Security Operations: Examining Baselines Flashcards

1
Q

What are the common methods for using security baselines?

A

A common method for using security baselines is:

Establish

Deploy

Maintain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How are baseline set?

A

Baselines are set by Regulations, standards and compliance

Industry Guidance

Vendor recommendations

Such as GPO’s

Cloud: MDM (Microsoft Device Management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some categories we need to look at for hardening?

A

Mobile devices
Workstations
Servers
Routers, switches, and network-based firewalls
Cloud infrastructure
Specialized Systems
RTOS
IoT devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do all categories have in common in terms of hardening?

A

They all need to change defaults and minimize attack surfaces

Vendor specific Patches

Monitoring and maintenance

Zero trust model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some of the considerations we need to take in account for mobile devices?

A

Trusted operating system (OS) (not rooted or jailbroken).

Installing approved software from trusted locations.

Vendor security patches and firmware updates.

Secure OS configuration:

Authentication required.

Device-level encryption.

Session timeouts.

Application and data sandboxing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some of the considerations we need to take in account for Work Stations?

A

The following is hardening information with respect to workstations:

Installing OS from approved sources.

Installing approved software from trusted locations.

Vendor security patches and firmware updates.

Secure OS configuration:

Authentication required.

Drive-level encryption.

Host-based firewall.

Anti-virus.

Application and data sandboxing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some of the considerations we need to take in account for Servers?

A

The following is hardening information with respect to servers:

Installing OS from approved sources.

Installing approved software from trusted locations.

Vendor security patches and firmware updates.

Secure OS configuration

Authentication required

Drive-level encryption

Host-based firewall

Anti-virus

Application and data sandboxing

Domain environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some of the considerations we need to take in account for Routers, switches, and network-based firewalls ?

A

Routers, switches, and network-based firewalls

The following is hardening information with respect to routers and switches, and also for network-based firewalls:

Change defaults

Virtual local area network (VLAN) creation: no default VLAN.

Secure communications: not just encrypted, but securely encrypted:

Secure shell 2.0 (SSHv2)

Transport layer security (TLS) 1.3

Disable Internet Control Message Protocol (ICMP).

Disable legacy protocols:

FTP (unsecured)

Telnet

Limit or disable discovery protocols

Loop meditation:

STP.

Poison Reverse and Split Horizon.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some of the considerations we need to take in account for Cloud Infrastructure?

A

Cloud infrastructure

The following is hardening information with respect to cloud infrastructures:

Identity management

Access control (include conditional access and policy-driven access control).

Data governance: classification, data loss prevention (DLP), policy.

Hardening all resources, including workstations, services, and network devices such as firewalls and web application firewalls (WAFs).

Data encryption: in rest, in transit.

Auditing and logging.

Disable legacy and unsecure protocols, such as TLS 1.0. /1.2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some of the considerations we need to take in account for Specialized systems SCADA?

A

Specialized systems

The following is hardening information with respect to specialized systems:

Industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems:

Documented system architecture, connection points, and controls.

Reoccuring authentication and logging of all connection and access points.

Disable or remove unnecessary connections and services.

Proprietary protocols: this intellectual property can have a veil of secrecy or undisclosed backdoors.

Identify, document, and control all administrative backdoors.

Implement an intrusion detection system (IDS) or intrusion prevention system (IPS).

Air gap systems.

Physical security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some of the considerations we need to take in account for Embedded systems?

A

Embedded systems:

Often proprietary, patch management, specifically security patching, can be problematic or challenging.

Air gap.

Retire, decommission, replace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some of the considerations we need to take in account for RTOS?

A

RTOS: Deals with predictability and anticipation to guarantee availability for processing – general OS do not do that.

Real-time OS (RTOS) respond under extremely time-sensitive conditions.

Partition of the system. -UEFI secure boot needed or TPM

Enable secure boot for Unified Extensible Firmware Interface (UEFI)-based systems.

Disable all unnecessary communications and services.

Secure all communications.

Implement firewall.

Principle of least privilege or, in this context, principle of least execution privileges for applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are some of the considerations we need to take in account for IoT’s?

A

IoT devices:

“Single pane of glass” view that identifies all Internet of Things (IoT) devices across an organization.

Centralized administration

Change all defaults.

Implement security patches and firmware updates.

Authentication and reauthentication.

Access control.

Data logging.

Configuration management and configuration sprawl.

Non-repudiation and accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly