Security Technologist Building Blocks
0.0 / 5
- Created by: Yana G
- Created on: 14-10-21 12:58
What is a DMZ/Perimeter Network?
A DMZ, or De militarized Zone, is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet
1 of 85
What is the purpose of a DMZ?
The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN). This means that an external attacker only has access to equipment in the DMZ, rather than any other part of the network.
2 of 85
What is an internal firewall?
An internal firewall is a security solution designed to protect a network from attacks that have already gotten past the perimeter.
3 of 85
Benefits of Firewalls
Monitors Network Traffic. All of the benefits of firewall security start with the ability to monitor network traffic.
Stops Virus Attacks.
Prevents Hacking.
Stops Spyware
Stops Virus Attacks.
Prevents Hacking.
Stops Spyware
4 of 85
Limitations of Firewalls
Firewalls cannot protect against what has been authorized.
It cannot stop social engineering attacks or an unauthorized user intentionally using their access for unwanted purposes.
Firewalls cannot fix poor administrative practices
It cannot stop social engineering attacks or an unauthorized user intentionally using their access for unwanted purposes.
Firewalls cannot fix poor administrative practices
5 of 85
What is a Packet Filtering Firewall?
Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
6 of 85
What is a Stateful Firewall?
Stateful firewalls monitor all aspects of the traffic streams, their characteristics and communication channels. These firewalls can integrate encryption or tunnels, identify TCP connection stages, packet state and other key status updates.
7 of 85
What is an Application Gateway Firewall
An application gateway is a program that serves as a firewall proxy. It runs between computers in a network to tighten security. It is responsible for filtering incoming traffic that contains network application data.
8 of 85
What is a Next Generation Firewall? (NGFW)
The main contribution of NGFW lies in the technological advances generated from the deep packet inspection and the visibility of applications, regardless of protocols and ports. Complementary features such as web proxy, virus and malware protection
9 of 85
What is Unified Threat Management? (UTM)
A UTM can be easily identified as a software and hardware asset, or a combination of the two, which centralizes on a single platform some features of stateful filtering, VPN, web proxy, antivirus, IDS/IPS, Deep Packet Inspection (DPI), etc.
10 of 85
What is a Network Address Translation (NAT) Firewall?
A Network Address Translation (NAT) firewall operates on a router to protect private networks. It works by only allowing internet traffic to pass through if a device on the private network requested it. A NAT firewall protects the identity of a network.
11 of 85
What is a Web Application Firewall (WAF)?
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the application
12 of 85
What is a proxy?
A proxy server is any machine that translates traffic between networks or protocols. It's an intermediary server separating end-user clients from the destinations that they browse. Proxy servers act as a firewall and web filter
13 of 85
What is a transparent proxy?
A transparent proxy, also known as an inline proxy, intercepting proxy or forced proxy, is a server that intercepts the connection between an end-user or device and the internet. It is called “transparent” because it does so without modifying requests.
14 of 85
What is a non-transparent proxy?
A 'non-transparent proxy' is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering.
15 of 85
What is web/internet content filtering?
Content filtering is the use of a program to screen and/or exclude access to web pages or email deemed objectionable. Content filtering is used by corporations as part of their firewalls, and also by home computer owners.
16 of 85
What is a reverse proxy server?
A reverse proxy sits in front of a web server and receives all the requests before they reach the origin server. It works similarly to a forward proxy, except in this case it’s the web server using the proxy rather than the user or client. Reverse proxies
17 of 85
What is MTA email security?
MTA-STS is an inbound mail protocol designed to add a layer of encryption/security between sending and receiving mail servers.
18 of 85
What is DNS filtering?
DNS filtering blocks malicious or forbidden websites and applications at the DNS level so that they cannot be loaded on user devices.
19 of 85
What is Data Loss Prevention (DLP)?
Data loss prevention software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.
20 of 85
What Is Endpoint Detection and Response (EDR) and its primary functions?
Monitor and collect activity data from endpoints that could indicate a threat
Analyze this data to identify threat patterns
Automatically respond to identified threats to remove or contain them, and notify security personnel
Analyze this data to identify threat patterns
Automatically respond to identified threats to remove or contain them, and notify security personnel
21 of 85
What is Security information and event management (SIEM)?
SIEM software works by collecting log and event data produced from applications, devices, networks, infrastructure, and systems to draw analysis and provide a holistic view of an organization's information technology (IT)
22 of 85
What is File integrity monitoring (FIM)?
An IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.
23 of 85
What is network traffic monitoring?
