CANES Flashcards
Directive that Defines measures that protect information and information systems
Ensures Availability, Integrity, Authentication, Confidentiality, non-repudiation
Includes measures to provide restoration of information
Protection, Detection, Reaction
Successful protection of assets requires:
Compliance
Understanding Vulnerabilities
Cybersecurity DoD 8500.01 Directive
To WSUS patch administration steps
Login to CM01
From the Windows Start Menu open Windows Administrative Tools
Windows Server Update Services
How to Modify Times for Automated synchronization in Windows Server Update Services (WSUS)
In the left pane of the WSUS management console, expand CM01, and select Options > Synchronization Schedule
Add WSUS email notifications
In the left pane of the WSUS management console, expand the node labeled with the computer name and select Options. All available options appear in the center pane.
Select e-mail notifications
Add user to the WSUS Domain Administrators Group
Windows Administrative Tools > Computer Management
System tools > Local Users and Groups > Groups
Set the WSUS Server to Autonomous Mode
From WSUS, expand the node, Options, Update Source and Proxy Server, Update Source, Synchronize from another Windows Server Update Services Server radio button.
Ensure This server is a replica of the upstream server checkbox is NOT selected and click OK
How to filter WSUS Update Reporting Views
Expand Updates node > All Updates > Actions > New Update View > Select Properties
View appears in the tree view pane under Updates, it displays like the standard views, in the center pane when selected
What server to access WSUS from
CM01
Log in to Exchange Admin Center
From MRDS01 desktop, double-click the Exchange Administrative Center (EAC) icon
Set up email forwarding
From EAC > Set up an email contact > Recipients > mailboxes > Select user > edit > mailbox features > Mail flow View details > Enable forwarding
EAC
Exchange Administrative Center
Set up an email contact
From EAC, select recipients in the left pane and select contacts from the top menu. Click the Add (+) icon, select Mail contact
First Name, Last Name, Display Name, Name, Alias, External email address (address to forward to)
Log in to Exchange Toolbox and use Queue Viewer
Remote IAEXET > Windows Star Menu > Microsoft Exchange Server 2016 > Exchange Toolbox > Queue Viewer
What does Suspend in Queue Viewer do?
Prevents the email from leaving
River City
OP SEC CON
4 everyone access
3 Chiefs
2 DH
1 Triad
HBSS
Host Based Security System: Provides tools to prevent, detect track, report, and remediate malicious computer-related activities and incidents across all Department of Defense (DoD) networks
McAfee Agent and Modules
McAfee Agent
McAfee Host Intrusion Prevention System (HIPS)
McAfee Rogue System Detection
McAfee Policy Auditor
McAfee Asset Baseline Module
McAfee VirusScan Enterprise (VSE)
Is available only in extreme cases; can be initiated by the shipboard admin and will disable HIPS on entire network
SADR “Killswitch”
SADR
Super Agent Distributed Repository (SADR) HBSS Configuration
CANES security uses SADR HBSS configuration on unclassified and SECRET networks. HBSS on the Secret Releasable (SR) and Sensitive Compartmented Information (SCI) networks
SADR Servers
UNCLAS and SECRET enclaves each have two CANES SADR Servers (SADR01 and SADR02) that connect to the HBSS ePO Ashore server
Provide load balancing and fault tolerance
All CANES HBSS policies on UNCLAS and SECRET networks located on the Ashore HBSS Server
Access to Ashore HBSS Server via web interface
Circumstances required to use killswitch:
No access to Shore HBSS server - No way to modify
HIPS interfering with functionality of a system or programs on a system that has official mission requirements
Several systems need to have HIPS disabled, and individually unlocking the HIPS Client User Interface (UI) is not feasible
Shipboard admins are provided HIPS Client UI password to unlock individual computers for troubleshooting
VRAM
Vulnerability Remediation Asset Manager (VRAM)
Stores Assured Compliance Assessment Solution (ACAS) scans for:
Nonsecure Internet Protocol Router Network (NIPRNET)/UNCLAS
SECRET Internet Protocol Router Network (SIPRNET)/SECRET
ACAS personnel ensure assets (scanned IPs) are properly categorized
Which VM supports the synchronization of Microsoft Outlook with a PDA?
(Personal Device Assistant) BES/BUEM
Which Linux command is used to report the amount of disk space that files or directories occupy?
du
For which two enclaves can ACAS be configured to automatically send reports to VRAM?
