1
Q
Security Content Automation Protocol (SCAP)
A
- Many different security tools on the market
–NGFWs, IPS, vulnerability scanners, etc.
–They all have their own way of evaluating a threat - Managed by National Institute of
–Standards and Technology (NIST) http://scap.nist.gov - Allows tools to identify and act on the same criteria
–Validate the security configuration
–Confirm patch installs
–Scan for a security breach
2
Q
Using SCAP
A
- SCAP content can be shared between tools
–Focused on configuration compliance
–Easily detect applications with known vulnerabilities - Especially useful in large environments
–Many different operating systems and applications - This specification standard enables automation
–Even between different tools - Automation types
–Ongoing monitoring
–Notification and alerting
–Remediation of noncompliant systems
3
Q
Benchmarks
A
- Apply security best-practices to everything
–Operating systems, cloud providers, mobile devices, etc.
–The bare minimum for security settings - Example: Mobile device
–Disable screenshots, disable screen recordings, prevent
voice calls when locked, force encryption backups,
disable additional VPN profiles, configure a “lost phone”
message, etc. - Popular benchmarks - Center for Internet Security (CIS)
–https://www.cisecurity.org/cis-benchmarks/
4
Q
Agents/agentless
A
- Check to see if the device is in compliance
–Install a software agent onto the device
–Run an on-demand agentless check - Agents can usually provide more detail
–Always monitoring for real-time notifications
–Must be maintained and updated - Agentless runs without a formal install
–Performs the check, then disappears
–Does not require ongoing updates to an agent
–Will not inform or alert if not running
5
Q
SIEM
A
- Security Information and Event Management
–Logging of security events and information - Log collection of security alerts
–Real-time information - Log aggregation and long-term storage
–Usually includes advanced reporting features - Data correlation
–Link diverse data types - Forensic analysis
–Gather details after an event
6
Q
Anti-virus and anti-malware
A
- Anti-virus is the popular term
–Refers specifically to a type of malware
–Trojans, worms, macro viruses - Malware refers to the broad malicious
software category
–Anti-malware stops spyware, ransomware,
fileless malware - The terms are effectively the same these days
–The names are more of a marketing tool
–Anti-virus software is also anti-malware
software now
–Make sure your system is using a
comprehensive solution
7
Q
Data Loss Prevention (DLP)
A
- Where’s your data?
–Social Security numbers, credit card numbers,
medical records - Stop the data before the attacker gets it
–Data “leakage” - So many sources, so many destinations
–Often requires multiple solutions
–Endpoint clients
–Cloud-based systems
–Email, cloud storage, collaboration tools
8
Q
SNMP
A
- Simple Network Management Protocol
–A database of data (MIB) - Management Information Base
–The database contains OIDs - Object Identifiers
–Poll devices over udp/161 - Request statistics from a device
–Server, firewall, workstation, switch, router, etc. - Poll devices at fixed intervals
–Create historical performance graphs
9
Q
SNMP traps
A
- Most SNMP operations expect a poll
–Devices then respond to the SNMP request
–This requires constant polling - SNMP traps can be configured on the monitored device
–Communicates over udp/162 - Set a threshold for alerts
–If the number of CRC errors increases by 5, send a trap
–Monitoring station can react immediately
10
Q
NetFlow
A
- Gather traffic statistics from all traffic flows
–Shared communication between devices - NetFlow
–Standard collection method
–Many products and options - Probe and collector
–Probe watches network communication
–Summary records are sent to the collector - Usually a separate reporting app
–Closely tied to the collector
11
Q
Vulnerability scanners
A
- Usually minimally invasive
