CompTIA Security+ (SY0-501) Objective 3
Vendor diversity (Defense-in-depth/layered security)
Secure system design relies upon many elements, a key one being defense in depth, or layered security. Defense in depth is a security principal by which multiple, differing security elements are employed to increase the level of security. Having multiple suppliers creates __________, which reduces the risk from any single supplier. Having multiple operating systems, such as both Linux and windows, reduces the total risk should something happen to one of them.
Control diversity, technical (Defense-in-depth/layered security)
Secure system design relies upon many elements, a key one being defense in depth, or layered security. Defense in depth is a security principal by which multiple, differing security elements are employed to increase the level of security. Security controls are the mechanisms by which security functions are achieved. It is important to have control diversity. __________ are those that operates through a technological intervention in the system. Examples include elements such as user authentication (passwords), logical access controls, antivirus/anti-malware software, firewalls, intrusion detection and prevention systems, and so forth.
1.) Provisioning and 2.) Deprovisioning
____1_____ is the process of assigning to users permissions or authorities to access objects. Users can be put into groups, enabling them to be managed as a group rather than individually. ______2______ is the removal of permissions or authorities.
1.) Application whitelisting / 2.) Application blacklisting (Operating systems)
____2_____ is essentially noting which applications should not be allowed to run on the machine. This is basically a permanent ignore or call block capability. ____1______ is the exact opposite: it consists of a list of allowed applications.
Wireless keyboards (peripherals)
_________ operate via a short range wireless signal between it and the computer. The main method of connection is via either a USB Bluetooth connector, in essence creating a small personal area network (PAN), or a 2.4 GHz dongle. These are frequently paired with wireless mice, removing troublesome and annoying cables off the desktop.
Wireless mice (peripherals)
__________ are similar in nature to wireless keyboards. They tend to connect as a human interface device (HID) class of USB. This is part of the USB specification and is used for these and keyboards, simplifying connections, drivers, and interfaces through a common specification.
Digital cameras (peripherals)
__________ are sophisticated computing platforms that can capture images, perform image analysis, connect over networks, and even send files across the globe directly from it into a production system any newsroom, for instance.
Printers/MFDs (peripherals)
__________ have CPUs and a lot of memory. The primary purpose of this is to offload the printing from the device sending the print job to the print queue. Modern these now come standard with a bidirectional channel, so that you can send a print job to it and it can send back information as to job status, its status, and other items. Multifunction devices (MFDs) are like these on steroids. They typically combined printing, scanning, and faxing all into a single device.
Vehicles (Special purpose)
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. A modern __________ has not a single computer in it, but actually hundreds of them, all interconnected on a bus. The controller area network (CAN) bus is designed to allow multiple micro-controllers to communicate with each other without a central host computer. Before the CAN bus was invented, individual micro-controllers were used to control the engine, emissions, transmission, breaking, heating, electrical, and other systems, and the wiring harnesses used to interconnect everything became unwieldy. Robert Bosch developed the CAN bus for cars, specifically to address the wiring harness issue, and when first employee in 1986 at BMW, the weight reduction was over 100 pounds.
Heating, Ventilation, and Air-Conditioning - HVAC
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. Building-automation systems, climate control systems, __________ systems, are examples of systems that are managed by embedded systems. Interconnecting the systems and adding in Internet-based central control mechanisms does increase the risk profile from outside attacks. These outside attacks could result in __________ malfunction or failure, rendering a major office building uninhabitable due to heat and safety.
Camera systems
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. Digital __________ have entered the computing world through a couple of different portals. First there is the world of high-end digital cameras that have networking stacks, image processors, and even 4K video feeds. These are used in enterprises such as news organizations, which rely on getting the data live without extra processing delays. What is important to note is that most of these devices, although they are network into other networks, have built-in VPNs that are always on, because the content is considered valuable enough to protect as a feature. The other set is video surveillance cameras, including cameras for household surveillance, baby monitoring, and the like.
Wearable technology (Smart devices/Internet of Things)
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. Smart devices and devices that comprise the Internet of things (IoT) have taken the world's markets by storm. From key fobs that can track the location of things via GPS, to cameras that can provide surveillance, to connected household appliances, TVs, dishwashers, refrigerators, crockpots, washers, and dryers--anything with a microcontroller now seems to be connected to the web so that it can be controlled remotely. Artificial intelligence (AI) has also entered into the mix, enabling even greater functionality, embodied in products such as Amazon echo, Google home, Microsoft Cortana, and Apple Siri. __________ include everything from biometric sensors measuring heart rate, to step counters measuring how far one walks, to Smart watches that combine all these functions and more. As these learn more and more of our personal data, they become a source of interest for hackers. Protecting the data is the security objective for these devices.
Home automation (Smart devices/IoT)
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. Smart devices and devices that comprise the Internet of things (IoT) have taken the world's markets by storm. From key fobs that can track the location of things via GPS, to cameras that can provide surveillance, to connected household appliances, TVs, dishwashers, refrigerators, crockpots, washers, and dryers--anything with a microcontroller now seems to be connected to the web so that it can be controlled remotely. Artificial intelligence (AI) has also entered into the mix, enabling even greater functionality, embodied in products such as Amazon echo, Google home, Microsoft Cortana, and Apple Siri. __________ is one of the driving factors behind the Internet of things movement. From programmable smart thermostats to electrical control devices that replace wall switches to enable voice-operated lights, the home environment is awash with tech.
1.) Supervisory Control and Data Acquisition - SCADA / 2.) Industrial Control System - ICS
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. _____1____, a system designed to control automated systems in cyber-physical environments. _____1_____ systems have their own smart components, each of which is an example of an embedded system. Together they form a ____1______ system, which can control manufacturing plants, traffic lights, refineries, energy networks, water plants, building automation and environmental controls, and a host of other systems. A ____1_____ system is also known by means such as distributed control system (DCS) and _____2_____, the variations depending on the industry and the configuration. Where computers control a physical process directly, a _____1_____- system likely is involved.
Disabling unnecessary ports and services (Operating systems)
On important management issue for running a secure system is to identify the specific needs of a system for its proper operation and to enable all the items necessary for those functions. _____________ prevents their use by unauthorized users and improves system throughput increases security. Systems have ports and connections that need to be disabled if not in use.
Types, Appliance (Operating systems)
Operating systems our complex programs designed to provide a platform for a wide variety of services to run. Some of these services are extensions of the operating system itself, while others are standalone applications that use the operating system as a mechanism to connect to other programs and hardware resources. It is up to the operating system to manage the security aspects of the hardware being utilized. Appliances are stand-alone devices, wired into the network and designed to run an application to perform a specific function on traffic. These systems operate as headless servers, preconfigured with applications that run and perform a wide range of security services on the network traffic that they see. For reasons of economics, portability, and functionality, the vast majority of __________ operating systems are built using a Linux-based operating system.
