Security Engineering Flashcards
What is a firewall?
- Monitors network traffic
- permits or blocks based on rules
- barrier between network segments
- first line of defence
- Different types of firewalls (Web application firewall WAF, Next Generation Firewall NGFW)
- Important things to block to/from the internet (Direct RDP, email direct from workstations, any additional ports/ traffic that aren’t necessary)
What is a DMZ?
- A boundary between internal and external networks
- network segment used for public systems
- provides secure way to host public resources
- Examples of a DMZ (public web servers, edge email serves, VPN termination points, supporting infrastructure)
Outline email security
As of 2020, phishing was the most common attack - multiple types of phishing, malicious links and attachments, social engineering
- Filters spam and other malicious emails
- identify and (potentially) block marketing / bulk
- DLP capabilities
What is an IDS?
IDS - intrustion detection system - detects and alerts
IPS - intrustion prevention system - detects, alerts and blocks
HIDS vs NIDS (IDS systems)
HIDS - host-based intrusion system
NIDS - Network-based intrusion system
Discuss remote access
Allows external access to a private network. Different types - VPN (site to site - connects two networks together, point to point - individual user logging into a remote network), Storefront (citrix, RDP)
MFA should always be used.
Outline web filtering
Both technical and management purposes.
Normally on internal network.
User ID and logging.
What is an active directory
- central database and structure for windows
- a set of managed centralised security controls (group policy objects (GPOs), password controls)
- account lockout settings
What are examples of Group Police Object (GPO) uses in an active directory
- local administrators
- restrict access to endpoints
- install software, run scripts
- manage local firewall
- enforce encryption
Explain the best practices of domain administrator in an active directory
Domain administrator is the highest level of access to an active directory. Best practices:
- create a new account (don’t rename the existing default)
- change password periodically
- separate accounts for server admins
- only use when absolutely required
What’s the purpose of network segmantation?
- Helps isolate and contain attacks.
- Prevent user from accessing resources (separation of duties, least privilege)
What are some methods of network segmantation?
-ACLs - access control lists
- isolated VLANS - virtual local area network
- NAC - network access control
- Dedicated software (ISE, etc)
Discuss ACLs
‘Access control lists’
- rules for network traffic
- limits what systems can talk to
- also used in firewalls, routers, other network access control
Compare untrusted vs trusted networks
Trusted
- interconnected devices
- authorised users
- administratively managed
Untrusted
- outside network perimeter and control of admin
- typically unsecured, public
Discuss web filtering
- for both technical and management purposes
- why? (malicious sites and ads, NSFW content, potential data leakage, restrict web browsing by role/position)
- normally on internal network
- user identification and logging
What are the endpoint security basics?
- Least privilege - only give access to what is needed for job, nothing more
- Local administrators - don’t log directly into workstation (elevate rights as needed), limit access, centrally managed, end users should not be local admins
- GPOs (group policy objects) - centrally manage from active directory
- UAC (user account control) - windows only - limits application access, helps protect against malicious processes
Discuss anti-virus and advanced malware protection
AV - mainly signature definitions, malware must already be known
AMP - behaviour-based, malware does not need to already be known
Policies (require password to uninstall, to have definitions pushed down at certain interval, scheduled scans)
What are the two types of AV and AMP
On-prem - more control, centrally managed, endpoints don’t need to reach out to net for definition updates. You are responsible to manage infrastructure.
Cloud managed - if device leaves network it can still contact server, no infrastructure management, requires internet connectivity
Discuss encryption
Encryption transforms data into a form that prevents original information from being read.
Used for sensitive data (PHI, PII, confidential data)
-Bitlocker (windows only) - various ways to manage and store encryption keys
- removable drive encryption (either data on the drive or entire drive)
What is the purpose of Data Loss Prevention? (DLP)
Protects against sensitive data leaving organisational control
- PHI (protected health info)
- PII (personally identifiable information)
- PCI (payment card industry)
What are the two types of data leakage?
- Accidental
- Malicious (ransomware, insider threat)
What is Virtual desktop infrastructure? (VDI)
Uses virtual machine technology to provide virtual desktops. Workstations are centrally hosted. Various solutions and vendors.
More control and management abilities - easy deployment, centralised updating
- can help contain and mitigate attacks / delete and redeploy a compromised workstation
