Security Operations & Monitoring Flashcards
UEFI Boot Phases
- Security 2. Pre-EFI initialization 3. Driver Execution Environment 4. Boot Device Select 5 .Transient System Load 6. Runtime
Clear
Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques
Technical Control
implemented as a system of hardware, software, or firmware.
Administrative Control
involve processes and procedures.
Physical Control
include locks, fences, and other controls over physical access.
Compensating Control
controls that are put in place to cover any gaps and reduce the risk remaining after using other types of controls.
Honeypot
host set up with the purpose of luring attackers away from the actual network components and/or discovering attack strategies and weaknesses in the security configuration.
Jumpbox
a hardened server that provides access to other hosts.
Sandbox
computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion.
Containerization
a type of virtualization applied by a host operating system to provision an isolated execution environment for an application.
Mimikatz
a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets.
Ring 0
complete access to any memory location and, therefore, any hardware devices connected to the system. Processes that operate with ring 0 privileges are referred to as working in kernel mode.
Ring 3
referred to as user mode. Ring 3 is where the OS runs services and non-essential device drivers. It is also where applications run.
Tombstone remediation
quarantines and replaces the original file with one describing the policy violation and how the user can rerelease it.
journalctl
a command for viewing logs collected by systemd.