Types, Mobile OS (Operating systems)
Operating systems our complex programs designed to provide a platform for a wide variety of services to run. Some of these services are extensions of the operating system itself, while others are standalone applications that use the operating system as a mechanism to connect to other programs and hardware resources. It is up to the operating system to manage the security aspects of the hardware being utilized. Mobile devices began as a phone, with limited other abilities. ________ operating systems come in two main types: Apple's iOS and Google's android operating system.
Logical (VLAN) (Segregation/segmentation/isolation)
Modern networks, with their increasingly complex connections, result in systems where navigation can become complex between nodes. Just as a DMZ-based architecture allows for differing levels of trust, the isolation of specific pieces of the network using security rules can provide differing trust environments. There are several terms used to describe the resulting architecture, including network segmentation, segregation, isolation, and enclaves. Enclaves is the most commonly used term to describe sections of a network that are logically isolated by segmentation at the networking protocol. The concept of segregating a network into enclaves can create areas of trust where special protections can be employed and traffic from outside the enclaves is limited or properly screen before admission. A ___________ is a set of devices with similar functionality and similar communication needs, typically co-located and operated off a single switch. This is the lowest level of a network hierarchy and defines the domain for certain protocols at the data link layer for communication. It is a logical implementation of a LAN and allows computers connected to different physical networks to acting communicate as if they were on the same physical network. This has many of the same characteristic attributes of a LAN and behaves much like a physical LAN but is implemented using switches and software. This very powerful technique allows significant network flexibility, scalability, and performance and allows administrators to perform network reconfigurations without having to physically relocate or re-cable systems.
Air gaps (Segregation/segmentation/isolation)
Modern networks, with their increasingly complex connections, result in systems where navigation can become complex between nodes. Just as a DMZ-based architecture allows for differing levels of trust, the isolation of specific pieces of the network using security rules can provide differing trust environments. There are several terms used to describe the resulting architecture, including network segmentation, segregation, isolation, and enclaves. Enclaves is the most commonly used term to describe sections of a network that are logically isolated by segmentation at the networking protocol. The concept of segregating a network into enclaves can create areas of trust where special protections can be employed and traffic from outside the enclaves is limited or properly screen before admission. __________ is the term used to describe when no data path exists to networks that are not connected in any way except via a physical _______ between their. Physically or logically there is no direct path between the. It is a conceptual term that refers to isolating a secure network or computer from all other networks-particularly the Internet-and computers by ensuring that it can't establish external communication, the goal of which is to prevent any possibility of unauthorized access. These are considered by some to be a security measure, but this topology has several weaknesses. First, sooner or later, some form of data transfer is needed between the systems. When this happens, administrators transfer files via a USB connected external media, which effectively breaches the _________.
Virtualization (Segregation/segmentation/isolation)
Modern networks, with their increasingly complex connections, result in systems where navigation can become complex between nodes. Just as a DMZ-based architecture allows for differing levels of trust, the isolation of specific pieces of the network using security rules can provide differing trust environments. There are several terms used to describe the resulting architecture, including network segmentation, segregation, isolation, and enclaves. Enclaves is the most commonly used term to describe sections of a network that are logically isolated by segmentation at the networking protocol. The concept of segregating a network into enclaves can create areas of trust where special protections can be employed and traffic from outside the enclaves is limited or properly screen before admission. __________ offers server isolation logically while still enabling physical hosting. This allows you to run multiple servers on a single piece of hardware, enabling the use of more powerful machines in the enterprise at higher rates of utilization.
Site-to-site (tunneling/VPN)
Tunneling/virtual private networking (VPN) technologies allowed to networks to connect Shirley across an unsecure stretch of network. These technologies such as IPSec, L2TP, SSL/TLS, and SSH. At this level, understand that these technologies enable to sites, such as a remote workers home network and the corporate network, to communicate across unsecure networks, including the Internet, at a much lower risk profile. The two main uses for tunneling/VPN technologies are site-to-site communications and remote access to a network. __________ communication links our network connections that connect two or more networks across an intermediary network layer. In almost all cases, this intermediary network is the Internet or some other public network. To secure the traffic that is going from site to site, encryption in the form of either a VPN or a tunnel can be employed. In essence, this makes all of the packets between the endpoints in the two networks unreadable to nodes between the two sites.
Remote access (tunneling/VPN)
Tunneling/virtual private networking (VPN) technologies allowed to networks to connect Shirley across an unsecure stretch of network. These technologies such as IPSec, L2TP, SSL/TLS, and SSH. At this level, understand that these technologies enable to sites, such as a remote workers home network and the corporate network, to communicate across unsecure networks, including the Internet, at a much lower risk profile. The two main uses for tunneling/VPN technologies are site-to-site communications and remote access to a network. __________ ss when a user requires access to a network and its resources, but is not able to make a physical connection. This access via a tunnel or VPN has the same effect is directly connecting the remote system to the network--it's as if the remote user just plug a network cable directly into her machine. So, if you do not trust the machine to be directly connected to your network, you should not use a VPN or tunnel, for if you do, that is what you are logically doing.
Hardware root of trust (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. A __________ is a concept that if one has a trusted source of specific security functions, this layer can be used to promote security to higher layers of the system. Because these are inherently trusted, they must be secured by design.
Hardware Security Module - HSM (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. A __________ is a device used to manage or store encryption keys it can also assist in cryptographic operations such as encryption, hashing, or the application of digital signatures. They are typically peripheral devices, connected via USB or a network connection. They have temper protection to prevent physical access to these secrets they protect.
Trusted operating system (Operating systems)
A __________ is one that is designed to allow multilevel security in its operation. This is further defined by its ability to meet a series of criteria required by the US government. These are expensive to create and maintain because any change must typically undergo a recertification process. These are most commonly used by government agencies and contractors for sensitive systems that require this level of protection.
WiFi-enabled MicroSD cards (peripherals)
A class of __________ was developed to eliminate the need to move the car from device to device to move the data. Primarily designed for digital cameras, these cards are very useful for creating Wi-Fi devices out of devices that had an SD slot. These devices work by having a tiny computer embedded in the car running the stripped-down version of Linux.
Immutable systems (Secure DevOps)
An __________ is a system that, once deployed, is never modified, patched, or upgraded. If a password update is required, the system is merely replaced with a new system that is patched and updated.
