Question 1
Question
Can you really prepare for zero-day vulnerabilities?
Answer
I think so, by having in place an Information Security Management System (ISMS) in which the organization’s information assets have been reliably identified and the relevant security controls for such incidents have been implemented. Remember that, at all times, we must address the mitigation of vulnerabilities of this type of incident.
It’s very hard to to prevent for zero-day vulnerabilities but preparing to reduce the attack surface might lead you readiness to zero-day vulnerabilities. If is not discover, does not mean it is not vulnerable. However, we can use threat hunting to proactively improve security defenses.
Yes, you prepare for anything by knowing everything. If you know what components are required by your architecture, and if your architecture is properly designed, you can turn off minimal functions while waiting for the permanent fix.
I don’t think you really can but that’s one of the things I look to the newsletters for! I keep things as patched as I can and work to keep unused ports inaccessible but what do you do if a software flaw uses a commonly used port? I think you can only try and minimize what risks you can and monitor news of patches. I try to keep our products as patched as possible.
Question 2
Question
How can system administrators reduce the risk of an attack? What is the best way for them to support the cybersecurity team?
Answer
System administrators can help the cybersecurity team applying the hardening guidelines that we have provided to them and correctly configure any device in order to not generate error events that can mess-up our incident detection system (other than reduce the possible attack surface). The system administrators must follow our patch procedure applying and checking all the patches provided by vendors.
Tighten your current security system. Your system and all the software your organization uses offer guidelines for maximizing security controls that you should follow. Some are as simple as turning off unnecessary services or using the lowest privileges settings. Use patches. All it takes is a tiny hole in your system for hackers to poke their way in.
It’s critical to run regular scans of your security system and all software to keep them updated with patches. Protect outbound data. Just as you protect your system from incoming malware and bots with a firewall, you need to make sure certain data never leaves your system. It’s important to focus on egress filtering to prevent rogue employees or employees making honest mistakes from releasing sensitive data or malicious software from your network.
What can a systems administrator do to protect against them? Defending systems against unauthorized access. Performing vulnerability and penetration tests. Monitoring traffic for suspicious activity. Configuring and supporting security tools like firewalls, antivirus, and IDS/IPS software.
For reducing the risk, a Sys Admin can also assess and manage risks, establish extensive cyber security policies, set strict password management rules, secure access to critical systems, separate duties, secure hardware & deploy reliable monitoring solution. However, the best way depends on a case-to-case basis.
System administrator can help cyber security team by working as team during pre/post deployment. I believe the new concept of purple teaming whereby each department sit down together as one to discuss, elaborate, and share experience regarding the impact of having infrastructure without cybersecurity in their mind – not to blame them because they were not cybersecurity aware!
Question 3
Question
Is machine learning a truly applicable solution to modern cybersecurity issues?
Answer
Not sure. The term ‘machine learning’ covers many activities. It may detect anomalous activity, but it most likely will not detect heuristic anomalies well. It could be a valuable tool, but only when used alongside capable system administrators and well-trained and well-motivated colleagues.
Yes, but within a specific context. The data gathering and data combing (i.e., search through logs for exceptions and anomalies) is best done by a machine that doesn’t get tired. However, that means the organization must first define what parameters must be watched, and what decisions are to be supported. Buying an appliance with ML included doesn’t accomplish what the organization has to do for itself in advance of buying the technology.
I think it definitely will be as time goes on. Machine learning can run 24/7 and after it truly nails down the patterns of attack can be set to hunt for and install patches and run playbook-like protection measures. It would need the guidance of cybersecurity professionals but would make a great asset.
Question 4
Question
When you use vulnerability scan tools, how do you deal with false positive or false negative findings?
Answer
We are currently levering manual check or chain the findings to different scanner for cross validation. In the future, we can consider feigned the false positive or false negative findings to machine learning models to filter out low risk ones and reduce the load of manual checking or different scanner cross validation.
In my experience, that will depend on the maturity level of the organization. The more training you have, the easier it is to identify false positives. It requires the team to be constantly learning and as much as possible with access to state-of-the-art tools for this purpose.
The business data was covered by another device, and this was attacked (an OpenBSD server) with no success, it was a just a proxy. However, since that day everything is logged and if an anomaly is found is considered a possible attack.
My answer is surely incomplete, however, we are a small team, since is a local consultant group, but I am trying to step up my game since there is little to no interest on my state (Mexico) to do something to keep data safe, passwords hashed, software updated, etc.
Question 5
Question
Which of the following best describes a container?
A. An OS used on software to imitate hardware
B. The center of a computer’s OS
C. A software package that contains applications for deployment across environments
D. A system software that controls system communication
Answer
C. A software package that contains applications for deployment across environments
Explanation
Containers are essentially a way to virtualize a machine’s resources. They contain all the necessary parts to run software and reduce deployment resources needed.
Question 6
Question
True or false: Containers are VMs.
A. True
B. False
Answer
B. False
Explanation
A common misconception about containers is that they are just lightweight VMs. While containers and VMs both offer ways to provision and use computer resources — such as I/O, processors and memory — they differ in many ways. VMs are OSes installed on a machine to mimic the requisite hardware. Each VM contains its own designated OS that works in isolation from other VMs on the same system. In contrast, containers have only one OS for the entire system. Consequently, VMs are often more secure than containers because of that resource and data isolation, whereas a compromised container can risk the entire ecosystem.
Question 7
Question
Which of the following is not a type of container image?
A. Application image
B. Top image
C. Base image
D. Intermediate image
Answer
B. Top image
Explanation
The three most common container images include base images as the first layer on top of the OS; intermediate images that provide available languages for runtimes; and application images that make up a database of ready-to-use information stored within the container. This layered image system enables containers to maintain, share and reuse all components and deploy isolated processes.
Question 8
Question
Where are container images stored?
A. A node
B. A repository
C. A unit
D. A data center
Answer
B. A repository
Explanation
Instead of creating code files for every deployment, containers store images in repositories that can be extracted for use when needed.
Question 9
Question
True or false: A container repository and a container registry are the same thing.
A. True
B. False
Answer
B. False
Explanation
While it can be easy to confuse the two, they are different: A container repository stores collections of container images for setup and deployment, whereas a registry is a collection of repositories that store container images. Container registries can store multiple repositories, in addition to API paths and access control rules.
Question 10
Question
What are the primary components of an operational container ecosystem?
A. Files
B. Environment variables
C. Dependencies
D. Libraries
E. All of the above
Answer
E. All of the above
Explanation
Files, environment variables, dependencies and libraries are all necessary to run a container. Within these components, hosting, connectivity, orchestration and work distribution are the main elements necessary to create an ecosystem for smooth development and deployments. Each component helps standardize a container and create consistency throughout its lifecycle.