UNCLASS and SECRET
Which DoD document identifies cybersecurity work in Special Area categories?
8140.01
PMS
Planned Maintenance System
FBR
Feedback Report
OPANAVIST PMS
4790.4
TFBR for discrepancies
CAT B
CANES have two types of user
Admin and non-admin
When forest-level enterprise access is needed
Enterprise Administrator
sa da na wa admin role email nomenclature
adminrole.first.last@FQDN
Service accounts
allows one application to access another, mainly system management applications
xxx.internals should be
Stored safely
Security technology that enables delegated administration for anything that can be managed with PowerShell.
Just Enough Administration (JEA)
Security principle and technology aimed at minimizing the risk associated with privileged access.
Just In time-Administration (JITA)
Tier 0, 1, and 2 administrators
0 Domain/enterprise 1 Server 2 Workstaton
Juno Techonologies
Scripts, for example to create an account
Canes account creation script server location
MCA01
Password complexity enforced by what server
Active Directory
Chapter for proper shutdown
Chapter 4, IETM
MECM
Microsoft Endpoint Configuration Manager
What type of hypervisor is run by ESXi
type 1 or bare metal
DCUI
Lowest level interface to ESXi
DISA Services
Cybersecurity, Network Connetions, Testing, Spectrum
C5ISR
Navy Command, Control, Communications, Computers, Combat Systems, Intelligense,, surveillance, and Reconnaissance
Primary Technical framework supporting Network Centric Operations (NCO)
Global Information Grid (GIG)
Services by DISA
Quality Assurance Enterprise Engineering
Provides end-to-end connectivity throughout the submarine
SubLAN
Provides Secret and Unclassified Local Area Networks within the ship and allows aess to DISN
ISNS
Provides sharing of information with different groups of nations at the SECRET level and below.
SR Network
Allows ships at sea protected and reliable access to special intelligence and SCI data
SCI Network
Transport link between NCTANPS PAC; NCTS San diego ; NCTAMS LANT; NCTS Naples, Italy and NCTS Bahrain?
Circuit-to-Packet (CTP)
Low probability for intercept and high chance of surviving a nuclear blast?
EHF
Provides a transit path off the ship for onvoard secure voice, data, and video?
Automated Digital Network System (ADNS)
Which system is a set of meteorology and oceanography forecast, database, and decision aid tools for weather forecasting?
Naval Integrated Tactical Environment Subsystem (NITES)
Which system supports the use of vending machines aboard ships?
Navy Cash
Provide supor for all NAVY C5ISR services
The NCTAMSs and NCTSs
Afloat and ashore networks provide connectivity
within a ship, ship-to ship , and ship-to-shore
Allow information to travel to and from a ship via the ADNS.
RF transports
How to swap EXSi hosts
In maintenance mode
Wording in the application for turning off
Power off = corrupt Shut down = gracefully
Redundant array of independent disks used by CANES
CANES 5
Device backup displayed by
SCOM
AAA
This stands for Authentication, Authorization, and Accounting. It’s a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These processes are important for network management and security:
Authentication verifies who a user is.
Authorization determines what a user is allowed to do.
Accounting keeps track of what the user does.
What systems are used to login with a CAC to a network device?
AAA RADIUS
Manages access to networks and networked resources efficiently and securely.
AAA RADIUS
RADIUS
(Remote Authentication Dial-In User Service) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.
Service allows files to be sent from one host/node to another while maintaining data integrity
File transfer
Which enclave is designed to interoperate with coalition partners such as NATO
SR Network
Which wevsite for C4I systems provides a single point of customer service
Navy 311
A scalable method of managed network devices to synchronize to an accurate time source is provided by
NTP
CANES Routers and switches LAN Design
CANES Two-Tier: -Collapsed Core/ Distribution -Access
In a switch, blinking amber vs solid amber
Blinking amber: fault with network module, power supply or fan module. Solid amber: Configuration Error
ISE
Identity Service Engine
A CANES client successful connection requires:
-Device registered as CANES asset, indicated by being member of Active Directory domain - Cisco Network Admissions Control (NAC) Agent loadeed and enabled - Device MAC address added to the ISE Endpoint Management Identity Group
Three types of Router
-Cisco Integrated Service Router (ISR) - Cisco Integrated Services Digital Network (ISDN) Gateway - Cisco Adaptive Security Appliance (ASA)
Cisco ISDN Gateway
-Provides CANES with HD video conferencing capabilities - Inegrates between IP and ISDN networks - Specific to VTC service
The Cisco Switch contains two sets of IOS images for every feature and version
One set contains only the IOS image file extension .bin; The other set contains an IOS image plus a web-based device manager extension .tar
Each privileged account will need a separate
SAAR-N form completed and submitted.
