forked from elmoallistair/google-it-support
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6507899
commit 85fa1e9
Showing
5 changed files
with
249 additions
and
0 deletions.
There are no files selected for viewing
90 changes: 90 additions & 0 deletions
90
...ital dark arts /M5 Defense in Depth/graded-assessments/quiz-defense-in-depth.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| # Defense in Depth | ||
| **Latest Submission Grade: 100%** | ||
|
|
||
| ## Question 1 | ||
|
|
||
| How are attack vectors and attack surfaces related? | ||
|
|
||
| * **An attack surface is the sum of all attack vectors.** | ||
| * They're the same thing. | ||
| * An attack vector is the sum of all attack surfaces. | ||
| * They're not actually related. | ||
|
|
||
| > An attack surface is the sum of all attack vectors in a system or environment. | ||
| ## Question 2 | ||
|
|
||
| What does full-disk encryption protect against? Check all that apply. | ||
|
|
||
| * **Data tampering** | ||
| * Eavesdropping | ||
| * **Data theft** | ||
| * Malware | ||
|
|
||
| > Encrypting the entire disk prevents unauthorized access to the data in case it's lost or stolen. It also protects against malicious tampering of the files contained on the disk. | ||
| ## Question 3 | ||
|
|
||
| What does applying software patches protect against? Check all that apply. | ||
|
|
||
| * **Undiscovered vulnerabilities** | ||
| * **Newly found vulnerabilities** | ||
| * MITM attacks | ||
| * Data tampering | ||
|
|
||
| > Software updates or patches can fix recently discovered vulnerabilities or close ones that you weren't aware of. | ||
| ## Question 4 | ||
|
|
||
| A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access? | ||
|
|
||
| * **An attack vector** | ||
| * A 0-day | ||
| * An attack surface | ||
| * An ACL | ||
|
|
||
| > An attack vector can be used by an attacker to compromise and gain unauthorized access to a system. | ||
| ## Question 5 | ||
|
|
||
| When looking at aggregated logs, you are seeing a large percentage of Windows hosts connecting to an Internet Protocol (IP) address outside the network in a foreign country. Why might this be worth investigating more closely? | ||
|
|
||
| * It can indicate ACLs are not configured correctly. | ||
| * **It can indicate a malware infection.** | ||
| * It can indicate log normalization. | ||
| * It can indicate what software is on the binary whitelist. | ||
|
|
||
| > When looking at aggregated logs, you should pay attention to patterns and correlations between traffic. For example, if you are seeing a large percentage of hosts all connecting to a specific address outside your network, that might be worth investigating more closely, as it could indicate a malware infection. | ||
| ## Question 6 | ||
|
|
||
| Which of these protects against the most common attacks on the internet via a database of signatures, but at the same time actually represents an additional attack surface that attackers can exploit to compromise systems? | ||
|
|
||
| * Security Information and Event Management (SIEM) system | ||
| * **Antivirus software** | ||
| * Binary whitelisting software | ||
| * Full disk encryption (FDE) | ||
|
|
||
| > Antivirus, which is designed to protect systems, actually represents an additional attack surface that attackers can exploit to compromise systems. | ||
| ## Question 7 | ||
|
|
||
| A hacker exploited a bug in the software and triggered unintended behavior which led to the system being compromised by running vulnerable software. Which of these helps to fix these types of vulnerabilities? | ||
|
|
||
| * **Software patch management** | ||
| * Log analysis | ||
| * Application policies | ||
| * Implicit deny | ||
|
|
||
| > Vulnerabilities can be fixed through software patches and updates which correct the bugs that attackers exploit. | ||
| ## Question 8 | ||
|
|
||
| Why is it risky if you wanted to make an exception to the application policy to allow file sharing software? | ||
|
|
||
| * The software could disable full disk encryption (FDE). | ||
| * **The software could be infected with malware.** | ||
| * The software can normalize log data. | ||
| * The software can shrink attack vectors. | ||
