1.2 Fundamental Security Concepts. Flashcards
(17 cards)
What is the CIA Triad?
the fundamental objective of security professionals, ensuring: Confidentiality, Integrity and Availability
Confidentiality
Ensures that data is only viewable by authorized users
Integrity
Ensures there is no unauthorized modifications to information or systems, either intentionally or unintentionally
Availabilty
Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them
Non-repudiation
ensures that an individual cannot deny performing an action, such as sending an email or making a transaction.
AAA Security Model (Access Control Framework): (AAA Framework)
Used to manage and enforce security policies for users and systems accessing networks and resources. Works with identification for comprehensive access management.
Authentication → Verifies identity
Authorization → Grants Access
Accounting → Tracks & logs user activity
Gap analysis
the process of comparing the current security state with the desired security state to identify deficiencies.
Zero Trust
- Control Plane
o Adaptive identity
o Threat scope reduction
o Policy-driven access control o Policy Administrator
o Policy Engine
Zero Trust means “Never trust, always verify.” It ensures that no one (inside or outside the network) is automatically trusted.
🔹 Control Plane (The Brain)
(this is where decisions are made, its the rules and policies that determine who accesses what)
1️⃣ Adaptive Identity – Constantly checks user/device identity based on behavior, location, and risk.
2️⃣ Threat Scope Reduction – Limits what an attacker can access if they break in (least privilege).
3️⃣ Policy-Driven Access Control – Rules decide who/what can access resources (e.g., only approved devices can log in).
4️⃣ Policy Administrator – Applies the access rules in real time.
5️⃣ Policy Engine – Decides if access is granted based on security policies and risk factors.
What is Zero Trust?
Zero Trust means “Never trust, always verify.” It ensures that no one (inside or outside the network) is automatically trusted.
2️⃣ Threat Scope Reduction
What is Threat Scope Reduction in zero trust?
Limits what an attacker can access if they break in (least privilege).
What is the control plane in zero trust?
🔹 Control Plane (The Brain)
(this is where decisions are made, its the rules and policies that determine who accesses what)
What is Adaptive Identity in Zero Trust?
Constantly checks user/device identity based on behavior, location and risk
Zero Trust
- Data Plane
o Implicit trust zones
o Subject/System
o Policy Enforcement Point
The Data Plane (The Enforcer)
Enforces decisions made by the Control Plane. where security is implemented and data flows through
1️⃣ Implicit Trust Zones – Areas within the network that are usually trusted by default but still checked.
2️⃣ Subject/System – Refers to users (subjects) and systems (devices or applications) that want to access resources. Both need to be verified.
3️⃣ Policy Enforcement Point (PEP) – The point where the access control policies are enforced (e.g., firewalls, gateways). (gatekeeper)
This layer enforces the “never trust” approach by constantly checking and validating access requests.
What are physical security measures and their components?
Physical security protects the physical assets of a facility from unauthorized access or harm. Key components include:
1️⃣ Bollards –Barriers used to prevent vehicle access to restricted areas.
2️⃣ Access Control Vestibule – Double-door system where one door must close before the other opens, controlling access to secure areas.
3️⃣ Fencing – Perimeter protection to restrict unauthorized entry.
4️⃣ Video Surveillance – Cameras that monitor and record activities for security purposes.
5️⃣ Security Guard – Personnel who patrol and ensure security of a facility.
6️⃣ Access Badge – Identification cards or badges used to grant access to authorized individuals.
7️⃣ Lighting – Well-lit areas to deter criminals and ensure visibility.
These measures work together to create a layered approach to physical security.
- Sensors
o Infrared
o Pressure
o Microwave
o Ultrasonic
8️⃣ Infrared Sensors – Detect heat signatures (e.g., body heat) to detect movement.
9️⃣ Pressure Sensors – Detect pressure changes (e.g., footsteps, vehicle movement) in a monitored area.
🔟 Microwave Sensors – Emit microwave signals and detect movement by changes in reflected signals.
1️⃣1️⃣ Ultrasonic Sensors – Emit ultrasonic waves and measure reflected sound to detect movement.
These components together strengthen a facility’s security.
Deception and disruption technology
- Honeypot
- Honeynet
- Honeyfile
- Honeytoken
Deception and disruption technologies use fake resources to detect, mislead, or disrupt attackers.
Key components include:
1️⃣ Honeypot – A fake system designed to lure attackers, allowing monitoring and learning about attack methods.
2️⃣ Honeynet – A network of honeypots set up to simulate a real network environment and attract more sophisticated attacks.
3️⃣ Honeyfile – Fake files placed on a system or network that trigger alerts when accessed, indicating an intrusion.
4️⃣ Honeytoken – Fake data (like a decoy password or database entry) used to detect unauthorized access or malicious activity.
These tools help detect, analyze, and thwart attackers by providing decoy resources that make it harder for attackers to find real vulnerabilities.