Code signing (secure coding techniques)
Application security begins with code that is secure and free of vulnerabilities. Unfortunately, all code has weaknesses and vulnerabilities, so instantiating the code in a manner that has effective defenses preventing the exploitation of vulnerabilities can maintain a desired level of security. Proper handling of configurations, errors and exceptions, and inputs can assist in the creation of a secure application. Testing of the application throughout the software development lifecycle (SDLC) can be used to determine the actual security risk profile of a system. An important factor in ensuring that software is genuine and has not been altered is a method of testing the software integrity. With software being updated across the web, how can you be sure that the code received is genuine and has not been tampered with? The answer is a process known as __________, which involves applying a digital signature to code, providing a mechanism where the end user can verify the code integrity. In addition to verifying the integrity of the code, digital signatures provide evidence as to the source of the software.
Proper error handling (secure coding techniques)
Application security begins with code that is secure and free of vulnerabilities. Unfortunately, all code has weaknesses and vulnerabilities, so instantiating the code in a manner that has effective defenses preventing the exploitation of vulnerabilities can maintain a desired level of security. Proper handling of configurations, errors and exceptions, and inputs can assist in the creation of a secure application. Testing of the application throughout the software development lifecycle (SDLC) can be used to determine the actual security risk profile of a system. FYSA.... Every application will encounter errors and exceptions, and these need to be handled in a secure manner. One attack methodology includes forcing errors to move an application from normal operation to the exception handling. During exception, it is common practice to record/report the condition, including supporting information such as the data that resulted in the air. This information can be invaluable in diagnosing the cause of the error condition. The challenge is in where this information is captured. The best method is to capture it in a log file, where it can be secured by an ACL. The worst case is when it is echoed to the user. Echoing error condition details to users can provide valuable information to attackers when they cause errors on purpose.
Proper input validation (secure coding techniques)
Application security begins with code that is secure and free of vulnerabilities. Unfortunately, all code has weaknesses and vulnerabilities, so instantiating the code in a manner that has effective defenses preventing the exploitation of vulnerabilities can maintain a desired level of security. Proper handling of configurations, errors and exceptions, and inputs can assist in the creation of a secure application. Testing of the application throughout the software development lifecycle (SDLC) can be used to determine the actual security risk profile of a system. With the move to web-based applications, the errors have shifted from buffer overflows to input-handling issues. Users have the ability to manipulate input, so it is up to the developer to handle the input appropriately to prevent malicious entries from having an effect. _________ is especially well-suited for the following vulnerabilities: buffer overflow, reliance on un-trusted inputs in a security decision, cross-site scripting (XSS), cross-site request forgery (XSRF), path traversal, and incorrect calculation of buffer size. Consider all input to be hostile. This is one of the most important secure coding techniques employed, mitigating a wide array of potential vulnerabilities.
Normalization (secure coding techniques)
Application security begins with code that is secure and free of vulnerabilities. Unfortunately, all code has weaknesses and vulnerabilities, so instantiating the code in a manner that has effective defenses preventing the exploitation of vulnerabilities can maintain a desired level of security. Proper handling of configurations, errors and exceptions, and inputs can assist in the creation of a secure application. Testing of the application throughout the software development lifecycle (SDLC) can be used to determine the actual security risk profile of a system. _________ is an initial step in the input validation process. Specifically, it is the step of creating the canonical form, or simplest form, of a string before processing. Strings can be encoded using Unicode and other encoding methods. This makes byte-by-byte comparisons meaningless when trying to screen user input strings. Checking to see if the string is "rose" can be difficult when: A Rose, is a rose, is a r%6fse (all of these represent the same string, just different forms). The process of __________ converts all of these two rows, where can then be screened as valid input. Different libraries exist to assist developers in performing this part of input validation.
Stored procedures (secure coding techniques)
Application security begins with code that is secure and free of vulnerabilities. Unfortunately, all code has weaknesses and vulnerabilities, so instantiating the code in a manner that has effective defenses preventing the exploitation of vulnerabilities can maintain a desired level of security. Proper handling of configurations, errors and exceptions, and inputs can assist in the creation of a secure application. Testing of the application throughout the software development lifecycle (SDLC) can be used to determine the actual security risk profile of a system. __________ are precompiled methods implemented with in a database engine. They act as a secure coding mechanism because they offer and isolation of user input from the actual SQL statements being executed. What cannot happen is to allow a user to write the actual SQL code that is executed. There are too many things that can go wrong, too much power to allow user to directly wielded, and eliminating SQL injection attacks by fixing input has never worked.
Encryption (secure coding techniques)
Application security begins with code that is secure and free of vulnerabilities. Unfortunately, all code has weaknesses and vulnerabilities, so instantiating the code in a manner that has effective defenses preventing the exploitation of vulnerabilities can maintain a desired level of security. Proper handling of configurations, errors and exceptions, and inputs can assist in the creation of a secure application. Testing of the application throughout the software development lifecycle (SDLC) can be used to determine the actual security risk profile of a system. __________ is one of the elements where secure coding techniques have some unique guidance: "never roll your own crypto." This not only means that you should not write your own cryptographic algorithms, but also means you should not attempt to implement standard algorithms by yourself. Fetid, proven cryptographic libraries exist for all major languages, and the use of these libraries is considered best practice. The guidance has a variety of interrelated rationales, but the simple explanation is that crypto is almost impossible to invent, and very hard to implement correctly. Thus, to have usable, secure _________ in your application, you need to adopt proven algorithms and utilize proven code bases.
1.) Platform/vendor-specific guides, 2.) web server (Benchmarks/secure configuration guides)
Benchmarks and secure configuration guides offer guidance for setting up and operating computer systems to a secure level that is understood and documented. The standard for a benchmark is a consensus-based set of knowledge designed to deliver a reasonable set of security across as wide a base as possible. Setting up secure services is important to enterprises, and some of the best guidance comes from the manufacturer form of ____1_____. these include installation and configuration guidance, and in some cases operational guidance as well. Many different _____2____ are used in enterprises, but the market leaders are Microsoft, Apache, and nginx. By definition, _____2_____ offer a connection between users and webpages, and as such they are prone to attacks setting up any external facing application properly is key to prevent unnecessary risk fortunately for these, several authoritative and proscriptive sources of information are available to help administrators properly secure the application.
Platform/vendor-specific guides, operating system (Benchmarks/secure configuration guides)
Benchmarks and secure configuration guides offer guidance for setting up and operating computer systems to a secure level that is understood and documented. The standard for a benchmark is a consensus-based set of knowledge designed to deliver a reasonable set of security across as wide a base as possible. The __________ is the interface for the applications that we use to perform tasks and the actual physical computer hardware. As such, this is a key component for the secure operation of a system. Comprehensive, pro-scripted configuration guides for all major ones are available from their respective manufacturers, from the Center for Internet security, and from the DoD DISA STIGs program.
