Security Primer Flashcards

1
Q

Confidentiality

Examples of confidentiality protections

A

Protecting information from unauthorized access/dissemination

Protect secrets

ex. Encryption, Data Classification, NDA, TPM/HSM, Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity

Examples of integrity protections

A

maintains the accuracy, validity, and completeness of information
Ensures the data has not been tampered with by anyone other than an authorized party for an authorized purpose

Protect accuracy and authenticity; verifies that information is processed correctly and is not modified either at rest, in use or in transit

Ex. Hasing, Message Authentication Code (MAC), Digital Signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Availability

Examples of availability protections

A

Ensuring that authorized users can access the information when they are permitted to do so

Protects stability and reliability; ensures systems and data are up and running so that the y may be accessed as needed by authenticated and authorized users

ex. UPS, Clustering, Load Balancing, HVAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Checksum

A

a value derived from a piece of data that uniquely identifies that data and is used to detect changes that may have been introduced during storage or transmission

generated based on cryptographic hashing algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Least Privilege

A

Asserts that access to information should only be granted on a need to know basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DDOS

A

Distributed Denial of Service

coordinated attack by multiple compromised machines causing a disruption to a systems availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Threat

A

anything capable of intentionally or accidentally compromising an assets security

something that may harm an asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Vulnerability

A

a weakness or gap existing within a system that may be exploited to compromise an assets CIA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risks

A

the intersection of threat and vulnerability that defines the likelihood of a vulnerability being exploited and the impact should that exploit occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Identification

A

act of establishing who or what someone or something is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Authentication

A

Validates identification (user’s/system identity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Generally what are the 3 factors/methods of authentication

A
  1. Something you know - password, PIN
  2. Something you have - security token, smart card
  3. Something you are - fingerprints, iris scan, voice analysis, other biometrics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authorization

A

Process for granting access to a user based on their authenticated identity and the policies set for them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cryptography

A

science of encrypting or decrypting information to protect its confidentiality or integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Encryption

A

process of using an algorithm or cipher to convert plain text into cipher text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Decryption

A

allows authorized party to convert cipher text back to its original plain text using the encryption key - a piece of information that allows the holder to encrypt or decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Symmetric Key Encryption

Describe, AKA, Benefits, Drawbacks

A

AKA - Secret Key Encryption
Desc - Uses the same key (e.g. secret key) to decrypt and encrypt and the key must given to the recipient before the message can be decrypted
Benefits - simple, fast, cheap
Drawbacks - requires secure channel for initial key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Asymmetric Encryption

AKA, Desc, Drawbacks

A

AKA - Public Key Encryption
Desc - Uses two keys, one public and one private, public key is public available for encryption, while private key remains secret for decryption
Drawbacks - slower than symmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

TLS

Desc, What Type of Encryption is used to implement?

A

Transport Layer Security
used to encrypt traffic over the network when privacy and data integrity need to be maintained
uses a combination of asymmetric and symmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Digital Signature

A

asserts or proves the identity of the user
used in public key schemes
requires the sender to use their private key to sign a message
recipients can use the senders public key to verify their identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

VPN

Desc, What Type of Encryption is Used?

A

Virtual Private Network
Encrypts traffic between two networks over the internet by creating a secure tunnel for communication
Mix of symmetric and asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Business Continuity

A

policies, procedures, and tools you put in place to ensure critical business functions continue during and after a disaster or crisis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Disaster Recovery

A

subset of Business Continuity focusing on recovering IT systems that are lost or damaged during a disaster

restoration of full operation of and access to hardware, software, and data as quickly as possible after a disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Difference between BC and DR

A

BC - broadly focuses on procedures and systems you have in place to keep a business up and running during and after a disaster

DR - narrowly focuses on getting systems and data back after a crisis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

RTO

A

Recovery Time Objective
the amount of time within which business processes must be restored in order to avoid significant consequences associated with the disaster

How much time can pass before an outage or disruption has unacceptably affected the business?

26
Q

RPO

A

Recovery Point Objective
the maximum amount of data loss thats tolerable to the organization

How much data can be lost before the business is unacceptably impacted by the disaster?

