CompTIA Security+ (SY0-601): Weak Points #3

An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Subject (user or process requesting access)
Type of action (for example “read”, “write”, “execute”)
Resource type (medical record, bank account etc.)
Environment (contextual data, such as time of day or geolocation)

Users are not allowed to change access policies at their own discretion

Labels and clearance levels can only be applied and changed by an administrator

Every resource has a sensitivity label matching a clearance level assigned to a user

Privileged Access Management:

A security solution that provides control over elevated (i.e. administrative type) accounts

Encoded in binary format

.der and .cer file extension

Generally used for Java servers

Encoded in text (ASCII Base64) format

.pem .crt .cer .key file extensions

Generally used for Apache servers or similar configurations

Encoded in binary format

.pfx .p12 file extensions

Generally used for Windows servers

Encoded in text (ASCII Base64 format)

.p7b file extension

Generally used for Windows & Java Tomcat servers

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

Data backups
Configuration management
Awareness programs

Security Guards
System hardening
Separation of duties

Log monitoring
Security audits
CCTV
IDS

IPS
Backups & system recovery
Alternate site
Fire suppression system

Backup power system
Sandboxing
Temporary port blocking
Temporary service disablement

Center for Internet Security:

Configuration guidelines for hardening

Basic procedure for cybersecurity (international standard) - focused on establishing/maintaining info systems

International standard focused on information security controls
(to protect those systems)

Adding privacy to ISMS (privacy extension for ISO 27001)

Focuses on privacy data management

Attempt to create global risk management framework

A family of standards providing principles & guidelines for risk management

System & Organization Controls:
Provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s TSC (Trust Services Criteria)

Provides a snapshot of the organization’s control landscape in a specific point in time

Evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months

Cloud Security Alliance:

A nonprofit organization promoting best security practices related to cloud computing environments

Cloud Security Alliance: Cloud Control Matrix

Designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider

Cloud-specific security controls
Controls are mapped to standards/best practices/regulations

Gives us the outline of what we want & build roadmap to meet needs

Risk Management Framework:
Integrates security/risk management into the system development life cycle

Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor

Cybersecurity Framework:
Standards/best practices to help manage cybersecurity risks

Identify, protect, detect, respond, recover

USB On-the-Go:
Allows USB devices (phones/tablets/etc) to act as a host, allowing other USB devices (flash drives/cameras/mouse/keyboard) to be attached to them.

One is host, one is peripheral

Employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks

The Counter Mode component provides data privacy

The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication

Allows systems to connect to another network without being directly exposed to it

A set of specifications for features of data storage devices that enhance their security

Defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data

Endpoint Detection & Response:

Monitor and collect activity data from endpoints that could indicate a threat

Analyze this data to identify threat patterns

Automatically respond to identified threats to remove or contain them, and notify security personnel

Forensics and analysis tools to research identified threats and search for suspicious activities

Federal Information Security Management Act:
A US federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats.

Requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standards.

The process of harvesting an account's cached credentials when the user logs into a SSO system.
(The cached credentials are in hash form)

Behavioral Detection (AKA: Statistical or Profile-based):
The engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from this baseline (outside a defined level of tolerance) generates an alert

Heuristic Detection:
Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators