Sec + 4 Flashcards
(20 cards)
What is wpa3?
Wi-fi protected access
Key protocol for wpa3? What encryption does it use?
Simultaneous authentication of equals (SAE).
Uses password-authenticated key exchange (PAKE) to derive keys from a password.
Uses different Hillman handshake called dragonfly to protect against brute force attacks.
What is 802.1x?
Overarching access control standard for switches and ports. Need a certificate on the endpoints.
How does eap-tls authentication protocol work?
Certificate on endpoint.
How does eap-ttls work?
2 stages.
- Sets up a secure server with certs
- Needs credential authentication from clients
What is eap-fast?
Cisco product. Doesn’t use certs
What is enumeration?
Assigning unique identifiers like asset tags.
What is sanitation?
Removing all data.
What is degaussing?
Strong magnets to erase storage
What is open vulnerabilities and assessment language (OVAL)?
Xml based schema to check security state and queue info related to vulnerabilities.
What is the extensible configuration checklist descriptive format (xccdf)?
Xml schema to create and audit best practices, configs, and rules.
What is static analysis?
Inspecting source code, binaries, and app artifacts without t running the code.
What is dynamic analysis?
Scanning at runtime
What do web app scanners do?
Dynamic and scan real world attacks.
What is tls?
Transport layer security.
Creates a secure and encrypted connection between clients and authentication server.
What is ttls?
Uses eap to create a secure tunnels for authentication.
What is eap?
Extensible authentication framework
Allows the use of multiple verification methods within the same protocol
Primary advantage of CSR and third party CA?
Higher level of trust and industry recognition.
What do managerial controls do?
Establish strategies, goals, and objectives for the overall security program.
What is operation control?
Give an example.
Acceptable use policy. Procedures and responsibilities that are well defined and executed by people.
