Baselining: The process of establishing standards for security of computers in your network is called security baselining. A security baseline will include control over services, permissions on files, Registry permissions, authentication protocols, and more. There will be a security baseline established for each type of computer in your organization. This will include domain controllers, file servers, print servers, application servers, clients, etc.
Deployment Life cycle models:
Fuzz testing or fuzzing: Fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.
Hardening:The Windows Registry is where configuration parameters for the OS and applications are stored. It is not associated with the Root of Trust,as it is not even accessible during the establishment of this trust chain.
Root of Trust: Root of Trust refers to a condition by which the hardware and BIOS work together to ensure the integrity of the BIOS and all subsequent software and firmware loads. Once complete, this forms a Root of Trust that can be attested to via the TPM chip. Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM.
Unified Extensible Firmware Interface (UEFI) A specification that defines the interface between an OS and the hardware firmware. This is a replacement to BIOS.
DLP: Data Loss Prevention (DLP) solutions serve to prevent sensitive data from leaving the network without notice.
HIDS: Host-based intrusion detection systems (HIDSs) act to detect undesired elements in network traffic to and from the host.
HIPS: A host-based intrusion prevention system (HIPS) is a HIDS with additional components to permit it to respond automatically to a threat condition.
Note: Remember that HIDS can only detect malicious activity and send alerts. HIPS, on the other hand, can detect and prevent attacks.
FDE: Self-encrypting drives (SEDs) and full disk encryption (FDE) are methods of implementing cryptographic protection on hard drives and other similar storage media, even if the drive is removed from the machine.
EDR: Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
The primary functions of an EDR security system are to:
1. Monitor and collect activity data from endpoints that could indicate a threat
2. Analyze this data to identify threat patterns
3. Automatically respond to identified threats to remove or contain them, and notify security personnel
4. Forensics and analysis tools to research identified threats and search for suspicious activities
Intel's Field-Programmable Gate Array (FPGA) allows system designers to easily make changes to the code embedded on the chip. Arduino UNO is a micro-controller that runs a single instruction repeatedly. Raspberry Pi is a mini-computer and operating system that runs on embedded components. A Subscriber Identity Module (SIM) holds the activation information on cell phones or smartphones. Wearables and smart devices are not embedded systems.