Beruflich Dokumente
Kultur Dokumente
1)Systems Security
a) Differentiate among various systems security threats
iii) Cell phones: Are risks in that they have built in cameras and the
ability to turn on their audio remotely. Attackers can also eavesdrop
onto cell phone calls or can steal the phone to access your sensitive
information.
iv) Removable storage: The information in question is usually in
reference to information in a network. Any computer in the network
can have access to the information that this makes removable
storage a risk (CDs, DVDs, USBs etc.)
v) Network attached storage: These are the hard drives or hard
drive systems that are attached directly to the network with an IP
address.
iv) Anti-spam: Spam has become one of the main ways to send
viruses and it is important to have anti-spam software on your
computer.
v) Popup blockers: The best defense against adware!
2)Network Infrastructure
a) Differentiate between the different ports & protocols, their
respective threats and mitigation techniques.
i) Vampire taps: This is any tap that tries to gain access by tapping
into the physical wire. Fiber optic cable is the most difficult to tap
but coaxial and twisted pair are easy.
3)Access control
a) Indentify and apply industry best practices for access control
methods
i) Implicit deny: This is when those who are not specifically allowed
into the network are not allowed access.
ii) Least privilege: The user is only allowed the specified privileges
and nothing more (if you need to print you can use the printer and
nothing more)
iii) Separation of duties: This is a principle that prevents any one
person from being able to complete all the functions of a critical or
sensitive process. This is to prevent fraud, theft, and errors.
iv) Job rotation: This rotates each person to the different jobs to learn
the processes and procedures of each. This is to keep a person to
have the only knowledge about a job. This also prevents collusion
(two or more people engaged in a secret activity for the purpose of
fraud). Because of the rotation, one person is not working at the
same activity long enough to effectively commit fraud.
i) ACL: Access control lists are used to specifically identify what traffic
is allowed and what traffic is not allowed. Most ACLs run off of an
implicit deny (if you dont have specific permission you are
denied).Routers use ACLs as a list of rules that define what traffic is
allowed.
ii) Group policies: This allows an administrator to configure a setting
once in the group policy object (GPO) and apply the setting to many
users and every computer in the domain. This can also be done to
specific users and computers in the network (Organization Units
OUs).
iii) Password policy: This is good to make sure that the users have a
secure enough password. The administrator can control password
length, complexity, maximum age, minimum age, password history
(prevent the use of previously used passwords), and store the
passwords using reversible encryption (this is a very weak
encryption).
iv) Domain password policy: This just makes all the users in a
domain follow the password policy.
v) User names and passwords:
vi) Time of day restrictions: This specifies when certain users can
log onto the network.
vii) Account expiration: account expiration can be set to be done
automatically and will not let the user log on after the set
expiration.
viii) Logical Tokens: This is used in a single sign-on environment to
identify a user and a users group membership. Every user and
group is identified with security identifiers (SIDs) and a logical token
contains all the SIDs associated with a user.
5)Cryptography
a) Explain general cryptography concepts
ii) SHA: This is the best type of hashing algorithm and can use many
lengths of hashes. Currently has 3 types (sha0, sha1(160 bits) is
most popular, sha2) they are working on sha3. All are labeled from
shortest to longest.
iii) MD5: Message Digest 5 is used to make a 128 bit hash
iv) LANMAN: Oldest and not used much any more
v) NTLM: Introduced as an improvement over LANMAN. Still not as
good as SHA1.
i) DES: Symmetric key encryption. Very weak and uses a very small
key of only 56 bits.
ii) 3DES: Triple DES uses DES encryption three times with three
different 56 bit keys. This is processor intensive and is very slow.
iii) RSA: Is an asymmetric key encryption key that focuses on the
properties of large prime numbers. Key lengths are 1024 and even
2048 bits long. THOSE ARE HUGE PRIME NUMBERS!!!
iv) PGP: Pretty good privacy is used on many email servers. It uses a
certificates for authentication. While certs are usually validated by a
certificate authority(CA), PGP uses a web-of-trust format to validate
certificates. A user must accept a certificate without the promise of
a third-party validation. It is decentralized and peer-to-peer.
v) Elliptic curve: Uses elegant advanced mathematics to encrypt.
Usually used on small, hand held devices.
vi) AES: Advanced Encryption Standard can use different key lengths
and is considered the strongest and the fastest of the stronger
encryptions.
vii) AES256: Uses bit lengths of 256.
viii) One time pad: This uses an encryption key only once. This is
seen in a physical key fob(an LED display that shows you your key
and that is synced up with the desired server. The display changes
every 60sec or over a desired time).
ix) Transmission encryption (WEP TKIP, etc.): WEP uses RC4
stream cipher encryption, which is actually really strong but WEP
had horrible key management and thus making WEP the worst.
TKIP(temporal key integrity) was implemented with WPA (Wi-fi
protected access) as a replacement for WEP. It still uses RC4 but it
manages it keys with TKIP. Older users and hardware will still
implement this method. Newer hardware will use WPA2. WPA2 uses
AES for instead of RC4 for encryption purposes.
6)
Organizational security
i) Hot site: The most expensive backup site option. The site includes
software, equipment, and communications. It is essentially the
exact same as the original site and it simply not running like the
first one is. It can take over operations in minutes.
ii) Cold site: Very basic utilities and is cheapest but slowest to get up
and running.
iii)Warm site: Somewhere in between the two above options.
iv) Backup generator : Takes over the power when the original
power source goes out. Usually a Uninterruptible power source
(UPS) is used while the generator is started up.
v) Single point of failure: This is a point where if it fails the whole
system becomes inoperable.
vi)RAID: Redundant Array of Independent (or inexpensive) disks is
different type of disk redundancy models. The main ones are RAID0, RAID-1, RAID-5, RAID-10, Raid-0 is actually not used for
redundancy. It is simply used for the system to write and record
information more quickly. It only uses striping (where different
pieces of data are stored on different disks) and all the disks being
used need to be available to have all the data. Raid-1 is a
redundancy model and it uses disk mirroring. One disk is written on
and the other writes down the exact same thing. Raid-5 uses
striping along with data parities. What this means is that disks
stripe the information but also contain a parity(essentially a copy of
the data being striped to the other disk). This method contains at
least 3 disks. Raid-10 is a combination of raid-0 and raid-1.
vii) Spare parts: Spare parts for the machines.
viii) Redundant servers: This is used in failover clusters where one
or more servers are in a cluster formation. At least one server is
active and at least one server is inactive. When the active goes
down the inactive is activated and takes over the load.
ix)Redundant ISP: For a company that needs constant access to the
internet, it is best to have multiple Internet Service Providers just in
case your main server goes down.
x) UPS: Uninterruptible power supply and it is a small amount of
power that keeps the system up for 5-10 min (sometimes longer or
shorter) and this allows the secondary power supply (backup
generator) to start up and begin taking the load.
xi)Redundant connections
i) Planning
ii) Disaster recovery exercises
iii)Backup techniques and practices storage: There are three
types of backups: full, incremental, and differential. A full-backup