.
MD4 MD5 SHA RIPEM WHIRLPOOL TIGER
I: AT REST
it is not traveling within the system or network, and it is not being acted upon by any application or third-party. It’s something that has reached a destination, at least temporarily.
I: CERTIFICATES PROCESS
Your web browser downloads the web server’s certificate, which contains the public key of the web server. It uses this public key to verify that the web server’s certificate was indeed signed by the trusted certificate authority. The certificate contains the domain name and/or ip address of the web server.
I: PKI
is a set of processes, policies, and technology for associating cryptographic keys with the entity to whom those keys were issued.
PKI is made of several elements which are:
Certification Authority (CA) Registration Authority (RA) Certificate Revocation List (CRL) Certification Practice Statement (CPS) Transport Layer Security (TLS)
I: SECURE LOGINS
Secure digital certificates
encryption standards
zero-interaction zuthentication (ZIA)
fingerprint readers
account key feature
trust score system
persona-based authentication
advanced biometrics.
I: SYMMETRIC ENCRYPTION
is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information.
RC4, AES DES 3DES QUAD Blowfish, etc.
I: CUSTOMER KEYS
Customer master keys (CMKs) You can use a CMK to encrypt and decrypt up to 4 KB (4096 bytes) of data. Typically, you use CMKs to generate, encrypt, and decrypt the data keys that you use outside of AWS KMS to encrypt your data. This strategy is known as envelope encryption. AWS KMS will store keys.
I: MFA
is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs into an AWS Management Console, they will be prompted for their username and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
I: DOS (denial of service)
is a denial of service attack where a computer (or computers) is used to flood a server with TCP and UDP packets.
I: ANTIVIRUS
Anti-virus is to detect, neutralize or eradicate malware (malicious software). AV software not only will identify and destroy the computer virus, but it’s also designed to fight off other kinds of threats such as phishing attacks, worms, Trojan horses, rootkits and more.
- Norton
- AVG
- Avast
- McAfee
- Kaspersky
- TrendMicro
I: IAM Roles
IAM Role is an IAM identity that you can create in your account that has specific permissions.
Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
When you assume a role, it provides you with temporary security credentials for your role session.
I: AUTHENTICATION
Authentication is the process of verifying a user’s identity. Most commonly, users authenticate with a username (which identifies the user) and a password (which confirms the user is who he claims).
I: SSO
SSO, allows a user to access multiple applications using a single set of credentials. Typically, employees sign on to multiple business applications to do their jobs, such as messaging and email accounts, HR functions, intranet sites, financial records, etc. With SSO, they can access all of the resources they need with one set of login credentials, eliminating the need to remember or enter a unique password for each account
I: FEDERATED SSO
refers to the establishment of a trusted relationship between separate organizations and third parties, such as application vendors or partners, allowing them to share identities and authenticate users across domains.
FIM is achieved through the use of standard protocols like SAML, OAuth, OpenID Connect and SCIM.
I: DevSecOps
integrates application and infrastructure security seamlessly into Agile and DevOps processes and tools. It addresses security issues as they emerge, when they’re easier, faster, and less expensive to fix and before they are put into production.
I: STATELESS FIREWALL
Stateless firewalls (Network ACLs) this means any changes applied to an incoming rule will not be applied to the outgoing rule. e.g. If you allow an incoming port 80, you would also need to apply the rule for outgoing traffic. Network ACL support allow and deny rules. By deny rules, you could explicitly deny a certain IP address to establish a connection.
I: FIREWALL
Firewall (layer 3/4) is to control the access and to monitor the web traffic across the network. It also authorizes the outbound sessions.
I: IPS
An intrusion prevention system (IPS) is like an intrusion detection system but differs in that an IPS can be configured to block potential threats.
Monitor, log and report activities
Also be configured to stop threats without the involvement of a system administrator
I: HTTPS
HTTPS stands for “secure.” HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses, so in the example above, instead of the text, an attacker would see a bunch of seemingly random characters
I: ENCRYPTION
is the practice of scrambling information in a way that only someone with a corresponding key can unscramble and read it.
I: IN-TRANSIT
is data transmission going on between the server and the client.
I: COMPROMISED LOGINS
Compromised credential stuffing, phishing, password spraying, brute force, local discovery, extortio
I: ASYMMETRIC ENCRYPTION
encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key.’ Together, they’re called a ‘Public and Private Key Pair.’
Diffie-Hellman
RSA
I: DDOS (dynamic denial of service)
is where multiple systems target a single system with a DoS attack. The targeted network is then bombarded with packets from multiple locations.
I: AUTHORIZATION
is the process of granting users’ access to specific resources after they have been authenticated.
I: SECURITY GROUPS
Security Groups are associated with EC2 instances and provide security at the protocol and port access level. Each security group — working much the same way as a firewall — contains a set of rules that filter traffic coming into and out of an EC2 instance.
I: NACLs/ACLs
NACLs/ACLs is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
I: TLS AUTHENTICATION
ensures that traffic is both secure and trusted in both directions between a client and server. It allows requests that do not log in with an identity provider to demonstrate that they can reach a given resource.
I: FEDERATION
is the trust relationship that exists between organizations; it is concerned with where the user’s credentials are actually stored and how trusted third parties can authenticate against those credentials without actually seeing them.