Udemy Sections 12-14: Perimeter Security, Cloud Security, and Automation Flashcards
1
Q
Security devices focused on the boundary between the LAN and the WAN in your organization’s network
A
Perimeter security
2
Q
A security solution that screens traffic between two portions of a network
A
Firewall
3
Q
A type of firewall that is run as a piece of software on a host or server
A
Software firewall
4
Q
A physical device that filters traffic going into a computer, network, or server
A
Hardware firewall
5
Q
One function out of many on a single device that filters traffic going into a computer, network, or server
A
Embedded firewall
6
Q
A method used by firewalls. They inspect each packet passing through the firewall and accepts or rejects it based on defined rules (configuration, ACLs)
A
Packet filtering
7
Q
A type of packet filtering where packets are accepted or rejected based on the IP address and port number requested.
A
Stateless packet filtering
8
Q
A type of packet filtering where the firewall keeps track of which internal requests use which port numbers, and use that information to examine the headers of inbound packets. If the headers of the IP packets match what the firewall was expecting to receive, it is allowed; If not, it is rejected.
This type of packet filtering all but eliminates IP spoofing.
A
Stateful packet filtering
9
Q
A type of filtering that filters traffic based upon the ports being utilized and the type of connection (TCP or UDP).
This type of filtering keeps track of which computer made a request by assigning each request a port number. If the incoming packet is not the response that the firewall expected on the port that it expected, it will reject the packet.
A
NAT filtering
10
Q
ALG stands for
A
Application-layer gateway
AKA application proxy gateway
AKA Layer 7 firewall
11
Q
A security solution that applies security mechanisms to specific applications, such as FTP or Telnet. It conducts an inspection based upon the application the incoming packet is destined for. It does NOT conduct these inspections based on port numbers; this firewall operates at Layer 7.
If a packet is destined for an application that it is protecting, it blocks it.
A
ALG (application-layer gateway)
AKA application proxy gateway
AKA Layer 7 firewall
12
Q
Application-specific translation agents that allow an application on a host in one address realm to connect to its counterpart running on a host in a different realm transparently.
A
Application-level gateway
AKA application proxy gateway
AKA Layer 7 firewall
13
Q
A security policy domain defined for a web or application server
A
Realm
14
Q
A firewall that operates at the Session layer and only inspects the traffic during the establishment of the initial session over TCP or UDP.
After the session is established, the packets pass without any checks.
A
Circuit-level gateway
15
Q
A type of filtering where a firewall filters traffic based on MAC addresses
A
MAC filtering
16
Q
When traffic is allowed to enter or leave the network because there is an ACL rule that specifically allows it
A
Explicit allow
17
Q
Translate this firewall rule:
allow TCP 10.0.0.2 any port 80
A
The host with the IP address 10.0.0.2 can send packets to any other IP address as long as it is requesting it over port 80.
18
Q
When traffic is denied the ability to enter/leave the network because there is an ACL rule that specifically denies it
A
Explicit deny
19
Q
Translate this firewall rule:
deny TCP any any port 23
A
Prevents any device in the network from sending packets to any device outside of the network over port 23
20
Q
When traffic is denied the ability to enter or leave the network because there is no specific rule that allows it
A
Implicit deny
21
Q
Translate this firewall rule:
deny TCP any any port any
A
Any host inside the network can’t send TCP packets to any host outside the network no matter which port it goes through.
22
Q
What do firewalls do at Layer 3?
A
Block IP addresses
Layer 3 is the Network layer
23
Q
What do firewalls do at layer 4?
A
Block ports
Layer 4 is the Transport layer
24
Q
A type of firewall installed to protect your server by inspecting traffic being sent to and from your web application. It stands between the user and the web application to filter traffic.
Prevents XSS, SQL injection, and cookie poisoning
A
WAF (Web Application Firewall)
25
WAF stands for
Web Application Firewall
26
What type of firewall largely prevents XSS, cookie poisoning, and SQL injection?
