Security+ Other Vocabulary

Descripción

CompTIA (Security+ ) Information Technology Fichas sobre Security+ Other Vocabulary, creado por Lyndsay Badding el 25/04/2023.
Lyndsay Badding
Fichas por Lyndsay Badding, actualizado hace más de 1 año
Lyndsay Badding
Creado por Lyndsay Badding hace más de 1 año
4
0

Resumen del Recurso

Pregunta Respuesta
Packet Filtering Firewall network and transport layers of OSI inspects packet headers least expensive but also least effective
Stateless Firewall inspects packets one at a time does not track sessions
Stateful Firewall incoming packets checked against a state table to see if part of a known session if so, allowed through. If not part of known session, regular firewall rules apply
North-South Traffic traffic to and from the cloud or data center
East-West Traffic traffic internal to a cloud or data center
Fog Computing devices on network edge that process data from IoT devices used in cloud computing
Edge Computing devices on the edge of a network that pre-process data used in cloud computing
Port Mirroring specific application in which all traffic in and out of one port is mirrored to another port for collection and inspection
Packet Sniffing 8 tools intercept and log network traffic common tools used: Wireshark, SolarWinds Network Packet Sniffer, ManageEngine NetFlow Analyzer, WinDump, TCPDump, ColaSoft Capsa, Kismet, Telerik Fiddler
Protocol Analysis/Analyzer capture network packets and perform a statistical analysis to analyze the sequence of packets captured analyzer works along with a packet sniffer
Wireshark packet sniffing and analysis tool deep inspection, live capture and offline analysis, display and capture filters, VoIP analysis, decryption capabilities, output to XML CSV or plain text
Syslog Unix systems centralized logging system has own format for displaying info UDP port 514
Types of Security Assessments Vulnerability Assess. Penetration Testing Threat Hunting
Vulnerability Scanners used to discover and map network hosts gather info on devices including missing patches, outdated software, misconfigs common tools: OpenVAS, Lynis, Nikto
OpenVAS set up different templatized or customized scans for different sets of assets
Lynis used in Kali Linux security auditing, compliance testing, pen testing, vulnerability detection, system hardening, system auditing (system binaries, boot loaders, startup services, run level, loaded modules, kernel config, core dumps, etc)
Nikto web server scanner identifies vulnerabilities and provides suggestions to close the vulnerability
Intrusive vs Non-Intrusive Scans intrusive: attempts to exploit found vulnerabilities non-intrusive: does not go beyond scanning process. less likely to identify vulnerabilities but ideal for live systems
Authenticated vs Non-Authenticated Scans authenticated: use privileged credentials to dig deeper into a network non-authenticated: inspect a target system's security from an outside perspective
Network Monitoring Tools 11 tools ManageEngine, OpManager, PRTG Network Monitor, Atera, SolarWinds NPM (diagnostic), NinjaRMM, Obkio, Site 24x7 Network Monitoring, Nagios, Zabbix, Datadog
Pen Test Life Cycle 1. Persistence 2. Privilege escalation 3. Lateral movement 4. Pivoting 5. Actions on objectives 6. Cleanup
Threat Intelligence Types Strategic: used to make strategic business decisions Tactical: info related to TTPs, highly technical info Operational: threats against an org made by a human
IoC Examples 10 examples Unusual outbound traffic Anomalies in privileged user activity Geographical irregularities Login red flags Increased database reads increased HTML response time Mismatched traffic Same file requested multiple times Suspicious OS changes DNS request anomalies
Types of Malware 13 types VIRUSES - attach to files, need human interaction WORMS - self-propagating, consumes all resources, can carry other types of malware as a payload TROJANS - hides inside seemingly legit software RATS - can create a backdoor, typically initiated though SPAM RANSOMWARE - demands ransom to gain access to the files they encrypted CRYPTO-MALWARE - class of ransomware that demands cryptocurrency ROOTKITS - obtains access to kernel of OS, may reside in firmware BOTS - infected computer under the control of a hacker BOTNETS - network of bots, typically used to send large amounts of SPAM or create a DDoS, controlled with C2 LOGIC BOMBS - activates at a specified time or when a specified action/event takes place SPYWARE - records and sends out data and/or keystrokes, can use screenshots and/or webcam/microphone ADWARE - many ads, but not real websites KEYLOGGERS - records keystrokes
Types of Viruses 8 types BOOT SECTOR - moves and replaces MBR MULTIPARTITE - multiple vectors, hybrid virus, eats up memory ARMORED - protection or evasion techniques built-in POLYMORPHIC - changes its code dynamically to evade detection METAMORPHIC - rewrites itself every time it infects a new executable RETROVIRUS - actively defend themselves by shutting down antiviruses when they run a scan MEMORY-RESIDENT OR FILELESS - resides in memory, processes, or inside system calls MACRO - run in apps, not OSs, spreads whenever an infected document is opened or closed
Prepending involves adding text to a message (generally the subject line) to make it appear more authentic ex: "RE:"
Pretexting attackers story/scenario alluding to specific info, as if they already have it
Incident Response Steps 6 steps 1. preparation 2. identification 3. containment 4. eradication 5. recovery 6. lessons learned
Standards, Procedures, and Guidelines Standards - will have #s in it Procedures - steps involved Guidelines - recommendations
Change Management vs Change Control change management is managing what happens after the implementation change control is submitting a request for approval to make the change (submit to the CAB)
Geofencing uses location as an attribute in the access request evaluation device has to be within the geofence to access
Geotagging adds geolocation metadata to files or devices ex: tagging the geolocation on a picture
Time of Day authorized logon hours for an account
Colocation a facility hosting several companies' servers
Attestation a statement made by a system can be trusted a hardware root of trust automatically has attestation
Secure Boot vs Measured Boot Secure - prevents a boot loader or kernel that has been infected by malware from being used Measured - do not usually prevent a boot but will record the presence of unsigned kernel-level code
DNS Sinkhole routes malicious traffic to a honeynet
Mostrar resumen completo Ocultar resumen completo

Similar

CCNA Security 210-260 IINS - Exam 3
Mike M
Application of technology in learning
Jeff Wall
Innovative Uses of Technology
John Marttila
Ch1 - The nature of IT Projects
mauricio5509
The Internet
Gee_0599
CCNA Answers – CCNA Exam
Abdul Demir
SQL Quiz
R M
Professional, Legal, and Ethical Issues in Information Security
mfundo.falteni
System Analysis
R A
Flash Cards Networks
JJ Pro Wrestler
EDUC260- Multimodal Literacies for a Digital Age
angelwoo2002