SYO-701 Security Terminology and Standards Flashcards
Confidentiality (CIA)
Only authorized persons can gain access to information and are able to read the information. A number of technologies, such as permissions (ACL) and encryption (at rest and in transit) , can be used to keep information confidential
Integrity (CIA)
Ensure that when data is sent from a source to a destination, the information received at the destination has not been altered in transit. Data integrity also means that if you store a file on the drive open it later, you can be certain that the data has not been altered while in storage
Integrity (CIA) concepts
Hashing:
Ensure data integrity when communicating over a network, the sending system runs the data through a mathematical algorithm, known as a hashing algorithm, which then generates an answer (known as the hash value). This
hash value is then sent with the data. On the receiving end of the
transmission, the destination system runs the data through the same mathematical algorithm to generate an answer (hash value).
Digital Signature:
created on a message in order to prove the integrity of the sender of the message.
Digital Certificate:
A digital certificate is an electronic file used to transport keys for encrypting or digitally signing messages
Nonrepudiation:
the concept of ensuring that someone cannot dispute that they sent a message or made a change.
Availability (CIA)
The concept of ensuring that the information is available when the
user wants it
Permissions - limits who can delete data and ensures availability to those who need it
Backups
Fault Tolerance:
Implement data redundancy solutions to ensure that if one of the hard drives fails, the other drives have a copy of the information. Having multiple drives work together this way is known as RAID, or Redundant Array of Independent Disk Clustering
Clustering:
Allows you to have multiple servers acting as one unit so that if one server fails, another server takes over the workload
Accountability (CIAA)
Accountability is ensuring that users are accountable for their
actions—if someone inappropriately deletes a file, for example, a record of that action exists to hold them accountable.
Log files
Audit files
Firewalls and proxy servers
Identification and Authentication
Identification happens before authentication and is the process of having users identify themselves to the system. The most popular method companies use to identify individual users is to give each user a unique username. The users type their username into the system in order to identify themselves. After the user inputs the identifying information (the username), the user inputs the password for that account for purposes of authentication
Authorisation
Once authenticated, users are given access to different resources.
Permissions
Router ACLs
Proxy servers:
Can control what web sites can be visited or even what types of Internet applications can
be used by the internal users
Security principles (Least Privilege, Separation of Duties, and Rotation of Duties)
Least privilege means that you give a user only the minimum level of permissions needed to perform their tasks or duties
Separation of Duties means you ensure that all critical tasks are
broken down into different processes and that each process is performed by a different employee
Rotation of Duties s is the principle of rotating multiple employees through different job roles. Ensures accountability and redundancy
Diversity of Defence
Concept that you should use different products to increase the level of security in your environment. Although all products have vulnerabilities, the vulnerabilities are different for each of the different products, and the
hacker will have to work extra hard to get through each different product.
Vulnerability and Exploit
Vulnerability is a weakness in a piece of software or hardware that was created by the manufacturer by accident. Once a vulnerability is found, hackers work on a way to exploit the weakness and compromise the system security
Types of vulnerabilities
Use of open-source intelligence
Improper input handling
Misconfiguration/weak configuration
Default configuration
Authorised, Unauthorised, and Semi-authorised Hackers
Authorised hackers
Also known as a white-hat hacker, an authorized hacker learns how to compromise system security for
defensive purposes, meaning they are doing it to better learn how to
protect the system or network
Unauthorized hacker:
Also known as a black-hat hacker, an unauthorized hacker compromises systems or networks for malicious reasons
Semi-authorized hacker:
Also known as a gray-hat hacker, a semi-authorized hacker is a person who hacks into systems for
non-malicious reasons
Advanced persistent threat (APT)
Advanced persistent threat (APT) Advanced persistent threats
(APTs) are individuals or groups that perform highly comprehensive, well-planned attacks that give them long-term access to the target systems. Long-term access to a system is needed so that the attacker can collect sensitive information over a long
period of time
Structure of a policy
Overview
Scope
Policy
Enforcement
Definitions
Revision History
Types of Policies
Standard:
A standard policy is a policy that needs to be followed and typically covers a specific area of security
Guidelines:
Recommendations on how to follow
security best practices
Procedure:
also known as a standard operating procedure (SOP). The SOP documents step-by-step procedures
showing how to configure a system or device, or step-by-step instructions on how to implement a specific security solution