WAF (Web Application Firewall)
27
A device that acts as a middle man between a device and a remote server
Proxy server
28
A type of proxy server that is used to secure a network by keeping its machines anonymous during web browsing
IP proxy
29
A type of proxy server that attempts to serve client requests by delivering content from itself without actually contacting the remote server.
It does this by saving a copy of the results from previous requests and reusing the copy when the same requests happens.
Caching proxy
30
The most common type of caching proxy
HTTP proxy
31
Why are caching proxy not as effective as they used to be?
Because of the Web 2.0 structure giving each user customized information. For example, Facebook. Each person's Facebook page looks extremely different.
32
PAC stands for
Proxy Auto-Configuration file
33
Files that contain configuration information to automatically configure a proxy server
PAC (Proxy Auto-Configuration) files
34
T/F: It is best practice to configure proxy servers via the PAC files
False
Attackers can modify these files
35
A type of proxy server used in organizations to prevent users from accessing prohibited websites and other content
Internet content filter
36
A type of proxy server that is used as a go-between that scans devices for viruses, filters unwanted content, and performs data loss prevention functions.
Like an internet content filter, but with more functions.
Web security gateway
37
A single computer (or file, group of files, or unused IP range) that might be considered attractive to an attacker
Honeypot
38
A group of computers, servers, or networks used to attract an attacker
Honeynet
39
What are honeypots used for?
Security research
40
Systems designed to protect data by conducting content inspection of data being sent OUT of the network
DLP (Data Loss Prevention)
AKA ILP (Information Leak Prevention)
AKA EPS (Extrusion Prevention Systems)
41
DLP stands for
Data Loss Prevention
42
ILP stands for
Information Leak Protection
43
EPS stands for
Extrusion Prevention Systems
44
T/F: DLP, ILP, and EPS are all used interchangeably
True
45
A security system that attempts to detect, log, and alert on malicious network activities
NIDS (Network Intrusion Detection System)
46
NIDS stands for
Network Intrusion Detection System
47
What mode are NIDS placed in so they can see all network traffic on a segment?
Promiscuous mode
48
A system that attempts to remove, detain, or redirect malicious traffic
NIPS (Network Intrusion Prevention System)
49
NIPS stands for
Network Intrusion Prevention System
50
A term meaning that a device is directly in the path of incoming traffic
Inline
51
Where should a NIPS be placed so that it is directly in the path of network traffic?
Inline
52
A term meaning that if a NIPS fails, it allows all traffic through.
Fail open
53
A term meaning that if a NIPS fails, it blocks all traffic
Fail shut
54
Which is more secure: fail open or fail shut?
Fail shut
But it means that the network will essentially be shut down.
55
What do most organizations choose to do when they are faced with the choice between having their NIPS fail open or fail shut?
They choose fail open.
This is because a fail shut would cause their network to go down. They choose to rely on other defensive layers when their NIPS fails, rather than take their whole network down.
56
Software products that are used to capture packets, allow an administrator to analyze the packets, and help with troubleshooting by viewing patterns within the packet captures.
Protocol analyzer
57
T/F: NIDS and NIPS can also perform protocol analyzer functions
True
58
Examples of protocol analyzers
Wireshark, Network Monitor
59
UTM stands for
Unified Threat Management
60
A single device that acts as a combination of network security devices and technologies to provide more defense in depth within a single device
This device can act as a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN
UTM (Unified Threat Management) system
61
NGFW stands for
Next Generation Firewall
62
T/F: UTM systems are usually placed as the outermost device in a LAN, replacing a firewall
True
63
T/F: UTM system and NGFW are used interchangeably
True
64
A way of offering on-demand services that extend the traditional capabilities of a computer or network out into the internet
Cloud computing
65
An IT framework that combines storage, computing, and networking into a single system that can reduce data center complexity and increase scalability. This framework relies on virtualization.
Hyperconvergence
65
Allows a cloud provider to offer a full desktop OS to an end user from a centralized server
VDI (Virtual Desktop Infrastructure)
65
VDI stands for
Virtual Desktop Infrastructure
66
VDI desktops are non-persistent. What does this mean for security?
