SY0-701: 2.0 (Threats, Vulnerabilities, and Mitigations) Flashcards
Vulnerability (2.3)
Any weakness in the system design or implementation (software bugs, misconfigures software. improperly protected network devices, missing security patches, lack of physical security)
Threat Actor Attributes (2.1)
Specific characteristics or properties that define and differentiate various threat actors from one another
Threat Actor (2.1)
Individual or entity responsible for incidents that impact security and data protection
Threat Actor Types (2.1)
Unskilled Attackers- baby hackers
Hacktivists- driven by cause
Organized Crime- driven by money
Nation-State Actors- cyber warfare/espionage
Insider Threats- revenge or accidental
Unskilled Attacker (2.1)
AKA Script Kiddie
Runs scripts w/ no knowledge of how it works
Hacktivist (2.1)
Individuals or groups that use their technical skills to promote a cause or drive a social change instead of for personal gain
Organized Crime (2.1)
Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain
Nation-State Actor (2.1)
Highly trained and often funded by nation states/governments
Insider Threat (2.1)
Cybersecurity threats that originate from within an organization (malicious or accidental)
Threat Actor Motivations (2.1)
Data exfiltration
Espionage
Service disruption
Blackmail
Financial gain
Philosophical/political beliefs
Ethical
Revenge
Disruption/chaos
War
Threat Actor Attributes (2.1)
Internal / External
Resources / Funding (tools, skills, personnel)
Level of sophistication / Capability (technical skill, coimplexity of tools, ability to evade detection)
False Flag Attack (2.1)
Attack that is orchestrated in such a way that it appears to originate from a different source or group (popular style w/ nation-state groups)
APT (2.1)
Advanced Persistent Threat- Prolonged and targeted cyber attack in which an intruder gains unauthorized access to a network and remains undetected for an extended period of time while trying to steal data or monitor network activities rather than cause immediate damage
Shadow IT (2.1)
The use of information technology systems, devices, software, applications, and services without explicit organizational approval
Threat Vector (2.2)
Method used by an attacker to access a victim’s machine (e.g. a vulnerability; messages, images, files, etc.)
Attack Surface (2.2)
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment
BlueBorne (2.2)
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware
BlueSmack (2.2)
Type of DOS attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device
Forms of Impersonation (2.2)
Impersonation
Brand Impersonation
Typosquatting
Watering Hole Attacks
Brand Impersonation (2.2)
Specific form of impersonation where an attacker pretends to represent a legitimate company or brand
Impersonation (2.2)
An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data
Typosquatting (2.2)
A form of cyber attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical errors
Watering Hole Attacks (2.2)
Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use
Pretexting (2.2)
Technique where an attacker provides some information that seems true in an attempt to get the victim to provide more information
Phishing Attack Types (2.2)
Phishing
Vishing
Smishing
Whaling
Spear Phishing
Business Email Compromise
Phishing (2.2)
Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers
Vishing (2.2)
Voice Phishing- Phone-based attack in which the attacker deceives victims into divulging personal or financial information
Smishing (2.2)
SMS Phishing- Attack that uses text messages to deceive individuals into sharing their personal information
Whaling (2.2)
Form of spear phishing that targets high-profile individuals, like CEOs or CFOs
Spear Phishing (2.2)
Phishing with a more tightly focused group of individuals or organizations
Business Email Compromise (BEC) (2.2)
Advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker
Identity Theft (2.2)
When attackers tries to fully assume the identity of their victim
Identity Fraud (2.2)
e.g. Attacker takes the victims credit card number and makes charges
Scam (2.2)
A fraudulent or deceptive act or operation
Invoice Scam (2.2)
A scam in which a person is tricked into paying for a fake invoice for a service or product that they did not order
Misinformation (2.2)
Inaccurate information shared unintentionally
Disinformation (2.2)
Intentional spread of false information to deceive or mislead
Attack Vector (2.4)
A means by which an attacker gains access to a computer to infect the system with malware
Malware (2.4)
Malicious Software (Viruses, trojans, worms, etc.)
Virus (2.4)
Malicious code that’s run on a machine without the user’s knowledge
*requires user actions to reproduce and spread
Virus Types (2.4)
Boot Sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armored
Hoax
Boot Sector Virus (2.4)
Stored in the first sector of a hard drive and loaded into memory upon boot up
Macro Virus (2.4)
Allows virus to be embedded w/i another document (Word Doc, Spreadsheet, etc.)
