Module 9.1 Flashcards
(33 cards)
What does an organization need to do to harden an operating system and keep it secure?
A good administrator will:
- Configure the operating system to protect against outside threats.
- Remove any unnecessary programs and services.
- Ensure that security patches and updates are installed in a timely manner to correct faults and mitigate risks.
An organization should:
- Maintain a systematic approach for addressing system updates.
- Establish procedures for monitoring security-related information.
- Evaluate updates for applicability.
- Plan the installation of application updates and patches.
- Install updates using a documented plan.
- Another critical way to secure an operating system is to identify potential vulnerabilities.
- Establish this to compare how a system is performing against baseline expectations.
A Baseline
This antivirus product can appear while internet browsing and most display an ad or popup that looks like an actual Windows warning. Clicking anywhere inside the window may download and install malware instead.
Watch out for rogue antivirus products
Uses legitimate programs to infect a computer. These viruses are hard to detect and use scripting languages such as Windows PowerShell.
Fileless attacks are difficult to detect and remove
Scripting languages such as Python, Bash (the command-line language for Apple’s macOS and most Linux distributions) or Visual Basic for Applications (or VBA, used in Microsoft macros) can be used to create scripts that are malware.
Scripts can also be malware
Unapproved or non-compliant software may be unintentionally installed on a computer. It can interfere with the organization’s software or network services and should be removed immediately.
Always remove unapproved software
Patch Management
- To stay one step ahead of cybercriminals, keep systems secure and up to date by regularly installing patches.
- Patches are code updates that prevent a new virus, worm, or other malware from making a successful attack.
- Operating systems such as Windows routinely check for updates that can protect a computer from the latest security threats.
- As a cybersecurity professional, it’s good practice to test a patch before deploying it throughout the organization.
- A patch management tool can be used to manage patches locally instead of using the vendor’s online update service.
Patch Management benefits
- Administrators can approve or decline updates.
- Administrators can force the update of systems on a specific date.
- Administrators can obtain reports on the update(s) needed by each system.
- There is no need for each computer to connect to the vendor’s service to download patches; instead, it gets the verified update from a local server.
- Users cannot disable or circumvent updates.
It runs on a device to restrict incoming and outgoing network activity for that device.
Host-based firewall
A software installed on a device or server to monitor suspicious activity and detect malicious requests.
Host-intrusion detection system (HIDS)
A software that monitors a device for known attacks and anomalies (deviations in bandwidth, protocols and ports), or finds red flags by assessing the actual protocols in packets.
Host-intrusion prevention system (HIPS)
Integrated security solution that continuously monitors, collects and analyzes data from an endpoint device and responds to any threats it detects.
Endpoint detection and response (EDR)
provide a centralized way to ensure that sensitive data is not lost, misused or accessed by unauthorized users.
Data loss prevention (DLP)
A network security device that combines a traditional firewall with
other network-device-filtering functions.
Next-generation firewall (NGFW)
The Windows feature allows users to encrypt files, folders, or an
entire hard drive.
Encrypting File System (EFS)
encrypts the entire contents of a drive (including temporary files and
memory).
Full disk encryption (FDE)
A specialized chip on the motherboard that stores information about the host system, such as encryption keys, digital certificates, and passwords.
Trusted Platform Module (TPM)
Ensures that the system can be trusted and has not been altered while the operating system loads.
Boot integrity
Stored on a small memory chip on the motherboard. The BIOS is the first program that runs when you turn on the computer.
Firmware (software instructions about basic computer functions)
A newer version of BIOS, defines a standard interface between the operating system, firmware, and external devices.
Unified Extensible Firmware Interface (UEFI)
A security standard to ensure that a device boots using trusted software.
Secure Boot
Provides stronger validation than Secure Boot
Measured Boot
The hardware platform has enhanced security features such as a special CPU, boot, and a dedicated AES encryption engine.
Security-focused hardware
Apple Data Protection and FileVault data storage encryption are
supported by the hardware-based AES encryption engine.
Encrypted storage
