Security: Summarize various security measures and their purposes

Question 1

What aspects of the Physical Security Measures do you need to consider?

Answer 1

Lighting – To have clear visual of faces

Bollards – Fortify surrounding premises, Prevent smash and grab.

Cameras – Visual aspects of security

Guards – to control and monitor (entry control rosters) - prevent social engineering

Question 2

Another physical consideration are Access Control Vestibules. What does this do?

Answer 2

Also known as Man-traps: Will need to use smart card, pin, finger scan or fob entry.

This way of access have two way function where you need to go through one door and must be closed to open the next door which usually has a physical feature to open it. This prevents people from tail gating on unauthorized personnel’s.

Question 3

What are the important consideration you need to implement in a server closet?

Answer 3

needs camera, locks on server rack, climate control systems and fire supression systems.

Question 4

What is the CIA triad stand for?

Answer 4

Confidentiality, Integrity and availability

Question 5

What physical locks can you implement?

Answer 5

Cable Locks / PC locks / Kensington lock

Question 6

How can we prevent shoulder surfing?

Answer 6

Screen filter (dark screen) prevent shoulder surfing

Question 7

What are the three types of Logical Security?

Answer 7

Administrative, Logical (or technical), and Physical. Administrative controls include policies, procedures, rules, standards, regulations, and frameworks. Physical security controls include doors, locks, fences, lighting, cameras, etc. Logical controls are typically software-based and are often found in endpoints, servers, networking devices, and security appliances such as firewalls, proxy servers, intrusion detection and prevention systems, and SIEM (Security information and event management) systems.

Question 8

Physical Security for staff: Key Fob?

Answer 8

A key fob is a tiny remote control with an RFID chip and an antenna inside. It uses radio frequencies to communicate with another RFID tag inside a reader device, which is attached to a locking system. Each key fob chip is designed to transmit specific RFID tag information that matches what the reader device has been programmed to accept.

Question 9

Physical Security for staff: Smart Cards

Answer 9

A smart card is a physical card that has an embedded integrated chip that acts as a security token

Question 10

Physical Security for staff: Biometrics

Answer 10

Retina scanner
Fingerprint scanner
Palmprint scanner

Question 11

Physical Security for staff: What is a magnetometers?

Answer 11

Metal Detectors

Question 12

What is Principal of least Priveldge?

Answer 12

Principle of Least Privilege is the foundation for all access control systems and methods. The principle of least privilege requires users, devices, and applications to be given only the minimum level of privileges that are necessary to complete the task. The least privilege does not apply only to human users but also to systems and applications.

There is a closely related security control called Need to Know. In high security operations, especially in military and government systems, users or subjects are given clearance. Resources or objects are given a classification. Clearance, classification, and need to know are used to assign privileges in this type of environment.

Question 13

How can you apply privileges to a work Windows Workgroup?

Answer 13

Privileges are assigned using Local Users and Groups. This is suitable for small network operations but can be difficult to manage. Each user needs to be given permission on every system they have access to. There is no central administrative console for the configuration of all systems.

Question 14

How can you apply privileges to a Windows Domain?

Answer 14

In a Windows Domain, permissions are handled centrally on a Domain Controller server, using Active Directory and Group Policy.

Question 15

Where do I go to configure policies in a Windows Group?

Answer 15

Control Panel> Users Account> Change account type:

In the User Accounts - Users tab, you can add or remove a user’s access to the device. You can also change the admin password by clicking the Reset Password button.

In the User Accounts - Advanced tab, you can manage passwords, as well as perform advanced user management tasks using Local Users and Groups. You can also enable secure sign-in by ticking the checkbox next to the Require users to press Ctrl+Alt+Delete field.

Question 16

How can I get into Local Security Policy?

Answer 16

Control Panel (small icon) > Administrative tools (Windows Tool in Windows 11) > Local Security Policy> Expand Account polices on the left plane > Click Password Policies.

Other Measures:

Select Account Lockout Policy on the left pane.

The following Policies can be configured:

Account lockout duration

Account lockout threshold

Reset account lockout counter after

Note:
In a Windows Workgroup, these changes need to be made to each system individually and consequently can be difficult to configure and manage.

Question 17

Where can I I find the Directory and Group Policy?

Answer 17

Server Manager

Question 18

Where can I find the Active Directory Users and Computers? (domain user)

Answer 18

Control Panel > Administrative tools (or windows tool) > Click Active Directory Users and Computers.

