Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CYB1UofI_FISCH1.5

Defense In Depth

QuestionAnswer
what is defense in depth a method of working toward preventing attacks
what is a common strategy to both military maneuvers and information security defense in depth
what is the basic concept of defense in depth to formulate a multilayered defense that will allow you to still mount a successful resistance should one or more of your defensive measures fail
what are examples of layers you might want to put in place to defend your assets data,, application, host, internal network, external network
what do well implemented defenses at each layer do make it difficult to successfully penetrate your network and attack your assets directly
describe how effective defense in depth is its not perfect, you won't be able to keep every attacker out for an indefinite period no matter how many layers you put in place or how many defensive measures you place in each layer
what is not the goal of defense in depth in an information security setting keep every attacker out for an indefinite period
what is the goal of defense in depth in an information security setting is to place enough defensive measures between your truly important assets and the attack so that you'll notice that an attack is in progress and have enough time to prevent it
what is an example of a delaying tactic used in defense in depth P1 requiring employees to change their passwords every 60 to 90 days
why does changing passwords frequently work as a delaying tactic for defense in depth this makes it harder for an attacker to crack a password in time to still use it
what is an example of a delaying tactic used in defense in depth P2 using stringent password construction rules
how does using stringent password construction rules work as a delaying tactic for defense in depth P1 Consider the password: "mypassword" 10 char long and uses one char set. Using relatively slow off-shelf system, an attacker might take 1+ week to creek this password. With a purpose built password cracking system/botnet an attacker might only take 1+hrs
how does using stringent password construction rules work as a delaying tactic for defense in depth P2 If u use more secure password construction rules & go with password:"MyP@ssword1" which is 10 char long but uses four char sets. Cracking the password would take thousands of years on purpose built hardware & upward of several years 4 a large botnet
what can prevent an attacker from cracking a password in time to use it requiring employees to both change their passwords frequently and create complex passwords
what does the complex password example: "MyP@ssword1" use for a construction scheme uses a classic strong password construction scheme consisting of 8+ characters comprising multiple char sets (upper alpha, lower alpha, numbers and punctuation)
describe the entropy in this password: "MyP@ssword1" some would argue it contains insufficient entropy
what is entropy unpredictability
what is needed for a password to be truly secure sufficient entropy
what can be argued to be a better password than "MyP@ssword1" and why "correcthorsebatterystaple" longer, more entropic and more easily remembered password
what should your primary concern be when creating password construction rules to work as a delaying tactic for defense in depth constructing reasonably secure passwords and changing them at regular intervals
what will vary given the situation and environment you're defending the layers you include in your defense in depth strategy
from a strictly logical (nonphysical) information security perspective what layers would you include in your defense in depth strategy you'd want to look at the external network, network perimeter, internal network, host, application and data layers as areas to place your defenses
how can you add complexity to your defensive model including other vital layers such as physical defenses, policies, or user awareness and training
List some of the defenses (defensive measures) you might use for the layer: External Network DMZ VPN Logging Auditing Penetration Testing Vulnerability Analysis
List some of the defenses (defensive measures) you might use for the layer: Network Perimeter Firewalls Proxy Logging Stateful Packet Inspection Auditing Penetration Testing Vulnerability Analysis
List some of the defenses (defensive measures) you might use for the layer: Internal Network IDS IPS Logging Auditing Penetration Testing Vulnerability Analysis
List some of the defenses (defensive measures) you might use for the layer: Host Authentication Antivirus Firewalls IDS IPS Passwords Hashing Logging Auditing Penetration Testing Vulnerability Analysis
List some of the defenses (defensive measures) you might use for the layer: Application SSO Content Filtering Data Validation Auditing Penetration Testing Vulnerability Analysis
List some of the defenses (defensive measures) you might use for the layer: Data Encryption Access Controls Backups Penetration Testing Vulnerability Analysis
True or False: A defensive measure appears in multiple layers because it applies to more than one area True
what is an example of a defensive measure that appears in multiple layers because it applies to more than one area penetration testing
what is penetration testing a method of finding gaps in your security by using some of the same strategies an attacker would use to break in
when might you want to use penetration testing at every layer of your defense
in the model what can be tied to particular layers specific controls
what are examples of specific controls tied to particular layers firewalls and proxies at the network perimeter
True or False: In the security field, you could argue that some of or all of these controls could exist at layers other than described but its a good general guideline True
Created by: user-1830624
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards