What is a Firewall?
A network security device or software that protects against unauthorized access and potential threats by monitoring and controlling network traffic based on predefined security rules
What is a Screened Subnet (Dual-homed Host)? DMZ
Acts as a security barrier between external untrusted networks and internal trusted networks using a protected host with security measures like a packet-filtering firewall
What are Packet Filtering Firewalls?
Checks packet headers for traffic allowed based on IP addresses and port numbers (Layer 4)
What are Stateful Firewalls?
Decides which traffic is allowed based on both the packet header and the state of the connections and requests that goes in and out of the network (Layer 4)
What are Proxy Firewalls?
The middleman that inspects traffic from a client before fowarding to the destination server, and waits for its response
What is a Circuit-Level Proxy Firewall?
Creates a virtual circuit between the client and the server, but doesn’t inspect the data payload (Layer 5)
What is the Application-Level Proxy Firewall?
Does deep packet inspection by conducting various proxy functions for each type of app (Layer 7)
What are Kernel Proxy Firewalls?
Minimal impact on network performance, full inspection of packets at every layer
What is NGFW (Next Generation Firewall)?
Aims to address the limitations of traditional firewalls by being more aware of apps and their behaviors
What does UTM (Unified Threat Management) Firewall do?
Provides the ability to conduct multiple security functions in a single appliance
What is WAF (Web Application Firewall)?
Focuses on inspecting HTTP traffic and prevents common web attacks like cross-site scripting and SQL injections
What does Application-aware do to firewalls?
Makes firewalls distinguish between different types of traffic
What is In-line Configuration (live attack prevention)?
Device sits between the network firewall and the web servers
What is Out of Band Configuration (detection)?
Device receives a mirrored copy of web server traffic and will then alert for any bad activity
What is a Layer 4 Firewall?
Filters traffic based on port numbers and protocol data, and operates at the transport layer
What is a Layer 7 Firewall?
Inspects, filters, and controls traffic based on data content and data characteristics; and operates at the application layer
-
Threat Actor Motivations12
-
Hacktivists7
-
Organized Crime2
-
Unskilled Attackers3
-
Nation-State Actor5
-
Insider Threats3
-
Shadow IT3
-
Threat Vectors and Attack Surfaces11
-
Outsmarting Threat Actors11
-
PHYSICAL SECURITY1
-
Fencing and Bollards4
-
Attacking with Brute Force5
-
Surveillance Systems3
-
Bypassing Surveillance Systems7
-
Access Control Vestibules5
-
Door Locks4
-
Access Badge Cloning7
-
SOCIAL ENGINEERING1
-
Motivational Triggers7
-
Impersonation5
-
Pretexting2
-
Phishing Attacks6
-
Preventing Phishing Attacks7
-
Frauds and Scams5
-
Influence Campaigns3
-
Other Social Engineering Attacks13
-
MALWARE3
-
Viruses11
-
Worms3
-
Trojans3
-
Ransomware3
-
Zombies and Botnets7
-
Rootkits12
-
Backdoors and Logic Bombs4
-
Keylogger3
-
Spyware and Bloatware6
-
Malware Attack Techniques12
-
Indications of Malware Attacks9
-
DATA PROTECTION1
-
Data Classifications14
-
Data Ownership9
-
Data States17
-
Data Types5
-
Data Sovereignty2
-
Securing Data8
-
Data Loss Prevention (DLP)5
-
CRYPTOGRAPHIC SOLUTIONS8
-
Symmetric vs Asymmetric5
-
Symmetric Algorithms10
-
Asymmetric Algorithms4
-
Hashing8
-
Pass the Hash Attack5
-
RISK MANAGEMENT1
-
Risk Assessment Frequency6
-
Risk Identification7
-
Risk Register13
-
Qualitative Risk Analysis1
-
Quantitative Risk Analysis6
-
Risk Management Strategies7
-
Risk Monitoring and Reporting9
-
THIRD-PARTY VENDOR RISKS1
-
Supply Chain Risks5
-
Supply Chain Attacks8
-
Vendor Assessment10
-
Vendor Selection and Monitoring5
-
Contracts and Agreements8
-
GOVERNANCE AND COMPLIANCE2