General purpose guides (Benchmarks/secure configuration guides)
Benchmarks and secure configuration guides offer guidance for setting up and operating computer systems to a secure level that is understood and documented. The standard for a benchmark is a consensus-based set of knowledge designed to deliver a reasonable set of security across as wide a base as possible. The best __________ is the CIS Controls, a common set of 20 security controls. This project began as a consensus project out of the US Department of Defense and has over nearly 20 years more into the de facto standard for selecting an effective set of security controls.
Platform/vendor-specific guides, application server (Benchmarks/secure configuration guides)
Benchmarks and secure configuration guides offer guidance for setting up and operating computer systems to a secure level that is understood and documented. The standard for a benchmark is a consensus-based set of knowledge designed to deliver a reasonable set of security across as wide a base as possible. __________ are the part of the enterprise that handle specific tasks we associate with IT systems. Whether it is an email server, a database server, a messaging platform, or any other server, these are where the work happens. Proper configuration of these depends to a great degree on the server specifics.
Platform/vendor-specific guides, network infrastructure devices (Benchmarks/secure configuration guides)
Benchmarks and secure configuration guides offer guidance for setting up and operating computer systems to a secure level that is understood and documented. The standard for a benchmark is a consensus-based set of knowledge designed to deliver a reasonable set of security across as wide a base as possible. __________ are the switches, routers, concentrators, firewalls, and other specialty devices that make the network function smoothly. Properly configuring these devices can be challenging but is very important because failures at this level can adversely affect the security of traffic being processed by them. The criticality of these devices makes them targets, for if a firewall fails, in many cases there are no indications until an investigation finds that it failed to do its job. Ensuring these devices are properly configured and maintained is not a job to gloss over, but one that requires professional attention by properly trained personnel, and backed by routine configuration audits to ensure they stay properly configured.
Displays (peripherals)
Computer __________ Are primarily connected two machines via a cable to one of several types of display connectors on a machine. But for conferences and other groups settings, there are a wide array of devices today that can enable the machine to connect to a display via a wireless network.
Security automation (Secure DevOps)
DevOps is a combination of development and operations, and a blending of tasks performed by a company's application development and systems operations teams. It emphasizes communication and collaboration between product management, software development, and operations professionals in order to facilitate continuous development, continuous integration, continuous delivery, and continuous monitoring processes. __________ is the addition of security steps to the DevOps process. Just as you can add security steps to the waterfall model, or any other software development model, you can add them to DevOps as well, promoting a secure DevOps outcome.
Medical devices (Special purpose)
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. __________ are a very diverse group, from small implantable devices, such as pacemakers, some multi-ton MRI machines. In between is a wide range of devices, from those that measure vital signs to those that actually control vital functions. Each of these has several interesting characteristics, and they all have an interesting caveat--they can have a direct affect on humans life. This makes security of these devices also a safety function.
Real-time Operating Systems - RTOS
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. __________ are designed for systems where the processing must occur in real time and data cannot be cute or buffer for any significant length of time. These are not general-purpose machines, but are programmed for a specific purpose. They still have to deal with contention, and they have scheduling algorithms to deal with timing collisions, but in general an _________ processes each input as it is received, or within a specific time slice defined as the response time. Examples of this are from something as common as an antilock braking computer in a car, to as complex as a robotic system used on an assembly line.
System on a Chip - SoC
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. __________ refers to a complete computer system miniaturized on a single integrated circuit, designed to provide the old functionality of a computing platform on a single chip. This includes networking and graphics display. Some of these solutions, memory, while others have the memory separate. These are very common in the mobile computing market with both phones and tablets because of their low power consumption and efficient design. EX: Intel Quad-core and eight-core systems
Printer/Multi Function Devices - MFDs
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. __________, which combine a printer, scanner, and fax, have embedded compute power to act as a print server, manage the actual printing or scanning process, and allow complete network connectivity. Security has become more of an afterthought than a design element with these, as such, these devices have been shown to be hackle and capable of passing malware from the printer to the computer.
Aircraft/Unmanned Aerial Vehicle - UAV (Special purpose)
Embedded systems is the name given to computers that are included as an integral part of a larger system, typically hardwired in. From computer peripherals like printers, to household devices like smart TVs and thermostats, to the car you drive, embedded systems are everywhere. ___________ also have significant computer footprints inside, as most modern ones have what is called a all glass cockpit, meaning the old individual gauges and switches have been replaced with a computer display that includes a touchscreen. This enables greater functionality and is more reliable than the older systems. But as with vehicles, the connecting of all this equipment onto buses that are then eventually connected to outside networks has led to a lot of security questions for the aviation industry. And, as is true of medical devices, patching the operating system for aircraft systems is a difficult process because the industry is heavily regulated, with strict testing requirements. This makes for systems that, over time, will become vulnerable as the base operating system has been thoroughly explored every vulnerability maps and exploited in the aviation systems, and these use cases can port easily to aircraft.
Secure configurations (Operating systems)
FYSA... The process of securing and operating system is called hardening, and it is intended to make the system more resistant to attack, much like armor or steel is hardened to make it less susceptible to breakage or damaged. The manufacturer typically does little to nothing with regard to security. Each operating system has its own approach to security, and while the process of hardening is generally the same, different steps must be taken to secure each operating.
Supply chain (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. Hardware and firmware security is ultimately dependent upon the manufacturer of the root of trust. In today's world of global manufacturing with global outsourcing, attempting to identify all the suppliers in the hardware manufacturers __________, which commonly changes from device to device, and even between lots, is practically futile in most cases.
1.) Electromagnetic Interference - EMI / 2.) Electromagnetic Pulse - EMP (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. ____1______ is and electrical disturbance that affects an electrical circuit. This is due to either induction or radiation emitted from an external source, either of which can induce currents into the small circuits that make up computer systems and cause logic upsets. A ____2_____ is a burst of current in an electronic device as a result of the current Paul's from electromagnetic radiation. This can produce damaging current and voltage surges in today's sensitive electronics. The main sources of this would be industrial equipment on the same circuit, solar flares, a nuclear burst high in the atmosphere.
1.) Secure boot and 2.) Attestation (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. ______1_______ is a mode that, when enabled, only allow signed drivers and operating system voters to be invoked this requires specific set of steps, but when enabled, it blocks malware that attempts to alter the boot process. This enables the _____2______ that the drivers and operating system voters being used have not changed since they were approved for use. _____1______ is supported by Microsoft Windows and all major versions of Linux.
