Objective 2.1 - Security Concepts In An Enterprise Environment

Configuration Management

help ensure that systems remain secure, even as the configurations change over the lifetime of systems

Diagrams for Configuration management

Network or physical diagrams

Baseline configuration

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Standard naming conventions

Using the same conventions for assigning names to appliances.

IP Schematic

IP address plan or model that is consistent with network devices and helps avoid duplication of IP addresses, defines IP ranges, locations, and reserved addresses

data sovereignty

A term that refers to the legal implications of data stored in different countries. It is primarily a concern related to backups stored in alternate locations via the cloud.

Data Loss Prevention (DLP)

A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users.

Masking

modifying data to hide the original content. The primary reason for doing so is to protect sensitive information such as PII. The process retains usable data but converts it to inauthentic data

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

Data at rest

refers to any data stored on media and it's common to encrypt sensitive data. For example, it's possible to encrypt individual fields in a database, individual files, folders, or a full disk

Data in Transit (motion)

refers to any data sent over a network and its common to encrypt sensitive data in transit. For example e-commerce web sites commonly use HTTPS session to encrypt transactions that include credit card data. If attackers intercept the transmissions, they see only ciphertext

Data in processing

refers to data being used by a computer. Because the computer needs to process the data, it is not encrypted while in use. If the data is encrypted, an application will decrypt it and store it in memory while in use. If the application changes the data, it will encrypt it again before saving it.

Data Tokenization

replaces sensitive data elements with a token. The token is a substitute value used in place of sensitive data.

Rights Management

refers to the technologies used to provide copyright protection for copyrighted works.

Geographical considerations

Legal implications between states, countries, and continents that need to be considered before performing or operating in with your company, this applies to offsites ore recovery facilities

Response and recovery controls

Incident response plans should be established early on within a company that include documentation, identification of attacks, and how to contain them

SSL/TLS inspection

Commonly used to examine incoming and outgoing SSL/TLS packets, SSL/TLS relies on trusts mainly so if that's broken nothing works

Hashing

The process of calculating a numeric value from one or more data items. While this value obviously depends on the value of the data items, it need not depend on the meaning attached to them, simply producing a number that is used within the computer.

API considerations

An overarching term referring to practices and products that prevent malicious attacks on, or misuse of, Application Program Interfaces (API).

Site resiliency

The considerations that can be connected to the idea of restoration sites and their availability

Hot site

A separate and fully equipped facility where the company can move immediately after a disaster and resume business

Cold site

A separate facility that does not have any computer equipment, but is a place where employees can move after a disaster

Warm site

A separate facility with computer equipment that requires installation and configuration

Deception and disruption

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Honeypots

false targets for computer criminals to attack

Honeyfile

A file pretending to be legitimate, in order to detect malicious activity.

Honeynet

collection of honeypots connecting several honey pot systems on a subnet

Fake telemetry

Synthetic network traffic that resembles genuine communications, delivered at an appropriate volume to make honeynets and honeypots look real.

DNS sinkhole

Gives out false information in order to prevent the use of the domain names it represents