Test 2 Flashcards

1
Q

What is Operation Security?

A

Operational Security (OPSEC) is a systematic and iterative process designed to identify, control, and protect sensitive information that could be exploited by adversaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who coined the term operations security?

A

The United States military during the Vietnam War

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 5 steps of the Operation Security Process?

A

Critical Information
Identifying Threats
Assessing Vulnerabilities
Risk Analysis
Developing Countermeasures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Critical Information

A

To identify our most critical information assets. What data would be particularly harmful to the organization if an adversary obtained it. This includes intellectual property, employees’ or customers’ personally identifiable information, financial statements, credit card data, and product research.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Identifying Threats?

A

To identify who is a threat to the organization’s critical information. There may be numerous adversaries who target different information, and companies must consider any competitors or hackers who might target the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Assessing Vulnerabilities

A

The organization examines potential weaknesses among the safeguards in place to protect critical information and identifies which ones leave it vulnerable. This step includes finding any potential lapses in physical and electronic processes designed to protect against the predetermined threats or areas where a lack of security awareness training leaves information open to attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Risk Analysis?

A

To determine the threat level associated with each of the identified vulnerabilities. Companies rank the risks according to factors such as the chances a specific attack will occur and how damaging such an attack would be to operations. The higher the risk, the more pressing is the need to implement risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Developing Countermeasures?

A

Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures. In order to do the bare minimum, we need only to mitigate either the threat or the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Haas Law of Operation Security

A
  1. If you don’t know the threat, how do you know what to protect?
  2. If you don’t know what to protect, how do you know you’re protecting it?
  3. If you are not protecting it, the dragon wins.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Human Error?

A

We can expect people to behave in unexpected or unusual ways, whether innocently, through ignorance, or maliciously. Whatever the case, providing security for this area can be a challenge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Strategies to Tackle Human Errors

A

Education and Awareness
Principle of Least Privilege
Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

List the 5 Core Components of Security Awareness (d)

A

Protecting data
Passwords
Social Engineering
Personal Equipment Usage
Clean Desk Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the six principles of social influence?

A

Reciprocity
Commitment
Social Proof
Authority
Liking
Scarcity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is:
1. Reciprocity
2. Commitment
3. Social Proof
4. Authority
5. Liking
6. Scarcity

A
  1. Hackers woo their targets with “helpful” advice or information about products and deals, or by sending them small gifts to gain their trust.
  2. Hackers sometimes will trick victims into thinking they signed up for a service or subscription, and coerce them into making good on their “commitment” with payment and login details.
  3. People will follow what they see other people are doing whether it’s a trusted figure using the same product, or standing in line with everyone else even if there isn’t a sign to do so.
  4. People will follow orders from authority figures with less discretion than orders from their peers. This is why hackers will often pose themselves as managers or bosses when gaining access
  5. Similar to deferring to authority, people will generally follow orders from people they like. Hackers rely on this by spoofing as friends or family members or establishing a rapport with their target before making an attack.
  6. If something is rare or limited, then it becomes more desirable or urgent. This is why many ransomware attacks and phishing emails will have timers attached to them, disorienting the victims and making them panic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 5 Social Engineering Techniques (almost malware)

A

Phishing:
Phishing involves the use of fraudulent emails, messages, or websites that appear to be from a trustworthy source to trick individuals into providing sensitive information, such as login credentials or financial details.
Water holing (reverse honey pot):
In a watering hole attack, attackers compromise websites that the targeted individuals or groups are known to visit regularly. By infecting these legitimate websites with malware, attackers exploit the trust users have in those sites to deliver malicious content to their systems.
Baiting:
Baiting involves offering something enticing, such as a free software download or USB drive, to lure individuals into taking actions that could compromise their security. For example, an attacker might leave infected USB drives in a public place, relying on someone to pick it up and use it on their computer.
Pretexting:
Pretexting involves creating a fabricated scenario or pretext to manipulate individuals into divulging sensitive information. This may include posing as a trusted entity or using a false identity to gain someone’s trust and extract information.
Tailgating:
Also known as piggybacking, tailgating occurs when an unauthorized person follows an authorized individual into a restricted area. This technique exploits the natural tendency of people to hold doors open for others or not to question someone who appears to be entering a secure area legitimately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are choke points?