What type of script is “CANES Create User”
Juno Technologies
What tabs are required to create a user
General and Organization (+Exchange)
Give the user access to all tabs in the Exchange Management Center and all drop-down menu options for Exchange Databases in the Create User tool
Add account to the Organization Management and Recipient Management Directory Groups by editing member of in Active Directory
Before running Vmware Tools
check the service is running
From where to run Vmware Tools
MRDS01
cd in command line to get to Vmware Tools
cd \Program Files\Vmware\Vmware Tools
Command from cd \Program Files\Vmware\Vmware Tools
VmwareToolboxCmd.exe stat
Commands available in VMwareToolbox.Cmd.exe stat
hosttime speed ballon swap memlimit memres cpures cpulimit
hosttime
date and tine of host
speed [command]
displays the CPU speed in MHz
ballon
memory reclaim from the virtual machine
some actions possible from vcsa html 5 suit
VM startup shutdown Snapshots
How to place EXSi in maintenance mode for swapping
From left panel right-click the esx and the workstation icon will get yellow strips once it’s completed. Check “More Tasks”
Application to configure Switch
Putty name follow structure: U-BB-RTR-102
Initial commands in PuTTy to configure switch
adm.network password enable password config t
To display the most current backup file
show flash: | include backup
To overwrite the current startup-config file with the backup configuration file
copy backupfile.bak startup-config
After copy backupfile.bak startup-config confirm the destination filename:
startup-config // x bytes will be copied, proceed with // reload
Can provide time via triangulation
GPS
Statrum level 1 time servers provide time for CANES network Connect to one of four
GPS IRIG-B PPS 10 MHZ
For 3 dimentional position how many satellites do you need
4
Provides email, contact, and calendar synchronization for handgeld Commercial Mobile Devices
BlackBerry Unified Endpoint Manager (BUEM) 12.10 MR1
What services to check when handheld devices are not working
Verify BES/BUEM services
A Proxy works as a
funnel for all ips and web traffic
CANES employs the following proxy server:
Cisco Web Security Appliance Virtual (WSAV) proxy
Supports regular checking of percentage of decrypted traffic to ensure sizing in consistent with initial install
WSAV logs (Advanced Web Security Reporting log management) Another method of checking decrypted traffic regularly is via simple bash or PowerShell commands
Determines whether CANES users are accessing the network on an authorized, policy-compliant device
Identity Service Engine (ISE)
Assigns services based on the user role, group, and associated policy.
Identity Service Engine (ISE)
Provides Remote Authentication Dial-In User Service (RADIUS) services to the network
Identity Service Engine (ISE)
System Administrators can use Active Directory usernames and passwords to log in to _____ while being authenticated by Active Directory via the RADIUS server
Identity Service Engine (ISE)
Standatd defining how to provide authentication for devices that connect with other devices on Local Area Networks (LANs)
IEEE 802.1X
Used to authenticate non-IEEE 802.1X devices such as network printer, workstations, and Cisco IP phones
MAC Authentication Bypass for Bypassing IEEE 802.1X
Learns an endpoint’s MAC address from the switch of the connecting device or an administrator can prepopulate the ISE server’s MAB database before the device is connected
MAC Authentication Bypass for Bypassing IEEE 802.1X
EXEC mode is denoted by
The pound sign (#) at the end of the prompt in EXEC mode indicates that the user has entered Privileged EXEC mode, also known as Enable mode. This contrasts with User EXEC mode, which is indicated by a greater-than sign (>) and allows access to a more limited set of commands.
In the context of network equipment such as Cisco routers and switches, EXEC mode refers to
the command-line interface environment where users can execute privileged commands.
Synchronize the timeserver in RHEL
Remote into YUM. Use “sudo chronyc -a sources”
Fron DC01 ping the hostname. For the Timeserver by typing
w32tm /query /status
Log on to Cisco Prime Infrastructure
From MRDS01 https://pi.
