cybersecurity Flashcards

Question

2- step 2 in the design phase is managing risk. this can be divided using the?

Answer 1

Four T's which include - Tolerate Risk - Accept Risk - Transfer Risk - Insurance 3rd party - Terminate Risk - - Treat Risk- reduce it to acceptable level by implementing countermeasure.

Answer 2

- Deter - is the farthest from assets such as camera fence. - Detect - cameras, security personnel. - Delay - honey pot, locks to delay attacks - Deny - Defeat - security personal response to apprehend

Answer 3

objective is to deter attackers from attempting to breach

Answer 4

objective to monitor large area to accurately detect unauthorized access and respond on time .

Answer 5

The objective of delay an active intrusion to force intruder to stop and allow security to respond

Answer 6

is keep unauthorized person out and let authorized people in

Answer 7

Objective is to defeat intrusion by apprehending intruder. often involve law enforcement.

Answer 8

You need security policies and procedures established for both physical and cyber. at least one or more physical security perimeters shall be in place to protect assets.

Answer 9

this should be done for each zone and conduit. it should also use - risk assessment results - target security level - Cybersecurity requirment specifications. CRS

Answer 10

- Policies and Procedures - Warning Banners. - Obscurity

Answer 11

- IDS - SIEM - Anti-Virus software - Firewalls - Emails and URL filtering - Train personnel to be aware of scams

Answer 12

- Security Hardening - Patching - Encryption - Network segmentation - Access Controls - Honey Pot Systems.

Answer 13

Deny unauthorized users and software's from access the system. - Firewall - Whitelisting - Intrusion Prevention Systems - Access Controls

Answer 14

eradicate the intruder or malicious software and restore the system to normal. - Malware Removal tools - Policies and Procedures - Intrusion Prevention.

Answer 15

- Identify Zones and conduits - Review Risk assessment - this is for each zone and conduit. - Establish Target security Level - Identify Physical and cyber access points. - Develop 5D physical and cyber strategy for each zone and conduit.

Answer 16

this can include: - Document security countermeasure to achieve target security level - Scope of work - conceptual system architecture - budget cost and schedule estimate.

Answer 17

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ This chapter is focused on - Project Management related to design - System and Software Development Life Cycle - Function and Security Requirement for the Design. - Choose technology for the Design -

Answer 18

-Should be treated as a project - Project Management is required - With proper lifecycle, plan, and implement phase. - Should always assign a project manager

Answer 19

- Clear goal of the Project - Define the scope of work - Beware of scope creep - list all deliverable to assign resources correctly - quality criteria - and setting expectation - determine stakeholders and get them involved and updated. - Understand the budget for the project. - establish milestone to keep project manageable. - tolerance should be set for each milestone. - address dependencies - identify risk - Schedule - Dependencies

Answer 20

is a set of related activities that leads to the production of software product.

Answer 21

Software specification ( requirement analysis) Software Design software implementation - Coding software validation - Testing software evaluation - Maintenance and Further Development

Answer 22

Data Structure.

Answer 23

You must secure you security countermeasures.

Answer 24

insufficient Security - example. - IP camera with default - firewall with telnet enabled. - servers with weak and not security in place .

Answer 25

- Environment - User Characteristic - Assumption - Constrains - Dependencies

Answer 26

- Functional - Usability - performance - Data Management - Standards - Security

Answer 27

- Environmental/ External Dependencies such as - supply chain - testing - protection and health and safety - Risk Assessment and control requirement. - Regulatory and Industrial standard requirement - Access Control requirement Data integrity and Confidential Requirement - Communication and Data flow requirement - security event monitoring tools

Answer 28

- Architecture Diagrams. - Data flow charts - Design Specification - Use Cases - Business Process Diagrams. - Configuration Screens.

Answer 29

- Introduction - Project Scope - System Design - Component and process Design - Data Design - User Display and output. - Reports - System Files. - Prototype description - prototype test procedure. analysis. - Special notes - Project Extension.

Answer 30

- Goal of project - Scope of work - Deliverable -Quality criteria - Stakeholder. - Budget. - Schedule - Risk - Tolerance - Milestone - Task/duties/ responsibilities.