|
|
||
| > It is generally a good idea to have a policy to disallow particularly risky classes of software. Things like file sharing software and piracy-related software tend to be closely associated with malware infections. |
23 changes: 23 additions & 0 deletions
23
...e digital dark arts /M5 Defense in Depth/practice-quiz-application-hardening.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Application Hardening | ||
|
|
||
| ## Question 1 | ||
|
|
||
| Why is it important to keep software up-to-date? | ||
|
|
||
| * **To address any security vulnerabilities discovered** | ||
| * To ensure compatibility with other systems | ||
| * It's not important. It's just annoying. | ||
| * To ensure access to the latest features | ||
|
|
||
| > As vulnerabilities are discovered and fixed by the software vendor, applying these updates is super important to protect yourself against attackers. | ||
| ## Question 2 | ||
|
|
||
| What are some types of software that you'd want to have an explicit application policy for? Check all that apply. | ||
|
|
||
| * Software development kits | ||
| * **Video games** | ||
| * **Filesharing software** | ||
| * Word processors | ||
|
|
||
| > Video games and filesharing software typically don't have a use in business (though it does depend on the nature of the business). So, it might make sense to have explicit policies dictating whether or not this type of software is permitted on systems. |
111 changes: 111 additions & 0 deletions
111
...st the digital dark arts /M5 Defense in Depth/practice-quiz-system-hardening.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| # System Hardening | ||
|
|
||
| ## Question 1 | ||
|
|
||
| What is an attack vector? | ||
|
|
||
| * The classification of attack type | ||
| * The direction an attack is going in | ||
| * The severity of the attack | ||
| * **A mechanism by which an attacker can interact with your network or systems** | ||
|
|
||
| > An attack vector can be thought of as any route through which an attacker can interact with your systems and potentially attack them. | ||
| ## Question 2 | ||
|
|
||
| Disabling unnecessary components serves which purposes? Check all that apply. | ||
|
|
||
| * **Reducing the attack surface** | ||
| * Making a system harder to use | ||
| * Increasing performance | ||
| * **Closing attack vectors** | ||
|
|
||
| > Every unnecessary component represents a potential attack vector. The attack surface is the sum of all attack vectors. So, disabling unnecessary components closes attack vectors, thereby reducing the attack surface. | ||
| ## Question 3 | ||
|
|
||
| What's an attack surface? | ||
|
|
||
| * The target or victim of an attack | ||
| * The payload of the attack | ||
| * The total scope of an attack | ||
| * **The combined sum of all attack vectors in a system or network** | ||
|
|
||
| > The attack surface describes all possible ways that an attacker could interact and exploit potential vulnerabilities in the network and connected systems. | ||
| ## Question 4 | ||
|
|
||
| A good defense in depth strategy would involve deploying which firewalls? | ||
|
|
||
| * No firewalls | ||
| * Network-based firewalls only | ||
| * **Both host-based and network-based firewalls** | ||
| * Host-based firewalls only | ||
|
|
||
| > Defense in depth involves multiple layers of overlapping security. So, deploying both host- and network-based firewalls is recommended. | ||
| ## Question 5 | ||
|
|
||
| Using a bastion host allows for which of the following? Select all that apply. | ||
|
|
||
| * Running a wide variety of software securely | ||
| * **Applying more restrictive firewall rules** | ||
| * **Having more detailed monitoring and logging** | ||
| * **Enforcing stricter security measures** | ||
|
|
||
| > Bastion hosts are special-purpose machines that permit restricted access to more sensitive networks or systems. By having one specific purpose, these systems can have strict authentication enforced, more firewall rules locked down, and closer monitoring and logging. | ||
| ## Question 6 | ||
|
|
||
| What benefits does centralized logging provide? Check all that apply. | ||
|
|
||
| * It prevents database theft. | ||
