Weak Points Flashcards
RFC
Request for Comments:
Published by ISOC
Not all RFCs are standards documents (experimental, best practice, standard track)
Many informal RFCs analyze threats
An RFC is authored by individuals or groups of engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems
AIS
Automated Indicator Sharing:
A US government initiative for real-time sharing of cyber threat indicators
Intelligence industry needs a standard way to share important threat data (share info freely)
Ex: STIX & TAXII
STIX
Structured Threat Information Expression:
A standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans & security tech
Describes cyber threat info (motivations, capabilities, response info)
Designed to be shared via TAXII (but can be shared by other means)
TAXII
Trusted Automation Exchange of Intelligence Information:
Defines how cyber threat information can be shared via services and message exchanges
Securely shares STIX data
SRTP
Secure Real-Time Transport:
RTP for delivering A/V over IP networks
Uses AES
Authentication, integrity, & replay protection
HMAC-SHA1
SFTP vs. FTPS
SFTP: SSH FTP
FTPS: FTP over SSL/TLS
CE vs. SE vs. Zero-Fill
Cryptographic Erase:
Sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive
Secure Erase:
Used to perform the sanitization of flash-based devices (such as SSDs or USB devices) when cryptographic erase is not available
Zero-Fill:
Relies on overwriting a storage device by setting all bits to the value of zero (0), but this is not effective on SSDs or hybrid drives, and it takes much longer than the CE method
SPI
Sensitive Personal Information:
Information about a subject’s opinions, beliefs, and nature afforded specially protected status by privacy legislation
Rules of Engagement (Pentesting)
Can state things like no social engineering is allowed, no external website scanning, etc
IoC
Indicator of Compromise:
An artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.
Typical IoCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs, or botnet command and control servers’ domain names
First action after forensically imaging a hard drive for evidence
The first thing that must be done after acquiring a forensic disk image is to create a hash digest of the source drive and destination image file to ensure they match.
A critical step in the presentation of evidence will be to prove that analysis has been performed on an identical image to the data present on the physical media and that neither data set has been tampered with.
Protecting Data Center Servers: 4 Best Features
FM-200 (gas), Biometric Locks, Mantrap, Antivirus
DPO (Data Protection Officer)
The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
They must understand how any privacy information is used within business operations
EDM (Exact Data Match)
A pattern matching technique that uses a structured database of string values to detect matches. For example, a company might have a list of actual social security numbers of its customers.
Since it is not appropriate to load these numbers into a DLP filter, they could use EDM to match the numbers’ fingerprints instead based on their format or sequence
Ex: xxx-xx-xxxx
Identifying rogue devices on a wired network
The best option is MAC address reporting from a source device like a router or a switch.
If the company uses a management system or inventory process to capture these addresses, then a report from one of these devices will show what is connected to the network even when they are not currently in the inventory.
GLBA
Gramm-Leach-Bliley Act:
A United States federal law that requires financial institutions to explain how they share and protect their customers’ private information