Cybersecurity (up to class 14)

Interview Questions and Terms ; up till policies

IAM

Identity and Access Management. Process of onboarding and offboarding people

Cyber Threat

Any malicious act that attempts to gain access to a computer network without authorization. Can damage or disrupt computer system, a network of the information it contains

• Most Common Cyber Threats: Social Engineered Trojans, Unpatched Software, Phishing, Network worms

Cyber Attacks

Advanced Persistent Threat (APT), Backdoor, Cross0Site Scripting, Zero-day Exploit, Impacts and Malicious Code

What is a vulnerability?

 A vulnerability is the composition of three elements:

• A flaw in the system.

• Access to the attacker to that flaw.

• The capability of the attacker to exploit the flaw.

SDLC

Software Development Life Cycle. The process for developing a software application or system

SDLC Phases

• Planning

  • Customer needs -> budget, resources, timeline

• Defining/Analysis

  • Requirements defined by BA

• Design

  • Blueprint developed by System Architect

  • Servers, Databases, Integrations

• Coding/Developing

• Testing 

• Deployment/Production

Agile

Methodology to move quickly and easily; a formalized approach for delivering SDLC 

Backlog

List of requirements that need to be delivered

Product Backlog, Spring Backlog, Release Backlog

User Stories

Business Needs, core values of expectations and acceptance criteria. Analyzed by testing SMART

Requirements

Customer Needs written in a detailed and technical format

Functional Requirements

Describes what the system SHOULD do

User Action → System Reaction

Non-Functional Requirements

Describes how the system should work

• Majority of Requirements IAMs work with

• Set up triggers, rules in system

• Performance, Availability and Security (Giving access and removing access)

SQL

Organizes back-end data

Data Definition Language

DR CAT

• DROP - delete object (table or database) from the database

• RENAME - rename the existing table or object

• CREATE - to create table or objects

• ALTER - change the structure (name, data type)

• TRUNCATE - remove all records from a table

Data Manipulation Language

• SELECT - extract data

• UPDATE - update data

• DELETE - delete data (can delete a record)

• INSERT - insert new data 

Transactional Control Language

• COMMIT - save the data

• ROLLBACK - undo

Data Control Language

• Giving access to specific users

• GRANT - assign privilege

• REVOKED - remove privilege

API

Application Program Interface

Middle Tier that checks valid responses between front end (client) and back end (server) in an application

API Testing

Sending Calls

Web Service

A service available over the web

• API wrapped in HTTP

• Needs a network while an API doesn’t need a network

SOAP (Simple Object Access Protocol)

Web Service API that uses SoapUI (Manual Testing)

Uses tags like HTML

Send data through Auto Populated header instructions

RESTful

Web Service API that uses Postman for Manual Testing and REST-assured for Automation Testing

Most are JSON

The server will transfer the client a representation of the state of the requested resource

WSDL

Web Services Description Language

XML based language that describes Web services and how to access and locate them

UDDI

Universal Description, Discovery and Integration

Open internet based specification that offers directory service for storing information about web services

SOAP Vs REST APIs

• SOAP is like using an envelope, extra overhead, more bandwidth requested, more work on both ends.

• REST is like a postcard: lightweight, can be cached, and easier to update. Not as private. 

Network Security

Focuses on protecting roads (cisco, vpn)

Endpoint Security

Protects individual devices (antivirus, encryption)

Application Security

Apps are secure during development & use (regular app testing)

Data Security

Secure systems hosted in cloud (AWS Security Hub ; cloud encryption)

Identity

Unique digital representation of a person, device, application, etc

User

Who has an account in identity management

Administrator

Has the capability and controls organization

Resources

Systems, applications, or data that a user may need access to

Organization

The structure users/identities belong to (teams or locations)

Role

A set of permissions a user gets based on their job functions. Bundle of entitlements someone is assigned to based on their role

Capabilities

Actions or tasks an identity is allowed to perform

Virtual Identity

How a user looks in Sailpoint

SOD policy

separation of duties; 2 conflicting roles setting the policy by going into sailpoint instance by marking what role conflicts

Application Server

Where Sailpoint is going to run; Tomcat

Database Server

Sailpoint’s data ; Shared access for everyone to view ; MySQL

Java

Development written in java beanshell (rules, scripts) BEANSHELL IS XML AND JAVA CODE (getters: objects, identities & setters: firstname, email)

Sailpoint WAR

Sailpoint file you’ll be able to run on servers

UI Server

lets sailpoint be up and running

Task Server

tasks you can run (ex. updating identities); might need multiple servers depending on how many identities you have, making sure everyone can do their tasks and also need backup

Load Balancer

directs traffic to different servers to avoid request overload

Hibernate

communicate with the database

Entitlement

permission / acess right

Certification / User Access Review

When managers go in and review accesses that users would need, revoke what is not needed

Policy

Rules in Sailpoint

Attributes

datapoints used to describe an identity

Aggregation

pulling data from connected applications; sailpoint uses connector to go through identities then pulls them into Sailpoint

Account mapping

Part of Aggregation

link user identities within all different applications; avoids duplicate identities

• Large companies might have same name - use unique keys like email to map identities

Provisioning

process of granting access

Birthright Access

default access automatically given to user based on rules/identity attributes

Connectors

integrations used by Sailpoint to connect with external systems

Workday

out of the box connector: import info then sailpoint connects to app

Custom connector

 new app that might not be out of the box, developer creates custom connector to tell sailpoint how to communicate with the app

HTTP Status code: (100-199)

Informational response

HTTP Satus code: (200-299)

Successful response

HTTP Status code: (300-399)

Redirection messages

HTTP Satus code: (400-499)

Client error response

HTTP Satus code: (500-599)

Server error response

BAU

Business as Usual

Identity Risk model 

Helps identify risk assessments to see which identity has the highest chance, or “loophole” where  cyber attack can happen

Service Account

Non-human account used to connect with other applications or to perform application-level access 

Privileged account

An account with more access

We have these to easily monitor access and keep accounts secure. These accounts are used less often, therefore they are less at risk for an attack

Dormant Account

Neglected accounts that are not used when original accounts gain problems and users get a new account

Syslog (System Logger)

Any errors that happens in the system, everything is recorded in this log

Organizational Role

Subordinants within a parent company

Business Role

Attach combination of IT roles and Entitlement roles

Assignment Criteria to both existing and new employees

IT Role

Combination of entitlements

Entitlement Role

This allows access to applications and can be assigned to roles

RapidSetup Birthright Role

Assigned to new employees when they begin

• You can define assignment criteria and only add entitlements

Alert SOD

An email gets sent out when a policy is violated (post policy violation action item)

• Revert changes, gets defined in the business process

Preventive SOD

An error occurs when someone tries to violate a policy