The following are examples of security mechanisms designed to preserve confidentiality:
Encryption (in motion and at rest)
The following are the different components of STRIDE:
______________: You must consider if the system or applications require nonrepudiation controls, such as system logs, web access logs, and audit trails. Another consideration is that an application should run with the user’s privileges, not more.
______________: It is very important that you ensure in any application or system that users cannot elevate their privileges. Many organizations develop an authorization matrix to ensure that only authorized users and roles can access privileged functionality.
______________: Sometimes referred to as identify spoofing. Attackers can disguise themselves as someone else. They can also disguise their systems as some other systems. For instance, in many distributed denial-of-service (DDoS) attacks, attackers can spoof the source of the attacks (that is, the IP addresses of the attacking machines or bots) in order to carry out the attack and maintain anonymity. This is why systems should have protection in place against spoofing attacks—and not just for DDoS. In general, users should not be able to become any other users or assume the attributes of other users, period.
______________: You must make sure that a system or application does not disclose information that is not intended. For example, a web application should not store usernames and passwords in its source. Also, user credentials should not be stored in logs or in any other configuration or troubleshooting feature in plain text.
______________: This ties into the discussion earlier in this chapter about integrity. Users must not be able to tamper with data, applications, or systems. In threat modeling, you must understand what threats could allow an attacker to tamper with data, applications, or systems in your organization.
______________: You should evaluate what threats can cause a denial-of-service condition. This is beyond just performance testing and should employ methodologies such as fuzzing (sending random data to an application or protocol).
The following are some of the most common evasion techniques against traditional IDS and IPS devices:
______________: When the attacker evades the IPS box by sending fragmented packets.
Using low-bandwidth attacks: ______________
______________: Using spoofed IP addresses or sources, as well as using intermediary systems such as proxies to evade inspection.
Pattern change evasion: ______________
Encryption: ______________
The following are the most common incident response team structures:
_______________________________
_______________________________
_______________________________
The following are the most common incident response team staffing models:
_______________________________
_______________________________
_______________________________
The VERIS schema is divided into the following five main sections:
________________________________
_______________________________
_______________________________
_______________________________
_______________________________
Table 7-4 PCI Data Security Standard—High-Level Overview
|
Goals |
PCI DSS Requirements |
|
Build and maintain a secure network and systems |
2. Do not use vendor-supplied defaults for system passwords and other security parameters. |
|
3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. |
|
|
Maintain a vulnerability management program |
|
|
7. Restrict access to cardholder data by business need to know. 8. Identify and authenticate access to system components. 9. Restrict physical access to cardholder data. |
|
|
10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. |
|
|
Maintain an information security policy |
While studying for the CCNA Cyber Ops SECFND exam, you learned about the concept of the 5-tuple. As a refresher, the 5-tuple refers to the following five elements:
_________________________
Source port
_________________________
Destination port
_________________________