1/44
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
What is the CIA Triad
Confidentiality: unauthorized people don’t have access to sensitive information
Integrity: no unauthorized modifications to info or system
Availability: info and systems are accessible to users when needed
Nonrepudiation
proof of origin, can’t denied you did it
Methods for Confidentiality
Encryption: scrambles data to make it unreadable by unauthorized users
Access Controls: ensures authorized users have access to the data
3 methods of Access Controls
Identification: users claim an identity with a username
Authentication: users prove their identity like password
Authorization: user is given access or restrict access to resources
Hashing
converts data into a fixed-length hash value used to verify data integrity.
What is one method of Hashing
Secure Hashing Algorithms (SHA)
What is redundancy
Having duplicate components or data to provide a backup
methods of redundancy
Disk: stores data in multiple hard drives in case one fails
Server: multiple servers in case one fails so service is available
Network: Multiple network connections or devices to keep network available
Power: multiple power sources in case main power source fails
Fault Tolerance
a system to continue operating even if a component fails (result of redundancy)
Scalability
increase the capacity of a system or service to meet new demands
What are two scaling
Horizontal Scaling: adding additional servers or systems for increase demand
Vertical Scaling: adds resources, memory or processing to a server
Elasticity
Controls scalability by having the system add or remove resources to a server
Patching
keeps system up to date by patching software bugs
Resiliency
Reliable, available, and able to recover from failures while balancing cost
Basic Risk Concepts
Risk: chance that the threat will cause harm
threat: the thing that case harm
Vulnerability: a weakness
security incident: events that negatively affect the CIA
3 types of Threat
attacker: inside/outside the org
natural: hurricanes, tsunamis
accidental: mistakes or system errors
Risk Mitigation
reduces the risk or chances a threat will exploit
Control Categories
Technical Control: use tech to reduce risk
Operational: ensure day to day operations comply with security policy
Management: Controls focused on managing risk through policies, planning, and oversight.
Physical: security controls impacting the physical world
Control Types
Preventative: stop a security issue before it occurs
Deterrent: discourages users from causing incidents
Detective: identify security events that have already happened
Compensating: alternatives if the original security measure fails
Corrective: restore normal operations after an incident
What are two OS logs
Windows Logs: logs store on windows
Linux logs: logs store in Linux, /var/log/directory
what are the three windows logs
Security: Records security-related events such as logins, authentication attempts, and account changes
System: Records Windows operating system events, hardware issues, and system errors.
Application: Records events generated by installed applications, including errors and crashes.
directory of linux logs and what they do
/var/log/secure: authentication and authorization
/var/log/syslog: what is the system doing
Network Logs
record traffic on the network
Firewall log
records traffic that is allowed or blocked by the firewall
IDS vs IPS
Intrusion detection system: alerts admins about suspicious activities
Intrusion Prevention system: block suspicious activities
WHAT IS PROTOCOL ANALZYER
Sniffers that captures network traffic to analyze packets
Metadata
more data about a data
Centralized System
system where management, control, or data is handled from a one central location
SIEM
security info and event management that helps collect and analyze data from systems
SEM vs SIM
security event management: real time monitoring, correlation, and alerting
security information management: log term log storage, reporting, and analysis
UBA
User Behavior Analytics: analyzes user behavior to detect unusual activities
False Positive vs False Negative
alerts when there isn’t a threat
threat exists, but doesn’t alert
SIEM syslogs
used to send, store, and manage log messages from network devices and systems
What are two syslog categories
Originator: sends syslog messages
Collector: receives and stores syslogs
DAD Triad
disclosure: exposure of sensitive info
Alteration: unauthorized mod of info
Denial: disruption of an authorized users access
Data exfiltration
attackers gaining access to sensitive info
Examples of Authentication
driver’s license, digital certificate, smart cards, password, biometrics
Examples of Identification
username, name
What are the AAA
Authentication, Authorization, and Accounting
What is Accounting
track user activities and record it in logs
Example of Accounting
audit trail: who did what, when and where