Security Operations & Monitoring Flashcards
UEFI Boot Phases
- Security 2. Pre-EFI initialization 3. Driver Execution Environment 4. Boot Device Select 5 .Transient System Load 6. Runtime
Clear
Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques
Technical Control
implemented as a system of hardware, software, or firmware.
Administrative Control
involve processes and procedures.
Physical Control
include locks, fences, and other controls over physical access.
Compensating Control
controls that are put in place to cover any gaps and reduce the risk remaining after using other types of controls.
Honeypot
host set up with the purpose of luring attackers away from the actual network components and/or discovering attack strategies and weaknesses in the security configuration.
Jumpbox
a hardened server that provides access to other hosts.
Sandbox
computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion.
Containerization
a type of virtualization applied by a host operating system to provision an isolated execution environment for an application.
Mimikatz
a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets.
Ring 0
complete access to any memory location and, therefore, any hardware devices connected to the system. Processes that operate with ring 0 privileges are referred to as working in kernel mode.
Ring 3
referred to as user mode. Ring 3 is where the OS runs services and non-essential device drivers. It is also where applications run.
Tombstone remediation
quarantines and replaces the original file with one describing the policy violation and how the user can rerelease it.
journalctl
a command for viewing logs collected by systemd.
Credential stuffing
automated injection of breached username/password pairs to gain user accounts access fraudulently.
exact data match (EDM)
a pattern matching technique that uses a structured database of string values to detect matches.
Document matching
attempts to match a whole document or a partial document against a signature in the DLP.
Statistical matching
a further refinement of partial document matching that uses machine learning to analyze various data sources using artificial intelligence or machine learning.
getfacl
allows backups of directories to include permissions, saved to a text file.
setfacl
used to restore the permissions from the backup created.
iptables
used to configure the Linux firewall
Linux permissions
“owner, group, other.” 4 (read), 2 (write), and 1 (execute)