-
Governance10
-
Governance Structures6
-
Policies7
-
Standards5
-
Procedures5
-
Governance Considerations7
-
Compliance12
-
Non-compliance Consequences5
-
ASSET AND CHANGE MANAGEMENT2
-
Acquisition and Procurement5
-
Mobile Asset Deployments3
-
Asset Management6
-
Asset Disposal and Decommissioning12
-
Change Management5
-
Change Management Processes6
-
Technical Implications of Changes6
-
Documenting Changes2
-
AUDITS AND ASSESSMENTS5
-
Internal Audits and Assessments10
-
Performing an Internal Assessment3
-
External Audits and Assessments5
-
Penetration Testing5
-
Reconnaissance in Pentesting6
-
Attestation of Findings6
-
CYBER RESILIENCE AND REDUNDANCY2
-
High Availability10
-
Data Redundancy9
-
Capacity Planning5
-
Powering Data Centers9
-
Data Backups10
-
Continuity of Operations Plan3
-
Redundant SIte Considerations10
-
Resilience and Recovery Testing8
-
SECURITY ARCHITECTURE3
-
On-Premise Vs the Cloud9
-
Cloud Security11
-
Virtualization and Containerization8
-
Serverless8
-
Microservices9
-
Network Infrastructure3
-
Software-defined Network (SDN)4
-
Infrastructure as Code (IaC)2
-
Centralized vs. Decentralized Architectures2
-
Internet of Things (IoT)2
-
ICS and SCADA4
-
Embedded Systems8
-
SECURITY INFRASTRUCTURE1
-
Ports and Protocols7
-
Firewalls16
-
Configuring Firewalls5
-
IDS and IPS9
-
Network Appliances5
-
Port Security9
-
Securing Network Communications16
-
Infrastructure Considerations9
-
Selecting Infrastructure Controls6
-
IDENTITY AND ACCESS MANAGEMENT (IAM) SOLUTIONS1
-
Identity and Access Management (IAM)9
-
Multi-factor Authentication2
-
Password Security6
-
Password Attacks5
-
Single Sign-On (SSO)4
-
Federation1
-
Privileged Access Management (PAM)4
-
Access Control Models7
-
Assigning Permissions1
-
VULNERABILITIES AND ATTACKS2
-
Hardware Vulnerabilities13
-
Bluetooth Vulnerabilities and Attacks9
-
Mobile Vulnerabilities and Attacks5
-
Zero-day Vulnerabilities3
-
Operating System Vulnerabilities5
-
SQL and XML Injections6
-
XSS and XSRF10
-
Buffer Overflow5
-
Race Conditions8
-
MALICIOUS ACTIVITY1
-
Distributed Denial of Service8
-
Domain Name System (DNS) Attacks6
-
Directory Traversal Attack5
-
Execution and Escalation Attacks10
-
Replay Attacks2
-
Session Hijacking7
-
On-path Attacks9
-
Injection Attacks4
-
Indicators of Compromise (IoC)10
-
HARDENING1
-
Restricting Applications4
-
Trusted Operating Systems5
-
Updates and Patches5
-
Patch Management5
-
Group Policies3
-
SELinux15
-
Data Encryption Levels7
-
Secure Baselines1
-
SECURITY TECHNIQUES1
-
Wireless Infrastructure5
-
Wireless Security Settings10
-
Application Security10
-
Network Access Control (NAC)3
-
Web and DNS Filtering8
-
Email Security8
-
Endpoint Detection and Response3
-
User Behavior Analytics2
-
Selecting Secure Protocols5
-
VULNERABILITY MANAGEMENT1
-
Identifying Vulnerabilities8
-
Threat Intellegence Feeds4
-
Responsible Disclosure Programs2
-
Analyzing Vulnerabilities9
-
Vulnerability Response and Remediation7
-
Validating Vulnerability Remediation1
-
Vulnerability Reporting4
-
ALERTING AND MONITORING3
-
Monitoring Resources3
-
Alerting and Monitoring Activities8
-
Simple Network Management Protocol (SNMP)5
-
Security Information and Event Management (SIEM)3
-
Data from Security Tools4
-
Security Content Automation Protocol (SCAP)8
-
Network and Flow Analysis6
-
Single Pane of Glass5
-
INCIDENT RESPONSE1
-
Incident Response Process10
-
Threat Hunting3
-
Root Cause Analysis6
-
Incident Response Training and Testing5
-
Digital Forensic Procedure12
-
Data Collection Procedures1
-
INVESTIGATING AN INCIDENT0
-
Investigative Data9
-
Dashboards3
-
Automated Reports4
-
Vulnerability Scans2
-
Packet Captures1
-
Metadata2
-
AUTOMATION AND ORCHESTRATION5
-
When to Automate and Orchestrate2
-
Automating Support Tickets3
-
Automating Onboarding3
-
Automating Security3
-
Automating Application Development10
-
Integrations and APIs5
-
Ports6