Answer 31

device or hardware/software controls the flow of traffic between network devices. Firewall filter communications allow authorized and deny unauthorized. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 32

Network Based hardware Host Based software

Answer 33

Hardware appliance that filter traffic between one or more devices.

Answer 34

it is more than firewall and they do more than just checking inbound and outbound.

Answer 35

- Packet filter - Stateful Inspection firewall - Deep packet inspection

Answer 36

adding Host based firewall will provide defense in depth approach. normally those firewalls are software based and they reside in the host they are protecting. PROVIDE GRANULAR PROTECTION...

Answer 37

- Part of the operation system - they perform logging. - Limit outbound traffic to prevent infection. - can be configured to perform - Addresses based and application based inspection. - Act as Intrusion Prevention System - detect attack and take action to thwart.

Answer 38

- provide extra protection. - they reside on the host they are protecting. - monitor incoming/outgoing network traffic. -

Answer 39

the basic model of all - based on source/Des mac and IP address. - based on states of flag - SYNC- FIN - ACK - INIATED- CLOSED - ESTABLISHED - it is the core and can be found in routers and it is called ACCESS LIST - based on directives. - it doesn't not care about content - PAYLOAD not important.

Answer 40

track the states of the packet and block packets that deviate from the state. it does that inspection by evaluate the TCP values. - those firewall check the status and port number. firewalls normally check the TCP sequence number to reject not legit traffic. - If you have nat- the rule set first checked then 3 hand-shake is completed.

Answer 41

- Connection establish - termination - USAGE

Answer 42

it adds basic intrusion detection technology that analyze protocols to IDENTIFY MALESIOUS CODES and MALFORMED PACKETS it can allow. deny based on specific attribute. IT CAN BLOCK FUNCTIONS based on protocol function 9 for example write code tcp Modbus) it can also block .exe

Answer 43

Switch filter only to the MAC address Firewall packet filter based on MAC and IP address Packet filter uses MAC and IP and also Session. TCP/UPD Deep packet inspection add to that the Applications and payload.

Answer 44

you should never connect corporate network to control system. there must be a firewall to have defense in depth.

Answer 45

it is recommended to have DMZ in the network to act as a buffer between the Control System and the Enterprise.

Answer 46

you should always have one firewall for each main controller. so that when a layer gets compromised the other firewall will protect it.

Answer 47

- Plan identifying all requirement to select the product. - Install and Configure this includes installing configuring and firewall rules. - Test test configuration to validate functionality, performance, scalability. - Deploy - deploy firewalls. - Manage -

Answer 48

you should think about the architecture. future expansion, technology used, so many much more.

Answer 49

think about install - device, software, hardware, patch update. think about configure user/account - policy/rule/ access list/ comments changes, think about greenfield installations. policy is very important for firewall implementation in this phase. and CRTICIAL .

Answer 50

test connectivity, rule sets, application, logging, performance, features like vpn

Answer 51

Deploy - notify parties when making change, have change management plan, backup, plan .,

Answer 52

manage this include maintaining policies, patching, review logs, audit, management,

Answer 53

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 54

to detect unattempted to break to the system. the allow admins to respond to minor security issues before they became security incidents

Answer 55

NIDS and HIDS

Answer 56

-Anomaly is based on behavior - pre defined rules based on signatures

Answer 57

in general it does not block traffic. also it is normally places in strategic place to monitor all traffic - Out of band meaning they get the information from port mirror - Inline meaning its part of the network and traffic passes through it.

Answer 58

is meant to detect single host. its normally an agent installed in the host machines. it will detect and use the pop up screen, sometimes it send to the central collector.

Answer 59

- Log analysis - Event coloration - Integrity checking - Policy enforcement - Rootkit detection - Alerting.

Answer 60

they have - broad scope where HIDs have narrower scope - near real time response - respond right away - bandwidth depend - HIDS not much traffic requirement - high false positive rate where HIDS is low false positive - required hardware where HIDS does not require hardware.

Answer 61

- Using distributed deployment strategy. - Install NIDS at zone entry points. always enhance those implementation with SCADA signatures.

