Security Plus part 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

Offline Password Attack

Attempts to discover passwords from a captured database or capture packet scan

Principles of Social Engineering

Authority - Citing position, responsibility, or affiliation that grants the attacker the authority to make the request Intimidation - Suggesting you make face negative outcomes if you do not facilitate access or initiate a process Consensus - Claiming that someone in a similar position or peer has carried out the same task in the past Scarcity (quantity) - Limited opportunity, diminishing availability that requires we get this done in a certain amount of time, similar to urgency Familiarity (liking) - Attempting to establish a personal connection, often citing mutual acquaintances, social proof Trust - Citing knowledge and experience, assisting the target with an issue, to establish a relationship Urgency - Time sensitivity that demands immediate action, similar to scarcity

SSH (Secure Shell Protocol)

Can use symmetric or asymmetric encryption, but those ciphers are not associated with TLS.

Command and Control Malware

Computer controlled by an attacker or cybercriminal which is user to send commands to systems compromised by malware and receives stolen data form a target network

Key frameworks: National Institute of Standards and Technology (NIST)

Cyber Security Framework (CSF): NIST RMF/CSF a set of guidelines and best practices to help organizations build and improve their cyber security posture. -CSF is aimed at private industries (commercial businesses) -Replaces NIST's Risk Management Framework (RMF) and was designed to focus on risk management for governmental agencies.

General Data Protection Regulation (GDPR)

Deals with the handling of data while maintaining privacy and rights of an individual. Created by EU, which has 27 different countries as members GDPR applies to ANY company with customers in the EU

Key frameworks: International Organization for Standardization (ISO)

Develops global technical, industrial and commercial standards ISO Standards: ISO 27001 , ISO 27002, ISO 27701 (Ext of 27001/27002), ISO 31000

Detective Controls

Discover or detect unwanted or authorized activity Examples: Security guards, guard dogs, motion detectors, job rotation, mandatory vacations, audit trails, intrusion detection systems, etc.

SNMPv2 (Simple Network Management Protocol version 2)

Does not implement TLS, or any encryption, within the network communication.

Competitor threat actor

Doesn't have any direct financial gain by disrupting a website or stealing customer lists, and often their objective is to disable a competitor's business or to harm their reputation.

Continuity of Operations Plan (COOP)

Ensures that the business will continue to operate when these issues occur

Espionage & Sabotage

Espionage (External) - When a competitor tries to steal information, and they may use an internal employee. Sabotage (Internal) - Malicious insiders can perform sabotage against an org if they become disgruntled for some reason.

Gramm-Leach-Bliley Act (GLBA)

Focused on Privacy and Services of banks, lenders, and insurances

Typosquatting/URL hijacking

Form of cybersquatting (sitting on sites under someone else's brand or copyright) targeting users who type an incorrect website address - Often employ a drive-by download that can infect a device even if the user does on click anything

Memorandum of Understanding (MOU)

Formal agreement between two or more parties indicating their intention to work together towards a common goal. Similar to SLA, defines the responsibilities of each party Lacks the binding power of a contract

Passive Footprinting

Gathering information about a target without direct interaction collecting information from publicly accessible sources measures to collect information from publicly available sources: Websites, DNS records, business information databases

Benchmarks/secure configuration guides

Guidelines to help setup and operate computer systems to a secure level that is understood and documented. Benchmarks aim to ease process of securing a component, reduce attack footprint, and minimize risk for security breach -unneeded services are disabled, and the operating system is hardened to minimize risk of security breach

Protected Health Information (PHI)

Health-related information that can be related to specific person.

ISO 27002 Standard

It establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.

Control Categories

Managerial - Policies and procedures defined by org's security policy, other regulations and requirements Operational - Executed by company personnel during their day to day. Examples: Security awareness training, change management, Business continuity plan (BCP) Technical - aka "logical", hardware or software mechanisms implemented by IT team to reduce risk. Examples: firewall rules, antivirus/malware, IDS/IPS, etc.

SoC (System on a Chip)

Multiple components that run on a single chip

Key frameworks: Center for Internet Security (CIS)

Not for profit organization that publishes information on cybersecurity best practices and threats. Has tools to help harden your environment and provide risk management. Provides benchmarks for different operating systems and provides controls to help secure your organization.

SSAE SOC Type 2

Often written as "Type II" Assesses how effective those controls are over time by observing operations for six months

Compensating Controls

Options to other existing controls to aid in enforcement of security policies. Examples: Security policy, personnel supervision, monitoring, and work task procedures.

