Logical Security( Comptia Objective 2.2)

Question 1

What is commonly used in the work environment to provide a centralized management of Windows Domain Services and provide a way to manage groups of users on the network?

Answer 1

• Active Directory
• Centralized Management( Windows Domain Services Limit and control access)
• Login scripts, map network drives, update security software signatures and update application software.-
• Provides Group policy/Updates and define specific policies depending on the user who is login. Also may restrict access depending on the time of day.
• Demands password complexity and provides login restrictions.

Question 2

How are active directories commonly laid out?

Answer 2

• Commonly organized into Organizational units
• Structure Active Directory.
• Can be based on the company( Locations, departments etc)
• Usually a user will have what’s called a Home Folder. Which allows them to assign a network share as the user’s home folder e.g. \server1\users\jackblack where the user can store all of their files into one place.
• To help prevent a user storing files on a systems local folder often active directory will have built in Folder redirection so that instead of using a local folder they get redirected to the server instead.
• E.G. Store documents folder on \server1 and then it doesn’t matter which computer the user logs into they will have access to their saved files on the server.

Question 3

What is commonly used to centrally manage mobile devices and their security?

Answer 3

• Mobile Device Management( MDM)
• Manage company owned and user owned mobile devices( BYOD. Bring Your Own Device)
• Centralized management of mobile devices. Specialized functionality.
• Provides a way to set policies for apps, data, camera etc.( Control the device remotely)
• The entire device or a “partition”.
• Can also provide a way to Manage access control( Force screen locks and PIN’s on these single user devices)

Question 4

What is Port Security and what is it used for?

Answer 4

• Prevent unauthorized users from connecting to a switch interface. ( Alert or disable the port)
• Based on the source MAC address Even if forwarded from elsewhere.
• Each port has it’s own config. Unique rules for every interface.

Question 5

What would be an example of Port Security?

Answer 5

• You would configure a maximum number of source MAC addresses on an interface.
• You decide how many is too many.
• You can also configure specific MAC addresses.
• The switch monitors the number of unique MAC addresses. Maintains a list of every source MAC address.
• Once you exceed the maximum, port security activates. Default is to disable the interface.

Question 6

When it comes to MAC Filtering what is one concern in the work environment when it comes to administration?

Answer 6

• Have to find a way to allow visitors access to the network as the MAC filtering will prevent them having access to the network by default.

Question 7

What is a security concern with MAC Filtering?

Answer 7

• MAC addresses can be easily spoofed with a WIFI analyzer. ( Spoofing)
• Security through obscurity( Not really secure at all)

Question 8

What are smart cards? -

Answer 8

• A physical card that provides digital access to a laptop or other device and is inserted into the device itself.( This is a digital certificate)
• Usually used in conjunction with other security factors/ methods such as PIN or fingerprint.

Question 9

What are some examples of Certificate-based authentication?

Answer 9

• Smart Card( Private key is on the card)
• PIV (Personal Identity Verification) card commonly used by the US Federal Government is also a type of smart card that has your picture and identification information on it
• CAC( Common Access Card) commonly used by the US Department of Defense. Also a type of smart card and includes photo ID and personal information.
• IEEE standard 802.1X allows you to gain access to the network using a certificate.
  On device storage or separate physical device.

Question 10

When it comes to Anti-virus and anti-malware what are some things you must take into consideration particularly in the office environment

Answer 10

• Updates need to be completed on all devices( This becomes a scaling issue)
• Large organizations need enterprise management in order to track updates, push updates, confirm updates and manage engine updates.
• Mobility adds to the challenge. ( Needs additional management)

Question 11

What are Host-based firewalls?

Answer 11

• “Personal” firewalls( Software based)
• Included in many operating systems including Windows and Linux.( 3rd party solutions also available)
• Stops unauthorized network access “stateful” firewall. Blocks traffic by application
• Examples of this would be Windows Defender Firewall that blocks traffic based upon port number and application.

Question 12

Where are Network-based firewalls commonly used? And how do they operate?

