MODULE 18 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards Preview

MODULE 18 - Understanding Defense CERTIFICATION CYBER OPS ASSOCIATE > MODULE 18 - CERTIFICATION CYBER OPS ASSOCIATE > Flashcards

Flashcards in MODULE 18 - CERTIFICATION CYBER OPS ASSOCIATE Deck (46)
Loading flashcards...
1
Q

Defense-in-Depth Assets, Vulnerabilities, Threats Cybersecurity analysts must prepare for any type of attack.

It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

A

Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

– Assets

– Vulnerabilities

– Threats

2
Q

Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

– Assets

– Vulnerabilities

– Threats

A

Assets :

Anything of value to an organization that must be protected including servers, infrastructure devices, end devices, and the greatest asset, data.

3
Q

Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

– Assets

– Vulnerabilities

– Threats

A

Vulnerabilities :

A weakness in a system or its design that could be exploited by a threat actor.

4
Q

Cybersecurity analysts must prepare for any type of attack. It is their job to secure the assets of the organization’s network. To do this, cybersecurity analysts must first identify:

– Assets

– Vulnerabilities

– Threats

A

Threats :

Any potential danger to an asset.

5
Q

Identify Assets As an organization grows, so do its assets. Consider the number of assets a large organization would have to protect.

It may also acquire other assets through mergers with other companies.

The result is that many organizations only have a general idea of the assets that need to be protected.

A

The collection of all the devices and information owned or managed by the organization are assets.

The assets constitute the attack surface that threat actors could target.

These assets must be inventoried and assessed for the level of protection needed to thwart potential attacks.

6
Q

The collection of all the devices and information owned or managed by the organization are assets.

The assets constitute the attack surface that threat actors could target.

These assets must be inventoried and assessed for the level of protection needed to thwart potential attacks.

A

Asset management consists of inventorying all assets, and then developing and implementing policies and procedures to protect them.

This task can be daunting considering many organizations must protect internal users and resources, mobile workers, and cloud-based and virtual services.

7
Q

Asset management consists of inventorying all assets, and then developing and implementing policies and procedures to protect them.

This task can be daunting considering many organizations must protect internal users and resources, mobile workers, and cloud-based and virtual services.

A

Further, organizations need to identify where critical information assets are stored, and how access is gained to that information.

Information assets vary, as do the threats against them. For example, a retail business may store customer credit card information.

An engineering firm will store competition-sensitive designs and software.

A bank will store customer data, account information, and other sensitive financial information.

Each of these assets can attract different threat actors who have different skill levels and motivations.

8
Q

Identify Vulnerabilities

A

Threat identification provides an organization with a list of likely threats for a particular environment.

When identifying threats, it is important to ask several questions:

What are the possible vulnerabilities of a system?

Who may want to exploit those vulnerabilities to access specific information assets?

What are the consequences if system vulnerabilities are exploited and assets are lost?

https://snipboard.io/oLD8wy.jpg

9
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Internal system compromise :

The attacker uses the exposed e-banking servers to break into an internal bank system.

10
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Stolen customer data :

An attacker steals the personal and financial data of bank customers from the customer database.

11
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Phony transactions from an external server :

An attacker alters the code of the e-banking application and makes transactions by impersonating a legitimate user.

12
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Phony transactions using a stolen customer PIN or smart card :

An attacker steals the identity of a customer and completes malicious transactions from the compromised account.

13
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Insider attack on the system :

A bank employee finds a flaw in the system from which to mount an attack.

14
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Data input errors :

A user inputs incorrect data or makes incorrect transaction requests.

15
Q

The threat identification for an e-banking system would include:

– Internal system compromise

– Stolen customer data

– Phony transactions from an external server

– Phony transactions using a stolen customer PIN or smart card

– Insider attack on the system

– Data input errors

– Data center destruction

A

Data center destruction :

A cataclysmic event severely damages or destroys the data center.

Identifying vulnerabilities on a network requires an understanding of the important applications that are used, as well as the different vulnerabilities of that application and hardware.

This can require a significant amount of research on the part of the network administrator.

16
Q

Identifying vulnerabilities on a network requires an understanding of the important applications that are used, as well as the different vulnerabilities of that application and hardware.

This can require a significant amount of research on the part of the network administrator.

A

Identifying vulnerabilities on a network requires an understanding of the important applications that are used, as well as the different vulnerabilities of that application and hardware.

This can require a significant amount of research on the part of the network administrator.

17
Q

Identify Threats Organizations must use a defense-in-depth approach to identify threats and secure vulnerable assets.

This approach uses multiple layers of security at the network edge, within the network, and on network endpoints.