Even if an attacker compromises one of the virtual desktops, it can quickly be deleted, and the attacker is blocked out again. This destroys the ability for the attacker to be persistent on the desktop.
67
A protected memory region that provides confidentiality for data and code execution. While the data is being processed and kept in memory, it is encrypted and isolated, thus protecting data from the OS and hypervisors.
Secure enclave
68
A method of keeping data at rest confidential. When data on the volume is needed, a secure volume is mounted and decrypted to allow access. When the data is no longer needed, it is re-encrypted and is unmounted from the virtual server.
Secure volume
69
4 different cloud types
Public
Private
Hybrid
Community
70
A service provider makes resources available to the end users over the internet. The most common type of cloud architecture.
Public cloud
71
A company creates its own cloud environment that only it can utilize as an internal enterprise resource. The organization is responsible for the design, implementation, and operation of the cloud resources and the servers that host them.
Private cloud
72
A cloud solution that combines the benefits of both the public cloud and private cloud options. Some resources are developed and operated by the organization (like a private cloud), but the organization may also outsource some services to a service provider (like a public cloud).
Hybrid cloud
73
T/F: Hybrid clouds must have strict guidelines regarding where sensitive data is stored.
True
Sensitive data should be stored on the organization's private cloud portion of the hybrid cloud
74
A cloud solution in which resources and costs are shared among several different organizations who have common service needs
Community cloud
75
The 4 "as a Service" services
SaaS
IaaS
PaaS
SECaaS
76
A third party provides all the hardware, OS, software, and applications needed for a complete service to be delivered
SaaS (Software as a Service)
77
A third party provides all the hardware, OS, and backend software needed in order to develop your own software or service.
IaaS (Infrastructure as a Service)
78
A third party provides your organization with the hardware and software needed for a specific service to operate.
PaaS (Platform as a Service)
79
Of IaaS, PaaS, and SaaS, which provides the least amount of service?
IaaS
80
Of IaaS, PaaS, and SaaS, which provides the most amount of service?
SaaS
81
A service in which a third party provides everything your organization needs to run a server, including the power, space, cooling, network, firewalls, physical servers, and virtualization layer
IaaS
82
A service in which a third party provides everything your organization needs to run a server, including the OS and infrastructure software (web server software, programming languages, etc)
PaaS
83
A service in which a third party provides your organization with a hosted application service
SaaS
84
A third party provides your organization with various types of security services without the need to maintain a cybersecurity staff. Also provides the organization's IT staff with a simple security interface that they can use.
SECaaS
85
Pro of SECaaS
When the service provider updates their virus signature database, all of their customers instantly get updated antimalware
86
Con of SECaaS
It is heavily reliant on good internet connection. If your host is offline, it may be vulnerable
87
What 3 advantages does cloud-based vulnerability scanning have over traditional vulnerability scanning?
You have the option of scanning either internally or externally. Externally, meaning you scan from outside your network, provides you with an attacker's perspective.
Installation and maintenance costs are much lower.
Equipment is always kept up-to-date.
88
What is the one big disadvantage of cloud-based vulnerability scanning?
Your vulnerability data may be stored on the cloud provider's server
89
A security technique that utilizes separate virtual networks to allow security professionals to test suspicious or malicious files
Sandboxing
90
An organizational process that ensures that authorized people (and no one else) have access to the technology resources they need to perform their job functions.
It ensures greater control of user access by identifying, authenticating, and authorizing users, while prohibiting unauthorized ones.
IAM (Identity and Access Management)
AKA IdM (Identity Management)
91
A method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails.
Failover
92
The act of removing user access to resources
Deprovisioning
93
What may be left behind after deprovisioning?
Data remnants
94
How to prevent data remnants in a cloud server?
Data should always be encrypted when placed in the cloud server, including the virtual hard disk files for the hosted virtual servers
95
Servers used to store, transfer, migrate, synchronize, and archive files for your organization
File servers
96
T/F: Any computer can act as a file server
True
97
A software program used to send and receive email
Email server
98
Which type of server are most commonly attacked, and thus need much more hardening and security measures?
