Day 2 - Defense-in-Depth and Attacks Flashcards Preview

SEC 401 - Security Essentials > Day 2 - Defense-in-Depth and Attacks > Flashcards

Flashcards in Day 2 - Defense-in-Depth and Attacks Deck (36)
Loading flashcards...
1
Q

2 - Defense-in-Depth and Attacks

A
  • defense in depth
  • access control and password management
  • security policies
  • critical controls
  • malicious code and exploit mitigations
  • advanced persistent threats
2
Q

objectives of defense-in-depth

A
  • risk = threat x vulnerabilities
  • CIA triad
  • strategies for defense-in-depth
  • core security strategies
3
Q

what is defense in depth (DiD)?

A
  • any layer of protection may fail
  • multiple levels of protection must be deployed
  • measures must be across a wide range of controls
4
Q

prevention is ideal, but detection is ?

A

a must

however, detection without response has minimal value

5
Q

security deals with?

A

managing risk to your critical assets

6
Q

risk is?

A

the probability of a threat crossing or touching a vulnerability

risk = threats x vulnerabilities

7
Q

Key Focus of Risk

A

CIA triad

8
Q

C - confidentiality

A

vs. Disclosure

Only shared among authorized persons or organizations

9
Q

I - Integrity

A

vs. Alteration

Authentic and complete. Sufficiently accurate. Trustworthy and reliable.

10
Q

A - Availability

A

vs. Destruction

Accessible when needed by those who need it

11
Q

Prioritizing CIA

A

all are important, which one is important in your organization?

Confidentiality: pharmaceuticals and govt
Integrity: Financial institutions
Availability: e-commerce

12
Q

Approaches to DiD

A

deploy measures to reduce, accept, or transfer risk

4 basic approaches:

1) uniform protection
2) protected enclaves
3) information centric
4) threat vector analysis

13
Q

uniform protection -DiD

A
  • most common DiD approach
  • firewall, VPN, intrusion detection, antivirus, patching
  • all parts of the organization receive equal protection
  • treats all systems the same
14
Q

protected enclaves DiD

A
  • work groups that require additional protection are segmented from the rest of the organization
  • restrict access to critical segments
  • internal firewalls
  • VLANs and ACLs
15
Q

information-centric DiD

A
  • identify critical assets and provide layered protection
  • data is accessed by apps
  • apps reside on hosts
  • hosts operate on networks
16
Q

vector-oriented DiD

A

threat requires vector to cross vulnerability
stop the capability of the threat to use the vector
- usb thumb drives: disable USB
- attachments in e-mails: block or scan attachments
- spoofed e-mails: check address at e-mail server

17
Q

fixing the problem - main strategy to fix infected system??

A

rebuild from scratch

18
Q

module 8:

A

Access Control and Password Management

19
Q

Access Control

A
  • Data Classification
  • Managing access
  • Separation of duties
20
Q

Password management

A
  • password management technologies

- how password assessment works

21
Q

IAAA

A

Identity
Authentication
Authorization
Accounting

22
Q

Controlling Access

A
  • Least privilege
  • Need to know
  • Separation of duties
  • Rotation of duties
23
Q

6 common types of access control

A
1- Discretionary Access Control (DAC)
2- Mandatory Access Control (MAC)
3- Role-based (RBAC)
4- Ruleset-based (RSBAC)
5- List-based 
6- Token-based
24
Q

John the Ripper crack modes

A

1- Wordlist
2- Single crack - usernames and gecos to guess pwds. should be used first becuz fast
3- incremental - brute force
4- external - custom

25
Q

Module 9

A

Security Policy

26
Q

Security Policies

A
  • need for policies
  • policy framework
  • enforcement
27
Q

issue-specific policy examples

A
  • NDA

- copyright

28
Q

Policy table of contents

A
  • purpose
  • related documents or references
  • cancellation or expiration
  • background
  • scope
  • policy statement
  • responsibility
  • action
29
Q

policies must be?

A

clear, concise, understood by everyone in the organization and enforced

30
Q

Module 10

A

Critical Security Controls

31
Q

Three control priority families?

A
  • System (Controls 1-10)
  • Network (Controls 11-15)
  • Application (Controls 16-20)
32
Q

Key rules when the controls were chosen

A
  • each control mapped to actual known attack
  • if known attack doesn’t exist, can’t be a control
  • offense must inform defense
33
Q

Critical Security Controls

A

1- inventory of authorized/unauthorized devices
2- inventory of authorized/unauthorized software
3- secure configurations for HW/SW
4- continuous vulnerability assessment and remediation
5- controlled use of administrative privileges
6- maintenance, monitoring, and analysis of audit logs
7- email and web browser protections
8- malware defenses
9- limitation and control of network ports
10- data recovery capability
11- secure configurations for network devices
12- boundary defense
13- data protection
14- controlled access based on the need to know
15- wireless access control
16- account monitoring and control
17- security skills assessment and appropriate training to fill gaps
18- application software security
19- incident response and management
20- pen tests and red team exercises

34
Q

Module 11: Malicious Code and Exploit Mitigation

A
  • Mitnick-Shimomoura
  • Defensive strategies
  • Common types of attacks
35
Q

Input attacks

A

applications receive client data in many forms:
- treat all user supplied input as potential attack points

examples:

  • OS command injection
  • buffer overflows
  • SQL injection
36
Q

Module 12: APT

A
  • what are APTs and why are they so hard to manage?
  • defending against APT
  • how can cyber remediation be approached?
  • offensive operations