Program Virus (2.4)
Infect an executable or application file
Multipartite Virus (2.4)
Combination of a boot sector virus and program virus; first attaches itself to the boot sector and system files before attacking other files
Encrypted Virus (2.4)
Uses cipher to encrypt its contents in an attempt to hide from antivirus
Polymorphic Virus (2.4)
Advanced version of an encrypted virus; changes itself every time it is executed by altering the decryption module in an attempt to hide from antivirus
Metamorphic Virus (2.4)
Advanced version of Polymorphic Virus; is able to rewrite itself entirely before it attempts to infect a file
Stealth Virus (2.4)
A way viruses protect themselves
Armored Virus (2.4)
Has a layer of protection to confuse a program or person analyzing it
Hoax Virus (2.4)
Tricks user into infecting their own machine; ““Your machine has been infected”” messages; user gets the virus if they follow instructions; form of social engineering
Worm (2.4)
Malicious software that is able to replicate and spread without any user interaction; cause disruption to normal network traffic and computing activities
Trojan (2.4)
Malicious software which is disguised as harmless or desirable software; will usually provide desirable function as well as malicious one
RAT (2.4)
Remote Access Trojan: trojan which gives attacker remote access to machine; most common type of trojan
Ransomware (2.4)
Encrypts users files and provides instructions for payment to decrypt files
Spyware (2.4)
Secretly gathers information about user w/o their consent; may include keylogger
Adware (2.4)
Type of spyware which displays ads based on info collected while collecting data w/o consent
Grayware (2.4)
Also known as Jokeware; Causes improper system behavior w/o serious consequences (eg crazymouse)
Botnet (2.4)
Network of compromised computers or devices controlled remotely by malicious actors; Allows attacker to use the devices processing power, memory etc. for nefarious purposes
Zombie (2.4)
A compromised computer or device that is part of a botnet and used to perform tasks using remote commands
Command and Control Node (2.4)
AKA C2 Node- Responsible for managing and coordinating the activities of other nodes or devices within a network
Rootkit (2.4)
Designed to gain administrative level control on computer system w/o being detected; typically uses method called DLL Injection or Driver Manipulation
DLL Injection (2.4)
Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries which are loaded at runtime
Driver Manipulation (2.4)
Compromises the kernel-mode device drivers which operate at a privileged or system level
Shim (2.4)
Code placed between two components to intercept calls and redirect them; similar concept as man in the middle
Spam (2.4)
Abuse of electronic messaging systems; usually email, texts, etc.; usually just annoying but can be dangerous if malicious code is embedded in messages
CAN-SPAM Act of 2003 (2.4)
Controlling the Assault of Non-solicited Pornography And Marketing; 1st national standards for sending commercial emails
Spim (2.4)
Spam over instant messaging; text messages, chat rooms, etc.
