2.2 - Explain logical security concepts

Question 1

Active directory

Answer 1

AD Itself is a domain controller, there are two types of domains, Local accounts and Domain accounts.

It is used to manage users and groups and computer accounts in a windows domain, has different policies like security, password etc.

Users must authenticate on the network to gain access.

Question 2

Where are AD Local Accounts stored?

Answer 2

They are stored in the Local Security Accounts database known as the Security Account Manager (SAM) HKEY_LOCAL_MACHINE

in the Windows registry

Question 3

• Active Directory

Answer 3

Active Directory • (provides the basis of authentication for users and computers.) Centralized management

• Windows Domain Services • Limits and control access

Question 4

AD- Login script

Answer 4

Login script • Map network drives • Update security software signatures • Update application software

Question 5

AD- Domain

Answer 5

Active Directory • Centralized management • Windows Domain Services • Limit and control access

Question 6

AD- Group Policy/Updates

Answer 6

• Group Policy/Updates • Define specific policies • Password complexity • Login restrictions

Question 7

AD- Organizational Units

Answer 7

• Organizational Units
• Structure Active Directory
• Can be based on the company (locations, departments)

Question 8

AD- Home Folder

Answer 8

• Home Folder • Assign a network share as the user’s home • \server1\users\professormesser

Question 9

AD- Folder redirection

Answer 9

• Folder redirection • Instead of a local folder, redirect to the server • Store the Documents folder on \server1 \my documents
• Access files from anywhere

Question 10

• Software tokens

Answer 10

A means for assisting authentication, like Single-Sign On (SSO). When used correctly AND securely, it allows the token to act as the user instead of the user authenticating multiple times.

When abused or taken advantage of, Software Tokens can be used for “replay attacks”

Question 11

• MDM policies for Mobile Device Management (MDM)

Answer 11

• Set policies on apps, data, camera, etc. • Control the remote device
• The entire device or a “partition”
• Manage access control
• Force screen locks and PINs on these single user devices

Used to Manage company-owned and user-owned devices

• BYOD - Bring Your Own Device • Centralized management of the mobile devices • Specialized functionality

Question 12

• Port security

Answer 12

Port security • Prevent unauthorized users from connecting to a switch interface

• Alert or disable the port • Based on the source MAC address
• Even if forwarded from elsewhere • Each port has its own configuration on the switch
• Unique rules for every port

Question 13

• MAC address filtering

Answer 13

Media Access Control - The “hardware” address • Limit access through the physical hardware address

• Keeps the neighbors out • Additional administration with visitors
• It’s Easy to find the MAC addresses on my network through wireless LAN analysis
• MAC addresses can be spoofed • Security through obscurity

Question 14

• Certificates

Answer 14

• IEEE 802.1X • Gain access to the network using a certificate • On-device storage or separate physical device

Certificate-based authentication • Smart card • Private key is on the card • PIV (Personal Identity Verification) card

• US Federal Government smart card • has a photo, and ID Info
• CAC (Common Access Card) • US Department of Defense smart card • has a photo, and ID Info

Question 15

• Antivirus/Anti-malware

Answer 15

• Anti-malware software runs on the computer • Each device manages its own protection, This type of software includes: Routines and signatures to detect and block Trojans Rootkits Ransomware Spyware
• Large organizations need enterprise management • Track updates, push updates, confirm updates, manage engine updates • Mobility adds to the challenge • Updates must be completed on all devices
• This becomes a scaling issue

Question 16

Host-based firewalls

Answer 16

Host-based firewalls • “Personal” firewalls • Software-based • Windows Defender is an example = comes with Windows Operating Systems

• 3rd-party solutions also available • Stops unauthorized network access
• “Statefull” firewall • Blocks traffic by application • Windows Firewall • Filters traffic by port number and application

Question 17

Network-based firewalls

Answer 17

Network-based firewalls • Filters traffic by port number • HTTP is 80, SSH is 22 • Next-generation firewalls can identify the application

• Can encrypt traffic into/out of the network • Protect your traffic between sites
• Can proxy traffic • A common security technique • Most firewalls can be layer 3 devices (routers) • Usually sits on the ingress/egress of the network

Question 18

Strong passwords

Answer 18

Strong passwords • Weak passwords can be difficult to protect against • Interactive brute force • Hashed passwords can be brute forced offline

• Passwords need complexity and constant refresh • Reduce the chance of a brute force
• Reduce the scope if a password is found • Annual password analysis from SplashData

Question 19

• User authentication/strong passwords

Answer 19

User authentication • Identifier • Something unique • In Windows, every account has a Security Identifier (SID)

• Credentials • The information used to authenticate the user • Password, smart card, PIN code, etc.
• Profile • Information stored about the user • Name, contact information, group memberships, etc.

Question 20

• Multifactor authentication

Answer 20

• COMBINES More than one factor • Can be expensive • Separate hardware tokens • Can be inexpensive • May be a Free smartphone applications • OR a Software-based token generator

• Something you are
• Something you have
• Something you know
• Somewhere you are
• Something you do

Question 21

• Directory permissions

Answer 21

• NTFS permissions
• Much more granular than FAT
• Lock down access
• Prevent accidental modification or deletion
• Some information shouldn’t be seen
• User permissions • Everyone IS NOT AN Administrator

• Assign proper rights and permissions • This may be an involved audit

Question 22

• VPN concentrator

Answer 22

Virtual Private Network • Encrypt (private) data traversing a public network • Concentrator • Encryption/decryption access device • Many deployment options • Specialized cryptographic hardware • Software-based options available • Used with client software - Sometimes built into the OS

Question 23

• Data Loss Prevention (DLP)

Answer 23

• Where’s your data? • Social Security numbers, credit card numbers, medical records • Stop the data before the bad guys get it • Data “leakage”
• So many sources, so many destinations • Often requires multiple solutions in different places

Question 24

• Access Control Lists (ACLs)

* Used to allow or deny traffic

Answer 24

• Also used for NAT, QoS, etc. • IS Defined on the ingress or egress of an interface • Often on a router or switch
• Incoming or outgoing • ACLs evaluate on certain criteria • Source IP, Destination IP, • TCP port numbers, UDP port numbers, ICMP
• Deny or permit • What happens when an ACL matches the traffic? • Following the traffic flow

Question 25

• Smart card

Answer 25

Smart cards • Must have physical card to provide digital access • A digital certificate • Multiple factors • Card with PIN or fingerprint

Question 26

• Email filtering

Answer 26

Email filtering • Unsolicited email • Stop it at the gateway before it reaches the user

• On-site or cloud-based • Scan and block malicious software
• Executables, known vulnerabilities • Phishing attempts • Other unwanted content

Question 27

• Trusted/Un-trusted software sources

Answer 27

• Always Consider the source • I not have access to the code • We may not have the time to audit
• Trusted sources = Internal applications • Well-known publishers • Digitally-signed applications •

Un-trusted sources = Applications from third-party sites • Links from an email • Pop-up/drive-by downloads

Question 28

• Principle of least privilege

Answer 28

Least privilege • Rights and permissions should be set to the bare minimum • You only get exactly what’s needed to complete your objective • All user accounts must be limited

• Applications should run with minimal privileges • Don’t allow users to run with administrative privileges
• Limits the scope of malicious behavior

Question 29

What is logical security?

Answer 29

Logical security refers to the idea that any information or data that is created, stored, and transmitted in digital form is secured to the desired level.

This concept applies to many components of the digital world, such as the Internet, cloud-based computing, networks, mobile devices, tablets, laptops, and standard desktop computers.