Email server
99
Computer software and underlying hardware that accepts request via HTTP and stores and delivers the content for a website, including application data.
Web server
100
Where should web servers be placed in your organization?
DMZ
101
A specialized type of file server that is used to host files for distribution across the web. Can be setup for anonymous login or be secured with a username and password.
FTP server
102
Difference between file servers and FTP servers?
File servers are only accessible within the business' internal network
FTP servers store files on a remote server, and files are uploaded via the internet
103
What connection should FTP servers be configured to require? Why?
TLS
If your FTP server requires login credentials, you need to make sure they are protected during transmission. FTP is a plaintext protocol.
104
A server that acts as a central repository of all the user accounts and their associated passwords for the network
For Windows, this is Active Directory
For Linux, this is equivalent to an LDAP server
Domain controller
105
Which type of server is targeted for privilege escalation and lateral movement? Why?
Domain controller
It contains user accounts and their login credentials for the network
106
A type of attack against Active Directory that exploits a vulnerability in the Kerberos ticket granting system to generate a "skeleton key" for all devices in the domain.
Golden ticket attack
107
A protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. It works on the basis of tickets.
Kerberos
108
Which protocol does Active Directory rely on?
Kerberos
109
2 ways to prevent the golden ticket attack
Ensure that AD controller is up-to-date on patches
Harden AD controller
110
Which is more risky security-wise: A cloud-based infrastructure, or local private company intranet?
Cloud-based infrastructure
If you don't configure the cloud just right, you could introduce security vulnerabilities
111
A private network segment made available to a single cloud consumer within a public cloud
VPC (Virtual Private Cloud)
112
VPC stands for
Virtual Private Cloud
113
Which "as a Service" product is VPC?
IaaS
This means you need to do all administrative work for it also. Configuring IP address space, routing, load management, software installation, etc.
114
T/F: VPCs are as secure as private clouds
False
You are sharing devices with a public cloud. Also, there may be data remnants.
115
Occurs when an organization is forced to continue using a produce or service regardless of quality because switching away is not practical.
Vendor lock-in
116
Enterprise management software designed to mediate access to cloud services by users across all types of devices. Helps with authentication and access control.
Includes these services:
SSO
Malware and rogue device detection
Monitor/audit user activity
Mitigate data exfiltration
CASB (Cloud Access Security Broker)
117
CASB stands for
Cloud Access Security Broker
118
An unauthorized, malicious node on a network
Rogue device
119
A security appliance or host positioned at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy
You must go through the proxy to leave your local network
Forward proxy
120
A security appliance or host positioned at the cloud network edge that directs traffic to the cloud network if the contents of that traffic comply with policy
You must go through the proxy to get into the cloud network.
Reverse proxy
121
A method that uses the broker's connection between the cloud service and the cloud consumer. Any updates to a user's authorization is communicated through the API to/from the cloud and broker.
API (Application Programming Interface)
122
API stands for
Application Programming Interface
123
A library of programming utilities used to enable software developers to access functions of another application
API (Application Programming Interface)
124
A tool to transfer data to/from a server using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, FILE)
Used to test APIs
curl
125
FaaS stands for
Function as a Service
126
A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language
Basically, it allows you to run and make applications without having a server
FaaS (Function as a Service)
127
A software architecture that runs functions (or microservices) within virtualized runtime containers in a cloud rather than on dedicated server instances
Serverless
128
In serverless, everything is developed as a collection of what?
Functions and microservices
129
3 biggest advantages to serverless architecture
No patching
No administration
No file system monitoring
130
An API must be used over what kind of channel?
Encrypted
131
Mechanisms that protect an API from a DoS attack
Throttling/rate-limiting
132
A technique used to control the amount of traffic that an API can handle. Shapes API access by smoothing spikes in traffic.
Throttling
133
A technique to limit network traffic to prevent users from exhausting system resources. Provides a hard limit on API access.
Rate-limiting
134
T/F: You should hardcode/embed a key into the source code
False
If you embed your key, an attacker can access it and do damange.