Backdoor (2.4)
Used to bypass the normal security and authentication functions
Easter Egg (2.4)
Unsecure coding practice that was used by programmers to provide a joke or a gag gift to the users
Logic Bomb (2.4)
Malicious code that’s inserted into a program and will only execute when certain conditions have been met
Keylogger (2.4)
Piece of software or hardware that records every single keystroke that is made on a computer or mobile device
Fileless Malware (2.4)
Used to create a process in the system memory without relying on the local file system on the infected host
Dropper (2.4)
Initiates or runs other malware forms within a payload on an infected host
Downloader (2.4)
Retrieves additional tools post the initial infection facilitated by a dropper
Shellcode (2.4)
Encompasses lightweight code meant to execute an exploit on a given target
Concealment (2.4)
Used to help the threat actor prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities
Living of the Land (2.4)
A strategy adopted by many APTs and criminal organizations
The threat actors try to exploit the standard system tools to perform intrusions
Indications of Malware Attacks (2.4)
Account lockout
Concurrent session usage
Blocked content
Impossible travel
Resource consumption
Resource inaccessibility
Out-of-cycle logging
Missing logs
Published or documented attacks
Account lockout (2.4)
User’s unable to access accounts due to login attempts
Concurrent session usage (2.4)
User’s having multiple concurrent/simultaneous sessions
Blocked content (2.4)
Increase in blocked content notices from security tools
Impossible travel (2.4)
User’s account is accessed from two different geographic locations in an impossible amount of time
Resource consumption (2.4)
System slowdowns for unidentified reasons
Resource inaccessibility (2.4)
Inability to access resources such as files or systems
Out-of-cycle logging (2.4)
Log files generated at odd hours
Missing logs (2.4)
Log files missing/deleted; time gap in logs
Published or documented attacks (2.4)
If a report is published stating your organization has been attacked
Common Sign of Phishing Attempt (2.2)
Generic greetings
Spelling and grammar mistakes
Spoofed email addresses
Urgency
Unusual requests
Mismatched URLs
Strange email addresses
Cryptographic Attacks (2.4)
Techniques and strategies that adversaries employ to exploit vulnerabilities in cryptographic systems with the intent to compromise the confidentiality, integrity, or authenticity of data
Downgrade Attack (2.4)
aka Version Rollback Attack- Cryptographic attack which aims to force a system into using a weaker or older cryptographic standard or protocol than what it’s currently utilizing
Quantum Computing (2.3)
A computer that uses quantum mechanics to generate and manipulate quantum bits (qubits) in order to access enormous processing powers
Collision Attack (2.4)
Aims to find two different inputs that produce the same hash output
Quantum Communications (2.3)
A communications network that relies on qubits made of photons to send multiple combinations of ones and zeros simultaneously which results in tamper resistant and extremely fast communications
Qubit (2.3)
A quantum bit composed of electrons or photons that can represent numerous combinations of ones and zeros at the same time through superposition
Post-Quantum Cryptography (2.3)
A new kind of cryptographic algorithm that can be implemented using todays classical computers but is also impervious to attacks from future quantum computers
Post-Quantum Cryptographic Algorithms (2.3)
CRYSTALS-Dilithium - Recommended by NIST for digital signatures
FALCON
SPHINCS+ - Focuses on hashing
Brute Force Attacks (2.6)
Involves trying every possible combination of characters until the correct password is found
Mitigated against by:
Increasing complexity
Increasing length
Limiting number of login attempts
Using multifactor authentication
Using CAPTCHAS
Dictionary Attack (2.6)
Using a list of commonly used passwords and trying them all
Mitigated against by:
Increasing complexity
Increasing length
Limiting number of login attempts
Using multifactor authentication
Using CAPTCHAS
Password Spraying (2.6)
A form of brute force attack that involves trying a small number of commonly user passwords against a large number of usernames or accounts
Mitigated against by:
Using unique passwords
Using multifactor authentication
Hybrid Attack (2.6)
Blends brute force and dictionary techniques by using common passwords with variations, such as adding numbers or special characters
Hardware Vulnerabilities (2.3)
Security flaws or weaknesses inherent in a devices physical components or design that can be exploited to compromise the integrity, confidentiality, or availability of the system and its data
Firmware (2.3)
Specialized form of software stored on hardware device, like a router or a smart thermostat, that provides low-level control for the devices specific hardware
End-of-Life Systems (2.3)
Refers to hardware or software products that have reached the end of their life cycle; vendors no longer providing support
Legacy Systems (2.3)
Outdated computing software, hardware, or technologies that have been largely superseded by newer and more efficient alternatives
Unsupported Systems (2.3)
