More on this book
Community
Kindle Notes & Highlights
Read between
January 2 - November 9, 2020
vulnerability assessment attempts to discover current vulnerabilities or weaknesses.
Penetration tests. These go a step further than a vulnerability assessment by attempting to exploit vulnerabilities.
administrative controls are also known as operational or management controls.
Awareness and training. The importance of training to reduce risks cannot be overstated.
Configuration and change management. Configuration management often uses baselines to ensure that systems start in a secure, hardened state.
Physical controls are any controls that you can physically touch.
SP 800-53 Revision 4, “Security and
http://csrc.nist.gov/publications/PubsSPs.html.
Hardening. Hardening is the practice of making a system or application more secure than its default configuration.
This includes disabling unnecessary ports and services,
implementing secure protocols, using strong passwords along with a robust password policy, and disabling default and unnecessary accounts.
Change management. Change management ensures that changes don’t result in unintended outages.
Account disablement policy. An account disablement policy ensures that user accounts are disabled when an employee leaves.
Detective controls attempt to detect when vulnerabilities have been exploited,
Log monitoring. Several different logs record details of activity on systems and networks.
Trend analysis. In addition to monitoring logs
to detect any single incident,
Security audit. Security audits can examine the security posture of an organization.
Video surveillance. A closed-circuit television (CCTV) system can record activity and detect what occurred.
Detective controls attempt to detect when vulnerabilities have been exploited.
IPS. An intrusion prevention system (IPS) attempts to detect attacks and then modify the environment to block the attack from continuing.
Compensating controls are alternative controls used instead of a primary control.
Hypervisor. The software that creates, runs, and manages the VMs is the hypervisor.
Host. The physical system hosting the VMs is the host.
Guest. Operating systems running on the host system are guests or guest machines.
Type I. Type I hypervisors run directly on the system hardware. They are often called bare-metal hypervisors because they don’t need to run within an operating system. For example, VMware has a family of ESX/ESXi products that are Type I hypervisors.
Type II. Type II hypervisors run as software within a host operating system. For example, the Microsoft Hyper-V hypervisor runs within a Microsoft operating system.
When implementing virtualization on a PC, you will use Type II hypervisor-based virtualization. However, virtualization in large-scale data centers typically uses Type I virtualization.
Type I hypervisors run directly on bare-metal systems without an operating system.
Type II hypervisors are software that run within an operating system.
VM escape is an attack that allows an attacker to access the host system from within the virtual system.
You will also find some basic commands that you can run through in the online labs at http://gcgapremium.com/501labs/.
Ping is a basic command used to test connectivity for remote systems.
ipconfig /all. This command shows a comprehensive listing of TCP/IP configuration information for each NIC. It includes the media access control (MAC) address,
Normally, a NIC uses non-promiscuous mode and only processes packets addressed directly to its IP address. However, when you put it in promiscuous mode, it processes all packets regardless of the IP address. This allows the protocol analyzer to capture all packets that reach the NIC.
Chapter 1 Exam
Look through this section.
