Creado por Lyndsay Badding
hace más de 1 año
|
||
Pregunta | Respuesta |
Packet Filtering Firewall | network and transport layers of OSI inspects packet headers least expensive but also least effective |
Stateless Firewall | inspects packets one at a time does not track sessions |
Stateful Firewall | incoming packets checked against a state table to see if part of a known session if so, allowed through. If not part of known session, regular firewall rules apply |
North-South Traffic | traffic to and from the cloud or data center |
East-West Traffic | traffic internal to a cloud or data center |
Fog Computing | devices on network edge that process data from IoT devices used in cloud computing |
Edge Computing | devices on the edge of a network that pre-process data used in cloud computing |
Port Mirroring | specific application in which all traffic in and out of one port is mirrored to another port for collection and inspection |
Packet Sniffing 8 tools | intercept and log network traffic common tools used: Wireshark, SolarWinds Network Packet Sniffer, ManageEngine NetFlow Analyzer, WinDump, TCPDump, ColaSoft Capsa, Kismet, Telerik Fiddler |
Protocol Analysis/Analyzer | capture network packets and perform a statistical analysis to analyze the sequence of packets captured analyzer works along with a packet sniffer |
Wireshark | packet sniffing and analysis tool deep inspection, live capture and offline analysis, display and capture filters, VoIP analysis, decryption capabilities, output to XML CSV or plain text |
Syslog | Unix systems centralized logging system has own format for displaying info UDP port 514 |
Types of Security Assessments | Vulnerability Assess. Penetration Testing Threat Hunting |
Vulnerability Scanners | used to discover and map network hosts gather info on devices including missing patches, outdated software, misconfigs common tools: OpenVAS, Lynis, Nikto |
OpenVAS | set up different templatized or customized scans for different sets of assets |
Lynis | used in Kali Linux security auditing, compliance testing, pen testing, vulnerability detection, system hardening, system auditing (system binaries, boot loaders, startup services, run level, loaded modules, kernel config, core dumps, etc) |
Nikto | web server scanner identifies vulnerabilities and provides suggestions to close the vulnerability |
Intrusive vs Non-Intrusive Scans | intrusive: attempts to exploit found vulnerabilities non-intrusive: does not go beyond scanning process. less likely to identify vulnerabilities but ideal for live systems |
Authenticated vs Non-Authenticated Scans | authenticated: use privileged credentials to dig deeper into a network non-authenticated: inspect a target system's security from an outside perspective |
Network Monitoring Tools 11 tools | ManageEngine, OpManager, PRTG Network Monitor, Atera, SolarWinds NPM (diagnostic), NinjaRMM, Obkio, Site 24x7 Network Monitoring, Nagios, Zabbix, Datadog |
Pen Test Life Cycle | 1. Persistence 2. Privilege escalation 3. Lateral movement 4. Pivoting 5. Actions on objectives 6. Cleanup |
Threat Intelligence Types | Strategic: used to make strategic business decisions Tactical: info related to TTPs, highly technical info Operational: threats against an org made by a human |
IoC Examples 10 examples | Unusual outbound traffic Anomalies in privileged user activity Geographical irregularities Login red flags Increased database reads increased HTML response time Mismatched traffic Same file requested multiple times Suspicious OS changes DNS request anomalies |
Types of Malware 13 types | VIRUSES - attach to files, need human interaction WORMS - self-propagating, consumes all resources, can carry other types of malware as a payload TROJANS - hides inside seemingly legit software RATS - can create a backdoor, typically initiated though SPAM RANSOMWARE - demands ransom to gain access to the files they encrypted CRYPTO-MALWARE - class of ransomware that demands cryptocurrency ROOTKITS - obtains access to kernel of OS, may reside in firmware BOTS - infected computer under the control of a hacker BOTNETS - network of bots, typically used to send large amounts of SPAM or create a DDoS, controlled with C2 LOGIC BOMBS - activates at a specified time or when a specified action/event takes place SPYWARE - records and sends out data and/or keystrokes, can use screenshots and/or webcam/microphone ADWARE - many ads, but not real websites KEYLOGGERS - records keystrokes |
Types of Viruses 8 types | BOOT SECTOR - moves and replaces MBR MULTIPARTITE - multiple vectors, hybrid virus, eats up memory ARMORED - protection or evasion techniques built-in POLYMORPHIC - changes its code dynamically to evade detection METAMORPHIC - rewrites itself every time it infects a new executable RETROVIRUS - actively defend themselves by shutting down antiviruses when they run a scan MEMORY-RESIDENT OR FILELESS - resides in memory, processes, or inside system calls MACRO - run in apps, not OSs, spreads whenever an infected document is opened or closed |
Prepending | involves adding text to a message (generally the subject line) to make it appear more authentic ex: "RE:" |
Pretexting | attackers story/scenario alluding to specific info, as if they already have it |
Incident Response Steps 6 steps | 1. preparation 2. identification 3. containment 4. eradication 5. recovery 6. lessons learned |
Standards, Procedures, and Guidelines | Standards - will have #s in it Procedures - steps involved Guidelines - recommendations |
Change Management vs Change Control | change management is managing what happens after the implementation change control is submitting a request for approval to make the change (submit to the CAB) |
Geofencing | uses location as an attribute in the access request evaluation device has to be within the geofence to access |
Geotagging | adds geolocation metadata to files or devices ex: tagging the geolocation on a picture |
Time of Day | authorized logon hours for an account |
Colocation | a facility hosting several companies' servers |
Attestation | a statement made by a system can be trusted a hardware root of trust automatically has attestation |
Secure Boot vs Measured Boot | Secure - prevents a boot loader or kernel that has been infected by malware from being used Measured - do not usually prevent a boot but will record the presence of unsigned kernel-level code |
DNS Sinkhole | routes malicious traffic to a honeynet |
¿Quieres crear tus propias Fichas gratiscon GoConqr? Más información.