Server and Network Security Flashcards

Question

applying NTFS with share permissions

Answer 1

most restrictive permissions apply

Answer 2

- read (r), 4 - write (w), 2 - execute (x), 1 - delete/modify included in write permission

Answer 3

- 3 sets of 3 permission levels applied to - owner of file - group associated with file/directory - everyone else

Answer 4

- chmod 760 /projects - 7 applies to file/directory owner - 4 + 2 + 1 = 7 so owner has full permissions - 6 applies to associated group - 4 + 2 = 6 so group has read/write permissions - 0 applies to everybody else (no permissions) - chmod -R switch recursively applies permissions to a directory

Answer 5

- doesn't store sensitive information - physical security - place on isolated/secure network

Answer 6

- queued jobs could be retrieved by attackers - change default passwords - use HTTPS administrative access over HTTP - print server provides centralized management/security control

Answer 7

- easy to infect with malware - ninja cables - smartphones - tablets - storage media - disable USB ports for storage media - user awareness/education

Answer 8

- network access control - port-based security - edge devices should never perform authentication (forward authentication requests to RADIUS server)

Answer 9

- remote authentication dial-in user service - edge devices (RADIUS clients) forward authentication requests from supplicants - RADIUS server determines authentication/access - install software/configure shared secret to turn server into RADIUS server - use WPA enterprise/WPA2 enterprise for WiFi routers - based on UDP - primarily for centralized authentication

Answer 10

- terminal access controller access-control system - designed to handle frequent authorization requests within a session - enhances security by encryption transmissions - based on TCP - normally used to administer network devices

Answer 11

- creates new broadcast domain - allows isolating networks/subdomains - router/layer 3 switch required to communicate between VLANs

Answer 12

- VLAN attack - fill MAC table limited memory on switches - causes otherwise isolated traffic to be visible on other VLANs - unicast traffic visible to all devices in that VLAN

Answer 13

- VLAN attack - attacker spoofs identity of another switch - creates trunking link - all VLAN traffic can pass through link and become visible to attacker

Answer 14

- disable automatic trunk negotiation - enable strong port security - allow connections from specific/limited number of MAC addresses - apply latest firmware updates

Answer 15

- control inbound/outbound traffic - block everything/create rules to allow necessary traffic - hardware/software based - hardware generally more stable/can handle more traffic

Answer 16

- runs as software on a specific host - Windows firewall - Linux/UNIX iptables/uncomplicated firewall (ufw) command line tools - layer 4 firewalls - some Windows services i.e. AD require multiple ports (work with groups of firewall rules)

Answer 17

- source IP address - destination IP address - source port - destination port - protocol type

Answer 18

configured via GUI/PowerShell

Answer 19

configured via iptables command

Answer 20

- routers/specialized appliances - at least 2 network interfaces - configured with NACLs to control inbound/outbound traffic - placed where traffic that must be examined will flow into/out of the network (perimeter firewalls)

Answer 21

- type of network-based firewall - listen for incoming traffic - forwards to internal device i.e. web server

Answer 22

- deep packet inspection - given with network-based firewalls - tracks TCP sessions instead of treating each packet separately (stateful packet inspection) - goes up to Layer 7 inspection

Answer 23

- security as a service - firewalls in cloud offered by cloud providers - Microsoft Azure uses network security groups (NSGs)

Answer 24

- distributed denial of service - zombies/zombie nets - overwhelm servers with communication requests - packet flooding - standard firewalls not designed to mitigate

Answer 25

- mitigation of DDoS attacks - discard traffic destined for victim machine - still disrupts normal traffic

Answer 26

- isolation - firewalls control traffic from internet into public-facing network - second firewall further controls traffic into/out of internal secured network - make sure internal data is not replicated to public-facing network

Answer 27

- DMZ - external public-facing network - VPN appliances - SMTP mail servers - web servers - FTP servers - normally use a reverse proxy

Answer 28

- public key infrastructure - hierarchy of digital certificates issues to users/devices/services - encrypt/digitally sign sensitive email messages - encrypt files - authenticate to VPN - secure web site over HTTPS

Answer 29

- certificate authority - top of PKI hierarchy - can have subordinate CAs (RAs) - issue PKI certificates - root (top-level) CA should be kept offline (compromise also compromises all certificates with hierarchy)

Answer 30

- manually requested/issued - automatically issued via group policy - X.509 certificate - can be a file/burned into magnetic strip/smartcard

Answer 31

- serial number - subject name (user email/FQDN of web site) - unique mathematically related public/private key pair - certificate use (email/file encryption/code signing) - digital signature of CA/signature algorithm used - date of issuance/expiration date

Answer 32

- must be kept secret - can be stored with certificate - technically stored safely on device in a key store

Answer 33

- secure sockets layer - transport layer security (newer/more secure) - provide encryption/authentication over a network - TLS version 1.3 = latest version - don't use TLS/SSL 1.0/1.1 - require PKI certificate

Answer 34

- modify registry in Windows to disable SSL 3.0/enable TLS | - use OpenSSL in Linux to support TLS