–Unlike a penetration test - Port scan
–Poke around and see what’s open - Identify systems
–And security devices - Test from the outside and inside
–Don’t dismiss insider threats - Gather as much information as possible
–We’ll separate wheat from chaff later
SY0 701
flashcards
Decks in class (131)
# Cards
-
Security controls 1.111
-
Preventive Control types (1.1)4
-
Deterrent control types (1.14
-
Detective control types (1.1)4
-
Corrective control (1.1)4
-
Compensating control (1.1)4
-
Directive control type (1.1)4
-
CIA Triad 1.24
-
Confidentiality (1.2)4
-
Integrity (1.2)5
-
Availability (1.2)4
-
Non repudiation (1.2)5
-
Acronyms324
-
Authentication, Authorization, & Accounting 1.27
-
Gap Analysis 1.25
-
Zero Trust 1.28
-
Physical Security 1.27
-
1.2 Deception & Disruption4
-
Change management steps 1.39
-
Technical change management steps 1.39
-
Public Key Infrastructure 1.46
-
Encrypting data 1.410
-
Key Exchange 1.46
-
Encryption technologies 1.47
-
Obfuscation 1.47
-
Hashing & digital signatures 1.49
-
Blockchain technology 1.42
-
Certificates 1.412
-
2.1 Threat Actors15
-
2.2 Common Threat Vectors13
-
2.2 Phishing4
-
Impersonation 2.26
-
Watering Hole Attacks 2.24
-
Other Social engineering attacks (2.2)3
-
Memory Injections 2.33
-
Buffer Overflows 2.31
-
Race Conditions 2.33
-
Malicious Updates 2.33
-
2.3 Operating system vulnerabilities3
-
2.3 SQL Injection4
-
2.3 Cross Site Scripting7
-
2.3 Hardware Vulnerabilities4
-
2.3 Virtualization Vulnerabilities4
-
2.3 Cloud specific Vulnerabilities.3
-
Supply chain vulnerabilities 2.37
-
Misconfiguration vulnerabilities 2.35
-
Mobile device vulnerabilities 2.34
-
Zero-day vulnerabilities 2.33
-
An overview of Malware 2.46
-
2.4 Viruses and worms5
-
2.4 Spyware and Bloatware5
-
2.4 Other Malware Types6
-
2.4 Physical attacks4
-
2.4 Denial of Service4
-
2.4 DNS attacks4
-
2.4 Wireless Attacks5
-
2.4 On Path Attacks2
-
2.4 Replay attacks6
-
2.4 Malicious Code3
-
2.4 Application attacks11
-
2.4 Cryptographic Attacks5
-
2.4 Password attacks6
-
2.4 Indicators of compromise9
-
2.5 Segmentation and Access Control3
-
2.5 Mitigation techniques6
-
2.5 Hardening techniques9
-
3.1 Cloud Infrastructure6
-
3.1 Network Infrastructure concepts4
-
3.1 other Infrastructure concepts10
-
3.1 Infrastructure Considerations12
-
3.2 Secure Infrastructures5
-
3.2 Intrusion prevention5
-
3.2 Network appliances10
-
3.2 Port Security4
-
3.2 Firewall Types6
-
3.2 Secure communication11
-
3.3 Data types and classifications3
-
3.3 States of Data5
-
3.3 Protecting data9
-
3.4 Resiliency11
-
3.4 Capacity planning4
-
3.4 Recovery Testing5
-
3.4 Backups8
-
3.4 Power resiliency3
-
4.1 Secure Baselines4
-
4.1 Hardening targets10
-
4.1 Securing wireless & Mobile8
-
4.1 Wireless Security settings11
-
4.1 Application Security7
-
4.2 Asset management6
-
4.3 Vulnerability scanning5
-
4.3 Threat intelligence5
-
4.3 Penetration testing5
-
4.3 Analyzing Vulnerabilities9
-
4.3 Vulnerability remediation9
-
4.4 Security monitoring8
-
4.4 Security tools11
-
4.5 Firewalls6
-
4.5 Web filtering8
-
4.5 Operating system security3
-
4.5 Secure Protocols5
-
4.5 email security5
-
4.5 Monitoring data7
-
4.5 Endpoint Security8
-
4.6 Identity and Access Management10
-
4.6 Access controls8
-
4.6 Multifactor Authentication7
-
4.6 Password Security7
-
4.7 Scripting and automation4
-
4.8 Incident response10
-
4.8 Incident planning5
-
4.8 Digital Forensics7
-
4.9 Log data12
-
5.1 Security policies10
-
5.1 Security Standards5
-
5.1 Security procedures7
-
5.1 Security considerations4
-
5.1 Data roles & Responsibilities2
-
5.2 Risk Management4
-
5.2 Risk Analysis6
-
5.2 Risk Management Strategies2
-
5.2 Business impact analysis1
-
5.3 Third Party Assessment10
-
5.3 Agreement types2
-
5.4 Compliance7
-
5.4 privacy6
-
5.5 Audits and Assessments3
-
5.5 Penetration tests6
-
5.6 Security Awareness5
-
5.6 User training2
-
1.1 Compare and contrast types of secuirty controls1
