Fiszki: Security+ 601 Part 3 | Quizlet

DNSSEC (Domain Name System Security Extensions)

Validates DNS through extensions using cryptography to enable authentication of DNS, thus providing integrity, but it does not provide controls for availability or confidentiality, DNS records are signed with a trusted authority.

SSH (Secure Shell)

An encrypted tunnel communication that replaces Telnet and FTP and also provides file transfer features

S/MIME (Secure/Multipurpose Internet Mail Extensions)

Protocol provides public key encryption and digital signing of mail content, requires PKI.

Secure Real-time Transport Protocol (SRTP)

A protocol that provides encryption, integrity, and anti-replay to Real Time Protocol (RTP) traffic. (keeps conversations private)

Lightweight Directory Access Protocol (LDAP)

A protocol used by various client applications when the application needs to query a x.500 directory, uses TCP/IP, essential like a phone directory for a network

FTPS (File Transfer Protocol Secure)

A protocol that combines the use of FTP with additional support for TLS and SSL.

SFTP (Secure File Transfer Protocol)

SSH file transport protocol that provides file system functionality

SNMP (Simple Network Management Protocol) V3

Protocol provides confidentiality, integrity, and authentication when routing or switching to help better manage a network.

HTTPS (Hypertext Transfer Protocol Secure)

An encrypted version of HTTP. It uses port 443.

IPSec (Internet Protocol Security)

A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. Uses two core protocols, AH and ESP

Authentication Header (AH)

This provides connectionless integrity and the authentication of data. It also provides protection versus replay attacks.

Encapsulating Security Payload (ESP)

An IPSec component that provides the same services as AH but also provides confidentiality when sending data.

Post Office Protocol (POP) 3

An application layer over the internet standard protocol used by local email clients to retrieve email from a remote server over TCP/IP connection.

Internet Message Access Protocol (IMAP) 4

A protocol that resides on an incoming mail server. Similar to POP, but is more powerful. Allows sharing of mailboxes and multiple mail server access.

Use Cases

- Voice and Video (SRTP)
- Time Sync (NTP)
- Email and Web (HTTPS)
- File Transfer (SFTP and FTPS)
- Directory Services (LDAP)
- Remote Access (SSH)
- Domain Name Resolution (DNSSEC)
- Routing and Switching (SNMPv3)
- Network address allocation (DHCP)
- Sub Services (LDAP)

Endpoint Protection

The concept that of extending the security perimeter to the devices that are employed to the network.

Antivirus

software that is specifically designed to detect viruses and protect a computer and files from harm, very similar to malware

Anti-malware

software that prevents attacks by a wide range of destructive, malicious, or intrusive programs, prevents malware attacks

Endpoint detection and response

Antivirus solutions that are packaged from individual components to provide security functions in a more basic form allowing for a more centralized approach with easier updating of systems.

Host based intrusion prevention system

Often built into EDR, this prevents attacks on host OS systems and secures/validates incoming traffic.

host-based intrusion detection system (HIDS)

A software-based application that runs on a local host computer that can detect an attack as it occurs.

host based firewall

A firewall that only protects the computer on which it's installed.

Boot integrity

the characteristic of the intended hardware/software/firmware load for the system being in compliance with the expected state (free of tampering)

UEFI (Unified Extensible Firmware Interface)

An interface firmware that manages motherboard settings and secures the boot to ensure that no rogue operating system hijacks the system.

Measured Boot

A UEFI firmware feature that logs the startup process. Antimalware software can analyze this to log to determine if malware is on the computer or or if the boot components were tampered with.

Boot attestation

This identifies reports from the BIOS and correlates/manages them from prior reports.

Secure Cookie

A cookie that is only used when a browser is visiting a server using a secure connection like HTTPS.

HTTP (Hypertext Transfer Protocol) secure Headers

This security feature prevents XSS attacks and ensures encrypted communication between applications

code signing

The process of assigning a certificate to code. The certificate includes a digital signature and validates the code. The public key is signed by the CA and private key is signed by the developer of the code.