RPO plays an important role in determining frequency of backup

27
Q

Incident Handling

A

preparing for, addressing and recovering from security incidents

28
Q

Event
Desc, NIST item #
Adverse Event

A

NIST SP 800-61
observable occurrence in an system or network
Events with negative consequences

29
Q

Computer Security Incident

A

a violation or imminent threat of violation of computer security policies, acceptable use policies or standard security practices

30
Q

What are the steps in the IR Lifecycle?

A
  1. Preparation
  2. Detection
  3. Containment
  4. Eradication
  5. Recovery
  6. Post Mortem
31
Q

IR Lifecycle: Preparation

A
  1. Develop Incident Response Plan
  2. Periodically test IRP - tabletop exercises or incident simulation
  3. Implementing preventative measures to keep the number of incidents low - vulnerability identification, threat assessment, and applying layered security
  4. Setting up incident analysis equipment - e.g. forensic workstation, back up media, evidence gathering accessories
32
Q

Incident Response Plan

A

procedures that follow when an incident occurs and roles and responsibilities of all stakeholders

33
Q

IR Lifecycle: Detection

A

Acknowledge the incident has occurred, gathering data and analyzing to gain insights into the origin and impact e.g.

  1. Conducting log analysis and looking for unusual behavior
  2. Identify impacts
  3. Notification of appropriate individuals
  4. Documentation of findings
34
Q

IR Lifecycle: Containment

A

stop the bleeding and prevent further damage, could include things like

disabling internet connectivity for affected systems
isolating/quarantining malware infected systems from the rest of the network
reviewing and/or changing potentially compromised passwords
capturing forensic images and memory dumps from impacted systems

35
Q

IR Lifecycle: Eradication

A

Remove the threat from the system; eliminate all components of the incident that remain e.g.
Securely remove all traces of malware
Disabling or recreating impacted user and system accounts
Identifying and patching vulnerabilities
Restore known good backups
Wipe or rebuild critically damaged systems

36
Q

IR Lifecycle: Recovery

A

Bring impacted systems back into your operational environment and fully resume business operations e.g.
Confirm vulnerabilities have been patched or fully remediated
Validating systems are functioning normally
Restoring systems to normal operations (e.g. restore internet access, networks, etc.)
Closely monitor systems for remaining signs of undesirable activity

37
Q

IR Lifecycle: Post Mortem

A

Document lessons learned and implemented the changes required to prevent a similar type of incident from happening again
All members of the IR team meet to discuss what worked, what didn’t, and what needs to change

38
Q

What questions or documentation should be considered during IR post mortem lifecycle?

A

What vulnerabilities did this breach exploit?
What could’ve been done differently to prevent this incident or decrease the impact?
How can you respond more effectively during future incidents?
What policies need to be updated and with what content?
How should you train your employees differently?
What security controls need to be modified?
Do you have the proper funding to ensure you re prepared to handle future breaches?

39
Q

Defense In-Depth

AKA, Desc

A

AKA - Layered Security
Desc - application of multiple distinct layers of security technology and strategies for greater overall protection

Each layer has strengths and weaknesses, with each one hopefully compensating for another, so that weaknesses are compensated by strengths in other layers

40
Q

What does DAD stand for and what is it?

A

Disclousure, Alteration and Destruction

The negative of the CIA security triad with each being the negative of
Confidentiality, Integrity, and Availability

41
Q

What are the 3 types of Enterprise Security Controls

A

Administrative - policies, procedures, and training?? controls
Technical - often controls access
Physical - Protect physical assets e.g. locks, fire sprinklers

42
Q

List and Describe Enterprise Security categories

A
  1. Directive - controls focused on management, policies and/or procedures- e.g. posted signs - authorized personnel only
  2. Deterrent - controls focused on consequences
  3. Preventive - controls to stop unwanted behavior or activity
  4. Detective - controls to identify and monitor
  5. Corrective - controls to mitigate an incident or reduce damage
  6. Recovery - control focused on restoration
  7. Compensating - alternative when best controls are not available or feasible
43
Q

OSI Reference Model

A
  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application
44
Q

Describe steps in TLS/SSL connection

A
  1. Client issues Hello to server
  2. Server passes client its public key
  3. Client generates a random number for the shared (symmetric session key)
  4. Client encrypts with the server public key
  5. Server decrypts with it’s private key
  6. Shared session key is established to generate encrypted messages
45
Q

OSI Layers

A
  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application
46
Q

Describe Physical layer of OSI model?