1.) Unified Extensible Firmware Interface - UEFI / 2.) Basic Input/Output System - BIOS (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. ______2_______ Is the firmware that a computer system uses at the connection between the actual hardware in the operating system. This is typically stored on non-volatile flash memory, which allows for updates yet persists when the machine is powered off. The purpose behind ____2_____ is to initialize and test the interfaces to any actual hardware in a system. Once the system is running, the ______2_____ functions to translate low-level access to the CPU, memory, and hardware devices, making a common interface for the operating system to connect you. This facilitates multiple hardware manufacturers in different configurations against a single operating system install. ____1_____ is the current replacement for the above. This offers significant modernization over the decades old system above, including the capability to deal with modern peripherals such as high-capacity storage and high-bandwidth communications. This also has more security design into it, including provisions for secure booting. From a system design aspect, this offers advantages newer hardware support, and from a security point of view, secure boot has some specific advantages. For these reasons, all new systems are ___1_____ based.
Full disk encryption - FDE / Self-encrypting disks - SED (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. _______1______ & ______2________ are methods of implementing cryptographic protection on hard disk drives and other similar storage media with the express purpose of protecting the data even if the disk drive is removed from the machine. Portable machines, such as laptops, have a physical security weakness in that they are relatively easy to steal, after which they can be attacked off-line at an attacker's leisure. The use of modern cryptography, coupled with hardware protection to the keys, makes this vector of attack much more difficult. In essence, both of these methods offer a transparent, seamless manner of encrypting the entire hard disk drive using keys that are only available to someone who can properly log into the machine.
Trusted Platform Module - TPM (Hardware/firmware security)
Hardware, in the form of servers, workstations, and even mobile devices, can represent a weakness or vulnerability in the security system associated with the enterprise. While you can easily replace hardware it is lost or stolen, you can't retrieve the information lost or stolen hardware contains. There are some hardware protection mechanisms that your organization should consider employing to safeguard servers, workstations, and mobile devices from that, such as placing cable locks on mobile devices and using locking cabinets and safes to secure portable media, USB drives, and CDs/DVDs. _____________ is a hardware solution on the motherboard, one that assists with key generation and storage as well as random number generation. When the encryption keys are stored in this, they are not accessible via normal software channels and are physically separated from the hard drive or other encrypted data locations. This makes the __________ a more secure solution then storing the keys on the machines normal storage.
National vs. international (Industry-standard frameworks and reference architectures)
Industry-standard frameworks and reference architectures our conceptual blueprints that define the structure and operation of the IT systems in the enterprise just as in an architecture diagram that provides a blueprint for constructing a building the enterprise architecture provides the blueprints and roadmap for aligning IT and security with the enterprise's business strategy. A framework is more generic than the specifics that are specified by an architecture. An enterprise can use both the framework describing the objectives and methodology desired, while in architecture will specify specific components, technologies, and protocols to achieve those design objectives. FYSA... The United States federal government has its own cloud-based reference architecture for systems that use the cloud. Called the Federal Risk and Authorization Management Program (FedRAMP), this process is a governmentwide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for systems using cloud products and services. One of the more interesting international frameworks has been the harmonization between the United States and European Union with respect to data privacy (U.S.) or data protection (EU) issues. The newest privacy sharing the methodology is called the European Union-United States Privacy Shield Framework and became effective in the summer of 2016.
Regulatory (Industry-standard frameworks and reference architectures)
Industry-standard frameworks and reference architectures our conceptual blueprints that define the structure and operation of the IT systems in the enterprise just as in an architecture diagram that provides a blueprint for constructing a building the enterprise architecture provides the blueprints and roadmap for aligning IT and security with the enterprise's business strategy. A framework is more generic than the specifics that are specified by an architecture. An enterprise can use both the framework describing the objectives and methodology desired, while in architecture will specify specific components, technologies, and protocols to achieve those design objectives. Industries under governmental regulation frequently have an approved set architectures defined by _________ bodies. For example the electric industry as the NERC (North American electric reliability Corporation) Critical Infrastructure Protection (CIP) Standards. This is a set of 14 individual standards that, when taken together, drives in reference framework/architecture for this bulk electric system in North America. Most industries in the United States are regulated in one manner or another. When it comes to cyber security, more and more regulations are beginning to apply, for privacy, to breach notification, to due diligence and due care provisions.
Non-regulatory (Industry-standard frameworks and reference architectures)
Industry-standard frameworks and reference architectures our conceptual blueprints that define the structure and operation of the IT systems in the enterprise just as in an architecture diagram that provides a blueprint for constructing a building the enterprise architecture provides the blueprints and roadmap for aligning IT and security with the enterprise's business strategy. A framework is more generic than the specifics that are specified by an architecture. An enterprise can use both the framework describing the objectives and methodology desired, while in architecture will specify specific components, technologies, and protocols to achieve those design objectives. Some reference architectures are neither industry-specific nor regulatory, but rather are technology focused and considered __________, such as the National Institutue of Standards and Technology (NIST) Cloud Computing Security Reference Architecture and the NIST Framework for Improving Critical Infrastructure Cybersecurity. The latter being a consensus created overarching framework to assist enterprises in their cyber security programs.
Industry-specific frameworks (Industry-standard frameworks and reference architectures)
Industry-standard frameworks and reference architectures our conceptual blueprints that define the structure and operation of the IT systems in the enterprise just as in an architecture diagram that provides a blueprint for constructing a building the enterprise architecture provides the blueprints and roadmap for aligning IT and security with the enterprise's business strategy. A framework is more generic than the specifics that are specified by an architecture. An enterprise can use both the framework describing the objectives and methodology desired, while in architecture will specify specific components, technologies, and protocols to achieve those design objectives. There are several examples of __________. these frameworks have been developed by entities within a particular industry--sometimes to address regulatory needs, other times because of industry specific concerns are risks. EX: HITRUST Common Security Framework (CSF) for use in the medical industry and enterprises that must address HIPAA/HITECH rules and regulations.
Least functionality (Operating systems)
Just as we have a principle of least privilege, we should follow a similar track with _________ on systems. A system should do what it is supposed to do, and only what it is supposed to do. Any additional functionality is added attack surface for an adversary and offers no additional benefits to the enterprise.
Physical (Segregation/segmentation/isolation)
Modern networks, with their increasingly complex connections, result in systems where navigation can become complex between nodes. Just as a DMZ-based architecture allows for differing levels of trust, the isolation of specific pieces of the network using security rules can provide differing trust environments. There are several terms used to describe the resulting architecture, including network segmentation, segregation, isolation, and enclaves. Enclaves is the most commonly used term to describe sections of a network that are logically isolated by segmentation at the networking protocol. The concept of segregating a network into enclaves can create areas of trust where special protections can be employed and traffic from outside the enclaves is limited or properly screen before admission. __________ segregation is where you have separate physical equipment to handle different classes of traffic, including separate switches, separate routers, and separate cables. This is the most secure method of separating traffic, but also the most expensive. Organizations commonly have separate ________ paths in the outermost sections of the network where connections to the Internet are made. This is mostly for redundancy, but it also acts to separate the traffic.
