1.4 Security Controls for Hosts

Description

Given a scenario, select and troubleshoot security controls for hosts.
DJ Perrone
Flashcards by DJ Perrone, updated more than 1 year ago
DJ Perrone
Created by DJ Perrone about 7 years ago
13
1

Resource summary

Question Answer
What is a Trusted OS? - An OS that provides sufficient support for multilevel security. - Meets Government requirements.
What is TCSEC? Trusted Computer System Evaluation Criteria - Issued series of books called "Rainbow Series"
What was the TCSEC replaced by? Common Criteria (CC)
What is EAL and how many levels are there? - Evaluation Assurance Levels - 7 Levels
Which policies should be part of anti-malware training for users? - Keeping anti-malware apps current - Performing daily or weekly scans - Disabling auto-run/auto-play - Disabling image previews in Outlook - Surfing smart - Hardening the browser with zones / filters
What are two locations that DLP could be implemented? - Network DLP - Endpoint DLP
What is Network DLP? - Put at network egress points near perimeter. - Analyzes network traffic
What is Endpoint DLP? Runs on end user workstations.
What two methods does DLP use to determine sensitive data? - Precise method - Imprecise method
What are some auditing guidelines? - Develop a log management plan - Ensure deleting logs reqs TPI - Monitor high-privilege accounts - Ensure you cannot delete logs
If you see an audit event showing a lot of failure audits for logon/logoff, what could be the threat? - Random password hack - Brute force attack.
If you see an audit event showing successful audits for user rights, user and group management along with security changes, what could be the threat? Misuse of privileges
What are some aspects of host hardening? - Remove unnecessary applications - Disable unnecessary services and ports - Control connection to external media - Disable unnecessary accounts - Change default account names and passwords
While using Intel Active Management Technology (AMT) with Intel vPro chip set, what are some tasks you can accomplish with SCCM on Microsoft Server 2012R2? - Power on or off multiple computers - Restart a non-functioning computer from known good boot image. - Re-image computer via PXE - Config scheduled software deployments
Which device is used to protect keys on a disk that's fully encrypted? Trusted Platform Module (TPM)
What are two common uses of TPM chips? - Binding - Sealing
In reference to TPM, what is binding? When the HDD is encrypted and the TPM is stored on the physical box. The HDD can only be decrypted by that box.
In reference to TPM, what is sealing? Confines the encryption to the HDD, allowing the HDD to be moved to another box.
What are the memory types used in a TPM chip? - Endorsement Key (EK) - Storage Root Key (SRK) - Attestation Identity Key (AIK) - Platform Configuration Register (PCR) hash - Storage Keys
In reference to TPM memory, what is an EK? - Endorsement Key - Persistent memory that contains private/public key pair.
In reference to TPM memory, what is an SRK? - Storage Root Key - Secures the keys stored inside of the TPM.
In reference to TPM memory, what is an AIK? - Attestation Identity Key - Memory that ensures the integrity of the EK.
In reference to TPM memory, what is a PCR hash? - Platform Configuration Register - Stores data hashing for the sealing function.
In reference to TPM memory, what is a Storage Key? - Stores the data hashes for the sealing function.
What is a Type I hypervisor? - Native (Bare Metal) - Runs directory on the host hardware to provide virtualization.
What is a Type II hypervisor? - Runs within a conventional OS.
What is container-based virtualization? - Multiple user-space instances. - Also known as operating system virtualization.
What is sandboxing and what is it used for? - Segregation of the virtual environment. - Used to test suspicious files.
How many steps are part of the secure boot procedure? - 3
In reference to secure boot procedure, what is the first step? Firmware verifies all UEFI executable files and the OS loader to verify they are trusted.
In reference to secure boot procedure, what is the second step? Windows Boot Components verifies the signature on each component to be loaded. - Any non-trusted componentes will not be loaded and require remediation.
In reference to secure boot procedure, what is the third step? Signatures on all boot critical drivers are checked as part of secure boot verification in WinLoad and by the Early Launch Antimalware driver.
What is UEFI and what are some advantages? Unified Extensible Firmware Interface - Can boot from disk over 2TB with GPT -CPU independent architecture and drivers - Modular
What is a VM escape? Where the attacker breaks out of the VM and interacts with the hypervisor.
What are 3 models for implementing VDI? - Centralized model - Hosted model - Remote virtual desktops model
In reference to VDI, what is the centralized model? - All desktop instances are stored in a single server. - Requires significant processing power on the server.
In reference to VDI, what is the hosted model? - Desktops are maintained by a service provider. - Eliminates capital cost but introduces operation costs.
In reference to VDI, what is the remote virtual desktop model? - An image is copies to the local machine. - Constant network connection is unnecessary.
What are two models to host applications from a central location? - Server-based application virtualization - Client-based application virtualization
In reference to application virtualization, what is server-based? - Terminal services - Apps run on servers and users receive app environment through remote client protocol. - Microsoft RDP or Citrix ICA. - Microsoft TS or Citrix Presentation Server
In reference to application virtualization, what is client-based? - Application streaming - Target app is packaged and streamed to client PC. Own computing environment. - Microsoft App-V
What is a Virtual TPM (VTPM) Enables trusted computed for an unlimited number of virtual machines on a single hardware platform.
Show full summary Hide full summary

Similar

Heat Treatment of Carbon Steels
Billie Juniper
Obstáculos de paradigmas por lo que las empresas no aplican el TPM
Armando Lázaro Victorino
Weimar Germany 1919: The Spartacists and the constitution
Chris Clayton
GCSE PE - 4
lydia_ward
Physics P1
WrightW
Mobile Application
Santi Sounsri
Plate Tectonics
sarah.lalaz
Unit 1 flashcards
C R
B1.1.1 Diet and Exercise Flash Cards
Tom.Snow
exothermic and endothermic reactions
janey.efen
Head Injury
Safaa Fayiz