A

They funnel network traffic through certain points where we can inspect, filter, and control the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Redundancy

A

Backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 2 types of Network Attacks?
(like a game abilities)

A

Active:
An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en-route to the target. There are several different types of active attacks. However, in all cases, the threat actor takes some sort of action on the data in the system or the devices the data resides on. Attackers may attempt to insert data into the system or change or control data that is already in the system.
Passive:
A passive attack is characterized by the interception of messages without modification. There is no change to the network data or systems. The message itself may be read or its occurrence may simply be logged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DoS VS DDoS

A

Denial-of-service (DoS): floods a server with traffic, making a website or resource unavailable.
Distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
Both types of attacks overload a server or web application with the goal of interrupting services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are some Network Security Devices and Tools

A

Access control
Antivirus and anti-malware software
Application security
Data loss prevention
Distributed denial of service prevention
Email security
Firewalls.
Mobile device security
Web security
VPNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

List the 3 types of Intrusion detection systems or IDSes

A

HIDes
NIDSes
Hybrid IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Honeypots

A

A honeypot can detect, monitor, and sometimes tamper with the activities of an attacker. Honeypots are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. One of the interesting things about honeypots is that the vulnerabilities or data that is left out to bait the attacker is entirely false. In reality, honeypots are configured to display these items so that we can catch the attackers and monitor what they are doing on the system without their knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Packet Sniffers

A

A network or protocol analyzer, also known as a packet sniffer, or just plain sniffer is a tool that can intercept traffic on a network, commonly referred to as sniffing. Sniffing basically amounts to listening for any traffic that the network interface of our computer or device can see, whether it was intended to be received by us or not.

24
Q

Port Scanners

A

A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home. Running a port scan on a network or server reveals which ports are open and listening (receiving information), as well as revealing the presence of security devices such as firewalls that are present between the sender and the target.

25
Q

What are HIDes

A

Host-based intrusion detection systems or HIDS are used to analyze the activities on or directed at the network interface of a particular host.

26
Q

NIDSes

A

A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to protect a system from network-based threats.

27
Q

Hybrid IDS

A

Hybrid Intrusion Detection systems are systems that combine both Host-based IDS, which monitors events occurring on the host system, and Network-based IDS, which monitors network traffic, and functionality on the same security platform.
A Hybrid IDS, can monitor system and application events and verify a file system’s integrity like a Host-based IDS, but only serves to analyze network traffic destined for the device itself.

28
Q

List the Software Development Life Cycle 8 steps.

A

Planning
Requirements
Design
Build
Document
Test
Deploy
Maintain

29
Q

List Software development vulnerabilities

A

Buffer overflows
Race conditions
Input validation attacks
Authentication attacks
Authorization attacks
Cryptographic attacks

30
Q

What is a buffer overflow?

A

A buffer overflow is a programming error that occurs when a program writes more data to a block of memory, or buffer than it was allocated.

If we are taking data into an application, most programming languages will require that we specify the amount of data we expect to receive and set aside storage for that data. If we do not set a limit on the amount of data we take in, called bounds checking, we may receive 1000 characters of input where we had only allocated storage for 50 characters.

31
Q

What are Race Conditions?

A

Race conditions are software bugs that occur when the behavior of a program depends on the relative timing of events, leading to unpredictable outcomes when multiple threads or processes compete for shared resources.

32
Q

What is Input Validation?

A

Input validation is the process of inspecting and validating data entered by a user or received from an external system to ensure it meets specified criteria and prevents potentially malicious or unintended actions in software applications.

