Chapter 3.3 Flashcards
HSM
A Hardware Security Module (HSM) is a device used to generate, maintain and store cryptographic keys. It can be an external device and can easily be added to a system. The HSM will maintain the integrity of the key.
TPM
The Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system and provides secure key storage for full disk encryption. Supports secure boot processes
SoC
A system on a chip includes all the functionality of a system in a compact solution. Mobile computing devices typically have this.
hardware root of trust
A hardware root of trust is a known secure starting point by embedding a private key in the system. The key remains private until the public key is matched.
MLS
Multi-Level Security (MLS) is an implementation of MAC that focuses on confidentiality. A MLS operating system is able to enforce the separation of multiple classifications of information.
Hardening
Hardening an Operating System (OS) is the practice of removing default values to ensure the system is more secure.
Secure configuration of systems
Secure configuration of systems refers to security measures that are implemented as a way to provide protection for computer systems. Secure configurations of systems can help prevent vulnerabilities and attacks.
FDE
Full Device Encryption (FDE) provides encryption for a whole disk and protects the confidentiality of the data.
SED
A self-encrypting drive (SED) includes both the hardware and software to encrypt data on a drive. Keys are securely stored within for decryption. SED requires credentials to be entered for decryption.
privacy screens
The use of privacy screens limits the view from a display. They can be used to protect sensitive information from being visible.
mail gateways
A mail gateway examines incoming and outgoing email traffic. It can be configured to inspect email traffic for certain terms and force encryption based on policies. An email gateway can also deny email traffic that it views as vulnerable.
URL filtering
A URL filter allows you to control access to websites by permitting or denying access to specific websites based on information contained in a URL list.
EMI
Electromagnetic interference (EMI) are radio frequencies emitted by external sources, such as power lines that disturb signals. EMI can be avoided by the use of shielding.
BIOS
Basic Input/Output System (BIOS) is a combination of hardware and software used to adjust settings in a computer.
Disabling USB ports in BIOS (Basic Input/Output System) for all workstations on the company network would turn off the ability to use a USB.
UEFI
Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer’s firmware to its operating system. UEFI is the replacement for BIOS (Basic Input/Output System) and has many advancements to include provisions for secure booting.