Production (environment)
Most organizations have multiple, separate computing environments designed to provide isolation between the functions of development, test, staging, and production. The primary purpose of having the separate environments is to prevent security incidents arising from untested code ending up in the production environment. The hardware of these environments is segregated and access control lists are used to prevent users from accessing more than one environment at a time. Moving code between environments requires a special accounts that can access both, minimizing issues of cross-contamination. The _________ environment is where the systems work with real data, doing the business that the system is intended to perform. This is an environment where, by design, very few changes occur, and those that do must first be approved and tested via the systems change management process.
Development (environment)
Most organizations have multiple, separate computing environments designed to provide isolation between the functions of development, test, staging, and production. The primary purpose of having the separate environments is to prevent security incidents arising from untested code ending up in the production environment. The hardware of these environments is segregated and access control lists are used to prevent users from accessing more than one environment at a time. Moving code between environments requires a special accounts that can access both, minimizing issues of cross-contamination. The __________ environment is sized, configured, and set up for developers to develop applications and systems. Unlike production hardware, this hardware does not have to be scalable, and it probably does not need to be as responsive forgiven transactions. This platform does need to use the same operating system type and version as used in the production environment, for developing on Windows in the points of Linux is fraught with difficulties that can be avoided by matching environments in terms of operating system type and version. After code is successfully developed, it is moved to a test system.
Test (environment)
Most organizations have multiple, separate computing environments designed to provide isolation between the functions of development, test, staging, and production. The primary purpose of having the separate environments is to prevent security incidents arising from untested code ending up in the production environment. The hardware of these environments is segregated and access control lists are used to prevent users from accessing more than one environment at a time. Moving code between environments requires a special accounts that can access both, minimizing issues of cross-contamination. The __________ environments fairly closely mimics the production environments--same versions of software, down to patch levels, same-sex of permissions, same file structures, and so forth. The purpose of this environment is to test the system fully prior to deploying it into production to ensure that it is bug-free and will not disrupt the production environment. This environment may not scale like production, but from a software/hardware footprint, it will look exactly like production. This is important to ensure that system-specific settings are tested in an environment identical to that in which they will be run.
Staging (environment)
Most organizations have multiple, separate computing environments designed to provide isolation between the functions of development, test, staging, and production. The primary purpose of having the separate environments is to prevent security incidents arising from untested code ending up in the production environment. The hardware of these environments is segregated and access control lists are used to prevent users from accessing more than one environment at a time. Moving code between environments requires a special accounts that can access both, minimizing issues of cross-contamination. The __________ environments is an optional environments, but it is commonly used when an organization has multiple production environments. After passing testing, the system moves here, from where it can be deployed to the different production systems. The primary purpose of this environments is to serve as a sandbox after testing, so this test system can test the next set, while the current set is deployed across the enterprise. One method of deployment is this deployment, where software is deployed to part of the enterprise and then a pause occurs to watch for unseen problems. If not occur, the deployment continues, stage by stage, until all of the production systems are changed. By moving software in this manner, you never lose the old production system until the end of the move, giving you time to monitor and catch any unperceived problems. This also prevents the total loss of production to a failed update.
Types, Network (Operating systems)
Operating systems our complex programs designed to provide a platform for a wide variety of services to run. Some of these services are extensions of the operating system itself, while others are standalone applications that use the operating system as a mechanism to connect to other programs and hardware resources. It is up to the operating system to manage the security aspects of the hardware being utilized. Network components use a ________ operating systems to provide the actual configuration and computation portion of networking. There are many vendors of networking equipment, and each has its own proprietary operating system. Cisco has the largest footprint with its IOS, internetworking operating system, the operating system that runs on all Cisco routers and switches.
Types, Workstation (Operating systems)
Operating systems our complex programs designed to provide a platform for a wide variety of services to run. Some of these services are extensions of the operating system itself, while others are standalone applications that use the operating system as a mechanism to connect to other programs and hardware resources. It is up to the operating system to manage the security aspects of the hardware being utilized. The __________ operating system exists to provide a functional working space, typically a graphical interface, for a user to interact with the system and its various applications. Because of the high level of user interaction on workstations, it is very common to see windows in the role of workstation operating systems.
Types, Kiosk (Operating systems)
Operating systems our complex programs designed to provide a platform for a wide variety of services to run. Some of these services are extensions of the operating system itself, while others are standalone applications that use the operating system as a mechanism to connect to other programs and hardware resources. It is up to the operating system to manage the security aspects of the hardware being utilized. __________ are standalone machines, typically operating a browser instance on top of the Windows operating system. These machines are usually set up to auto log into a browser instance that is locked to a website that allows all of the functionality desired. These are commonly used for interactive customer service applications, such as interactive information sites, menus, and so on. The operating system on this needs to be to be locked down to minimum functionality so that users can't make any configuration changes. It also should have elements such as are login and an easy way to construct the applications.
Types, Server (Operating systems)
Operating systems our complex programs designed to provide a platform for a wide variety of services to run. Some of these services are extensions of the operating system itself, while others are standalone applications that use the operating system as a mechanism to connect to other programs and hardware resources. It is up to the operating system to manage the security aspects of the hardware being utilized. ___________ operating systems bridge the gap between the server hardware and the applications that are being run on the server. Currently, server operating systems include Microsoft Windows Server, many flavors of Linux, and an ever increasing number of virtual machine/hypervisor environments.
Patch management (Operating systems)
Past management involves three types of hierarchy for software updates: FYSA... Hotfix - this term refers to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system attacks. Hot fixes are typically developed in reaction to a discovered problem and are produced and released rather quickly. Patch - this term refers to a more formal, larger software update that can address several or many software problems. Patches often contain enhancements or additional capabilities as well as fixes for known bugs. Patches are usually developed over a longer period of time. Service pack - this refers to a large collection of patches and hot fixes rolled into a single, rather large package. Service packs are designed to bring the system up to the latest known good level all at once, rather than requiring the user or system administrator to download dozens or hundreds of updates separately.
