2.2 Security controls for host devices

Question 1

SELinux

Answer 1

-Group of security extensions that can be added to Linux to provide additional security enhancements to the kernel

Question 2

SEAndroid

Answer 2

-The SELinux extensions added to the android OS

Question 3

Least functionality

Answer 3

-requirement that only the necessary privileges are granted users to access resources

Question 4

TrustedSolaris

Answer 4

• DEPRECATED

- Was a group of security-evaluated OSs based on earlier versions of Solaris

Question 5

Anti-Malware

Answer 5

-general purpose security tool designed to prevent, detect and eradicate multiple forms of malware

Question 6

Anti-Spyware

Answer 6

specifically targets the removal of spyware

Question 7

Spam filter

Answer 7

identifies malicious or undesirable e-mails and prohibit them from invading the user’s mailboxes

Question 8

Patch Management

Answer 8

the process of acquiring, testing, deploying, and maintaining a patching solution for an organization’s devices

Question 9

HIPS/HIDS

Answer 9

-Host Intrusion Prevention System/Host Intrusion Detection System

Question 10

DLP

Answer 10

• Data loss prevention

- prevents desirable and sensitive materials from leaving the corporate boundary unless the policy permits it

Question 11

Host-based Firewalls

Answer 11

Control which traffic is allowed or denied from entering and exiting the computer

Question 12

Log Monitoring

Answer 12

The process of examining host logs in order to detect signs of malicious activity on the device

Question 13

EDR

Answer 13

• Endpoint Detection Response
• initially monitor a threat by collecting event information from memory, processes, the registry, users, files, and networking and then upload the data to a local or centralized database

Question 14

Standard operating environment

Answer 14

a pre-defined disk image of an operating system, applications, and configurations to provide consistent host device experiences across the organization

Question 15

Configuration Baselining

Answer 15

standardizing configurations across applications or operating systems

Question 16

Application Whitelisting

Answer 16

Focuses on explicitly allowing only certain applications to the exclusion of all others

Question 17

Application Blacklisting

Answer 17

Focuses explicitly denying only certain applications to the exclusion of all others

Question 18

Security/Group Policy implementation

Answer 18

Group policy is a set of rules that provides for centralized management and configuration of the operating system, user configurations, and applications

Question 19

Command Shell restrictions

Answer 19

limits what commands are available to users and IT personnel

Question 20

Manual vs automated Patch management

Answer 20

• manual patch management improves control

- automated improves speed

Question 21

Configuring dedicated interfaces

Answer 21

-necessary to ensure that an interface is isolated from other interfaces and traffic flow patterns

Question 22

Out-of-band Management

Answer 22

-a dedicated interface that requires a separate communication channel

Question 23

ACLs

Answer 23

• Access Control Lists

- use packet filters to lock down network interfaces

Question 24

Management interface

Answer 24

Dedicated physical port, or VLAN logical port, that permits in-band management of host devices

Question 25

Data Interface

Answer 25

Everyday communications channels that exist between hosts and network appliances like switches

Question 26

External I/O restrictions

Answer 26

Disable USB devices as well as wireless technologies - bluetooth - NFC - 802.11 - IrDA - RFID

Question 27

Drive mounting

Answer 27

-permits a user to map a drive on another system to a local drive letter on their computer

Question 28

Drive mapping

Answer 28

permits a user to map a drive on another system to a local drive letter on their computer

Question 29

Webcam

Answer 29

should be disabled or used sparingly to prevent spyware or other attacks from hijacking these devices

Question 30

SD port

Answer 30

restrict the traffic on these ports

Question 31

HDMI

Answer 31

restrict due to possibility of attackers using these cables to hijack the audio and video output of your devices

Question 32

file and disk encryption

Answer 32

necessary for providing independent encryption capabilities to files and folders on a file system -Disk encryption encrypts the entire disk, volume, or external drive from various online and offline attackers

Question 33

Firmware updates

Answer 33

critical to securing devices from attacks that focus on outdated firmware

Question 34

Secure boot

Answer 34

feature made available through UEFI firmware and will only load trusted, digitally signed boot files as per the OEM

Question 35

Measured Launch/Boot

Answer 35

uses TPM chips to measure the crytographic integrity of several boot components through the use of digital signatures

Question 36

Integrity Measurement Architecture

Answer 36

- IMA | - an open source method frequently used on linux

Question 37

BIOS

Answer 37

Firmware chip stored on device motherboards that perform the hardware initialization and the subsequent OS startup

Question 38

UEFI

Answer 38

``` firmware chip that adds various security features missin from BIOS -faster speeds -larger partition sizes -Secure Boot and Measured boot Ability to use more memory ```

Question 39

Attestation Services

Answer 39

TPM chips provide attestation services to authenticate the identity and integrity of software

Question 40

TPM

Answer 40

A secure chip that contains a cryptoprocessor built into modern computer motherboards for the purpose of performing various security functions relating to certificates, symmetric and asymmetric keys, and hashing

Question 41

Vulnerabilities associated with hardware

Answer 41

Older PCs devices lacking UEFI and TPMs jailbroken hardware

Question 42

Terminal Services/application delivery services

Answer 42

Microsoft renamed terminal services to Remote Desktop Services - Uses remote desktop protocol - client offloads resources responsibilities onto a server