Vulnerabilities
The term used for an attacker taking advantage of a vulnerability
Exploit
What does system hardening mean?
Reduce the system's attack surface (improve security of a system)
What is the goal of threat modeling?
Identify and mitigate potential threats before they get exploited
Examples of password account policies
Age, Length, History, Complexity
What is one thing that the CVE database provides
-an easy way to share data about product issues
-a common baseline for comparing products
-a source of ways to mitigate the impact of a vulnerability
List of recommended settings put together by the government or industry groups
Benchmarks
What is the first step in threat modeling?
Identify the asset or system you want to protect
Prompt the user for a yes or no whether to complete a action
User Account Control (UAC)
The type of update used to fix a vulnerability
Security update
What is the easiest and most important way to harden your system?
Updates
What does IOT stand for?
Internet of Things
What is Principle of Least Privilege?
Best practice is to provide each user with
the minimum system access needed to perform their necessary tasks.
What does a software vulnerability specifically allow an attacker to do?
Method used to identify all the configuration changes needed to secure a system
Vulnerability assessment tool (vulnerability scan)
Tool used to scan internet for vulnerable devices
Shodan
True or False: Backups are dynamic screenshots of data. An example is a service like Google Drive
False
What does the CVE database stand for?
Common Vulnerabilities and Exposures
How do you harden user authentication?
Multi-factor authentication, strong passwords, lockout policies, etc.
What is the biggest security risk of connected IoT devices?
Used as entry points to a network or botnet members
Having several copies of backups is known as...
Redundancy