In the Active Directory Users and Computers window, notice that you have two users on the right pane Administrator - User and Guest - User.

Everything else is standard Windows Security Group. Active Directory works with Group Policy as follows: Permissions are assigned to Groups, then users are added to one or more Groups. The User inherits their permissions from the Groups they belong to.

Question 19

How can I assign a new user to a a domain group?

Answer 19

Control Panel: Back on the Administrative Tools window, double-click Group Policy Management.

In the Group Policy Management window, select Default Domain Policy on the left pane.

Select the Settings tab on the Default Domain Policy pane on the right.

Expand the Security Settings Policy.

Question 19

What is the Access Control List? (ACL)

Answer 19

An Access Control List is a list of permissions associated with an object or resource. The ACL specifies which users or system processes are allowed to access the resource. For instance, if Amy has permissions to read/write and Bob only has permissions to read, Amy’s permissions are higher than Bob’s.

Access control lists are used in many places on a network. One of the most common is a network firewall. In firewalls, access control lists are commonly known as firewall rules. Firewall rules are written in order and are applied from the first rule to the last. If the first rule matches the traffic, all the other rules will be overridden. The rules will specifically ALLOW connections based on attributes such as Source IP address, Destination IP address, Source Port Number, and Destination Port Number. The final rule is the DENY REST rule. It blocks all traffic that is not specifically allowed in earlier rules.

Other resources that may use access control lists include file systems (read, write, modify, execute, delete), Active Directory and LDAP directories (user and group permissions, role-based access controls (RBAC)), network devices such as firewalls, routers, and switches (rules), and relational databases (permissions).

Question 19

How can I change windows inbound outbound rules?

Answer 19

Control Panel> System and Sec> Windows Defender Firewall> Click advanced settings>

In the Windows Defender Firewall with Advanced Security window, select Inbound Rules on the left pane. > Select New Rule in the Actions pane

Question 20

What is MFA?

Answer 20

In the beginning, if you were logging in to a system, resource, or network, all you needed was a user ID and password. Now, due to the threat of passwords being hacked using methods such as Brute Force and Dictionary attacks, a password on its own is not a very good form of security. Passwords need to be at least 15 characters to be able to withstand automated password cracking. But if you give your password away as the result of phishing or social engineering exploits, the length won’t matter.

Current solutions to this problem include “passwordless” and multifactor authentication. Multifactor authentication requires two or more different types of authentication from the list below. Two authentication methods from the same category are not considered to be valid. For instance, a password and a PIN number are both from the authentication type of something you know.

Something You know, Something You have, Something you are

Question 21

What are the requirements factors for 2FA or MFA?

Answer 21

Knowledge-based - Something you know, such as a password, PIN, or challenge questions and answers.

Possession-based or physical device - Something you have, such as an ID card or badge, smart card, digital certificate, phone app, or RSA token or fob.

Biometrics or bodily characteristics - Something you are, such as a fingerprint, palm print, hand geometry, retina scan, iris scan, facial scan, or voice recognition.

Location - Somewhere you are, as determined by GPS devices, including a smartphone, IP address, MAC address, and machine name or Fully Qualified Domain Name (FQDN).

Behavioral - Something you do, such as keyboard typing cadence, mouse dynamics, EUBA or end-user behavior analytics, or even a written signature.

Question 22

What is the secure and Insecure ports for POP (Post Office Protocol)

Answer 22

Secure port: 995 Insecure: 110

Question 23

What is the secure and Insecure ports for IMAP (Internet Message Access Protocol)

Answer 23

Secure: 993 Insecure 143

Question 24

What is the secure and Insecure ports for SMTP (Simple Mail Transfer Protocol)

Answer 24

Secure: 587 (STARTTLS) and 465
Insecure: 587, 25

Question 25

What is the secure and Insecure ports for HTTP (Hypertext Transfer Protocol)?

Answer 25

Secure: 443 Insecure: 80

Question 26

What is S/MIME?

Answer 26

Secure/Multipurpose Internet Mail Extensions (S/MIME):

S/MIME is a secure encryption protocol used to send emails with end-to-end encryption. It is supported by most email services and applications. S/MIME requires the use of Digital Certificates and Public Key Infrastructure (PKI). The contents of the email are encrypted, but the metadata contained in the email headers is sent in plain text.

You can do this on a outlook (more options)

Question 27

How can you configure accounts to use secure ports and protocols?