A

For an example, refer to the figure.

Defense-in-Depth Approach :

https://snipboard.io/aqoHrd.jpg

18
Q

For an example, refer to the figure.

Defense-in-Depth Approach :

https://snipboard.io/aqoHrd.jpg

The figure displays a simple topology of a defense-in-depth approach:

– Edge router

– Firewall

– Internal router

A

Edge router :

The first line of defense is known as an edge router (R1 in the figure).

The edge router has a set of rules specifying which traffic it allows or denies.

It passes all connections that are intended for the internal LAN to the firewall.

19
Q

For an example, refer to the figure.

Defense-in-Depth Approach :

https://snipboard.io/aqoHrd.jpg

The figure displays a simple topology of a defense-in-depth approach:

– Edge router

– Firewall

– Internal router

A

Firewall :

The second line of defense is the firewall. The firewall is a checkpoint device that performs additional filtering and tracks the state of the connections.

It denies the initiation of connections from the outside (untrusted) networks to the inside (trusted) network while enabling internal users to establish two-way connections to the untrusted networks.

It can also perform user authentication (authentication proxy) to grant external remote users access to internal network resources.

20
Q

For an example, refer to the figure.

Defense-in-Depth Approach :

https://snipboard.io/aqoHrd.jpg

The figure displays a simple topology of a defense-in-depth approach:

– Edge router

– Firewall

– Internal router

A

Internal router :

Another line of defense is the internal router (R2 in the figure).

It can apply final filtering rules on the traffic before it is forwarded to its destination.

21
Q

Routers and firewalls are not the only devices that are used in a defense-in-depth approach.

Other security devices include Intrusion Prevention Systems (IPS), Advanced Malware Protection (AMP), web and email content security systems, identity services, network access controls and more.

A

In the layered defense-in-depth security approach, the different layers work together to create a security architecture in which the failure of one safeguard does not affect the effectiveness of the other safeguards.

22
Q

The Security Onion and The Security Artichoke There are two common analogies that are used to describe a defense-in-depth approach.

A

The Security Onion and The Security Artichoke There are two common analogies that are used to describe a defense-in-depth approach.

Security Onion A common analogy used to describe a defense-in-depth approach is called “the security onion.”

As illustrated in figure, a threat actor would have to peel away at a network’s defenses layer by layer in a manner similar to peeling an onion.

Only after penetrating each layer would the threat actor reach the target data or system.

Note: The security onion described on this page is a way of visualizing defense-in-depth. This is not to be confused with the Security Onion suite of network security tools.

https://snipboard.io/1WyFit.jpg

23
Q

Security Artichoke The changing landscape of networking, such as the evolution of borderless networks, has changed this analogy to the “security artichoke”, which benefits the threat actor.

As illustrated in the figure, threat actors no longer have to peel away each layer. They only need to remove certain “artichoke leaves.” The bonus is that each “leaf” of the network may reveal sensitive data that is not well secured.

For example, it’s easier for a threat actor to compromise a mobile device than it is to compromise an internal computer or server that is protected by layers of defense. Each mobile device is a leaf. And leaf after leaf, it all leads the hacker to more data.

The heart of the artichoke is where the most confidential data is found. Each leaf provides a layer of protection while simultaneously providing a path to attack.

A

Security Artichoke Not every leaf needs to be removed in order to get at the heart of the artichoke.

The hacker chips away at the security armor along the perimeter to get to the “heart” of the enterprise.

While internet-facing systems are usually very well protected and boundary protections are typically solid, persistent hackers, aided by a mix of skill and luck, do eventually find a gap in that hard-core exterior through which they can enter and go where they please.

https://snipboard.io/tksgOD.jpg

24
Q

Security Policies, Regulations, and Standards Business Policies Business policies are the guidelines that are developed by an organization to govern its actions.

The policies define standards of correct behavior for the business and its employees.

In networking, policies define the activities that are allowed on the network.

This sets a baseline of acceptable use.

If behavior that violates business policy is detected on the network, it is possible that a security breach has occurred.

A

An organization may have several guiding policies, as listed in the table. :

– Company policies

– Employee policies

– Security policies

25
Q

An organization may have several guiding policies, as listed in the table. :

– Company policies

– Employee policies

– Security policies

A

Company policies :

These policies establish the rules of conduct and the responsibilities of both employees and employers.

Policies protect the rights of workers as well as the business interests of employers.

Depending on the needs of the organization, various policies and procedures establish rules regarding employee conduct, attendance, dress code, privacy and other areas related to the terms and conditions of employment.

