Security Technologies Flashcards
Directory permissions: Read
Effect on folder: User can view the contents of a folder and any subfolders.
Effect on file: User can view the contents of the file.
Directory permissions: Write
Effect on folder: Read permission, plus the user can add files and create new subfolders.
Effect on file: Read permission, plus the user can make changes (write) to the file.
Directory permissions: Read & Execute
Effect on folder: Read permission, plus the user can run executable files contained in the folder. This permission is inherited by any subfolders and files.
Effect on file: Read permission, plus the user can run a file if it is executable.
Directory permissions: List Folder Contents
Effect on folder: Read permission, plus the user can run executable files contained in the folder. This permission is inherited by subfolders only.
Effect on file: N/A
Directory permissions: Modify
Effect on folder: Read and Write permissions, plus the user can delete the folder.
Effect on file: Read and Write permissions, plus the user can delete the file.
Directory permissions: Full Control
Effect on folder: Read, Write, and Modify permissions and the user can delete all files and subfolders.
Effect on file: Read, write, modify, and delete the file.
Security Enhanced Linux (SELinux)
A component included with many Linux distributions that allows more options for setting file and folder permissions.
Inherited permissions
The permissions assigned to a parent object that flows down and apply to a child object.
Credential Manager
A Control Panel utility which allows individual users to access their stored user names, passwords, and certificates.
Folder redirection
A flexible approach which allows an administrator to decide which folders are stored only on the network and which are copied locally.
Email filtering
A software-based tool that can sort or block emails from being delivered to a user’s inbox based on the configured criteria.
Port security
A switch feature that tracks device MAC addresses connected to each port on a switch, and allows or blocks traffic based on source MAC addresses.
Proxy server
A server which intercepts and mediates communications between internal and external hosts on the network.
File attributes: R
Read-Only - Allows a user or the operating system to read a file, but not write to it.
File attributes: A
Archive - Specifies the file should be backed up.
File attributes: S
System - Indicates the file is a system file and shouldn’t be altered or deleted. By default, system files are hidden.
File attributes: H
Hidden - Suppresses the display of the file in directory lists, unless you issue the command to list hidden files.
File attributes: D
Directory - Indicates a folder or sub-folder, differentiating them from files.
File attributes: I
Not content-indexed - Windows has a search function that indexes all files and directories on a drive to achieve faster search results.
File attributes: C
Compressed - On an NTFS file system volume, each file and directory has a compression attribute. Other file systems may also implement a compression attribute for individual files and directories.
File attributes: E
Encrypted - On an NTFS file system volume, each file and directory has an encryption attribute as part of the Encrypting File System (EFS).
Linux permissions: Read (r)
User can view the contents of a file.
Linux permissions: Write (w)
User can write to (modify) the contents of a file or directory.
Linux permissions: Execute (x)
User can run an executable file and view the contents of a directory.
Windows security features: Windows registry
A database containing low level settings for all aspects of the Windows operating system as well as for some installed applications. Individual entries or keys in the database can be restricted by ACLs, just like Windows services and NTFS files.
Windows security features: Local Users and Groups
A MMC snap-in (also available in Computer Management) which allows you to centrally manage users and groups on the computer. You can use it to create, rename, or delete users and groups; add users to groups; and set other user settings such as password policies, logon scripts, and folder locations.
Windows security features: Local Security Policy
A utility which allows you to configure a wide range of security settings for the local computer, including those related to account management, default user rights, network functions, and so on. It works primarily by changing registry settings, but provides a much safer and more focused interface than REGEDIT.
Windows security features: Local Group Policy Editor
A utility which allows you to edit group policies for the entire computer. Local group policies include the same settings as the local security policy, but also many other Windows settings. Critically, they can apply to specific users or groups, rather than all users on the computer. Group policies don’t actually edit the registry directly. Instead, when a group policy is loaded its settings override the corresponding registry keys.
Windows security features: Security Account Manager
A database which stores user passwords and performs authentication of local users. Users don’t directly interact with the SAM. It just stores passwords in a hashed format that can’t easily be extracted.
Windows security features: Credential Manager
A Control Panel utility which allows individual users to access their stored user names, passwords, and certificates. These may be from websites, or from other network services. Unlike SAM, you can view your passwords and other credentials in Credential Manager, but Windows still protects them from view by any other user.
Windows security features: User Account Control
Notifies you when an action will change Windows settings and gives you an option to stop. This applies even when you are logged on as an administrator. By default, UAC only notifies you when an application wants to change Windows settings on your behalf, but you can configure it to also notify you when your actions will change system settings.
Windows security features: Windows Resource Protection
A feature that runs in the background to protect critical system files, folders, and registry keys from unplanned alterations. WRP uses a combination of ACLs for each resource, and backed up copies of files and settings to restore from in case one is altered. Even the Administrator can’t directly alter resources protected by WRP; instead, changes must go through the Windows Module Installer service.
Active Directory security features: Active Directory Lightweight Directory Services (AD LDS)
provides directory services independent of the Windows domain model. You might find it used it networks which need authentication for distributed applications, or when it’s useful to install a directory on a computer that isn’t a domain controller.