Answer 27

Mail> Add an Account windows > Select Advance Setup> Select Internet Mail>

• In the Internet email account window, you can enter your Email address, User name, Password and Account name.
• You have to follow the following fields:
• The Incoming email server will be in the following format: mail.mydomain.com, pop.mydomain.com, or imap.mydomain.com.
• For the Account type, you can select POP3 or IMAP4 from the drop-down menu.
• The Outgoing mail server will be in the following format: mail.mydomain.com or smtp.mydomain.com.

“The four fields have checkboxes enabled by default. The first two fields ensure there’s proper authentication when sending emails. “

• Requires SSL for incoming and outgoing emails; when enabled, will use encryption for the email account.

Question 28

What is PGP and OpenPGP?

Answer 28

PGP and its more commonly used open-source variation OpenPGP is an encryption protocol used for sending highly secure end-to-end-encrypted (E2EE) emails. It’s popular for both email encryption and file encryption.

Question 29

Email Sender Identification and Authentication Methods: What is SPF?

Answer 29

Sender Policy Framework (SPF) is an authentication method used in emails to prevent threat actors from replicating a sender’s email address. This was designed to stop spammers from sending messages that spoofed somebody else’s domain and block phishing and malware attachments.

Question 30

Email Sender Identification and Authentication Methods: What is DKIM?

Answer 30

DomainKeys Identified Mail (DKIM) is another authentication method to block spoofed sender addresses. DKIM allows an email server to ensure the sender is legitimate. This helps DKIM to block spam and phishing emails. DKIM signs an email with a digital signature, which can be verified and authenticated, to prevent spoofing.

Question 31

Email Sender Identification and Authentication Methods: What is DMARC?

Answer 31

Domain-Based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol that works together with DKIM and SPF. DMARC can only be used when both SPF and DKIM have been correctly configured. DMARC provides analysis and reporting about who is sending emails from a given domain.

Question 32

What is a Hard Token?

Answer 32

A Hard Token or hardware token is a physical device used for authentication. They are commonly known as key fobs, security tokens or USB tokens. RSA key fobs are a common example of a hard token.

It may be used as a single form of authentication or as part of a two-factor or multifactor authentication system. As part of MFA, it would be a possession-based or something-you-have authentication method.

There are two main types of hard tokens, synchronous and asynchronous. A synchronous token is synchronized with an authentication server. The token generates a six-digit one-time password (OTP) which needs to be entered into the login screen flow. An asynchronous token uses a series of challenge/response entries to authenticate.

Question 33

What is Soft Token and how to use it?

Answer 33

A Soft Token or software token is similar to a hard token. Typically, a hard token is associated with a specific hardware device. A soft token is a software application that can be installed on different devices such as smartphones, tablets, laptops, or other computer systems. These software applications generate a synchronous six-digit OTP code that has to be entered in the logon screen flow within a short period of time, usually 30 or 60 seconds.

Question 34

What is a SMS and the purpose of it in regards to security Parameters?

Answer 34

Another way to deliver a one-time password (OTP) is via Short Message Service (SMS) or smartphone text message. This is a fairly common method, even though they are not considered very secure. SMS does not use an encrypted channel and can be intercepted as plaintext. As such, it is susceptible to SIM cloning attacks.

Question 35

What is a Voice call or call back and the purpose of it in regards to security Parameters?

Answer 35

Voice call or call-back has been an authentication method used as far back as with early RADIUS authentication servers. A user attempting to dial into the company’s analog dial-up modem pool and connect to the network is often authenticated and then waits for the system to call back. Then an analog dial-up connection is made.

This system is still used to send OTP codes to users. To complete the authentication, the system calls you back with an automated message that includes the OTP.

A telephone call can also be used to verify the sender of an email and any contents, such as file attachments. This can be used to avoid falling for suspicious phishing emails.

A telephone call can also be used to verify the sender of an email and any contents, such as file attachments. This can be used to avoid falling for suspicious phishing emails. Some banks make a telephone call to confirm wire transfers or EFT requests before committing to the funds being transferred.

Question 36

What is a Authenticator Application?

Answer 36

It is a specific type of soft token that is available for smartphone platforms and includes smartphone apps such as Google Authenticator, Authy, LastPass Authenticator, or Microsoft Authenticator. These software applications also generate a synchronous six-digit OTP code that has to be entered in the logon screen flow within a short period of time, usually 30 or 60 seconds.

Question 37

Why do we utilize MDM (Mobile Device Management)

Answer 37

Most organizations now allow the use of mobile phones to share their data. However, there is always a risk of data being stolen or the mobile phone being compromised. MDM is a feature used in an enterprise network to keep a mobile device environment secure.