| * It blocks malware infections. | ||
| * **It helps secure logs from tampering or destruction.** | ||
| * **It allows for easier logs analysis.** | ||
|
|
||
| > Centralized logging is really beneficial, since you can harden the log server to resist attempts from attackers trying to delete logs to cover their tracks. Keeping logs in place also makes analysis on aggregated logs easier by providing one place to search, instead of separate disparate log systems. | ||
| ## Question 7 | ||
|
|
||
| What are some of the shortcomings of antivirus software today? Check all that apply. | ||
|
|
||
| * **It can't protect against unknown threats.** | ||
| * It's very expensive. | ||
| * It only detects malware, but doesn't protect against it. | ||
| * It only protects against viruses. | ||
|
|
||
| > Antivirus software operates off a blacklist, blocking known bad entities. This means that brand new, never-before-seen malware won't be blocked. | ||
| ## Question 8 | ||
|
|
||
| How is binary whitelisting a better option than antivirus software? | ||
|
|
||
| * It's cheaper. | ||
| * **It can block unknown or emerging threats.** | ||
| * It's not better. It's actually terrible. | ||
| * It has less performance impact. | ||
|
|
||
| > By blocking everything by default, binary whitelisting can protect you from the unknown threats that exist without you being aware of them. | ||
| ## Question 9 | ||
|
|
||
| What does full-disk encryption protect against? Check all that apply. | ||
|
|
||
| * **Data theft** | ||
| * IP spoofing attacks | ||
| * Malware infections | ||
| * **Tampering with system files** | ||
|
|
||
| > With the contents of the disk encrypted, an attacker wouldn't be able to recover data from the drive in the event of physical theft. An attacker also wouldn't be able to tamper with or replace system files with malicious ones. | ||
| ## Question 10 | ||
|
|
||
| What's the purpose of escrowing a disk encryption key? | ||
|
|
||
| * Providing data integrity | ||
| * Protecting against unauthorized access | ||
| * Preventing data theft | ||
| * **Performing data recovery** | ||
|
|
||
| > Key escrow allows the disk to be unlocked if the primary passphrase is forgotten or unavailable for whatever reason. |
9 changes: 9 additions & 0 deletions
9
...Security - Defense against the digital dark arts /M5 Defense in Depth/readme.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # Defense in Depth | ||
|
|
||
| In the fifth week of this course, we're going to go more in-depth into security defense. We'll cover ways to implement methods for system hardening, application hardening, and determine the policies for OS security. By the end of this module, you'll know why it's important to disable unnecessary components of a system, learn about host-based firewalls, setup anti-malware protection, implement disk encryption, and configure software patch management and application policies. | ||
|
|
||
| ## Key Concepts | ||
|
|
||
| * Implement the appropriate methods for system hardening. | ||
| * Implement the appropriate methods for application hardening. | ||
| * Determine the appropriate policies to use for operating system security. |
16 changes: 16 additions & 0 deletions
16
...urity - Defense against the digital dark arts /M5 Defense in Depth/resources.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # Resources | ||
|
|
||
| * https://github.com/rsyslog/rsyslog | ||
| * https://www.splunk.com/ | ||
| * https://www.ibm.com/security/security-intelligence/qradar | ||
| * https://community.rsa.com/docs/DOC-41639 | ||
| * http://itknowledgeexchange.techtarget.com/security-corner/whats-your-systems-survival-time/ | ||
| * http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html | ||
| * http://lock.cmpxchg8b.com/Sophail.pdf | ||
| * http://www.crn.com/news/security/240148192/bit9-admits-systems-breach-stolen-code-signing-certificates.htm | ||
| * https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview | ||
| * https://support.apple.com/en-us/HT204837 | ||
| * https://wiki.archlinux.org/index.php/dm-crypt | ||
| * https://www.symantec.com/products/encryption | ||
| * http://truecrypt.sourceforge.net/ | ||
| * https://www.veracrypt.fr/en/Home.html |