Reconnaissance Techniques

Passive Discovery - Do not send packets to the target, like google hacking, phone calls, DNS and WHOIS lookups Semi-Passive Discovery - Touches the target with packets in a non-aggressive fashion to avoid alarms of the target Active Discovery - Aggressive techniques likely to be noticed by the target, including port scanning, and tools like Nmap and Metaspoit

Key frameworks: Cloud Security Alliance (CSA)

Produces resources to help Cloud Service Providers (CSPs), like online training, webinars, discussion groups, and virtual summits. -Cloud Control Matrix (CCM) -CSA Reference Architecture

Electronic Communications Privacy Act (ECPA)

Prohibits a third party from intercepting or disclosing communications without authorization

Measurement System Analysis (MSA)

Provides a way for an organization to evaluate the quality of the process used in their measurement systems. MSA is an important element of Six Sigma methodology and of other quality management systems.

ISO 31000

Provides principles, a framework and a process for managing risk for organizations of any size in any sector. - Meaning commercial or government

ISO 27701 (Extension of 27001/27002)

Provides specific requirements and guidance for establishing, implementing, maintaining, and continually improving an information system with private data.

SSAE SOC Type 1

Reports that assesses the design of security processes at a specific point in time.

Corrective Controls

Return systems to normal after unwanted or unauthorized activity has occurred. Examples: Intrusion prevention systems, antivirus solutions, alarms, mantraps, business continuity planning and security policies.

Key frameworks: Statements on Standards for Attestation Engagements (SSAE)

SSAE 18 is an audit standard to enhance the quality and usefulness of System and Organization Control (SOC) reports. -SOC Types 1 and 2 -Designed for larger organizations, such as cloud providers

PCI DSS (Payment Card Industry Data Security Standard)

Set of policies and procedures intended to optimize the security of credit, debit and cash card transactions -Card info must be protected wherever it is stored -System should be protected against the activities of malicious hackers -A formal information security policy must be defined, maintained, and followed

Anonymization Techniques

The process of removing all relevant data so that it is impossible to identify original subject or person. Good if you don't need the data

Pseudonymization

The process of using pseudonyms to represent other data. It can be done to prevent the data from directly identifying an entity, such as a person. Good if you need data and want to reduce exposure

Children's Online Privacy Protection Act (COPPA)

Was designed to protect children under the age 13

IoT (Internet of Things)

Wearable technology and home automation devices

Role-based training

When a company carries out security awareness training and ensures that all employees are sufficiently trained for their job roles.

CSA Reference Architecture

contains best security practices for CSPs and examples, examines topics, such as: -Security and risks -Presentation services -Application services -Information services -IT Operation and Support (ITOS) -Business Operation and Support Services (BOSS)

RTO (Recovery Time Objectives)

define a set of objectives needed to restore a particular service level

Service Level Agreement (SLA)

formal contract between customers and their service providers that defines the specific responsibilities of the service provider and the level of service expected by the customer. Often includes penalties if the vendor doesn't meet expectations. Example: Maximum downtimes Generally used with vendors (external)

Transport Layer Security (TLS)

is a cryptographic protocol used to encrypt network communication. we don't commonly see SSL (Secure Sockets Layer) in use any longer, you may see TLS communication referenced as SSL.

Communication plan

is a predefined list of contacts and processes used to inform key members of the organization

EAP-FAST (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling)

is an updated version of LEAP (Lightweight EAP) that was commonly used after WEP (Wired Equivalent Privacy) was replaced with WPA (Wi-Fi Protected Access

Sensitive Data

is any information that isn't public or unclassified. -Personally Identifiable information(PII) -Protected Health Information (PHI)

Organized crime actor

is motivated by money, and their hacking objectives are usually based around objectives that can be easily exchanged for financial capital

MTTR (Mean Time to Restore)

is the amount of time it takes to repair a component.

MTTF (Mean Time to Failure)

is the expected lifetime of a nonrepairable product or system.

MTBF (Mean Time Between Failures)

prediction of how often a repairable system will fail

PEAP (Protected Extensible Authentication Protocol)

provides a method of authentication over a protected TLS (Transport Layer Security) tunnel EAP-MSCHAPv2 (EAP - Microsoft Challenge Handshake Authentication Protocol v2) is a common implementation of PEAP

Public Key Infrastructure (PKI)

the system for issuing pairs of public and private keys and corresponding digital certificates

Tabletop exercise

usually consists of a meeting where members of a recovery team or disaster recovery talk through a disaster scenario

Federation

would allow members of one organization to authenticate using the credentials of another organization.