135
What security weakness is inherent to SaaS?
SaaS does not supply access to log files or monitoring tools
136
A cloud storage container used in AWS
Bucket
137
A cloud storage container used in Microsoft Azure
Blob
138
T/F: Buckets and blobs mean the same thing in regard to cloud storage
True
139
A content delivery network policy that instructs the browser to treat requests from nominated domains as safe
CORS (Cross Origin Resource Sharing) policy
140
CORS stands for
Cross Origin Resource Sharing
141
A cloud deployment model where the consumer uses multiple public cloud services
Multi-cloud
142
The automation of multiple steps in a deployment process
Orchestration
143
What is the automation of automations?
Orchestration
144
3 types of orchestration
Resource orchestration
Workload orchestration
Service orchestration
145
A type of orchestration that provisions and allocates resources within a cloud environment
Resource orchestration
146
A type of orchestration that manages applications and other cloud workloads that need to be performed, and has the components to create the product you need. It manages things that are working together.
Workload orchestration
147
A type of orchestration used to deploy services within the cloud environment
Service orchestration
148
CI stands for
Continuous integration
149
CD stands for
150
A software development method where code updates are tested and committed to a development or build server/code repository rapidly
CI (Continuous Integration)
151
How do software developers working from a data repository prevent too many divergences?
CI (Continuous Integration)
152
A software development method where application and platform requirements are frequently tested and validated for immediate availability
CD (Continuous Delivery)
153
CD stands for
Continuous Delivery
OR
Continuous Deployment
(THESE MEAN DIFFERENT THINGS)
154
T/F: You must be doing CI before you can do CD
True
155
CI/CD stands for
Continuous Integration / Continuous Delivery
OR
Continuous Integration / Continuous Deployment
156
A software development method were application and platform updates are committed to production rapidly
CD (Continuous Deployment)
157
Difference between continuous delivery and continuous deployment
Continuous delivery focuses on automated testing of code in order to get it ready for release
Continuous deployment focuses on automated testing AND release of code in order to get it into the production environment more quickly
158
An organizational culture shift that combines software development and systems operations by referring to the practice of integrating the two disciplines within a company
DevOps
159
Difference between software development and systems operations?
Developers work toward the goal by writing code that's secure, effective, and easy for others to review
Operators ensure the final product meets the quality threshold by providing and monitoring and maintaining of systems
160
The problem with DevOps
Software was being pushed out so fast that it had problems with security compliance or government regulation compliance
161
A combination of software development, security operations, and systems operations by integrating each discipline with the others
DevSecOps
162
A concept meaning to consider security early in the beginning of a project
Shift-left
163
IaC stands for
Infrastructure as Code
164
A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration
IaC (Infrastructure as Code)
165
T/F: Since IaC pushes out software development faster, it's generally less secure
False
Through the use of scripts, security templates, and security policies, it is often more secure because less code is left to human error.
166
Any system that is different in its configuration compared to a standard template within an IaC architecture
Snowflake system
167
Snowflake systems cause what 2 kinds of issues?
Security issues
Inefficiencies in IT support
168
A property of IaC that an automation or orchestration action always produces the same result, regardless of the component's previous state
Idempotence
169
A script inside of an orchestration is called
Runbook
170
AI stands for
Artificial intelligence
171
ML stands for
Machine learning
172
The science of creating machines with the ability to develop problem solving and analysis strategies without significant human direction or intervention
AI (artificial intelligence)
173
A component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions
ML (machine learning)
174
T/F: Machine learning is only as good as the datasets used to train it
True
175
An architecture of input, hidden, and output layers that can perform algorithmic analysis of a dataset to achieve outcome objectives
The pathways being created as a result of ML
ANN (Artificial Neural Network)
176
ANN stands for
Artificial Neural Network
177
A refinement of ML that enables a machine to develop strategies for solving a task given a labeled dataset and without further explicit instructions
Deep learning
178
Difference between ML and deep learning
Deep learning does not require a human to manually identify features of a dataset. You just give it the data and let it go.