33
Q

Authentication and Authorization Attacks

A

Authentication and authorization attacks aim at gaining access to resources without the correct credentials. Authentication specifically refers to how an application determines who you are, and authorization refers to the application limiting your access to only that which you should see.

34
Q

Cryptographic Attacks/ Cryptanalysis

A

A cryptographic attack is a method of evading the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol, or key management scheme.

35
Q

What are the 2 types of Web Application Security attacks?

A

Client-side attacks:
Client-side attacks take advantage of weaknesses in the software loaded on our clients, or those attacks that use social engineering to trick us into going along with the attack.
Server-side attacks:
Server-side attacks involve exploiting vulnerabilities in a server or its software to compromise the integrity, confidentiality, or availability of the server and its associated resources.

36
Q

What must Database security protect?

A

The data in the database

The database management system (DBMS)

Any associated applications

The physical database server and/or the virtual database server and the underlying hardware

The computing and/or network infrastructure used to access the database

37
Q

What is Operating System Security?

A

Operating system security involves implementing measures to protect the integrity, confidentiality, and availability of a computer’s operating system, preventing unauthorized access and mitigating potential threats.

38
Q

List the 3 Operating System Security Functions

A

Separation
Memory Protection
Operating System Access Control

39
Q

What is Separation(Operating System Security Functions)

A

Separation in operating system security involves isolating processes and resources to ensure that they operate independently, preventing unauthorized interactions and potential security breaches.

39
Q

List some Physical Separation methods.

A

Air Gapping: Isolating a computer or network physically from external, unsecured networks to protect highly sensitive information.

Secure Facilities: Establishing restricted-access data centers with biometric authentication and physical barriers for safeguarding critical infrastructure.

Server Room Access Controls: Implementing locked doors with keycards or biometric scanners to limit entry to authorized personnel in server rooms or data centers.

Hardware Isolation: Physically segregating critical hardware components in locked cabinets or separate rooms to prevent unauthorized access or tampering.

Redundant Systems and Geographic Separation: Creating backups in different locations to ensure business continuity and data recovery in case of physical disasters.

Cable Management and Segregation: Organizing and securing network cables to prevent unauthorized access or accidental disconnection.

Physical Device Security: Implementing locks, encryption, and remote wipe capabilities for devices to prevent theft or unauthorized access to sensitive information.

39
Q

What are the 4 types of separation
(Operating System Security Functions)

A

Physical Separation
Temporal separation
Logical separation
Cryptographic separation

40
Q

ist some Temporal Separation methods.

A

Scheduled Maintenance Windows: Designating specific timeframes for system upkeep and updates to minimize disruptions and reduce exposure to potential vulnerabilities.

Time-Based Access Control: Restricting user access rights based on predefined timeframes, allowing access only during specified hours or days.

Time-Limited Session and Session Expiry: Setting time limits on user sessions, requiring re-authentication after inactivity, or limiting session durations to prevent unauthorized access.

Time-Stamping and Logging: Recording events and actions with precise timestamps for accurate tracking, forensic analysis, and accountability.

Backup Scheduling: Creating regular backup routines at specified times to ensure the availability of recent data copies for recovery purposes.

Time-Based Encryption Key Changes: Rotating encryption keys or certificates at regular intervals to bolster security against prolonged key exposure.

Time-Delayed Transactions or Processes: Introducing delays between transactions or actions to prevent rapid successive actions that might lead to exploitation or abuse.

40
Q

ist some Logical Separation methods.

A

Network Segmentation: Dividing a network into smaller, isolated segments using firewalls or VLANs to restrict access and contain potential security breaches.

Virtualization and Containerization: Creating isolated environments within a single physical system (virtual machines or containers) to run applications or services independently.

Access Controls and Role-Based Permissions: Utilizing permissions and access controls to grant specific privileges based on user roles or identities, limiting access to sensitive data or systems.