Answer 62

process of securing systems by reducing their surface attack. Reducing the attack surface!!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 63

HOW TO REDUCE THE ATTACK SURFACE??? - Remove unnessassry softwares only install what you need. - remove unneeded user accounts. no need to add user accounts. - Strengthen access control - dont use the default - disable unneeded services. do not enable all services. - install security patches. - patches comes with security enhancement. use them!

Answer 64

Basically any configurable device can be hardened. PLC, VDF, switches, gateways, PLC, software

Answer 65

- NIST SP800-123 - Microsoft security guide - CIS security benchmark - DISA STIGs - defense information system Agency security technical implementation guide.

Answer 66

- Patches to update OS - patches comes with secure enhancement. - Remove and disable services. - services not required always. - Configure access control - least privilege - only allow what you need. - Configure user os authentication - Authentication should always be enabled. - Install additional security controls. - make sure you include everything. - Test the security of OS - check the OS system.

Answer 67

Recommendation for technical controls created by lots of professionals. - accepted by governments. - used by IT professionals. - DE FACTO basically CIS security have benchmarks for all the different systems.

Answer 68

because its extremely difficult to manage those manually.

Answer 69

- Active Directory - Microsoft Windows Security Compliance Manager - DISA - Defense Information System Security.

Answer 70

it is free tool that have the benchmark of the best practice confguration. - ready to deploy and test and test policies. - import configuration from active directory and backup local group policy.

Answer 71

security compliance toolkit in june 2017

Answer 72

- Gold master support - pre build to save time. - configure standalone machines. - update security guides. - compare to industry best practice.

Answer 73

ENHANCED MITIGATION EXPERIENCE TOOLKIT

Answer 74

is an enhancement to windows operation system that stops broad classes of malware from executing.

Answer 75

provide addtional protection to vulnrabile un-patched software. - require little configuration and maintenance. - offer centralized admin and logging. - Audit only" mode for compatibility testing.

Answer 76

- System wide - Application specifics. - Advanced.

Answer 77

- Data execution prevention: this prevent damage and virus to your computer. some attacks uses memory and this will prevent it. - Address Space Layout Randomization. ASLR this prevent shellcode from execution, it does this by offset location in memory. - Structured Exception Handler Overwrites (SEHOP) guard against stack overflows by using code 32bit to prevent attacks.

Answer 78

HEAP Spray arbitrary code execution. taking advantage of the heap. EAF - Export Address table Access filtering.

Answer 79

- Deep Hooks - provide protections for critical APIs and low level APIs. used by top level. - ANTI DETOURS - Shellcode techniques for evasion of hooks by execution. - - Banned function - is for additional APIs blocked and detected.

Answer 80

System Wide Mitigation - DEP, ASLR, SEHOP Advanced Mitigation - Deep hooks, Anti Detours, Banned function. Application - everything else including HEAP and EFR.

Answer 81

sometimes the devices are PLC, HMI, MOTOR, Driver, always check with NISA, ISA, Vendors might have some hardening procedures for their devices.

Answer 82

- Disable remote device changes. - install vendor firmware - check with hash always. - shutdown unused interfaces. - disable unused protocols. -enable logging. - disable services. - restrict remote access. - protect IACS with industrial firewall. - change default passwords.

Answer 83

- You should always look into the network and not only end devices. examples are firewalls, routers, switches, etc.

Answer 84

- Management - manage traffic send to IOS. such as application, ssh, protocol, SNMP - Control - maintain things like OSPF, PGP, paramount to the network. - Data - forward traffic through the network.

Answer 85

- Install firmware update. - compare hashes - shutdown unused physical interfaces. - enable logging - shutdown unneeded services. - restrict remote management - use SNMP3 - change and encrypt passwords.

Answer 86

it is basically controlling the access ... this is basically all the policies and procedures and technical controls that govern the use of system resource. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 87

ensures system is only accessable by authorized users. accounts, processes.

Answer 88

ESTABLISHING ACTIVATING Modifying Reviewing Disabling Removing accounts.

Answer 89

- Separation of duties - Least privilege - Unsuccessful login attempts - System use notification - Session locking - Session termination Concurrent session control

Answer 90

- Servers/ workstation operation system - Application HMI Engineering - Data bases - Network Components - and most devices.

