Security Engineering Flashcards
What is a firewall?
- Monitors network traffic
- permits or blocks based on rules
- barrier between network segments
- first line of defence
- Different types of firewalls (Web application firewall WAF, Next Generation Firewall NGFW)
- Important things to block to/from the internet (Direct RDP, email direct from workstations, any additional ports/ traffic that aren’t necessary)
What is a DMZ?
- A boundary between internal and external networks
- network segment used for public systems
- provides secure way to host public resources
- Examples of a DMZ (public web servers, edge email serves, VPN termination points, supporting infrastructure)
Outline email security
As of 2020, phishing was the most common attack - multiple types of phishing, malicious links and attachments, social engineering
- Filters spam and other malicious emails
- identify and (potentially) block marketing / bulk
- DLP capabilities
What is an IDS?
IDS - intrustion detection system - detects and alerts
IPS - intrustion prevention system - detects, alerts and blocks
HIDS vs NIDS (IDS systems)
HIDS - host-based intrusion system
NIDS - Network-based intrusion system
Discuss remote access
Allows external access to a private network. Different types - VPN (site to site - connects two networks together, point to point - individual user logging into a remote network), Storefront (citrix, RDP)
MFA should always be used.
Outline web filtering
Both technical and management purposes.
Normally on internal network.
User ID and logging.
What is an active directory
- central database and structure for windows
- a set of managed centralised security controls (group policy objects (GPOs), password controls)
- account lockout settings
What are examples of Group Police Object (GPO) uses in an active directory
- local administrators
- restrict access to endpoints
- install software, run scripts
- manage local firewall
- enforce encryption
Explain the best practices of domain administrator in an active directory
Domain administrator is the highest level of access to an active directory. Best practices:
- create a new account (don’t rename the existing default)
- change password periodically
- separate accounts for server admins
- only use when absolutely required
What’s the purpose of network segmantation?
- Helps isolate and contain attacks.
- Prevent user from accessing resources (separation of duties, least privilege)
What are some methods of network segmantation?
-ACLs - access control lists
- isolated VLANS - virtual local area network
- NAC - network access control
- Dedicated software (ISE, etc)
Discuss ACLs
‘Access control lists’
- rules for network traffic
- limits what systems can talk to
- also used in firewalls, routers, other network access control
Compare untrusted vs trusted networks
Trusted
- interconnected devices
- authorised users
- administratively managed
Untrusted
- outside network perimeter and control of admin
- typically unsecured, public
Discuss web filtering
- for both technical and management purposes
- why? (malicious sites and ads, NSFW content, potential data leakage, restrict web browsing by role/position)
- normally on internal network
- user identification and logging