Allow list

To prevent unwanted access, applications can input what's allowed to run on their application.

block list/deny list

This can create a "bad" list that blocks malware or PUPs from running on their application.

Secure Coding Practices

This ensures that quality assurance was assumed when writing out code and programmed with security in mind.

static code analysis

Analysis of source code carried out without execution of that software.

Manual Code Review

A review that can be done in two ways: undirected and directed, undirected is essentially proofreading of code to oneself and directed is explaining the code to a team/group of people.

Dynamic Code Analysis

A code analysis that is done using a running application

Fuzzing

A brute force method of addressing input validation issues and vulnerabilities

hardening

Open ports and services, registry, disk encryption, OS, and patch management should all be...

self-encrypting drive

A hard drive that contains built-in encryption that is automatically applied to the data it stores.

Full Disk Encryption (FDE)

a technology that encrypts everything stored on a storage medium automatically, without any user interaction.

Opal

Used for applying hardware encryption to mass storage devices, HDD, SSD and optical drives

hardware root of trust

The concept that if one has trust in a source's specific security functions, this layer can be used to promote security to higher layers of a system.

Trusted Platform Module (TPM)

A hardware platform for the acceleration of cryptographic functions and the secure storage of associated information, key generation as well.

Sandboxing

Using a virtual machine to run a suspicious program to determine if it is malware.

Active/active load balancing

Two or more servers working together to distribute load of traffic, if one server fails loss of data may occur.

Active/Passive load balancing

All traffic is sent to a server that is currently running, if that server fails, another server that is idle will turn on and replace the actions of that failed server.

Affinity based scheduling

Scheduling mechanism designed to keep the host on the same session so that integrity and recording of continuing sessions occur.

Round Robin Scheduling

Scheduling mechanism designed to rotate between sessions when assigning how to load-balance data.

Virtual IP

A single IP address shared by multiple systems

Persistence

The condition of when a system connects to the same target in a load-balanced system, important for maintaining integrity.

Network Segmentation

A network arrangement in which some portions of the network have been separated from the rest of the network in order to protect some resources while granting access to other resources.

Virtual Local Area Network (VLAN)

a logical network that can separate physical devices without regard to the physical location of the device, cannot connect between networks unless connected by a router

East-West traffic

network data flows within an enterprise network

Extranet

A private electronic network that links a company with its suppliers and customers, uses common technologies

Intranet

a network designed for the exclusive use of computer users within an organization that cannot be accessed by users outside the organization, use common technologies

Zero Trust

A security model centered on the belief that you should not trust any request without verifying authentication and authorization.

Always-on VPN

A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.

Split Tunnel

allows multiple connection paths, some via protected route such as the VPN, whereas other traffic from, say, public internet sources is routed via non-VPN paths. advantage is no bottlenecking

Full Tunnel

A VPN technology that protects all traffic over a VPN.

HTML5

developed to handle the modern web content of audio and video as well as to enhance the ability of a browser to function without add-ins

Network Access Control (NAC)

Manages the endpoints on a case-by-case basis as they connect

NAC Agent

A solution that installs and deploys onto a network so that it can produce secure network environments

NAC agentless

The solution subsides on the memory of a network and isn't installed on the systems, instead a machine requesting to join the network gets deployed with this solution to ensure the environment is secure

out-of-band management

Channels are physically separate connections, via separate interfaces that permit the active management of a device even when the data channel is blocked for some reason.

Port Security

a capability provided by switches that enables you to control which devices and how many of them are allowed to connect via each port on a switch

Flood Guards

a broadcast storm prevention happens from this and manages traffic flow on a network

Bridge Protocol Data Unit (BPDU)

Used by switches to share information with other switches that are participating in the Spanning-Tree Protocol, this shared information prevents DoS attacks against systems

Loop Prevention

IEEE 802.1D prevents loops in bridged networks (switched)

Dynamic Host Configuration Protocol (DHCP) snooping

A defensive measure against attackers trying to use a rogue DHCP device, the solution is used on Layer 2 and tracks a list of untrusted devices.