Answer 91

- ISA/IEC 62443-2-1 establisihing ISA/IEC 62443-3-2 security requirement - NIST 800.53 security and privacy for federal - NIST 800-82 guide to industrial control system - public safety canada TR12-002 - US department of homland security.

Answer 92

- Develop an access control policy to logical and physical rules. you decide how granular it can be. - Employ multiple authentication methods - Segregate data with high sensitivity and business consequence from other - Make use of central identity and access. - Establish separates IACS domains. - Use organization OU to partition resources and functional units. -

Answer 93

something you know - password and pin something you have card, token usb and somewhere you are - fingerpring and retinal signtures.

Answer 94

- LAN WAN TCP - mODEM OVER PUBLIC telephone service - modem to non windows devices. this come with good benefits to oiperation but huge risk since people can access it.

Answer 95

-large variety of control system architectures. - different type of needs for remote users. - technology limitation - service limitation - different IT policies. - regulatory limitation - vendor requirement.

Answer 96

- Center of protection of national infrastructure. - North American electrical reliability corporation (NERC) - public safety of Canada.

Answer 97

- maintenance - operators - system support. - business partners. - supply chain - field technician - customers. - service providers.

Answer 98

- telephone services. POTS ISDN and Dialup - Wireless such as settalite 802.11, mocrowave, 900 - WAN such as T1 E1, DSL, framerelay, ATM, MPLS - remote access servers such as my pc, log me in, teamviewer,. - VPN - terminal services. - desktop virtualization citrix,

Answer 99

the list is long but here are the main ones. - type and quantity of users requiring access. - IACS assets that require access - threats and possible attack vectors. - SL-T for each accessible remote asset. - regulatory and policy restriction - technology and vendor restriction. - budget. - Available services. - duration of remote access.

Answer 100

a network device equipped with enhanced security features knows as SSL Secure Socket layer.

Answer 101

SSL Secure Socket Layer.

Answer 102

also VPN does not limit the ptotocols.

Answer 103

IPSec internet protocol security SSL/TLS Secure socket layer/ transport layer security DTLS - Datagram Transport Layer Security MPPE - Microsoft point to point encryption SSTP - Secure Socket tunneling protocol.

Answer 104

Two endpoints of a VPN are intermediary devices that passes traffic from trusted network to another trusted network using untrusted link.

Answer 105

it has a host computing device at one point and the other point is intermediate device - for protection, always add VPN gateway with DMZ.

Answer 106

it is the evolution for of the traditional firewalls. it comes with so many enhancement and different VPN technology.

Answer 107

- Only approved laptop for remote access. - provide secure bootable images. - require and enforce 3rd party with remote access. - provide separate authentication mechanism for internal and external. - change port number to different port numbers. -

Answer 108

- disable split tunnel in the VPN - Monitor and log ID, Time, - provide mechanism for on demand access and termination. - restrict access to special machines. -force vpn traffic after a firewall and IDS after its unencrypted.

Answer 109

- only read access when possible. - limit data exchange with seplaier and customers. - employee and vendor remote maintenance. - FULL ACCESS IS business decision that needs to be addressed by management. IT IS NOT RECOMMENDED FOR REMOTE ACCESS in IACS.

Answer 110

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 111

FAT at the vendor location SAT at the customer location before going live. and before functional test.

Answer 112

First: Verification of Cybersecurity Specifications. Second: Cybersecurity Robustness Testing.

Answer 113

Weaknesses of the system. basically try to break into it.

Answer 114

this step is to verify that specification and policies are met with the operation of the system.

Answer 115

- ISA/IEC62443-2-4 - ISA secure - DHS

Answer 116

- Select different vendors for testing than the designers. - Define system under test - Develop a verification and test plan - Verify cybersecurity configuration settings. - Perform robustness settings - Document the results.

Answer 117

CAT configuration Assessment tool. - benchmark the configuration of the system to the CIS benchmark. RAT is Router assessment tool - this tool assess routers/ configuration Cisco. NESSUS- Audit operation systems.

Answer 118

you should always have one firewall for each main controller. so that when a layer gets compromised the other firewall will protect it.

Answer 119

You should think about the architecture. future expansion, technology used, so many much more.

cybersecurity Flashcards

(143 cards)