1.) Version control and 2.) Change management
Programs are developed, released, use and the changes are desired, either to change functionality, fix errors, or improve performance. This leads to multiple versions of programs. _____1____ is as simple as tracking which version of a program is being worked on, whether in development, testing, or production. _____1_____ systems tend to use primary numbers to indicate major releases, and numbers after a decimal point to indicate minor changes. Having the availability of multiple versions brings into focus the issue of ___2______, which addresses how an organization manages which versions are currently being used, and how it coordinates changes as they are released by manufacturer. Ultimately, you need a process that ensures that all changes in production are authorized, properly tested, and, in case of failure, rollback. It should also ensure that accurate documentation is produced and kept up-to-date.
Control diversity, administrative (Defense-in-depth/layered security)
Secure system design relies upon many elements, a key one being defense in depth, or layered security. Defense in depth is a security principal by which multiple, differing security elements are employed to increase the level of security. Security controls are the mechanisms by which security functions are achieved. It is important to have control diversity. ___________ controls are those that operate on the management aspects of an organization. They include control such as policies, regulations, and laws. Management activities such as planning and risk assessment are common examples of these. Having multiple independent, overlapping ones can act as a form of layered security.
User training (Defense-in-depth/layered security)
Secure system design relies upon many elements, a key one being defense in depth, or layered security. Defense in depth is a security principal by which multiple, differing security elements are employed to increase the level of security. The best defense in an organization is to implement a strong __________ program that instructs users to recognize safe and unsafe computing behaviors. The best form of this has proven to be user-specific training, training that is related to the tasks that individuals use computers to accomplish. That means you need separate training for executives and management. Users who continually have problems should have to do remedial training.
1.) Waterfall vs. 2.) Agile (Development life-cycle models)
The _____1____ model is a development model based on simple manufacturing design. The worker process begins with the requirements analysis phase and progresses through a series of four more phases, with each phase being completed before progressing to the next phase--without overlap. This is a linear, sequential process, and the model discourages backing up and repeating earlier stages (after all, you can't reverse the flow of a ____1_____). the five steps are requirements, design, implementation, verification, and maintenance. The _____2_____ model is not a single development methodology, but a whole group of related methods. Designed to increase innovation and efficiency of small programming teams, ____2_____ methods rely on quick turns involving small increases in functionality. The use of repetitive, small development cycles can enable different developer behaviors, which in turn can result in more efficient development. There are many different methods in variations, but some of the major forms of this development are Scrum and Extreme Programming (XP).
Network Address Translation - NAT (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. 32 bit address space that's chopped up in subletting isn't enough to handle all the systems in the world. While IPv4 address blocks are assigned to organizations such as companies and universities, there usually aren't enough Internet visible IP addresses to assigned to every system on the planet unique, Internet routable IP address. To compensate for this lack of available IP address space, organizations use _________, which translates private, non-routable, IP addresses into public, routable, IP addresses. There are 3 types of these... Static, Dynamic, and Port Address Translation (PAT)
Honeynets (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. A __________ is a network designed to look like a corporate network, it is made attractive to attackers. It is a collection of honeypots, servers that are designed to act like real network servers but possess only fake data. This looks like the corporate network, but because it is known to be a false copy, all of the traffic is assumed to be illegitimate. This makes it easy to characterize the attacker's traffic and also to understand where attacks are coming from.
Guest (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. A __________ zone is a network segment that is isolated from systems that guests should never have access to. Administrators commonly configure on the same hardware multiple logical wireless networks, including this type of network, providing separate access to separate resources based on login credentials.
Ad hoc (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. An _________ network is one where the systems on the network direct packets to and from their source and target locations without using a central router or switch. Windows supports this networking, although it is best to keep the number of systems relatively small. An example of this network is in the wireless space from Zigbee devices that form these networks to Wi-Fi direct, a wireless ________ is one where the devices talk to each other without an access point or central switch to manage traffic. These networks provide an easy and cheap means of direct clients to client communication. They can be easy to configure and provide a simple way to communicate with nearby devices when running cable is not an option. Disadvantages include the fact that there isn't a single place to visit for traffic stats, security implementations, and so forth. This makes monitoring these networks very difficult.
Intranet (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. An __________ describes a network that has the same functionality as the Internet for users but lies completely inside the trusted area of a network and is under the security control of the system and network administrators. Typically referred to as campus or corporate networks, these are used every day companies around the world. This layer of security offers a significant amount of control and regulation, allowing users to fulfill business functionality while ensuring security. Note: Ensure you understand how cache is used without sending requests to the Internet. If a page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the Internet.
Extranet (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. The __________ is an extension of a selected portion of the company's intranet to external partners. This allows a business to share information with customers, suppliers, partners, and other trusted groups are using a common set of Internet protocols to facilitate operations. These can use public networks to extend their reach beyond the company's own internal network, and some form of security, typically VPN, is used to secure this channel. The use of this term implies both privacy and security. Privacy is required for many communications, security is needed to prevent unauthorized use an offense from occurring. This is a semi private network that uses common network technologies to share information and provide resources to business partners. It can be accessed by more than one company, because they share information between organizations.
Demilitarized Zone - DMZ (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. The zone that is between the un-trusted Internet and the trusted internal network is called the _________, after its military counterpart, when neither side has any specific controls. On a computer network is used in the same way; it acts as a buffer zone between the Internet, where no controls exist, and the inner secure network, where organization has security policies in place. The area between these firewalls is accessible from either the inner, secure network or the Internet. Pay special attention to the security settings of network devices based here, and consider them to be compromised by unauthorized use at all times.
Wireless (Zones/topologies)
The first aspect of security is a layered defense. Just as a castle has a moat, an outside wall, and inside wall, and even a cheap, so too, does a modern secure network have different layers of protection. Different zones/topologies are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection. __________ is the transmission of packetized data by means of a physical topology that does not use direct physical links. This definition can be narrowed to apply to networks that use radio waves to carry the signals over either public or private bands, started using standard network cabling.
VPN concentrators (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. A ____________ takes multiple individual VPN connections and terminates them into a single network points. This single endpoint is what should define where this is located in the network. It is typically outward facing, exposed to the Internet. The internal side of the device should terminate in a network segment where you would allow all of the VPN users to connect their machines directly.
Aggregation switches (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. An _________ is a switch that provides connectivity for several other switches. Think of it as a one-to-many type of service. It's the one switch that many other switches connect to. It is placed upstream from the multitude of devices and takes the place of a router or a much larger switch.
SSL accelerators (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. An ____________ is used to provide SSL/TLS encryption/decryption at scale, removing the load from Web servers. Because of this, it needs to be placed between the appropriate Web servers and the clients they serve, typically Internet facing.