Network traffic monitoring, or network flow monitoring, is the process by which a person or program can track what devices are connected to a network, what kinds of data the devices are accessing, and how much bandwidth each device is using.
24 of 85
What are honeypots?
A honeypot is a security mechanism that creates a virtual trap to lure attackers. An intentionally compromised computer system allows attackers to exploit vulnerabilities so you can study them to improve your security policies.
25 of 85
What is Identity and Access Management (IAM)?
IAM is a means of managing a given set of users' digital identities, and the privileges associated with each identity. It is an umbrella term that covers a number of different products that all do this same basic function.
26 of 85
What are Host-based intrusion detection systems (HIDS)
It is an agentless system that scans files on a host for potential malware. It detects and stops potential direct attacks but does not scan for malware. It combines the functionalities of antimalware applications with firewall protection.
27 of 85
What is Whole Disk Encryption (WDE?)
Whole Disk Encryption (WDE) solutions prevent the unauthorized disclosure of data on endpoint computers in the event the device is lost or stolen. It works by encrypting a system's entire hard drive including the operating system and all applications
28 of 85
What is a hardware security module (HSM)?
A hardware security module (HSM) is a physical device that provides extra security for sensitive data. This type of device is used to provision cryptographic keys for critical functions such as encryption, decryption and authentication for the use of apps
29 of 85
What is the Trusted Platform Module (TPM)?
The TPM is a cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities.
30 of 85
What are IDM solutions?
Identity management (IdM), also known as identity and access management (IAM) ensures that authorized people – and only authorized people – have access to the technology resources they need to perform their job functions.
31 of 85
HMG Security Policy Framework
The Security Policy Framework is a set of high-level policies on security, mainly affecting the UK government and its suppliers.
It ensures we can keep and develop the public’s trust that we will handle their information properly
It ensures we can keep and develop the public’s trust that we will handle their information properly
32 of 85
Cyber Essentials certification?
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks.
33 of 85
PCI-DSS?
Sets the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
34 of 85
NIST
The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry.
35 of 85
ISO27001
The goal of ISO 27001 is to provide a framework of standards for how a modern organization should manage their information and data. Risk management is a key part of ISO 27001, ensuring that a company understands where their strengths and weaknesses lie
36 of 85
Financial Conduct Authority (FCA)
The Financial Conduct Authority is a financial regulatory body in the United Kingdom, which operates independently of the UK Government. FCA aims to make markets work well – for individuals, for business, large and small, and for the economy as a whole.
37 of 85
PRA?
The Prudential Regulation Authority (PRA) is the prudential regulator of around 1,500 banks, building societies, credit unions, insurers and major investment firms.
38 of 85
CBEST
CBEST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat
39 of 85
Def Stan 05-138
This defence standard specifies the measures that defence suppliers are required to achieve at each of the 5 levels of cyber risk that a contract can be assessed as carrying.
40 of 85
JSP440
Defence Manual of Security, Resilience and Business Continuity.
41 of 85
JSP604
Defence networks governance. JSP 604 applies to all systems interacting with Ministry of Defence ICT systems.
42 of 85
The Network and Information Systems Directive (NISD)
The EU Security of Networks & Information Systems (NIS) Directive aims to raise levels of cyber security and resilience of key systems across the EU.
43 of 85
Industrial Automation and Control Systems (IACS)
As per IEC 62443, Industrial Automation and Control Systems (IACS) refers to the collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process.
44 of 85
Packet Filtering Firewalls Advantages
Low cost
Low resource usage
Simple to implement
Easily scalable
Low resource usage
Simple to implement
Easily scalable
45 of 85
Packet Filtering Firewalls Disadvantages
Do not support complex rule-based models
Can be vulnerable to spoofing
Can be vulnerable to spoofing
46 of 85
Application Gateways Advantages
Prevent more kinds of attacks than stateful firewalls can
Provides far better content-filtering capabilities than traditional packet-filtering firewalls.
Provides far better content-filtering capabilities than traditional packet-filtering firewalls.
47 of 85
Application Gateways Disadvantages
Each protocol, such as HTTP, SMTP, etc., requires its own proxy application, and support for new network applications and protocols can be limited or slow to emerge
Performance is often an issue because these tools inspect all incoming & outgoing traffic
Performance is often an issue because these tools inspect all incoming & outgoing traffic
48 of 85
Circuit Level Gateways Advantages
Low cost - comparatively inexpensive
Provide anonymity to the private network
Best suited for smaller networks
Provide anonymity to the private network
Best suited for smaller networks
49 of 85
Circuit Level Gateways Disadvantages
Does not filter individual packets
Active content can not be scanned or disallowed commands.