Question 38

What are the four methods used on MDM?

Answer 38

Bring Your Own Device (BYOD) - Organizations might allow you to bring your own device for official use. However, organizations need to ensure that any corporate data on the mobile phone is secure. To safeguard the data, mobile phones must be encrypted.

Choose Your Own Device (CYOD) - This method allows employees to choose a device. The employee can either purchase the device from the organization or pay rent. However, the organization has complete control over the mobile device.

Corporate-Owned, Personally Enabled (COPE) - The organization provides the mobile device to the user. However, as a user, you are only allowed to install pre-approved apps.

Corporate-Owned, Business Only (COBO) - The organization provides, controls, and manages the devices. The applications and the data belong to the organization.

Question 39

What functions can you utilize having a MDM device?

Answer 39

you can block rooting, jailbreaking, or any other feature you do not want the employees to use. MDM also allows you to restrict the use of any application other than approved applications from your app store.

If the mobile device containing corporate data is lost, you can use the Remote Wipe feature to completely wipe the mobile storage and erase sensitive data and its configuration. As a precautionary measure, you can enable full device encryption. This will ensure that the data remains secure and confidential, even if it is stolen.

Question 40

What is Geofencing with MDM?

Answer 40

MDM can be used to enable geofencing, which alerts the administrator if a user leaves the defined perimeter. Alongside this, you can also configure asset tracking. Even if the SIM is changed, you will be able to locate the device.

Question 41

What is the active directory used for?

Answer 41

Active Directory is a network management and maintenance technology that makes managing and maintaining networks easier. Instead of going to each computer and manually configuring it, Active Directory can be used to remotely configure it. Users and computers on the network will be assigned to groups, which will subsequently be subject to rules and permissions. Maintaining privileges and security becomes considerably more efficient because of this.

Question 42

What are the three structure of an active directory?

Answer 42

Forest Tree’s and Domains.

Question 43

What is the active directory “Forest” consist of?

Answer 43

The Forest is at the top level in the active directory structure. Forests are separate from one another. They each have their own boundaries for security and have a single database and global address for each. Forests can become very large depending on the organization. This is where Active Directory is required. Medium to large companies lean heavily on Active Directory to help manage their network and security.

Question 44

What is the active directory “Tree” consist of?

Answer 44

A Tree is a collection of Domains that have formed a trust relationship with each other. If domains are situated in a tree, they can communicate with each other because of the established trust. Several trees, together with formed trust, are known as a forest.

Question 45

What is the active directory “Domain” consist of?

Answer 45

A Domain is a collection of users, computers, and other items that are controlled by the Active Directory administrators. They are grouped together regardless of their physical position. At least one Domain Controller is required for each domain. The domain controller is the server that stores all of the active directory’s setups and settings. If the server is not a domain controller, it is a member server.

Question 46

What are security groups?

Answer 46

In an Active Directory, there are two styles of groups. Security groups allow administrators to apply rights and permissions, control access to shares and apply overall controls to the system.

Question 47

What is a Distribution group?

Answer 47

Distribution Groups are only meant for communication purposes. These are email lists that allow communication for the users in the active directory. Distribution Groups can’t affect a policy.

Question 48

How to set up a Security Group?

Answer 48

Server Manager > Tools Menu> Active Directory Users and Computers >

In the Active Directory Users and Computers window, right-click anywhere on a blank space in the right details pane and select New > Group.

In the New Object - Group dialog box, type the following for the Group name field:

Folder Redirect > Click OK

Back on the Active Directory Users and Computers window, right-click anywhere on a blank space in the right details pane and select New > User.

In the New Object - User dialog box, type the following for the First name and User logon name fields: testuser > Click next

Type the following for the Password and Confirm password fields: Passw0rd > Click finish

Back on the Active Directory Users and Computers window, right-click Folder Redirect and select Properties.

From the Folder Redirect Properties dialog box, select the Members tab > In the Members tab, click Add.

In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, type the following for the Enter the object names to select field: testuser > Click Check Names. > User is searched and found Click OK

testuser is now added to the Members.

Click OK.

Question 49

How to set up GPO for the Security group?

Answer 49

Server Management> Tools> Group Policy Management> Right click on group Poliy Objects and Select New.

In the New GPO dialog box, type the following for the Name field: Folder Redicrection> Click Ok

Back on the Group Policy Management window, expand the Group Policy Objects node. > Right-click on Folder Redirection and select Edit

In the Group Policy Management Editor window, expand the following nodes:

User Configuration > Policies > Administrative Templates > System > Select Folder Redirection.