Hardware or software products that no longer receive official technical support, security updates, or patches from their respective vendors or developers
Unpatched System (2.3)
Device, application, or piece of software that has not been updated with the latest security patches so that it remains vulnerable to known exploits and attacks
Hardware Misconfiguration (2.3)
Occurs when a devices settings, parameters, or options are not optimally set up, and this can cause vulnerabilities to exist, a decrease in performance, or unintended behavior of devices or systems
Hardening (2.3)
Involves tightening the security of a system
Patching (2.3)
Involves the regular updating of the software, firmware, and applications with the latest security patches
Decommissioning (2.3)
Means that the system is retired and removed from the network
Isolation (2.3)
Used to limit the potential damage that might occur from a potential security breach
Segmentation (2.3)
Used to divide the network into segments
Configuration Enforcement (2.3)
Used to ensure that all devices and systems adhere to a standard secure configuration
Bluetooth (2.3)
Wireless technology standard used for exchanging data between fixed and mobile devices over short distances without the need for an Internet connection
Insecure Device Pairing (2.3)
Occurs when Bluetooth devices establish a connection without proper authentication
Device Spoofing (2.3)
Occurs when an attacker impersonates a device to trick a user into connecting
On-Path Attack (2.3)
Exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware
Bluejacking (2.3)
Attacker sends unsolicited messages to a Bluetooth enabled device to test the vulnerability of the device
Bluesnarfing (2.3)
Attacker obtains unauthorized access to a device using Bluetooth connection oftentimes to steal data such as contacts, call logs, and/or text messages
Bluesmack (2.3)
Bluetooth attack which focuses on a denial of service by sending a large amount of data
Blueborne (2.3)
An attack which is sent wirelessly and can affect numerous devices within seconds without requiring user intervention
Bluetooth Attack Prevention (2.3)
Keep Bluetooth off when not in use
Ensure devices are set to non-discoverable
Regularly update firmware
Only allow pairing between known/trusted devices
Use unique PINs or passkeys
Be cautious of unsolicited connection requests
Use encryption for sensitive data transfers
Sideloading (2.3)
The practice of installing applications on a device from unofficial sources which actually bypasses devices default app store
Jailbreaking / Rooting (2.3)
Process that gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices
MDM (2.3)
Mobile Device Management- used to conduct patching of the devices by pushing any necessary updates to the devices to ensure that they are always equipped with the latest security patches
Zero-Day Vulnerability (2.3)
Any vulnerability that’s discovered or exploited before the vendor can issue a patch for it
Zero-Day Exploit (2.3)
Any unknown exploit that exposes a previously unknown vulnerability in the software or hardware
Data Exfiltration (2.3)
Unauthorized data transfers from within an organization to an external location
Malicious Updates (2.3)
Occurs when an attacker has been able to craft a malicious update to a well-known and trusted program in order to compromise the systems of the programs end users
Code Injection (2.3)
The insertion of code through a data input form from a client to an application
SQL (2.3)
Structured Query Language- used to search, input, update, and delete data from a database
XML (2.3)
Extensible Markup Language- Used by web applications for authentication, authorization, and other types of data exchange
XML Bomb (2.3)
Billion Laughs Attack- XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it
XXE Attack (2.3)
XML External Entity- An attack that embeds a request for a local resource
XSS (2.3)
Cross Site Scripting- Injects a malicious script into a trusted site to compromise the sites visitors
Persistent XSS (2.3)
Persistent Cross Site Scripting- Allows an attacker to insert code into the backend database used by that trusted website
DOM XSS (2.3)
Document Object Model Cross Site Scripting- Exploits the client-side scripts to modify the content and layout of the web page
Session Management (2.3)
Enables web applications to uniquely identify a user across several different actions and requests
Cookie (2.3)
Text file used to store information about a user when they visit a website
Non-Persistent: Known as a session cookie, which resides in memory and is used for a very short period of time; when session concludes cookie is deleted
Persistent: Store in the browser cache until either deleted by a user or expired
Session Hijacking (2.3)
Type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP
Session Prediction Attacks (2.3)
Type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session
XSRF (2.3)
Cross-Site Request Forgery- Malicious script is used to exploit a session started on another site within the same web browser
Buffer Overflow (2.3)
Occurs when data exceeds allocated memory, potentially enabling unauthorized access or code execution
Buffer (2.3)
A temporary storage area where a program stores its data
Race Condition (2.3)
