Security Engineering Flashcards

1
Q

What is a firewall?

A
  • Monitors network traffic
  • permits or blocks based on rules
  • barrier between network segments
  • first line of defence
  • Different types of firewalls (Web application firewall WAF, Next Generation Firewall NGFW)
  • Important things to block to/from the internet (Direct RDP, email direct from workstations, any additional ports/ traffic that aren’t necessary)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a DMZ?

A
  • A boundary between internal and external networks
  • network segment used for public systems
  • provides secure way to host public resources
  • Examples of a DMZ (public web servers, edge email serves, VPN termination points, supporting infrastructure)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Outline email security

A

As of 2020, phishing was the most common attack - multiple types of phishing, malicious links and attachments, social engineering
- Filters spam and other malicious emails
- identify and (potentially) block marketing / bulk
- DLP capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an IDS?

A

IDS - intrustion detection system - detects and alerts
IPS - intrustion prevention system - detects, alerts and blocks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HIDS vs NIDS (IDS systems)

A

HIDS - host-based intrusion system
NIDS - Network-based intrusion system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Discuss remote access

A

Allows external access to a private network. Different types - VPN (site to site - connects two networks together, point to point - individual user logging into a remote network), Storefront (citrix, RDP)

MFA should always be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Outline web filtering

A

Both technical and management purposes.
Normally on internal network.
User ID and logging.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an active directory

A
  • central database and structure for windows
  • a set of managed centralised security controls (group policy objects (GPOs), password controls)
  • account lockout settings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are examples of Group Police Object (GPO) uses in an active directory

A
  • local administrators
  • restrict access to endpoints
  • install software, run scripts
  • manage local firewall
  • enforce encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the best practices of domain administrator in an active directory

A

Domain administrator is the highest level of access to an active directory. Best practices:
- create a new account (don’t rename the existing default)
- change password periodically
- separate accounts for server admins
- only use when absolutely required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s the purpose of network segmantation?

A
  • Helps isolate and contain attacks.
  • Prevent user from accessing resources (separation of duties, least privilege)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some methods of network segmantation?

A

-ACLs - access control lists
- isolated VLANS - virtual local area network
- NAC - network access control
- Dedicated software (ISE, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Discuss ACLs

A

‘Access control lists’
- rules for network traffic
- limits what systems can talk to
- also used in firewalls, routers, other network access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Compare untrusted vs trusted networks

A

Trusted
- interconnected devices
- authorised users
- administratively managed

Untrusted
- outside network perimeter and control of admin
- typically unsecured, public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Discuss web filtering

A
  • for both technical and management purposes
  • why? (malicious sites and ads, NSFW content, potential data leakage, restrict web browsing by role/position)
  • normally on internal network
  • user identification and logging
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the endpoint security basics?

A
  • Least privilege - only give access to what is needed for job, nothing more
  • Local administrators - don’t log directly into workstation (elevate rights as needed), limit access, centrally managed, end users should not be local admins
  • GPOs (group policy objects) - centrally manage from active directory
  • UAC (user account control) - windows only - limits application access, helps protect against malicious processes
17
Q

Discuss anti-virus and advanced malware protection

A

AV - mainly signature definitions, malware must already be known
AMP - behaviour-based, malware does not need to already be known

Policies (require password to uninstall, to have definitions pushed down at certain interval, scheduled scans)

18
Q

What are the two types of AV and AMP

A

On-prem - more control, centrally managed, endpoints don’t need to reach out to net for definition updates. You are responsible to manage infrastructure.

Cloud managed - if device leaves network it can still contact server, no infrastructure management, requires internet connectivity

19
Q

Discuss encryption

A

Encryption transforms data into a form that prevents original information from being read.
Used for sensitive data (PHI, PII, confidential data)
-Bitlocker (windows only) - various ways to manage and store encryption keys
- removable drive encryption (either data on the drive or entire drive)

20
Q

What is the purpose of Data Loss Prevention? (DLP)

A

Protects against sensitive data leaving organisational control
- PHI (protected health info)
- PII (personally identifiable information)
- PCI (payment card industry)

21
Q

What are the two types of data leakage?

A
  1. Accidental
  2. Malicious (ransomware, insider threat)
22
Q

What is Virtual desktop infrastructure? (VDI)

A

Uses virtual machine technology to provide virtual desktops. Workstations are centrally hosted. Various solutions and vendors.

More control and management abilities - easy deployment, centralised updating
- can help contain and mitigate attacks / delete and redeploy a compromised workstation

23
Q
A