-Can only handle TCP connections – new extensions proposed for UDP
TCP/IP stacks are mandatorily be modified by vendor for using CL Gateways.
Active content can not be scanned or disallowed commands.
-Can only handle TCP connections – new extensions proposed for UDP
TCP/IP stacks are mandatorily be modified by vendor for using CL Gateways.
50 of 85
Stateful Multilayer Inspection Firewall Advantages
Can implement algorithms and complex security models which are protocol specific
Keep a track of all connections established and suspended
Keep a track of all connections established and suspended
51 of 85
Stateful Multilayer Inspection Firewall Disadvantages
Do not filter individual packets
The state tables are subject to Denial of Service (DoS) attacks.
The state tables are subject to Denial of Service (DoS) attacks.
52 of 85
What is a SEG? (Secure Email Gateway)
SEG is a device or software used to monitor emails that are being sent and received. Each provider of email security services will offer different functionality such as:
• Automatically tag suspicious email.
• Trace where emails come from
• Automatically tag suspicious email.
• Trace where emails come from
53 of 85
What are honeypots?
Honeypots are employed with the sole purpose of being targeted by threat actors. Their purpose is to protect legitimate data and systems from sources of threat and can also be assessed to see how they were attacked.
54 of 85
Symmetric Encryption
A single secret cryptographic key
– Encrypt with the key
– Decrypt with the same key
– Encrypt with the key
– Decrypt with the same key
55 of 85
Types of Symmetric Encryption
• Data Encryption Standard (DES)
• Triple Data Encryption Standard (Triple DES)
• Advanced Encryption Standard (AES)
• International Data Encryption Algorithm (IDEA)
• TLS/SSL protocol
• Triple Data Encryption Standard (Triple DES)
• Advanced Encryption Standard (AES)
• International Data Encryption Algorithm (IDEA)
• TLS/SSL protocol
56 of 85
Asymmetric Encryption
• Private key
• Public key
• The private key is the only key that can decrypt data encrypted with the public key
• Public key
• The private key is the only key that can decrypt data encrypted with the public key
57 of 85
Types of symmetric Encryption
• Rivest Shamir Adleman (RSA)
• Digital Signature Standard (DSS), which incorporates the Digital Signature Algorithm (DSA)
• Elliptical Curve Cryptography (ECC)
• Diffie-Hellman exchange method
• TLS/SSL protocol
• Digital Signature Standard (DSS), which incorporates the Digital Signature Algorithm (DSA)
• Elliptical Curve Cryptography (ECC)
• Diffie-Hellman exchange method
• TLS/SSL protocol
58 of 85
File-Level Encryption?
File-Level Encryption (FLE) is an encryption method, which takes place on the file system level, enabling the encryption of data in individual files and directories.
59 of 85
Full-Disk Encryption/Whole Disk Encryption?
Full Disk Encryption (FDE) or whole disk encryption (WDE) protects the entire volume and all files on the drive against unauthorized access.
60 of 85
AAA Framework?
Authentication
Authorisation
Accounting
Authorisation
Accounting
61 of 85
Single Sign-On (SSO)
An SSO service is a unified place for users to sign in to all their cloud services at once. In addition to being more convenient for users, implementing SSO often makes user logins more secure
62 of 85
OAuth?
OAuth is a protocol for passing authorization from one service to another without sharing the actual user credentials, such as a username and password.
63 of 85
Security Assertion Markup Language (SAML)?
Security Assertion Markup Language (SAML) is a protocol for authentication, allowing Bob to get past the initial guardhouse.
64 of 85
OpenID Connect (OIDC)?
- Is a simple identity layer on top of the OAuth 2.0 protocol
- OIDC allows clients to confirm an end user’s identity using authentication by an authorization server.
Logging into Spotify with your Facebook account is a good example of how OpenID could
- OIDC allows clients to confirm an end user’s identity using authentication by an authorization server.
Logging into Spotify with your Facebook account is a good example of how OpenID could
65 of 85
Simple Authentication and Security Layer (SASL)?
SASL provides developers of applications and shared libraries with mechanisms for authentication, data integrity-checking, and encryption. SASL enables the developer to code to a generic API, this approach avoids dependencies on specific mechanisms.
66 of 85
Remote Authentication Dial-in User Service (RADIUS)?
Remote Authentication Dial-in User Service (RADIUS) centralizes authentication for remote connections. It is typically used when an organization has more than one remote access server.
