Domain 4: Operational Procedures Flashcards
4 considerations when allowing remote access to a host or network
- Least privilege
- Encryption
- Digital certificate on the server (to mitigate evil twin)
- Server software supporting the connection is safe
What to enter in Remote Desktop Connection to connect to a server
- The server’s IP or FQDN
- Domain\Username or host\Username
True or False: RDP is natively encrypted
True
True or false: RDP client software supports Windows only
False
It is also available in Linux, macOS, iOS, & Android
Screen Sharing
MacOS remote access app based on VNC protocol, which means any VNC client can connect
NLA
Network Level Authentication
Authenticates an RDP client user before configuring a desktop, preventing the ability to create a DoS attack using pending connections
Means of mitigating risk associated with vulnerable user credentials when connecting to a malware-infected server via RDP
RDP Restricted Admin (RDPRA) Mode
&
Remote Credential Guard
RDP port number
TCP 3389
How to run RDP on a Linux host
Use the open-source implementation XRDP
MSRA
Microsoft Remote Assistance
Precursor to Quick Assist that used a dynamically assigned ephemeral port
What is an SSH server’s host key pair used for?
To set up an encrypted channel so that the client can submit authentication credentials securely
2 commonly implemented methods of SSH client authentication
- Password (& username)
- Public key
A key SSH security task
Monitoring for & removing compromised client public keys
RMM
Remote monitoring and management
Tools principally designed for use by MSPs for ensuring every host communicating on it’s client’s network is authorized & is running in a secure configuration.
[It is able to distinguish client accounts & provide support for recording & reporting billable support activity]
EDR
Endpoint detection and response
Software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats
8 common features of desktop management & remote monitoring tools
- Reporting
- Ticket integration
- EDR
- Push deployment of changes
- Network boot
- Firmware updates & OS installs
- Network access control
- Live chat & remote connection to hosts
VNC port number
TCP 5900
Synthetic full backup
Combines all incremental backups with the original full backup to create a new full one
3-2-1 backup rule
3 copies of data (including production copy)
Across 2 media types
With 1 copy held offline & off site
When should you re-test backup recovery procedures?
Whenever there is a change to the backup schedule or requirements
Regulated data
Information that must be collected, processed, & stored in compliance with federal &/or state legislation
True or false: an IP address is considered PII
Both/neither 😈
It is if it’s static, but may not be if it’s dynamic