Media Access Control (MAC) filtering

The method to secure a network by limiting which devices are allowed to connect to a network based on a list of MAC addresses kept by the wireless access points, security through obscurity.

Network appliances

Machines that provide services across a network.

Jump servers

A hardened system on a network specifically used to access devices in a separate security zone.

Proxy servers

A third-party computer that passes traffic to and from a specific address without revealing the address of the connected user.

Network-Based Intrusion Detection System (NIDS)/Network-Based Intrusion Prevention System

Prevention/Detection system that watches network traffic.

Signature based

A/n _____________________ IDPS examines network traffic in search of patterns that match known signatures.

Heuristic behaviour

This NIDS/NIPS identifies AI to use a network

anomaly

Built on a baseline of what's normal for a network this can be identified...

inline

An IDS/IPS that sits physically within the network, all traffic goes in and out of it.

passive

A copy of all traffic that is scanned, no way to prevent attacks.

aggregators

information from routers and switches are brought together to sensor what is being accepted and not.

Web Application Firewall

A special type of firewall that looks more deeply into packets that carry HTTP traffic, able to allow or deny based on input by developer, unexpected input could lead to SQL injection.

stateful firewall

Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network.

stateless firewall

A firewall that manages each incoming packet as a stand-alone entity without regard to currently active connections. They are faster than stateful firewalls, but are not as sophisticated.

Unified Threat Management (UTM)

comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software

Network Address Translation (NAT) Gateway

instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

content/URL filter

Used to limit specific types of content across the web to users.

Access Control List (ACL)

A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.

route security

The basis of communicating between networks and the need to understand that protocols connect these various networks for important functionality.

Quality of Service (QoS)

Policies that control how much bandwidth a protocol,
PC, user, VLAN, or IP address may use, what is most critical to a network is prioritized first.

Port spanning/mirroring

used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port, used for network monitoring

implications of IPv6

More IP address space, and no need for NAT, ARP spoofing is obsolete and IPSec is automatically built into the address

monitoring services

the process pf collecting and analyzing network data to detect unauthorized activity

file integrity monitors

Are a series of internal processes that can validate the integrity of an OS and application files.

WPA2 (Wi-Fi Protected Access 2)

implements the mandatory elements of IEEE 802.11i. In particular, it includes mandatory support for CCMP, an AES-based encryption mode.[7] [8] Certification began in September, 2004.

WPA3 (Wi-Fi Protected Access 3)

standard uses an equivalent 192-bit cryptographic strength and instead of a PKI it uses SAE that provides more secure personnel key exchange and forward secrecy

Simultaneous Authentication of Equals (SAE)

variant of the Dragonfly Key Exchange based on Diffie-Hellman key exchange using. The problem of using Diffie-Hellman key exchange is that it does not have an authentication mechanism. So the resulting key is influenced by a pre-shared key and the MAC addresses of both peers to solve the authentication problem.

EAP (Extensible Authentication Protocol)

An authentication framework that provides general guidance for authentication methods. Integrates with 802.1X which prevents access until authentication succeeds.

PEAP (Protected Extensible Authentication Protocol)

A protected version of EAP that encapsulates packets in a TLS tunnel, use can authenticate with a GTC or MSCHAPv2

EAP-FAST (EAP Flexible Authentication via Secure Tunneling)

A shared secret is between the AS and the protected access credential (PAC), and will need a RADIUS server which provides the services of this framework.

EAP-TLS (EAP-Transport Layer Security)

Strong security, wide adoption, support from most of the industry, but relatively complex to implement since you need to manage certificates and a PKI for all wireless clients

EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)

A variant of EAP-TLS but the protocol tunnels the client side of the authentication, the tunnel is created via a digital certificate, this certificate does not have to be used on every device