Software vulnerability where the outcome depends on the timing of events not matching the developers intended order
Typically occur outside the normally logged processes on a computer making them difficult to detect
Dereferencing (2.3)
Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing that pointer was pointing to in the memory
Dirty Cow (2.3)
Popular 2016 exploit showcasing a race condition exploitation
COW (2.3)
Copy On Write
TOC (2.3)
Time Of Check- Type of race condition where an attacker can alter a system resource after an application checks its state but before the operation is performed
TOU (2.3)
Time Of Use- Type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used
TOE (2.3)
Time Of Evaluation- Type of race condition that involves the manipulation of data or resources during the time window when a system is making a decision or evaluation
Mutex (2.3)
Mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time
Deadlock (2.3)
Occurs when a lock remains in place because the process its waiting for is terminated, crashes, or doesn’t finish properly, despite the processing being complete
Flood Attack (2.4)
Specialized type of DoS attack which attempts to send more packets to a single server or host
Ping Flood (2.4)
A variety of flood attack in which a server is sent with too many pings (ping = ICMP echo but exam refers to it as a ping)
SYN Flood (2.4)
A variety of a flood attack where an attacker will initiate multiple TCP sessions but never complete the three-way handshake
PDoS (2.4)
Permanent Denial of Service- An attack whi9ch exploits a security flaw by re-flashing a firmware, permanently breaking the networking device
Fork Bomb (2.4)
A large number of processes is created to use up a computers available processing power
DNS Amplification Attack (2.4)
Specialized DDoS attack where the attacker overloads a target system with DNS response traffic by exploiting the DNS resolution process
Blackhole / Sinkhole (2.4)
Method of fighting a DDoS attack by identifying attacking IP addresses and routing all their traffic to a non-existent server (this is a temporary solution since attackers can just change their IP address)
Elastic Cloud Infrastructure (2.4)
Scales up as server requirements increase which can ride out a DDoS attack but costs money due to scaling up
DNS (2.4)
Domain Name Systems- Responsible for translating human-friendly domain names into IP addresses that computers can understand
DNS Cache Poisoning (2.4)
aka DNS Spoofing- Involves corrupting the DNS resolver with false information
DNSSEC (2.4)
Domain Name System Security extensions- adds a digital signature to the organizations DNS data; combats DNS Cache Poisoning
DNS Tunneling (2.4)
Uses DNS protocol over port 53 to encase non-DNS traffic, trying to evade firewall rules for commands control or data exfiltration
Domain Hijacking (2.4)
Altering a domain names registration without the original registrants consent
DNS Zone Transfer Attack (2.4)
The attacker mimics an authorized system to request an obtain the entire DNS zone data for a domain
Directory Traversal (2.4)
A type of injection attack that allows access to commands, files, and directories, either connected to web document root directory or not (e.g. ../../../../)
../ encoded is…
%2e%2e%2f (%2e = “.” ; %2f = “/”)
File Inclusion (2.4)
Allows an attacker to either download files from an arbitrary location or upload an executable or script file to open a backdoor
Remote File Inclusion (2.4)
Occurs when an attacker tries to execute a script to inject a remote file
Local File Inclusion (2.4)
Occurs when an attacker tries to add a file that already exists
Arbitrary Code Execution (2.4)
A vulnerability that allows an attacker to run a code or module that exploits a vulnerability
Remote Code Execution (2.4)
A type of arbitrary code execution that allows an attacker to transmit code from a remote host
Privilege Escalation (2.4)
Occurs when a user accesses or modifies specific resource that they are not entitles to normally access
Vertical Privilege Escalation- From normal level user to higher level (e.g. regular user to root)
Horizontal Privilege Escalation- From one user to another of generally the same level (e.g. from sales user to HR user)
Rootkit (2.4)
A class of malware that modifies system files, often at the kernel level, to conceal its presence
Kernel Mode and User Mode
Replay Attack (2.4)
Type of network-based attack that involves maliciously repeating or delaying valid data transmissions (e.g. attacker records banking login session and plays it back at a later time to log in as you)
Session Hijacking (2.4)
A type of spoofing attack where the host is disconnected and replaced by the attacker; a lot of times this is done by stealing session cookies
Session Tokens (2.4)
Unique data pieces that prevent session replay by attackers
Session Management (2.4)
A fundamental security component that enables web applications to identify a user
Session Prediction (2.4)
An attacker attempts to predict the session token to hijack that session
Cookie Poisoning (2.4)
Modifying the contents of a cookie to be sent to a clients browser and exploit the vulnerabilities in an application
On-Path Attack (2.4)
aka Interception Attack- An attack where the attacker puts the workstation logically between two hosts during the communication
