Various Concepts Flashcards
software based client that monitors data in use on a computer and can stop file transfers or alert admins of the transfers base on a set of rules or policies.
Endpoint dlp
software or hardware solution installed on the perimeter of the network to protect data in transit.
Network dlp
software stored on servers in a data center to protect data at rest.
Storage dlp
Software to protect data being stored in cloud services, usually a SaaS solution.
Cloud dlp
UEBA
User and Entity Behavior Analytics
SCCM
System Center Configuration Management - Microsoft software management system for admin device management.
trusted program to ensure that microprocessors in the supply chain are secure and is overseen by the Department of Defense
Trusted Foundry Program
process of ensuring that hardware is procured tamper free from a trusted supplier.
Hardware Source Authenticity
cryptographic module embedded within a computer system that can endorse trusted execution and can attest to boot settings and metrics
Root of Trust - ROT
PUF
Physically Unclonable Function - anti tamper mechanism used inside systems (ROT policies).
UEFI feature that prevents unwanted process from executing during the boot process.
Secure Boot
UEFI feature that gathers secure metrics to validate the boot processes in an attestation report.
Measured Boot
A claim that the data presented is valid by digitally signing it using a TPM’s private key.
Attestation
A means for software or firmware to permanently alter the state of a transistor on a computer chip.
eFuse
an update digitally signed by the vendor.
Trusted Firmware Update
low-level CPU changes and instructions that ensure secure processing and are built into the microprocessor.
Processor Security Extensions
AMD chip PSEs
- SME Secure Memory Encryption
- SEV Secure Encrypted Virtualization
Intel chip PSEs
- TXT Trusted Execution Technology
- SGX Software Guard Extensions
extensions that allow a trusted process to create an encrypted container for sensitive data.
Secure Enclave
operations that should only be performed once or not at all.
Atomic Execution
key signature of a directory traversal attack
../../ or dot dot slash and %255
key signature of a SQL attack
’ or 1 = 1
occurs when an attacker is able to execute run commands physically on a victim computer
Arbitrary Code Execution
occurs when an attacker is able to execute run commands on a victim computer remotely
RCE Remote Code Execution
occurs when an attacker fills up the buffer with NOP (nonoperation instruction) so that the return address may hit a NOP and continue until it finds the attacker’s code to run
smash the stack
User’s web browser is exploited by the attacker, usually by a compromised web server
XSS
The web page is exploited the user’s browser. User is already authenticated, then the attacker uses that trust to exploit the web site.
XSRF
Hosts or servers located in the DMZ that do not have any services configured to run on the local network.
Bastion Hosts
secures the network by keeping the machines behind it anonymous while web surfing. Uses NAT.
IP Proxy
Attempts to serve clients content itself without contacting the remote server.
Caching Proxy
Used to prevent devices from connecting to prohibited websites and other content.
Internet Content Filter
A go between device that scans for viruses, filters content, and performs dlp functions.
Web Secure Gateway WSG
Low upfront cloud storage solutions, but exorbitant fees to move the data from the cloud to another provider or on prem solution due to bandwidth and storage costs to transfer the large amounts of data
Vendor Lockin
Security appliance set up at the client network edge to forward traffic to the cloud network if the content complies with the policies.
Forward Proxy: Users can evade forward proxies.
A security appliance set up at the cloud network edge that forwards content if it complies with policy. Cloud provider must support this to work.
Reverse Proxy
FAAS
Function as a Service
A software architecture that runs functions within virtualized containers at runtime instead of on dedicated servers.
Serverless
AWS storage containers
Buckets
Microsoft azure storage containers
Blobs
CORS
Cross Origin Resource Sharing. A network policy that allows the browser to treat content from nominated domains as safe.
DoS attack which attempts to send more packets to a device/server than it can handle.
Flood Attack
A flood/dos attack using ICMP pings.
Ping of Death
attacker sends a ping to a subnet broadcast address and the devices reply to a spoofed ip address (victim’s server) using bandwidth and power.
Smurf Attack
flood attack using udp packets to flood the target device.
Fraggle Attack
DOS attack where the attacker initiates multiple TCP sessions but does not complete the three way handshake. Flood Guards are used to prevent these attacks.
SYN FLOOD
a network scan attack that sets the FIN, PSH, and URG flags that can cause a system to crash.
XMAS Attack
breaks apart packets into IP fragments and modifies them with oversized payloads and sends them to a victim machine.
Teardrop Attack
exploits a security flaw to permanently break a device by reflashing its firmware.
Permanent DOS attack
attack that creates a large number of resources to use up the available processing power of the device
Fork Bomb