Weak Points #3 Flashcards
Rule-Based Access Control
An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries
Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label
ABAC Access Policy Properties
Subject (user or process requesting access)
Type of action (for example “read”, “write”, “execute”)
Resource type (medical record, bank account etc.)
Environment (contextual data, such as time of day or geolocation)
MAC Characteristics
Users are not allowed to change access policies at their own discretion
Labels and clearance levels can only be applied and changed by an administrator
Every resource has a sensitivity label matching a clearance level assigned to a user
PAM
Privileged Access Management:
A security solution that provides control over elevated (i.e. administrative type) accounts
DER Characteristics
Encoded in binary format
.der and .cer file extension
Generally used for Java servers
PEM Characteristics
Encoded in text (ASCII Base64) format
.pem .crt .cer .key file extensions
Generally used for Apache servers or similar configurations
PFX & P12 Characteristics
Encoded in binary format
.pfx .p12 file extensions
Generally used for Windows servers
P7B Characteristics
Encoded in text (ASCII Base64 format)
.p7b file extension
Generally used for Windows & Java Tomcat servers
IPFIX
An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector
Order of Volatility
Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media
Operational Control Examples
Data backups
Configuration management
Awareness programs
Preventative Control Examples
Security Guards
System hardening
Separation of duties
Detective Control Examples
Log monitoring
Security audits
CCTV
IDS
Corrective Control Examples
IPS
Backups & system recovery
Alternate site
Fire suppression system
Compensating Control Examples
Backup power system
Sandboxing
Temporary port blocking
Temporary service disablement
CIS (Simplified)
Center for Internet Security:
Configuration guidelines for hardening
ISO/IEC 27001
Basic procedure for cybersecurity (international standard) - focused on establishing/maintaining info systems
ISO/IEC 27002
International standard focused on information security controls
(to protect those systems)
ISO/IEC 27701
Adding privacy to ISMS (privacy extension for ISO 27001)
Focuses on privacy data management
ISO/IEC 31000
Attempt to create global risk management framework
A family of standards providing principles & guidelines for risk management
SOC 2 Audits (SSAE 18)
System & Organization Controls:
Provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s TSC (Trust Services Criteria)
SOC 2 Audit Type I
Provides a snapshot of the organization’s control landscape in a specific point in time
SOC 2 Audit Type II
Evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months
CSA
Cloud Security Alliance:
A nonprofit organization promoting best security practices related to cloud computing environments
CSA: CCM
Cloud Security Alliance: Cloud Control Matrix
Designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider
Cloud-specific security controls
Controls are mapped to standards/best practices/regulations
CSA: Reference Architecture
Gives us the outline of what we want & build roadmap to meet needs
NIST RMF
Risk Management Framework:
Integrates security/risk management into the system development life cycle
Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor
NIST CSF
Cybersecurity Framework:
Standards/best practices to help manage cybersecurity risks
Identify, protect, detect, respond, recover
USB OTG
USB On-the-Go:
Allows USB devices (phones/tablets/etc) to act as a host, allowing other USB devices (flash drives/cameras/mouse/keyboard) to be attached to them.
One is host, one is peripheral
CCMP (Counter-mode/CBC-MAC Protocol)
Employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks
The Counter Mode component provides data privacy
The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication
NAT Gateway
Allows systems to connect to another network without being directly exposed to it
Opal (FDE/SED)
A set of specifications for features of data storage devices that enhance their security
Defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data
EDR
Endpoint Detection & Response:
Monitor and collect activity data from endpoints that could indicate a threat
Analyze this data to identify threat patterns
Automatically respond to identified threats to remove or contain them, and notify security personnel
Forensics and analysis tools to research identified threats and search for suspicious activities
FISMA
Federal Information Security Management Act:
A US federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats.
Requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standards.
PtH (Pass the Hash)
The process of harvesting an account’s cached credentials when the user logs into a SSO system.
(The cached credentials are in hash form)
Heuristic vs. Behavioral Detection
Behavioral Detection (AKA: Statistical or Profile-based): The engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from this baseline (outside a defined level of tolerance) generates an alert
Heuristic Detection:
Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators
