8.2.3 Mitigation processes

Created by

Dylan Tappenden

Cards (73)

Name 6 ways threats can mitgated against that are in software and hardware?
Air gapping
Access control
Authentication
Firewalls
Access levels
Device hardening
What is air gapping, and what is a good factor of it?
System is seperate from a network, therefore cannot be accessed from outside physical premises

No recurring costs
Air gapping protects against what kind of threats?
External
Anti-virus protects against malware, what are the two main types of detection?
Heuristic and signature
Signature anti-virus does what?
Searches for known signatures in files to find malware
Heuristic anti-virus does what?
Monitors program behaviour to detect malware-like activity
What options do antivirus offer once malware has been detected?
Quarantine
Delete
Ignore
Software should be kept up to date to reduce security issues, however what software is very important to update for security?
Security software
Automatic updates are useful as they reduce risk of human error regarding not updating it
AUtomatic updates may pose a risk as a Advanced Persistent Threat could potentially prevent an update
Manual updating 3 issues?
Longer time to download
Patch release isn't newest
Prevented by incorrect scheduling
Why do some users like to update manually?
To check what the update contains
API certification falls into 3 types?
Private(5/5) - for internal use
Partner(4/5) - for use with others, as safe as it's weakest link
Public(2/5) - available to all users, can be exploited
Access controls is best to mitgate which kind of threat?
Internal
Access controls involve predefining access of employees, what does it require?
Clear documentation and accurate authentication and verification of identity
Good access controls systems have what key feature?
Reports to identify which employees have accessed what
Access control can be implemented in l and physically
Physical access control often involves physical barriers that are opened using tokens unique to the employee
An employees unique token can even be something physical such as a key. However this does provide less info such as reports compared to tokens that can be integrated into smart tech such as RFID which can log who enters
Name 4 unique tokens aside from a key?
RFID badge
Password
Magstripe card
Biometrics
It is good to include other forms of physical security with access control, name 3 other forms? 
Surveillance
Metal detectors
Embedded wires
Digital unique tokens for physical access control can be prevented from working instantly
Device hardening reduces what of a system?
Vulnerabilities
4 ways to harden a device?
Safe mode
Automatic security patches
Software access controls
Disable unused ports
Encryption reduces the impact of data theft, as even once taken it cannot be used until decrypted, therefore reducing the effect of a data breach
What forms of data need to be encrypted the most?
Data in transit
What form of data needs to be encrypted the least in controlled systems?
Data in use
What are the two types of encryption?
Asymmetric
Symmetric
Assymetric encryption is?
Encryption which has a different encryption and decryption key
Asymmetric encryption requires what?
DIfferent encryption from decryption
Encryption is reversible as anything that is encrypted can be decrypted with the correct key
It is implausible that you can unscramble a hash, as the algorithm is intrinsically one-way as multiple hashes can have the same value
Access levels can be physical or logical
3 examples of logical access levels?
Usernames
Password
Verification
Username access controls:
Usernames can be used to give access depending on the associated
Passwords prevent unauthorised access to digital systems
Passphrases are generally made up of multiple words, making them especially difficult to brute force due to it's length
Passphrases can be easier to remember reducing chance to forget
Multi-factor authentication can take many forms such as?
Possession
Location
Knowledge
Biometric
Token authentication uses physical items to verify a users identity