26
Q

An organization may have several guiding policies, as listed in the table. :

– Company policies

– Employee policies

– Security policies

A

Employee policies :

These policies are created and maintained by human resources staff to identify employee salary, pay schedule, employee benefits, work schedule, vacations, and more.

They are often provided to new employees to review and sign.

27
Q

An organization may have several guiding policies, as listed in the table. :

– Company policies

– Employee policies

– Security policies

A

Security policies :

These policies identify a set of security objectives for a company, define the rules of behavior for users and administrators, and specify system requirements.

These objectives, rules, and requirements collectively ensure the security of a network and the computer systems in an organization.

Much like a continuity plan, a security policy is a constantly evolving document based on changes in the threat landscape, vulnerabilities, and business and employee requirements.

28
Q

Security Policy A comprehensive security policy has a number of benefits, including the following:

A

Demonstrates an organization’s commitment to security

– Sets the rules for expected behavior

– Ensures consistency in system operations, software and hardware acquisition and use, and maintenance

– Defines the legal consequences of violations

– Gives security staff the backing of management

29
Q

Security policies are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets.

A security policy also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.

A

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

30
Q

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

A

Identification and authentication policy :

Specifies authorized persons that can have access to network resources and identity verification procedures.

31
Q

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

A

Password policies :

Ensures passwords meet minimum requirements and are changed regularly.

32
Q

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

A

Acceptable Use Policy (AUP) :

Identifies network applications and uses that are acceptable to the organization.

It may also identify ramifications if this policy is violated.

33
Q

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

A

Remote access policy :

Identifies how remote users can access a network and what is accessible via remote connectivity.

34
Q

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

A

Network maintenance policy :

Specifies network device operating systems and end user application update procedures.

35
Q

The table lists policies that may be included in a security policy.

– Identification and authentication policy

– Password policies

– Acceptable Use Policy (AUP)

– Remote access policy

– Network maintenance policy

– Incident handling procedures

A

Incident handling procedures :

Describes how security incidents are handled.

36
Q

One of the most common security policy components is an AUP.

This can also be referred to as an appropriate use policy.

This component defines what users are allowed and not allowed to do on the various system components.

This includes the type of traffic that is allowed on the network.

The AUP should be as explicit as possible to avoid misunderstanding.

A

For example, an AUP might list specific websites, newsgroups, or bandwidth intensive applications that are prohibited from being accessed by company computers or from the company network.

Every employee should be required to sign an AUP, and the signed AUPs should be retained for the duration of employment.

37
Q

BYOD Policies Many organizations must now also support Bring Your Own Device (BYOD).

This enables employees to use their own mobile devices to access company systems, software, networks, or information.

BYOD provides several key benefits to enterprises, including increased productivity, reduced IT and operating costs, better mobility for employees, and greater appeal when it comes to hiring and retaining employees.

A

However, these benefits also bring an increased information security risk because BYOD can lead to data breaches and greater liability for the organization.

38
Q

A BYOD security policy should be developed to accomplish the following: Specify the goals of the BYOD program.

Identify which employees can bring their own devices.

Identify which devices will be supported. Identify the level of access employees are granted when using personal devices.

Describe the rights to access and activities permitted to security personnel on the device.

Identify which regulations must be adhered to when using employee devices. Identify safeguards to put in place if a device is compromised.

A

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

39
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Password protected access :

Use unique passwords for each device and account.

40
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Manually control wireless connectivity ::

Turn off Wi-Fi and Bluetooth connectivity when not in use.

Connect only to trusted networks.

41
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Keep updated :

Always keep the device OS and other software updated.

Updated software often contains security patches to mitigate against the latest threats or exploits.

42
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Back up data :

Enable backup of the device in case it is lost or stolen.

43
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Enable “Find my Device” :

Subscribe to a device locator service with remote wipe feature.

44
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Provide antivirus software :

Provide antivirus software for approved BYOD devices.

45
Q

The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.

– Password protected access

– Manually control wireless connectivity

– Keep updated

– Back up data

– Enable “Find my Device”

– Provide antivirus software

– Use Mobile Device Management (MDM) software

A

Use Mobile Device Management (MDM) software :

MDM software enables IT teams to implement security settings and software configurations on all devices that connect to company networks.

46
Q

Regulatory and Standards Compliance

There are also external regulations regarding network security.

Network security professionals must be familiar with the laws and codes of ethics that are binding on Information Systems Security (INFOSEC) professionals.

A

Many organizations are mandated to develop and implement security policies.

Compliance regulations define what organizations are responsible for providing and the liability if they fail to comply.

The compliance regulations that an organization is obligated to follow depend on the type of organization and the data that the organization handles.

Specific compliance regulations will be discussed later in the course.