Security Issues Flashcards
What is the main security issue with misconfigured permissions?
The user can be granted access to info that a user should not be able to access. It can leave the network vulnerable and violate regulatory compliance.
What is auditing and how does it work?
Auditing user permissions is a method of identifying access violations and issues. It’s a 2 step process: first turn on auditing within OS, second specify the resources to be audited. You’ll also need to monitor the logs that are generated.
What is the most common certificate error and how can you resolve other cert issues?
The most common error is an incorrect date and time or time zone on the machine. Websites that have certificates rely on the correct date/time to function properly.
Try these if having other cert errors:
-clear browser cache
-verify browser settings
-check client config for valid server credentials
-Test credentials path
When do most firewall misconfigurations occur and how to reduce them?
This occurs most often when a new rule is added or existing one is modified (change management). To help reduce misconfigurations, users or services should be given the minimal level of privilege needed, harden devices, implement strong and unified authentication, and centralize/analyze log files.
What does a site survey do?
It reviews the logical and physical structure of the network, the selection of possible technologies, fed and local laws regarding the network solution, potential sources of RF interference and analysis of channel overlap with WAP, available locations for AP hardware install and physical network integrity connectivity, any special requirements, and info on where a point-to-point or multipoint wireless solution is needed
Why is dynamic baselining preferred over static baselining?
It uses predictive analytics and patterns instead of static thresholds. This makes it ideal for analyzing varying workloads across different days, app performance based on seasonal usage, and individual locations.
Dynamic baselining lets organizations set deviation variables and reduce false positives.
What is the difference between data exfiltration and a data breach?
Data exfiltration = unauthorized transfer of data
Data breach = release of private or confidential info
Security Configuration Settings: Group Policy
A collection of configuration settings that are applied to a system based on computer or user group membership. Can influence level, type, and extent of access provided.
Security Configuration Settings: Security Templates
Sets of configurations that reflect a particular role or standard established through industry guidelines or within an organization.
Security Configuration Settings: Configuration Baselines
A baseline measure of security, often established by government mandate, regulatory bodies, or industry reps. Organizations can face penalties or fines if the mandated security baseline is not met.
How can an organization reduce social engineering attacks?
By providing user education on how to spot scams and adding integrated antiphishing tools.
What do system event logs do?
They record events that occur across the system and are related related to the OS (not user interaction). Examples: hardware failures, drivers not loading properly, and issues related to performance
What do audit logs do?
They help ensure proper processes and provide a useful record for auditing. Provides security info such as login attempts, user creation/deletion, privilege modification, and file access.
What do security logs do?
They contain the events specific to systems and application security. Examples: antimalware, software, intrusion detection system, remote access software, routers, firewalls, etc.
What do access logs do?
They provide info about requests and connections between systems. Example: a connection between LDAP client and a directory server
