Threats, Vulnerabilities, Mitigation 6 Flashcards
What is a ACL?
Access Control List
- Allow or disallow traffic
Via: Grouping of traffic, Source/destination IP, port number etc. - Restrict access to network devices
Limit by IP address or other identifier
What is an Application Allow List?
- Set up rules to allow or disallow particular application in OS
- Allow/Deny List - Black/White listing
Examples:
* Anti-virus, Anti-malware are deny lists
Decided by:
* Application path
* Hash
* Network Zone
* Signature
What is Isolation?
- Seperating parts of the network or system
- Prevent Malware to spread, limit access, or contain security breaches
- Isolation through network segmentation
What is configuration enforcement?
- Perform posture Assesments
Every time device connects
** Extensive Checks:**
* OS patch version
* EDR
* Status of Firewall
* Certificate status
What is Decomissioning?
- Process of retiring or discontinuing a system, technology equitment or infrastructure
- Systematically shutting down, removing or phasing out these resources in a controlled and structured manner
- Memory transer or destruction
What are hardening techniques and which ones are there?
Refer to OS specific techniques to make system more secure
* Updates
* User accounts
* Network access and security
* Monitor and secure
* Encryption
* The Endpoint
* EDR
* Host-based firewall
* Open Ports and Services
* Default password changes
* Removal of unnecessary software
Expolain hardening technique: User Accounts
- Minimum password lengths and complexity
- Limited Access
Explain EDR
- Signature Analysis, behavioural analysis, machine learning and process monitoring tool
- Investigation of threat
Root cause analysis - Respond to threats
Isolate system, quarantine threat
API driven
What is HIPS
Host-based Intrusion System
* Recognize and block known and unknown attacks
* Secure OS and application configs
* Often built into EDR
HIPS Identification:
* Signatures, heuristics, behavioural
* Buffer Overflows, regisrty updates, writing files to windows folder
* Access to non-encrypted data