67 of 85
TACACS (Terminal Access Controller Access-Control System)?
Terminal Access Controller Access-Control System (TACACS) was introduced as an alternative to RADIUS.
TACACS+ provides several improvements over RADIUS by separating authentication, authorization, and accounting into separate processes.
TACACS+ provides several improvements over RADIUS by separating authentication, authorization, and accounting into separate processes.
68 of 85
What is Kerberos?
• currently the default authorization technology used by Microsoft Windows.
• implementations of Kerberos exist in Apple OS, FreeBSD, UNIX, and Linux.
• can provide mutual authentication.
• takes advantage of extensive asymmetric encryption
• implementations of Kerberos exist in Apple OS, FreeBSD, UNIX, and Linux.
• can provide mutual authentication.
• takes advantage of extensive asymmetric encryption
69 of 85
What is SSO with Kerberos?
• Authenticate one time – Lots of backend cryptographic ticketing
• No constant username and password input!
• Only works with Kerberos – Not everything is Kerberos-friendly
• There are many other SSO methods – Smart-cards, SAML, etc.
• No constant username and password input!
• Only works with Kerberos – Not everything is Kerberos-friendly
• There are many other SSO methods – Smart-cards, SAML, etc.
70 of 85
Security Association Markup Language (SAML)?
Security Assertion Markup Language (SAML) is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP).
71 of 85
MAC Filtering
MAC address filtering adds an extra layer of protection to gain access on a router. Before letting any device join the network, the router checks the device's MAC address against a list of approved addresses.
72 of 85
IEEE 802.1X ?
Devices attempting to connect to a LAN or WLAN require an authentication mechanism. IEEE 802.1X, an IEEE Standard for Port-Based Network Access Control (PNAC), provides protected authentication for secure network access.
73 of 85
X.400?
X.400 is a suite of protocols defining standards for email messaging systems. X.400 is more complex than SMTP. However, it is familiar to many email server administrators who use Microsoft’s Exchange email server.
74 of 85
X.500?
X.500 is a series of computer networking standards covering electronic Directory Services.
75 of 85
LDAP?
LDAP was at first a simple alternative to X.500’s Directory Access Protocol (DAP). LDAP was used for accessing X.500 directories via the TCP/IP protocol.
76 of 85
Stage 1: Initial Access
The adversary is trying to gain access to your network.
Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network.
Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network.
77 of 85
Stage 2: Execution
The adversary is trying to run malicious code.
Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics
Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics
78 of 85
Stage 3: Persistence
The adversary is trying to maintain their foothold.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access.
79 of 85
Stage 4: Privilege Escalation
The adversary is trying to gain higher-level permissions.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network.
80 of 85
Stage 5: Defence Evasion
The adversary is trying to avoid being detected.
The adversary is trying to avoid being detected.
Defence evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defence evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts
81 of 85
Stage 6: Credential Access
The adversary is trying to steal account names and passwords.
Credential access consists of techniques for stealing credentials like account names and passwords.
Credential access consists of techniques for stealing credentials like account names and passwords.
82 of 85
Stage 7: Discovery
The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network
83 of 85
Stage 8: Lateral Movement
The adversary is trying to move through the environment
Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network
Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network
84 of 85
Stage 9: Collection & Exfiltration
The adversary is trying to gather data of interest to their goal.
Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objective
Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objective
85 of 85
Other cards in this set
Card 2
Front
What is the purpose of a DMZ?
Back
The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN). This means that an external attacker only has access to equipment in the DMZ, rather than any other part of the network.
Card 3
Front
What is an internal firewall?
Back
Card 4
Front
Benefits of Firewalls
Back
Card 5
Front
Limitations of Firewalls
Back
Related discussions on The Student Room
- 5 reasons to study Architecture at Bradford »
- Suggestions »
- Embracing the Benefits of Block Teaching »
- Education 2030 - A Second Year Cyber Security Student's Perspective »
- Feedback about Derby university »
- De Montfort vs Manchester metropolitan »
- Block Teaching at De Montfort University »
- Best mobile phone network for Newcastle? »
- Guaranteed University Managed Accommodation at Winchester - Clearing 2023 »
- Emojis split up on react and showthread 2 (ancient bug) »
Similar ICT resources:
0.0 / 5
0.0 / 5
0.0 / 5
0.0 / 5
3.0 / 5 based on 2 ratings
0.0 / 5
0.0 / 5
0.0 / 5
0.0 / 5
0.0 / 5
Comments
No comments have yet been made