2.1: Enterprise Security Flashcards
Configuration Management
The only constant is change.
Identify and document hardware and software settings.
Rebuild those systems if a disaster occurs.
Baseline configuration
security of an app evironment should be well defined.
Firewall settings, patch levels, OS file versions.
Standard naming conventions
Create a standard, needs to be understood by everyone.
IP Schema
Ip address plan or model
consistent addressing for network devices. Helps avoid duplicates.
Reserved addresses: Printers, routers etc.
Protecting Data
Data is everywhere, on a storage drive, on the network, in a CPU.
Protecting the data with encryption, security policies.
Data sovereignty
data that resides in a country is subject to the laws of that country.
laws may prohibit where data is stored.
GDPR (General Data Protection Regulation) - Data collected on EU citizens must be stores in EU.
Data Masking
Data obfuscation-hide some of the original data.
Data Encryption
Encode plaintext into cypertext
Two way street, convert between one and the other if you have a proper key.
Data at-rest
Data is on a storage device
encryption can be individual or whole disk encryption
Apply permissions to limit access on a per user basis
Data In-Transit
Data transmitted over the network
Not much protection as it travels
Network based protection through firewall, IPS
Transport encryption TLS, IPSec
Data In-use
In RAM, Caches or CPU register.
almost always decrypted.
can be picked straight out of ram by an attacker.
Tokenization
Replace sensitive data with a non sensitive placeholder
Not encryption or hashing, no overhead.
Hashing
Represent data as a short string of text(message digest)
One way trip, can’t unhash a hash to get the original data.
Hot Site
Exact replica and duplicate of everything, ready to go at a moments notice.
Cold Site
No hardware, empty building.
No data or people, everything has to be brought.