Answer 35

- internet protocol security - built into IPv6 - works with IPv4 - VPNs - doesn't require use of PKI certificates - applies policy settings to computers

Answer 36

- Kerberos - certificates - preshared keys

Answer 37

preshared key (symmetric key)

Answer 38

- normally used between 2 endpoint VPN devices - encrypts the entire original IP packet (not just payload) - adds a new IP header - encapsulates packet

Answer 39

- only encrypts packet payload | - communication protected regardless of protocol being used

Answer 40

- provides encrypted secured connection to private network over an unsecured network - client-to-site - site-to-site - point-to-point tunneling protocol (PPTP) - layer 2 tunneling protocol with IPSec (L2TP/IPSEC) - SSL tunnel

Answer 41

- require client VPN software configured to connect to a VPN appliance in screened subnet (or reachable by reverse proxy) - user authenticates to VPN - encrypted tunnel established

Answer 42

- require VPN appliance at 2 different network sites | - point-to-point encrypted tunnel is established

Answer 43

- L2TP/IPSec appliance requires client software is configured correctly - SSL VPNs use standard HTTPS ports

Answer 44

- host intrusion detection system - detects suspicious activity related to a specific host - looks for abnormalities - can read traffic encrypted over the network (host decrypts)

Answer 45

- network intrusion detection system - standalone appliance - monitors network activity - security information and event management (SIEM) software provides centralized repository for logs/audit events/security device alerts - switches must be configured to copy all packets to port connected to NIDS

Answer 46

- intrusion prevention systems - extend functionality of IDSs - take steps to prevent further damage when malicious activity is detected - HIPS/NIPS

Answer 47

- reduces attack surface - centralized in data centers - OSs images can be hardened for creating new servers - NIST SP 800-123 - HIDS/HIPS - apply firmware updates to network appliances - apply firmware updates to BIOS/UEFI RAID controllers - set UEFI/BIOS boot password to prevent changing boot order - enable CPU no-execute (NX bit) at BIOS level - lock server chassis or rack case - disable wake-on-LAN - apply OS updates - apply app software updates - follow OS/app configuration best practices - enable MFA - keep AV solution updated - configure host-based firewall (block unused ports) - disable unused services/daemons - disable unused accounts - rename/disable default accounts - enable auditing/logging related to IT workload - follow principle of least privilege - enable network encryption for as much traffic as possible - encrypt data at rest - plan for hardware failure

Answer 48

- prevents certain memory pages from running executable code | - stop buffer overflow attacks

Answer 49

- copies of log entries should be forwarded to a different host - Windows Event Log Forwarding - Linux syslog fowarding

Answer 50

- audit user logins - group membership changes - user file system activity

Answer 51

- disable unused ports - ports shouldn't allow numerous MAC addresses - use SSH over Telnet

Answer 52

currently being processed

Answer 53

transmitted over network

Answer 54

stored on media

Answer 55

same key used to encrypt/decrypt

Answer 56

- pair of keys used - 1 encrypts - 1 decrypts - PKI uses related public/private key pairs

Answer 57

- data loss prevention - tools available to prevent sensitive data/IP from leaving organization - labeling data to be handled in accordance with DLP policies

Answer 58

- centralized management - logical partitioning/containerization - tools to prevent sensitive data from being stored on removable media - geofencing (limit where devices can be used)

Answer 59

- several laws require encrypting data at rest - HIPAA - Banking - legal access/subpoena

Answer 60

- Windows OS enterprise editions - encrypts entire disk volumes/removable drives - use group policy to require bitlocker on certain drives - trusted platform module (TPM) can store keys/detect unauthorized system startup modifications

Answer 61

- encrypting file system - ties encrypted files/folders to specific users - GUI control - cipher.exe command line tool - PKI certificate is automatically generated the 1st time user encrypts a file - uses bulk encryption key/file encryption key (FEK) to encrypt blocks of data (stored within file) - public key from PKI certificate encrypts the FEK - private key from PKI reveals FEK which then decrypts blocks of data - user PKI certificate must be backed up to secure location - EFS data recovery agents can be configured to grant administrators ability to decrypt EFS encrypted files - domain admin in AD environment can decrypt any files on any station joined to the domain

Answer 62

- included in some Linux distros | - used for file encryption

Answer 63

- tapes still commonly used for backups | - should be encrypted

Answer 64

- which user account performs backups (root or admin) - scripts are normally used before/after backup (are malicious scripts present) - when encryption occurs (during/after backup) - human element (reliable admins) - reliability (offsite tape storage trustworthy)

Answer 65

- making it as difficult as possible to retrieve data previously stored on a disk - writing useless random data to disk in multiple passes - zeroing out a disk writes a 0 byte to all storage locations on the disk

Answer 66

- sort so that sensitive data disks are destroyed - drill holes into platters of HDDs - degaussing HDDs with high-intensity magnetic field - shredding with industrial shredder

Answer 67

- mobile device management (MDM) enable centralized management - remotely wipe lost/stolen devices - wipe can reset device to factory settings (full wipe) - wipe only corporate apps/data (selective wipe)

Answer 68

- key fobs | - hardware/software tokens

Answer 69

supplicants