Security + Practice

Incident management is not a valid term in IT, however change management is

Change management is not a valid term in IT, however incident management is

Incident management and change management are interchangeable terms meaning the same thing

Incident management is for unexpected consequences, change management is for planned work

Disablement

Length

Expiration

Password complexity

First name and home address

Social security number

Date of birth

Full name, date of birth and address

Encryption is preserved in full disk encryption when a file is copied from one media to another

Encryption is preserved in single file encryption when a file is copied from one media to another

Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used

Full disk encryption provides better security when decrypting single files than single file encryption when properly implemented and used

Token

RFID

MAC

PIV

Windows Vista

Windows 7

SE Linux

Backtrack

Conflicts with vulnerability scans impede patch effectiveness

Distributed updates may fail to apply or may not be active until a reboot

Vendor patches are released too frequently consuming excessive network bandwidth

It is resource intensive to test all patches

Grey hat

Malicious insider

White hat

Black box

PII requires public access but must be flagged as confidential

PII data breaches are always the result of negligent staff and punishable by law

PII must be handled properly in order to minimize security breaches and mishandling

PII must be stored in an encrypted fashion and only printed on shared printers

Job rotation

Incident response

Least privilege

On-going security

null password can be changed by all users on a network

a null password is a successful anonymous bind

null passwords can only be changed by the administrator

LDAP passwords are one-way encrypted

Social engineering

Remote access

Vulnerability scan

Trojan horse

encrypted networks and system logging

full disk encryption and central password management

vendor provided software update systems

centrally managed update services and access controls

Undocumented networks might not be protected and can be used to support insider attacks

Documenting a network hinders production because it is time consuming and ties up critical resources

Documented networks provide a visual representation of the network for an attacker to exploit

Undocumented networks ensure the confidentiality and secrecy of the network topology

Privacy screens

Hashing

Man traps

Screen locks

5@rAru99

CarL8241g

j1l!1b5

l@ur0

SSL

USB encryption

Data loss prevention

TPM

The attacker attempts to have the receiving server run a payload using programming commonly found on web servers

The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage

The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information

The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload

Employee productivity in a hot datacenter

Premature failure of components

Decreased number of systems in the datacenter

Increased utility costs

SNMP

IPSec

SSL

TLS

Metasploit

Vulnerability scanner

Steganography

Port scanner

Confidentiality of the data

Key loggers

Theft of the data

Disclosure of the data

Passw0rd

P@ssw0rd

Passwrd

passwordpassword

1024-15000

0-99999

0-65535

0-1024

Bluesnarfing

Smurf attack

Session hijacking

Bluejacking

Session hijacking

Smurf attack

Bluejacking

Bluesnarfing

DNS

SNMP

SMTP

ICMP

Virtualization

Port security

Remote access

DMZ

Identification

Authentication

Authorization

Access

private keys

public keys

root certificates

valid certificates

Adware

Logic bomb

Spyware

Trojan horse

Admitted to a network through NAC

That has been authenticated on the network

Implementing patch management

With enhanced security features

IPX

OCSP

OSPF

CRL

80

137

143

443

Black box

White box

Sandbox

White hat

OSPF

Tunneling

Telnet

IPv6

Vulnerability that is present in already released software but unknown to the software developer

Patched software coding errors

Well known vulnerabilities

New accounts

SSO

SSL

WAP

TLS

Gaining unauthorized access to restricted areas by following another person

Looking over someone's shoulder in order to get information

Manipulating a user into disclosing confidential information

Scanning for unsecured wireless networks while driving in a car

Recovery Time Objective (RTO)

Maximum Tolerable Period of Disruption (MTPOD)

Meantime Between Failures (MTBF)

Meantime To Restore (MTTR)

Data loss prevention

Acceptable use policy

Audit policy

Privacy policy

EMI shielding

HVAC

UART

Faraday cage

User account policy

Clean desk policy

Data labeling policy

Password complexity

TFTP

Telnet

SMTP

SSH

Information classification

Evidence timeline

Data handling chain

Chain of custody

ID

PII

Password

PIN

Trojan horse

Backdoor

Evil twin

Worm

Ethernet

Intranet

Botnet

Subnet

Host-to-host

Payload

Transport

Tunnel

Conduct surveys and rank the results.

Perform routine user permission reviews.

Implement periodic vulnerability scanning.

Disable user accounts that have not been used within the last two weeks.

Hardware security module

Hardened network firewall

Solid state disk drive

Hardened host firewall

RIPEMD.

RC4.

SHA-512.

MD4.

It mitigates buffer overflow attacks.

It makes the code more readable.

It provides an application configuration baseline.

It meets gray box testing standards.

TACACS+

L2TP

LDAP

TPM

Firewall

Application

IDS

Security

Registration

CA

CRL

Recovery agent

Smartcard

Token

Discretionary access control

Mandatory access control

Firewall

Switch

Load balancer

Proxy

Fuzzing

XSRF

Hardening

Input validation

Cognitive password

Password sniffing

Brute force

Social engineering

Password history

Password logging

Password cracker

Password hashing

EFS

TrueCrypt

TPM

SLE

Eliminating cross-site scripting vulnerabilities

Installing an IDS to monitor network traffic

Validating user input in web applications

Placing a firewall between the Internet and database servers

Mime-encoding

SSL

FTP

Anonymous email accounts

Signs and verifies all infrastructure messages

Issues and signs all private keys

Publishes key escrow lists to CRLs

Issues and signs all root certificates

Malicious code on the local system

Shoulder surfing

Brute force certificate cracking

Distributed dictionary attacks

More experienced employees from less experienced employees

Changes to program code and the ability to deploy to production

Upper level management users from standard development employees

The network access layer from the application access layer

The request needs to be sent to the incident management team.

The request needs to be approved through the incident management process.

The request needs to be approved through the change management process.

The request needs to be sent to the change management team.