More on this book
Community
Kindle Notes & Highlights
gcgapremium.com/501-extras/,
website
The first three control types in the list (technical, administrative, and physical) refer to how the security controls are implemented. The remaining control types refer to the goals of the security control.
If you’re interested in pursuing other security-related certifications or making IT security a career, the SP 800 documents are well worth your time. You can download SP 800-53 Revision 4 and other SP 800 documents at http://csrc.nist.gov/publications/PubsSPs.html.
Log monitoring. Several different logs record details of activity on systems and networks.
Trend analysis. In addition to monitoring logs to detect any single incident, you can also monitor logs to detect trends.
Security audit. Security audits can examine the security posture of an organization.
Video surveillance. A closed-circuit television (CCTV) system can record activity and detect what occurred.
Motion detection. Many alarm systems can detect motion from potential intruders and raise alarms.
IPS. An intrusion prevention system
Deterrent controls attempt to discourage a threat.
Compensating controls are alternative controls used instead of a primary control. As an example, an organization might require employees to use smart cards when authenticating on a system.
Time-based One-Time Password (TOTP)
Virtualization is a popular technology used within large data centers and can also be used on a regular personal computer (PC). It allows you to host one or more virtual systems,
Hypervisor. The software that creates, runs, and manages the VMs is the hypervisor. Several virtualization technologies currently exist, including VMware products, Microsoft Hyper-V products, and Oracle VM VirtualBox.
Host. The physical system hosting the VMs is the host. It requires more resources than a typical system, such as multiple processors, massive amounts of RAM, fast and abundant hard drive space, and one or more fast network cards.
Guest. Operating systems running on the host system are guests or guest machines.
Host elasticity and scalability. Elasticity and scalability refer to the ability to resize computing capacity based on the load.
Application cell virtualization or container virtualization runs services or applications within isolated application cells (or containers).
Remember this Type I hypervisors run directly on bare-metal systems without an operating system. Type II hypervisors are software that run within an operating system. Container virtualization runs within isolated cells or containers and does not have its own kernel.
One of the primary benefits is that VMs can provide segregation, segmentation, and isolation of individual systems.
network interface card (NIC)
A snapshot provides you with a copy of the VM at a moment in time, which you can use as a backup.
Remember this Virtualization allows multiple virtual servers to operate on a single physical server. It provides increased availability with lower operating costs. Additionally, virtualization provides a high level of flexibility when testing security controls, updates, and patches because they can easily be reverted using snapshots.
(VDI) or virtual desktop environment (VDE), a user’s desktop operating system runs as a VM on a server. One benefit of using a VDI/VDE is that user PCs can have limited hardware resources.
VM escape is an attack that allows an attacker to access the host system from within the virtual system.
VM sprawl occurs when an organization has many VMs that aren’t managed properly.
The ipconfig command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system.
This includes items such as the computer’s IP address, subnet mask, default gateway, MAC address, and the address of a Domain Name System (DNS) server.
Remember this Windows systems use ipconfig to view network interfaces. Linux systems use ifconfig, and ifconfig can also manipulate the settings on the network interfaces. You can enable promiscuous mode on a NIC with ifconfig. The ip command is similar to ifconfig and can be used to view and manipulate NIC settings.
The netstat command (short for network statistics) allows you to view statistics for TCP/IP protocols on a system.
The tracert command lists the routers between two systems. In this context, each router is referred to as a hop. Tracert identifies the IP address and sometimes the host name of each hop in addition to the round-trip times (RTTs) for each hop.
Tracing a path is especially valuable when troubleshooting issues through a wide area network (WAN).
Arp is a command-line tool that is related to the Address Resolution Protocol (ARP); however, arp (the command) and ARP (the protocol) are not the same thing.
You can also use arp to identify the MAC address of other systems on your local network.
The three primary security control types are technical (implemented with technology), administrative (using administrative or management methods), and physical (using controls that you can physically touch).
B. Encrypt it before sending.
B. Supporting integrity
D. To support obfuscation
D. Supporting non-repudiation
C. Ensure systems are not susceptible to unauthorized changes.
B. Cable locks
D. Most physical servers within the organization are currently underutilized.
A. Take a snapshot of the VM before deploying the new application.
B. ipconfig
C. VM sprawl
Type I hypervisors
C. Non-persistence
C. Type II hypervisor virtualization
D. netstat
D. ping
