Security+ 3 Flashcards
Service pack: A tested, cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product. Service packs might also contain a limited number of customer-requested design changes or features.
Critical update: A broadly released fix for a specific problem addressing a critical, non-security–related bug.
Security update: A broadly released fix for a product-specific security-related vulnerability. Security vulnerabilities are rated based on their severity, which is indicated in the Microsoft Security Bulletin as critical, important, moderate, or low.
Updates Etc …
Unfortunately, sometimes patches are designed poorly, and although they might fix one problem, they could possibly create another, which is a form of software regression. Because you never know exactly what a patch to a system might do, or how it might react or interact with other systems, it is wise to incorporate patch management.
Patch Management : Planning = plan should consist of way to test the patch in clean network on clean system, how and when patch will be implemented, and how patch be checked after its installed. Testing = test purposes only and should not be used by regular users on single system or small group of systems first. Implementing = if test successful then patch should be deployed to all necessary systems and can be deployed automatically. Auditing = systems should be audited once implementation is complete check patch is working properly and check any changes or failures due to the patch.
Patch Info …
A Group Policy is used in Microsoft and other computing environments to govern user and computer accounts through a set of rules.
Remove temporary files: Temporary files and older files can clog up a hard disk, cause a decrease in performance, and pose a security threat. It is recommended that Disk Cleanup or a similar program be used. Policies can be configured (or written) to run Disk Cleanup every day or at logoff for all the computers on the network.
System virtual machine: A complete platform meant to take the place of an entire computer, enabling you to run an entire OS virtually.
Process virtual machine: Designed to run a single application, such as a virtual web browser.
Info …
A virtual appliance is a virtual machine image designed to run on virtualization platforms; it can refer to an entire OS image or an individual application image.
If network sharing is active between host machine and virtual machine then malware could spread between systems. If network sharing is needed, map it, use it, then disconnect when you are done. Be aware of bridged connections as opposed to NAT which bridged connects directly w/other physical systems on the network which can allow for malware and attacks to traverse the “bridge”.
if a user (or malware) breaks out of a virtual machine and is able to interact with the host operating system, it is known as virtual machine escape. Vulnerabilities to virtual hosting software include buffer overflows, remote code execution, and directory traversals.
VM’s info …
if a virtual host is attached to a network attached storage (NAS) device or to a storage area network (SAN), it is recommended to segment the storage devices off the LAN either physically or with a secure VLAN. Regardless of where the virtual host is located, secure it with a strong firewall and disallow unprotected file transfer protocols such as FTP and Telnet.
Consider disabling any unnecessary hardware from within the virtual machine such as optical drives, USB ports, and so on. If some type of removable media is necessary, enable the device, make use of it, and then disable it immediately after finishing. Also, devices can be disabled from the virtual machine software itself. The boot priority in the virtual BIOS should also be configured so that the hard drive is booted from first, and not any removable media or network connection (unless necessary in your environment).
VM’s Info #2 …
VM sprawl is when there are too many VMs for an administrator to manage properly. To help reduce the problem, a security administrator might create an organized library of virtual machine images. The admin might also use a virtual machine lifecycle management (VMLM) tool. This can help to enforce how VMs are created, used, deployed, and archive.
be sure to protect the raw virtual disk file. A disaster on the raw virtual disk can be tantamount to physical disk disaster. Look into setting permissions as to who can access the folder where the VM files are stored. If your virtual machine software supports logging and/or auditing, consider implementing it so that you can see exactly who started and stopped the virtual machine, and when. Otherwise, you can audit the folder where the VM files are located. Finally, consider making a copy of the virtual machine or virtual disk file—also known as a snapshot or checkpoint—encrypting the VM disk file, and digitally signing the VM and validating that signature prior to usage.
VM Sprawl Etc …
General Browser Security Procedures : Implement Policies = The policy could be hand-written, configured at the browser, implemented within the computer operating system, or better yet, configured on a server centrally. Policies can be configured to manage add-ons, and disallow access to websites known to be malicious, have Flash content, or use a lot of bandwidth. Train Your Users = explain to users the value of pressing Alt+F4 to close pop-up windows instead of clicking No or an X. Click on https padlock to get more info if website is secure or not. The more a browser is secured the less functional it becomes.
Browser Security info #1 …
Basic Browser Security : 1st update browser, next install pop-up blocking/ad-blocking solutions. Next consider security zones if browser supports them and set security levels for Internet and Intranet zones and specify trusted and restricted sites etc …
Another concept similar to cookies is locally shared objects (LSOs), also called Flash cookies. These are data that Adobe Flash-based websites store on users’ computers, especially for Flash games. The privacy concern is that LSOs are used by a variety of websites to collect information about users’ browsing habits.
ActiveX controls are small program building blocks used to allow a web browser to execute a program. They are similar to Java applets; however, Java applets can run on any platform, whereas ActiveX can run only on Internet Explorer (and Windows operating systems). You can see how a downloadable, executable ActiveX control or Java applet from a suspect website could possibly contain viruses, spyware, or worse. These are known as malicious add-ons—Flash scripts especially can be a security threat.
Temporary browser files can contain lots of personally identifiable information (PII). You should consider automatically flushing the temp files from a system every day.
Browser Security info #2 …
User Account Control (UAC) on qualifying Windows operating systems. UAC is a security component of Windows Vista and newer, and Windows Server 2008 and newer. It keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if the person is a member of the administrators group. It is meant to prevent unauthorized access and avoid user error in the form of accidental changes. A user attempting to execute commands in the Command Prompt and PowerShell will be blocked and will be asked for credentials before continuing. This applies to other applications within Windows as well.
UAC info …
Software Developmemt Cycle (Waterfall Model) : Planning and Analysis = Goals are determined, needs are accessed, and high-level planning is accomplished. Software/systems design = design of system or app is defined and diagrammed in detail. Implementation = the code for the project is written. Testing = system or application is checked thoroughly in testing environ. Integration = if multiple systems are involved the app should be tested in conjunction w/those systems. Deployment = system or app is put into production and now available to end users. Maintenance = software is monitored and updated throughout the rest of its life cycle, if there are many versions and configurations version control is implemented to keep everything organized.
software development life cycle (SDLC)—an organized process of planning, developing, testing, deploying, and maintaining systems and applications, and the various methodologies used to do so.
SDLC Etc …