Answer 12

• The ingress or egress to the network
• Filters traffic by port number( E.G. HTTP is port 80, SSH is port 22)
• Next generation firewalls can identify the application
• Can encrypt traffic into and out of the network.( Protect your traffic between sites)
• Can proxy traffic( A common security technique)
• Most network based firewalls can be layer 3 devices( such as routers). Usually sits on the ingress/egress of the network.

Question 13

What is user authentication and how does it work?

Answer 13

• Identifier( Something unique). In Windows, every account has a unique Security Identifier(SID)
• Credentials. The information used to authenticate the user( Password, smart card, PIN code etc. )
• Profile( Information stored about the user). Name, contact information, group memberships etc.

Question 14

What are some important things to know when it comes to strong passwords?

Answer 14

• Weak passwords can be difficult to protect against things like Interactive brute force. Hashed passwords can be brute forced offline
• Passwords need complexity and constant refresh. This helps reduce the chance of a brute force and also reduces the scope if a password is found.
• Annual password analysis from Splash Data examines leaked password files. Most commonly used passwords are :#1 123456/ 2/: password, 3/: 12345, 4/: 12345678 and #5 qwerty

Question 15

What is Multi-factor authentication?

Answer 15

• More than one factor. E.g Something you are( Biometrics), Something you have(Smart card, or smartphone), Something you know( Passwords), Somewhere you are(GPS check), Something you do(Signature)
• These factors are usually used together to form multi-factor authentication
• Downside can be is that it’s expensive to use multi-factor authentication.( Such as hardware tokens)
• Sometimes however it can be inexpensive such as free smartphone applications or a Software based token generator.

Question 16

Software token generators are commonly known as?

Answer 16

• Pseudo-random number generator( Can’t guess it, constantly changing)
• Called pseudo because in actuality the numbers chosen aren’t truly random the device itself knows the number as does the device on the other end which authenticates it.
• Saves money( Free smartphone applications) . No separate device to lose.

Question 17

When it comes to security what are directory permissions?

Answer 17

• NTFS permissions
• Much more granular than FAT
• Allows you to lock down access
• Helps prevent accidental modification or deletion Some information shouldn’t be seen
• User permissions. Not everyone is an administrator so you will need to assign proper rights and permissions( This may be an involved audit)

Question 18

What is a VPN concentrator and how does it work?

Answer 18

• Virtual Private Network( Encrypt private data traversing a public network)
• Concentrator is usually a hardware device that is a encryption/decryption access device
• Many deployment options specialized cryptographic hardware or Software based options available.
• VPN software is commonly built into many operating systems and used with client software

Question 19

What is DLP solutions?

Answer 19

• Data Loss Prevention( DLP)
• where’s your data? Social security numbers, credit card numbers, medical records etc
• Stop the data before the bad guys get it.( Data leakage)
• So many sources so many destinations. Often requires multiple solutions in different places.

Question 20

What are Access Control Lists and how do they work? ( ACL’s)

Answer 20

• Used to allow or deny traffic. Also used for NAT, Qos, etc
• Defined on the ingress or egress of an interface. Often on a router or a switch.
• ACLs evaluate on certain criteria
• Source IP, Destination IP, TCP port numbers, UDP port numbers and ICMP
• This then allows you to deny or permit traffic based upon the ACL matching criteria.

Question 21

What is email filtering and how does it work when it comes to security?

Answer 21

• Unsolicited email( Stop it at the gateway before it reaches the user)
• On site or cloud based.
• Able to scan and block malicious software( Executables, known vulnerabilities, phishing attempts, other unwanted content.

Question 22

What are some things you must consider when it comes to trusted/untrusted software sources?

Answer 22

• Always consider the source
• May not have access to the code
• Even then, may not have the time to audit.
• Trusted sources would be things like:
  Internal applications
  Well known publishers
  Digitally signed applications
• Untrusted sources would be things like :
  Applications from third party sites
  Links from an email
  Pop up/drive by downloads.

Question 23

When it comes to IT what is Least Privilege?

Answer 23

• Rights and permissions should be set to the bare minimum( You only get exactly what’s needed to complete your objective)
• All user accounts must be limited(Applications should run with minimal privileges
• Don’t allow users to run with administrative privileges this limits the scope of the malicious behavior.