Sandboxes and Application Isolation: Running applications or processes in isolated environments (sandboxes) to prevent interactions with other parts of the system, reducing the impact of potential security vulnerabilities.

Software-Defined Networking (SDN): Employing programmable networks to create logical network segments and dynamically adjust network configurations for better security and flexibility.

API Access Controls: Implementing controls and authentication mechanisms for Application Programming Interfaces (APIs) to regulate access and interactions between software components or services.

41
Q

ist some Cryptographic Separation methods.

A

Encryption: Using algorithms to convert plaintext data into ciphertext, ensuring that only authorized individuals with decryption keys can access the original information.

Hashing: Creating fixed-size, irreversible representations of data through hash functions, used to verify data integrity and securely store passwords.

Digital Signatures: Using cryptographic techniques to validate the authenticity and integrity of digital messages or documents, ensuring they haven’t been altered and come from the expected sender.

42
Q

What is Memory Protection

A

Memory protection is a mechanism in computer systems that prevents a program from accessing the memory space allocated to other programs, enhancing system stability and security.

43
Q

Name the 2 types of Memory Protection

A

Memory segmentation
Memory paging

44
Q

What is Memory segmentation?

A

Memory segmentation: Dividing memory into segments and enforcing access controls on each segment to prevent unauthorized access or modification, enhancing system security by isolating different parts of memory and controlling their accessibility.

45
Q

What is Memory paging?

A

Memory paging: Dividing physical memory into fixed-size blocks called pages and using these pages to store and manage data and programs, allowing for more flexible memory allocation and enabling efficient virtual memory usage by swapping data between RAM and secondary storage (like a hard drive or SSD) when needed.

46
Q

What is Operating System Access Control

A

Access control for an operating system determines how the operating system implements access to system resources by satisfying the security objectives of integrity, availability, and confidentiality. Such a mechanism authorizes subjects (e.g., processes and users) to perform certain operations (e.g., read, write) on objects and resources of the OS (e.g., files, sockets).

47
Q

What are the 2 types of Operating System Access Control?

A

Mandatory Access Control (MAC)
Discretionary Access Control (DAC)

48
Q

What is MAC?

A

Mandatory Access Control (MAC) is a security model where access permissions are predefined and set by a system administrator, restricting users’ actions based on security labels and policies.

49
Q

What is DAC?

A

Discretionary Access Control (DAC) is a security model where access permissions are determined by the owner of an object, allowing users to control access to their own resources.

50
Q

What are some Operating System Protection Mechanisms

A

No Protection: No specific controls are in place; it’s like leaving a resource completely open without any security measures.

Isolation: Imagine different processes running on a computer as if they are in their own separate bubbles, not aware of each other’s presence or interfering with one another.

Share All or Share Nothing: Owners of resources decide whether everyone can access them (share all) or keep them private for themselves (share nothing).

Share via Access Limitation: Each user’s access to an object is checked against a list of rights or permissions, allowing or denying access based on what they’re allowed to do.

Share via Dynamic Capabilities: It’s like having different levels of sharing depending on who the owner is, who’s accessing it, the context of the situation, or specific attributes of the object.

Limit Use of an Object: Not only controlling who can access an object but also putting restrictions on how it can be used after access is granted, ensuring it’s used as intended and not misused.

51
Q

What is Operating System Hardening?

A

Operating system hardening involves patching and implementing advanced security measures to secure an operating system (OS).

52
Q

What is attack surface?

A

The attack surface refers to the sum of all possible points in a system, network, or application that could be exploited by an attacker to gain unauthorized access or compromise the system’s security.

53
Q

6 ways to decrease the attack surface.

A
  1. Removing unnecessary software
  2. Removing or turning off unessential services
  3. Making alterations to common accounts
  4. Applying the principle of least privilege
  5. Applying software updates in a timely manner
  6. Making use of logging and auditing functions
54
Q
A