Non-Disclosure Agreement (NDA)

A legal contract with vendors and suppliers not to disclose the company's confidential information. Example: Employer-employee NDA: Restricts employees from revealing trade secrets and business information. Company-contractor NDA: Restricts hired contractors from taking business information and sharing it with competitors or using it for themselves.

potentially unwanted program (PUP) Malware

A program that may be unwanted app, often delivered alongside a program the user wants. PUPs include spyware, adware, and dialers

Personally Identifiable information(PII)

Any data that could potentially identify a specific individual (name, SSN, birthdate/place, biometric records, etc.)

Pretexting

Attacker develops a story, or pretext, in order to fool the victim. Pretext often leans on establishing authority.

Online Password Attack

Attempts to discover a password from an online system. For example, an attacker trying to log on to an account by trying to guess a user's password. - Most web and WIFI attacks are online attacks

Deterrent Controls

Deployed to discourage violation of security policies Examples: Cable Locks. Hardware Locks. Video surveillance & guards

SOAR (Security Orchestration, Automation, and Response)

Designed to make security teams more effective by automating processes and integrating third-party security tools

(CSA): Cloud Control Matrix (CCM)

Designed to provide a guide on security principles for cloud vendors and potential cloud customers to assess the overall risk of a cloud provider. -For exam remember CSA CCM helps potential customers measure the overall risk of a CSP

Collusion

Is an agreement among multiple persons to perform some unauthorized or illegal actions Example: Several airlines agree not to offer routes in each other's markets, thereby restricting supply and keeping prices high.

End of Life (EOL)

Point at which vendors stops selling a product and may limit replacement parts and support.

Security Controls

Preventive - physically limits access to a device or area Corrective - can actively work to mitigate any damage Detective - may not prevent access, but it can identify and record any intrusion attempts Compensating - doesn't prevent an attack, but it does restore from an attack using other means Physical - is real-world security, such as a fence or door lock

Health Insurance Portability and Accountability Act (HIPAA)

Relates to Personal Health Information(PHI)

Federal Information Security Management Act (FISMA)

Requires that government agencies include the activities of contractors in their security management programs

Memorandum of Agreement (MOA)

Similar to a MOU but is legally binding and describes terms and details of the agreement.

Reducing GDPR Exposure

Steps to reduce or eliminate GDPR requirements Anonymization, Pseudonymization

Preventative Controls

Stop unwanted or unauthorized activity from occurring Examples: Fences, locks, biometrics, mantraps, alarm systems, etc.

CASB (Cloud Access Security Broker)

Two common functions of a CASB are visibility into application use and data security policy use. Other common CASB functions are the verification of compliance with formal standards and the monitoring and identification of threats

Business Partnership Agreement (BPA)

Two companies who want to participate in a business venture to make a profit. Details on how much each partner's contributions, rights and responsibilities, as well as the details of operations, decision-making, and sharing of profits.

Gamification

Used in computer-based training (CBT) to provide employees with a question/challenge. -May promote competition by awarding points and a leader board

VPN concentrators

Used to connect many remote networks and clients to a central corporate network. Commonly used to provide security connectivity for remote users

Dictionary Attack - Password attack

Uses programs with built-in dictionaries The attempt all dictionary words to try to find the correct password. Remediate: MFA, Biometric authentication, limit numbers of attempts, force resets after certain number of failed attempts

Health information technology for economic and clinical health (HITECH)

Widens the scope of privacy protections under HIPAA

Physical Controls

a control you can physically touch. Examples: Guards, fences, motion detectors, locked doors, sealed windows, lights, cable protectors, laptop locks, etc.

EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security)

allows the use of multiple authentication protocols transported inside of an encrypted TLS (Transport Layer Security) tunnel. This allows the use of any authentication while maintaining confidentiality with TLS

RTOS (Real-time Operating Systems)

commonly used in manufacturing and automobiles

End of Service Life (EOSL)

- Manufacturer stops selling a product - Support is no longer available for the product - No ongoing security patches or updates - May have a premium-cost support option

Keyloggers Malware

A type of spyware where a hacker captures keyboard keystrokes, including the keystrokes used to sign in to accounts.

Multifunctional Device (MFD)

An all-in-one printer that can print, scan, and fax

ISO 27001

An international standard that details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS)

Social Media Analysis

Analysis of a potential employee's social media during the hiring process to understand more about an individual based on their internet presence. -helps identify cultural alignment, character concerns


Conjuntos de estudio relacionados

CHAPTER 15: PSYCHOLOGICAL DISORDERS

View Set

7.14.T - Lesson: Russia & Central Asia: Physical Geography, Part 2 Review

View Set

3.3 Exploration 3 (Energy and Matter Distribution in Ecosystems)

View Set

Chemistry- AQA GCSE- Covalent bonding

View Set

Unit 1 and Unit 2 Cisco Networking

View Set