1.) Taps and 2.) port mirror (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. Most enterprise switches have the ability to copy the activity of one or more ports through a Switch Port Analyzer (SPAN) port, also known as a ___2____. this traffic can then be sent to a device for analysis. These can have issues when traffic levels get heavy as the aggregate SPAN traffic can exceed the throughput of the device. For example, a 16 port switch, with each port running at 100 Mbps, to have traffic levels of 1.6 GB if all circuits are maxed, which gives you a good idea of why this technology can have issues in high-traffic environments. A _____1_____ is a passive signal mechanism installed between two points on the network. This can copy all packets it receives, rebuilding a copy of all messages. These provide the one distinct advantage of not being overwhelmed by traffic levels at least not in the process of data collection. The primary disadvantage is that this is a separate piece of hardware and adds to network costs.
Filters (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. Packet _______ process packets at a network interface based on source and destination addresses, ports, or protocols, and either allow passage or block them based on a set of rules. Packet filtering is often part of a firewall program for protecting the local network from unwanted traffic.The _______ are local to the traffic being passed, so they must be placed in line with the system's connection to the network and Internet or else they will not be able to see traffic to act upon it.
Proxies (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. _______ are servers that act as a go-between between clients and other systems; in essence, they are designed to act on the client's behalf. As networks become segregated, the placement of these must be such that it is in the natural flow of the router traffic for it to intervene on the client's behalf.
Collectors (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. _________ are sensors, or concentrators that combine multiple sensors that collect data for processing by other systems. These are subject to the same placement rules and limitations as sensors.
Sensors (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. __________ are devices that capture data and act upon it. There are multiple kinds of these in various placement scenarios. Each type of one is different, and no single type of one consents everything these can be divided into two types based on where they are placed: network or host. Network-based ________ can provide coverage across multiple machines, but are limited by traffic engineering to systems that packets pass the sensor. They may have issues with encrypted traffic, for if the packet is encrypted and they cannot read it, they're unable to act upon it. Host-based __________ provide more specific and accurate information in relation to what the host machine is seeing in doing, but are limited to just that host. A good example of the differences in placement and capabilities is seen in the host-based intrusion detection and network-based intrusion detection systems.
Firewalls (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. __________ at their base level are policy enforcement engines that determine whether traffic can pass or not based on a set of rules. Regardless the type, the placement is easy: they must be in line with the traffic they are regulating. These are commonly placed between network segments, enabling them to examine traffic that enters or leaves a statement. This gives them the ability to isolate a segment while avoiding the cost or overhead of doing this segregation on each and every system.
Load balancers (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. __________ take incoming traffic from one network location and distributed across multiple network operations. These must reside in the traffic path between the requesters of a service and the servers that are providing the service. The role of these is to manage the workloads on multiple systems by distributing the traffic to and from them. To do this, it must be located within the traffic pathway. For reasons of efficiency, these are typically located close to the systems that they are managing the traffic for.
Correlation engines (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. __________ take sets of data and match the patterns against known patterns they are a crucial part of a wide range of tools such as anti-virus or intrusion detection devices, to provide a means of matching a collected pattern of data against a set of patterns associated with known issues.
DDoS mitigator (Security device/technology placement)
The placement of each security device is related to the purpose of the device and the environment that requires. Technology placement has similar restrictions; these devices must be in the flow of the network traffic that they use to function. ____________ by nature must exist outside the area that they are protecting their acts as an umbrella, shielding away the unwanted DDoS packets. These must reside in the network path of the traffic is shielding the inner part of the networks from. Because the purpose of this is to stop unwanted DDoS traffic, it should be positioned at the very edge of the network, before other devices.
Secure baseline
The process of establishing software's-based security state is called baselining, and the resulting product is a __________ that allows the software to run safely and securely. Software and hardware can be tied intimately when it comes to security, so you must consider them together. Once you have completed the baselining process for a particular hardware and software combination, you can configure any similar systems with the same baseline to achieve the same level and death of security and protection. Uniform software baselines are critical in large-scale operations, because maintaining separate configurations and. Levels for hundreds or thousands of systems is far too costly.
External storage devices (peripherals)
The rise of network attached storage (NAS) devices moved quickly from the enterprise into form factors that are found in homes. As users have developed large collections of digital videos and music, these __________, running on the home network, so the storage problem. These devices are typically fairly simple Linux-based appliances, with multiple hard drives any RAID arrangement.
Software Defined Networking - SDN
__________ is a relatively new method of managing the network control layer separate from the data layer, and under the control of computer software. This enables network engineers to reconfigure the network by making changes via a software program, without the need for re-cabling. This also allows for network function deployment via software, see you could program a firewall between two segments by telling the _______ controllers to make the change. They then feed the appropriate information into switches and routers to have the traffic pattern switch, adding the firewall into the system. _______ is relatively new and just beginning to make inroads into local networks, but the power it presents to network engineers is compelling, enabling them to reconfigure networks at the speed of a program in executing change files.
Continuous integration (Secure DevOps)
__________ is the DevOps manner of continually updating and improving the production code base. By using high levels of automation, and safety nets of automated backup routines, __________ allows the DevOps team to test an update even a very minor changes without a lot of overhead. This can make DevOps more secure reducing interaction errors and other errors that are difficult to detect and time-consuming to track down.
Integrity measurement
__________ is the measuring and identification of changes to a specific system away from an expected value. From the simple changing of data as measured by a hash value to the TPM-based integrity measurement of the system boot process and attestation of trust, the concept is the same. Take a known value, perform a storage of a hash or other key value, and then, at time of concern, recalculates and compare.
Baselining (Secure DevOps)
__________ is the process of determining a standard set of functionality and performance. This is a metrics-driven process, where later changes can be compared to this to gauge their impact on performance and other variables. If a change improves the elements in this in a positive fashion, then a new one can be established. If the new values are of lesser quality, that a decision can be made as to accept the changes or change the __________.
Infrastructure as code (Secure DevOps)
__________ is the use of code to build systems, rather than manually configuring them via normal configuration mechanisms. It is a way of using automation to build out systems, reproducible, efficient and is a key attribute of enabling best practices in DevOps. The objective is to avoid having developers write applications and tossed them overall the implementers, the ops team, and expect them to make the applications work in the environment. As systems have become larger, more complex, and interrelated, interconnecting developer input and production input has created an environment of ________, a version of infrastructure as a service.
Sandboxing
__________ refers to the quarantine or isolation of a system from its surroundings it has become standard practice for some programs with an increased risk surface to operate with in one, limiting the interaction with the CPU and other processes, such as memory. This works as a means of quarantine, preventing problems from getting out of this and onto the operating system and other applications on a system.
Disable default accounts/passwords (Operating systems)
__________ should be such a common mantra for people that no systems exist with this vulnerability. This is a simple task, and one that you must do for any new system. If you cannot disable this--and there will be times when this is not a viable option--the other alternative is to change the password to a very long password that offers strong resistance to brute force attacks.