Chapter 5 Securing hosts and data Flashcards
A software that creates, runs and manages virtualization?
A hypervisor
Virtual machines vs containerization? and one draw back of containerization?
virtual machines host entirely new sessions of operating systems and everything within it. Whereas containers are isolated boxes that run applications or services seperated from the rest of the current OS - if containers are running on linux host, all containers must then use linux
How to keep virtual machines secure? considerations
Hypervisor, patches and avoiding VM escapes, avoiding VM sprawl avoidance (policies, assesments etc).
What kind of arrangement allows users to keep their VM desktops customized?
persistence, non-persistence utilizes the same for all.
What is the purpose of a baseline? give a brief description on how it might be created and used.
Baselines provide a secure standard configuration. A baseline is usually created via a master image that is used across all deployed systems (stock/default for security). The master image is an OS that has been configured for security and tested extensively. Then, automated tools are used to assess changes from that baseline.
How do organizations typically deal with patch management?with regards to deployment
Patch management is usually deployed in a sandbox environment (such as VM), Third party tools are then used to deploy the patches in a controlled manner, other tools (similar to an NAC) check for these patches, comparing them on end point systems to what is expected.
What process ensures no unintended outages and accounting for configuration or upgrades?
A change management policy.
When implementing an API list some important components to include:
Authentication - depends, possibly 2FA
Authorization - ACLs, rule/role/mandatory/ type of idea.
Security method - TLS is good to encrypt traffic over the network
FDE vs SDE?
Full disk encryption - entire disk is encrypted., also able to encrypt partitions as well (encrypt and decrypt at the file or partition level)
Self encrypting drive - on booting up enter credentials to unencrypt it. (at the drive level)
FDE offers more flexibility.
An important thing to implement every time the computer starts up? examples?
Boot integrity checks. BIOS (basic input/output system), it is physical with software on it (firmware), newer systems use UEFI (unified extensible firmware interface) which is upgraded version ( more performance, less CPU demanding).
How does a computer store encrypted keys(that relate to the booting process)? and what else does it do with regards to booting?
through a hardware chip called the TPM (Trusted platform module), when booting (boot attestation) stores key signatures of particular files. Then, secure boot checks the files against the stored signatures to ensure they haven’t changed. Remote attestation verifies it using a remote system.
what is the difference of an HSM to the similar component?
An Hsm is often a removable or external device that generates, stores, and manages keys via assymmetric encryption whereas a TPM is a hardware chip that deals with signatures and boot processes.
An organization wants to use software that blocks USB devices and prevents outgoing information (sensitive information), what might they implement?
Data loss prevention software.
Protecting against data streams coming in vs going out? tools?
Unified threat manager and DLP software
Unauthorized flow of data out of a network is called?
Data exfiltration
What are some examples of SaaS and why are they classified as such?
Gmail, Yahoo! Mail, Splunk, Dropbox, they are accessed via a web browser providing someone elses’ software to use/interact with.
How is PaaS different from SaaS?
PaaS provides its own hardware AND software on its own infrastructure. Provides end users with the infrastructure, tools, storage and networking to build / deploy software. Compared to SaaS it provides a platform rather than just the software.
IaaS?
Pay-as-you go storage, networking, virtualization, alternatives to on-premise infrastructure. More scalable, more secure but less individualized to business needs.
What is XaaS?
Anything as a service, may include a combination of all services (S, P and IaaS) as long as it is delivered over the cloud.
What are the four cloud deployment models with a brief description of each?(this is not a Iaas, Xaas question)
Public - Third party services anyone can pay for, not individualized.
Private - specific to the organization may be internal only, hosting own servers (IaaS?)
Community - Many organizations with similar needs that all require access, a group of franchised schools etc.
Hybrid - combination of two or more.
Public clouds - available to anyone, private only for that organization, community - many, hybrid mix.
What role can an MSSP play in cloud services?
managed security service provider, basically everything security wise. From patch management, DLP, networking(proxy filters), VPNs, UTM, firewalls, IDS & IPS, they may host these all on the cloud or send out appliances managing them remotely.
How does a CSP typically maintain high availability? list 1
Multiple load balancing nodes in different geographical locations
What types of networks do CSP provides? (4 examples)
- Virtual networks (soft-ware defined networking to create virtual networks using 1 server)
- Public subnets (accessible via internet usually with a screen subnet infront of it) and 3. Private subnets (not accessible via internet). These can both be created via virtual networks.
- Segmentation (Like a VLAN) segmenting computers, or networks.
On-premise vs off-premise clouds
On-premise, all facilities for the cloud (all resources), on the organizations premise. Can still access when at home.
Off-premise - resources are outsourced / rented