Give example of HW/SW that operates at this layer

A

Protocols here are responsible for encoding and transmission of data onto the network ( i.e turns bits - 0’s and 1’s
into electricity/protons/radio signals, then sends and receives them)

Hubs and cables work at Layer 1

47
Q

Describe Data Link layer of OSI model?

Give example of HW/SW that operates at this layer

A

Protocols are responsible for node to node or NIC to NIC communications between systems on the same network (ex. ethernet MAC address, frame-rely)

Switches, Bridges, and Wireless Access Points - WAP work at Layer 2 - they all forward based on MAC address

48
Q

Describe Network layer of OSI model?

Give example of HW/SW that operates at this layer

A

Protocols responsible for network to network, router, or gateway to gateway communications

ex. IP, ICMP, IPSEC, routing protocols like RIP, OSPF, EIGRP

Routers work at Layer 3 - they forward based on IP address

49
Q

Describe Transport layer of OSI model?

Give example of HW/SW that operates at this layer

A

Protocols that are responsible for end to end, host to host, or application to application communication -

Ex. TCP and UDP Ports

50
Q

Describe Session layer of OSI model?

Give example of HW/SW that operates at this layer

A

Protocols that coordinate the orderly exchange of information. The session layer keeps track of request on the way out, then matches incoming reply packets back to the program that requested the data

Ex. client request/server response

51
Q

Describe Presentation layer of OSI model?

Give example of HW/SW that operates at this layer

A

Protocols that ensure compatible syntax to make sure systems understand each other

Ex. File formats like .jpg, .gif, .tif

52
Q

Describe Application layer of OSI model?

Give example of HW/SW that operates at this layer

A

This layer interfaces with your applications. Here we have network services that make themselves available to your applications to use

ex. HTTP, HTTPS, DNS, FTP, SMTP, VOIP

53
Q

Data Encapsulation

A

Packaging up the payload - adding headers or footers to payload- to transmit via network

Example:
Data Link Layer (Frames ) - adds ethernet header, and trailer
Network Layer (Packets) - adds IP header
Transport Layer (UDP, TCP) - adds protocol header
Application gets data

54
Q

Data Decapsulation

A

happens when data is received and Headers and footers are stripped away from payload and only the data is delivered to the application

55
Q

Dynamic Host Configuration

A

A protocol used to automatically assign IP addresses, subnet mask, DNS, and Default Gateway to devices

56
Q

How are IPv4 classes determined

A

The number in the first byte or octet of the IPv4 address

57
Q

List address allocation for Private Internet IP address ranges (RFC 1918) according to class

Also describe reserved IP spaces, by class

A

Class A (1 - 126): 10.0.0.0 - 10.255.255.255 (10.x.x.x)

Class B (127 - 191) : 172.16.0.0 - 172.31.255.255 (172.16.x.x - 172.31.x.x)

Class C (192 - 223) : 192.168.0.0 - 192.168.255.255 (192.168.x.x)

Class D (224 - 239) : Reserved for Multicast

Class E (240 - 255): Reserved for research

Addresses in the 127 range are reserved for Loopback (self-diagnostic testing)
127.0.0.1 or 127.0.0.0 aka home or localhost

58
Q

Describe IPv6 addresses

A

128 bits and formatted as 8 groups of 4 hexidecimal characters (character set of 16 chars so 0-9 and A-F) delimited by :

Leading zeros can be eliminated, 0000 is reduced to 0

:: (double colon) can represent one or more consecutive blocks of 4 0’s

Only one double colon is valid, triple colon is not valid

59
Q

IPv6 addresses link local address space and Loopback

A

FE80 prefix means its a link local address - similar to IPv4 private

::1 (0:0:0:0:0:0:0:1)

60
Q

Domain Name System (DNS)

A

A hierarchical naming system for computers and other resources connected to the Internet on a private network

It associates IP addresses and other information to the Fully Qualified Domain Name (FQDN)

61
Q

List Types of DNS records and what they are used for

A
  1. Alias record, Host A, maps a name to an IPv4 address
  2. Alias records, Host AAA, maps a name to IPv6 address
  3. Pointer Record - Pointer PTR - reverse look up, IP to name
  4. Name Server Record - NS - records for your DNS server
  5. Mail Exchange Record - MS - points to your mail server