Relay Attack (2.4)
Occurs when attackers insert themselves in between two hosts and become part of the conversation
SSL Stripping (2.4)
Tricking the encryption application with an HTTP connection instead of an HTTPS connection
Downgrade Attack (2.4)
Occurs when an attacker attempts to have a client or server abandon its higher security mode
LDAP Injection (2.4)
Lightweight Directory Access Protocol Injection- An attack in which LDAP statements, typically created by user input, are fabricated
Command Injection (2.4)
A threat actor is able to execute arbitrary shell commands via a vulnerable web application
Process Injection (2.4)
A method of executing arbitrary code in the address space of a separate live process
IoC (2.4)
Indicators of Compromise- Data pieces that detect potential malicious activity on a network or system
Account lockouts (multiple failed login attempts)
Concurrent session usage (one user w/ multiple sessionts)
Blocked content (users attempting to download content w/o proper privileges)
Impossible travel (users logs on from US and an hour later from India)
Resource consumption
Resource inaccessibility (inablility to access resources such as a database)
Out-of-cycle logging (logs show entries during hours when office is closed)
Articles or documents on security breach sites
Missing logs
Least Functionality (2.5)
A process of configuring a workstation or server with only essential applications and services for the user
Allowlisting (2.5)
A security measure that permits only approved applications to run on an operating system; this is more secure than blocklisting since everything is denied by default but is more difficult to set up
Blocklisting (2.5)
Entails preventing listed applications from running, allowing all others to execute; less secure than allowlisting but easier to set up
Services (2.5)
Background applications that operate within the OS, executing a range of tasks; unnecessary services should be disabled
Command Line syntax to stop service (Windows) (2.5)
sc stop [service name] (sc = service controls or…
net stop [service name]
Command Line syntax to stop service (Mac/Linux) (2.5)
top (displays running processes with their associated pid’s
kill pid [process id of process to kill] (pid = process ID)
TOS (2.5)
Trusted Operating System- Designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory access controls
Integrity-178B (2.5)
POSIX-based operating system that is designed for embedded system use
EAL (2.5)
Evaluation Assurance- Based on a set of predefined security standard and Certification from the Common Criteria for Information Technology Security Evaluation; has levels (1-7) e.g. Integrity-178B EAL level 6; highest level is 7
Most user based OS’s (Linux, Mac, Windows) are EAL level 4 or 4+ meaning they were carefully designed, tested and reviewed, and offer good security assurance
MAC (reference TOS) (2.5)
Mandatory Access Control- Access permissions are determined by a policy defined by the system administrators and enforced by the operating system
Trusted Solaris (2.5)
Offers secure, multi-level operations with MAC, detailed system audits, and data/process compartmentalization
Hotfix (2.5)
A software patch that solves a security issue and should be applied immediately after being tested in a lab environment
Update (2.5)
Provides a system with additional functionality but does not usually provide any patching of security related issues
Service Pack (2.5)
Includes all the hotfixes and updates since the release of the operating system
Effective Patch Management Program (2.5)
- Assign a dedicated team to track vendor security patches
- Establish automated system-wide patching for OS and applications
- Include cloud resources in the patch management
- Categorize patches as urgent, important, or non-critical for prioritization
- Create a test environment to verify critical patches before production deployment
- Maintain comprehensive patching logs for program evaluation and monitoring
- Establish a process for evaluating, testing, and deploying firmware updates
- Develop a technical process for deploying approved urgent patches to production
- Periodically assess non-critical patches for combined rollout
Patch Management (2.5)
Planning, testing, implementing, and auditing of software patches
Patch Management Steps (2.5)
- Planning- Create policies, procedures, and systems to track and very patch compatibility
- Testing
- Implementation
- Auditing
Patch Management software (2.5)
Microsoft Endpoint Manager
Cisco UCS Manager
Data Encryption (2.5)
Process of converting data into a secret code to prevent unauthorized access
Types of Data Encryption (2.5)
Full Disk Encryption- Encrypts an entire hard disk (Bitlocker / FileVault)
Partition- Encrypts a specified partition (VeraCrypt)
File- Encrypts an individual file (GNU Privacy Guard aka GPG)
Volume- Encrypts a specified volume (VeraCrypt)
Database- Encrypts an entire database
Record- Encrypts specific record in a database
GPG (2.5)
GNU Privacy Guard- Provides cryptographic privacy and authentication for data communication
TDE (2.5)
SQL Server Transparent Data Encryption- Auto-encrypts the entire database without needing application changes, as the system handles encryption and decryption
