The Present Threat Landscape Flashcards
Security Triad
global network security
Confidentiality
Integrity:
Availability: system and data
Vulnerability
a weakness in the system or its design that can be exploited
threat:
anything that can act in a manor that results in harm
anything capable of acting against the system
Countermeasures and Mitigation
Security controls: seen as an investment by corporations to secure their business assets
what are administrative controls?
policies and procedures, for instance security awareness training, written security policies and standards, change and configuration controls, security audits and testing, background checks of contractors and employees, and so on
What are technical congrols??
Technical controls are the ones that involve electronics and hardware and software and so on. For example, this is the deployment of our firewall system, intrusion prevention systems, the sensors, the VPN gateways, access controls, content security like web security appliances and e-mail security appliances, as well as biometrics
What are physical controls?
These are mostly mechanical or they protect the physical infrastructure. For example, tall fencing around your campus perimeter, maybe a security guard at the entry to your facility, UPSs, fire suppression systems, positive air flow systems, locks, and other protection mechanisms
what are preventative controls?
These are aimed at preventing or stopping the threat from coming in contact with the vulnerability
how are preventative controls effective?
In order for a control to be effective or even relevant, we must introduce a difficulty factor. We must make the threat agent’s job more difficult.
what are Detective controls?
controls identify that the threats entered the network or the system. For example, log monitoring, global correlation with the cloud, next generation intrusion prevention systems, and surveillance cameras.
what are Corrective controls
Should contribute to continual improvement.
what is a recovery control?
recovery control is aimed at putting a system back into production after an incident. This is where the disaster recovery, the business continuity planning, business impact analysis, and disaster recovery planning comes into play. A recovery control could also be an aspect of a database system that recovers a transaction.
Deterrent control?
mere presence, stickers on windows
Indicators of Compromise
Evidence of some action of a threat agent or actor
a forensic artifect
measurable event or stateful property, network or host based
IOCs for network traffic would include URLs or protocol elements that indicate malware command and control servers part of a DDoS attack or a botnet. The rapid distribution and adoption of IOCs over the cloud can improve security by reducing the time that organizations are vulnerable to the same exploit or the same attack.
To discover indicators of compromise, you want to use network-based and host-based analysis. There’s many tools available like next generation IPS, SIEM – Security Information and Event Management systems – NetFlow collectors and data mining tools. There’s the OpenIOC Framework, and proprietary solutions like the Cisco FireSIGHT Management Center.
what is a script kiddie?
novice hacker / cracker because they utilise script code