On the Folder Redirection pane, right-click Do not automatically make all redirected folders available offline and select Edit.

In the Do not automatically make all redirected folders available offline window, select the Disabled option. >Click the Next Setting button.

In the Do not automatically make specific redirected folders available offline window, select the Enabled option.

In the Options section, enable the following checkboxes:

Pictures
Music
Videos

Click Next Setting

In the Enable optimized move of contents in Offline Files cache on Folder Redirection server path change window, select the Disabled option. > Click Next Setting.

In the Use localized subfolders names when redirecting Start Menu and My Documents window, select the Enabled option. > Click Next Setting

In the Redirect folders on primary computers only window, select the Disabled option. >Click OK.

Close the Group Policy Management Editor window.

Back on the Group Policy Management window, select Folder Redirection.

On the Folder Redirection pane, click Add under the Security Filtering section.

In the Select User, Computer, or Group dialog box, type the following for the Enter the object name to select field: Folder Redirect > Click Check Names.

Folder Redirect is searched for and found. > Click OK.

The Folder Redirect group has now been added to the Security filtering section, and the rules that were enabled will be applied to testuser since they are a Member.

Right-click Practicelabs.com and select Link an Existing GPO.

From the Select GPO window, select Folder Redirection and click OK.

Question 50

What is the purpose of folder redirection?

Answer 50

Folder Redirection enables users and administrators to redirect the path of a known folder to a new location, manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a file share

Question 51

What is the purpose of the “Home folder”

Answer 51

The Home folder is created for each user upon the creation of their account. It will contain user-created files and have the following folders created for the user: 3D Objects, Contacts, Desktop, Documents, Downloads, Favorites, Links, Music, OneDrive, Pictures, Saved Games, Searches, and Videos. It is also an assignable folder which means that administrators can create this folder on a Server and link to the user profile. Hence, when users log in throughout the domain, they will have a consistent experience across different computers.

Question 52

How to create a home folder?

Answer 52

In the File Explorer window, select Local Disk (C:) on the left pane.

Right-click anywhere on the details pane and select New > Folder.

Right-click on the New folder and select Rename.

Rename the folder to: Home folder testuser

Right-click on the Home folder testuser folder and select Properties.

On the Home folder testuser Properties dialog box, select the Sharing tab.

From the Sharing tab, click Advanced Sharing

In the Advanced Sharing dialog box, enable the Share this folder checkbox.

Select Permissions in the Advanced Sharing dialog box.

Click Add in the Permissions for Home folder test user dialog box.

On the Select Users, Computers, Service Accounts, or Groups dialog box, enter the following in the Enter the object to select section and click Check Names : testuser > Click OK

On the Permissions for Home folder test user window, ensure testuser is selected and enable the Full Control checkbox. Click OK

Click OK on the Advanced Sharing dialog box.

In the Home folder testuser Properties window, notice the folder is now shared. Highlight the Network Path and right-click on it.

Select Copy.

Click Close on the Home Folder testuser Properties window.

Restore the Active Directory Users and Computers window from the Taskbar.

Right click testuser and select Properties.

In the testuser Properties dialog box, select the Profile tab.

In the Home folder section, next to the Connect field, right-click and Paste the path copied earlier Click OK on the Active Directory Domain Services pop-up window.

Question 53

What is an Active Directory Logon Scripts?

Answer 53

Logon scripts can be used for several purposes, such as including the mapping of network drives to users and computers, installing applications, setting up printers, creating log files, and many other tasks. Once the script is written, it will need to be saved in a batch file.

Question 54

How can you update the group Policy?

Answer 54

When rules are created in the active directory, they do not take effect until the next update is run. If an administrator wants to enact the rules immediately, they can access the command line or Windows PowerShell and force the update to occur immediately.

Windows PowerShell (Admin) > Type gpupdate /force, Press Enter >
Administrator: Windows PowerShell window, type the following command and press Enter: gpresult /R

The result from the command shows that the GPO has been successfully applied to the user account.

Question 55

What is a purpose of a Batch File?

Answer 55

A batch file is a file that is used to automate a process. The instructions will be sequentially written in a shell script and run with administrative privileges. Some common uses for batch files include backing up files, process logs, diagnostics, and other common administrative time-consuming tasks. To create a batch file, a text editor will be accessed, and a script will be written. After writing the script, it will be saved in batch file format.