Active Directory security features: Active Directory Federation Services (ADFS)
a single sign-on system that uses the common internet standard SAML instead of LDAP. Unlike LDAP it is intended for use over the internet, and for integrating services with other organizations. You’re likely to find it used to integrate web applications with Active Directory, especially those which aren’t directly compatible with Windows authentication systems.
Active Directory security features: Active Directory Certificate Services (AD CS)
allows the Active Directory network to maintain a public key infrastructure. It creates, validates, and revokes digital certificates wherever they might be needed on the network - to identify users or computers, encrypt files or email, or establish secure VPN connections.
Active Directory security features: Active Directory Rights Management Services (AD RMS)
an information rights management service that can encrypt and limit access to specific types of information on the domain, such as emails, Word documents, webpages, and so on. It can be used to centrally secure access to sensitive information wherever it is stored on the domain
What is a single sign-on system that uses the common Internet standard SAML instead of LDAP?
ADFS
Active Directory Certificate Services (AD CS) allows the Active Directory network to maintain a public key infrastructure. True or False?
True
Firewalls: A hardware firewall
A specialized network device that sits between your internal computer network and the Internet. It’s much like a router with security features, and in fact firewalls are commonly built into routers. Hardware firewalls are a great solution for organizations need a single firewall system that protects multiple computers. The downside to them is that they can be expensive, complicated, and difficult to upgrade. They also can’t protect against some attacks, like malicious traffic within the LAN.
Firewalls: A software firewall
A traffic control software that you install on an individual device. The benefit of a software firewall is that it is portable and local - it will protect the host on any network, whether attacks come from the internet or the same LAN. Software firewalls are built into most operating systems and available from third parties. Both are easy to update and configure from within the host.
Ports: 80
World Wide Web (using the Hyper-Text Transfer Protocol, or HTTP)
Ports: 25
E-mail (using the Simple Mail Transfer Protocol, or SMTP)
Ports: 20 for data transfer, 21 for control
File transfer (using the File Transfer Protocol, or FTP)
Ports: 53
Hostname/IP address translation (using the Domain Name Service, or DNS)
Ports: 23 for Telnet, 22 for Secure Shell
Remote terminal access (such as Telnet and Secure Shell)
Switch security features: Port security
A switch feature that tracks device MAC addresses connected to each port on a switch, and allows or blocks traffic based on source MAC addresses. This can be used to restrict devices which connect to the network, or to detect and block some attacks using spoofed MAC addresses. It can also prevent multiple MAC addresses from connecting to a single physical port, such as if a user attached an unauthorized hub or switch to a network drop.
Switch security features: MAC filtering
On Ethernet networks this is another term for port security, but it’s more commonly used for a similar feature on WAPs. It’s still useful, but much easier to circumvent because a WAP transceiver only has one “port” and it’s easier for an attacker to watch for legitimate MAC addresses to imitate.
components to a VPN: A VPN Gateway
A networking device, such as a router, server, firewall, or similar device with internetworking and data transmission capabilities that sits at the external edge of a secure internal network and requires an external device to identify and authenticate itself before the gateway creates a connection allowing access to internal network resources.
components to a VPN: Secure transport protocols
Communications protocols that provide secure data transmission over an unsecured network. Data is commonly secured using an encryption protocol such as IPsec or a tunneling protocol such as SSL/TLS.
RADIUS
Remote Authentication Dial-In User Service
RADIUS parts: Users
Endpoints that connect to the system. For a remote access VPN or WAP, users are individual workstations and mobile devices.
RADIUS parts: RADIUS Server
A server on the internal LAN which provides AAA functions.
RADIUS parts: NAS
The network access server relays all communication between users and the RADIUS server. It’s the device users directly connect to, like a dial-in server, VPN endpoint, or WAP.
Other Protocols: TACACS+
Terminal Access Controller Access Control System is a proprietary Cisco protocol with some performance and security benefits over RADIUS. Drawbacks include more complex configuration, and incompatibility with some network configurations.
Other Protocols: Diameter
An open standard with similar improvements to TACACS+, named for being supposedly twice as good as RADIUS. While it has a broad feature set, it’s also harder to configure and maintain. This means it’s more often used on large carrier networks than in typical enterprise situations.
Security appliances: WAF
Web application firewalls are specialized firewalls that can evaluate rules based on higher level protocols used by web servers. They have some overlap with IDS in that they are designed to recognize web attacks. A WAF can be placed protecting a single web server or a subnet with multiple web servers.
Security appliances: Network antimalware
Describes a variety of roles ranging from appliances that monitor network traffic for virus-related activity, to appliances that centrally monitor and update antivirus suites on all network hosts. If your organization uses network antimalware, make sure that hosts are configured to take advantage of it.
Security appliances: Spam filter
Performs ingoing and outgoing email filtering for an entire organization, usually by connection to a specific email server. Misconfigured spam filters can block important emails or allow excessive spam through.
Security appliances: Content filter
Filters designed to prevent access to certain types of content. Spam filters are one kind of content filter; others block user access to content judged inappropriate for workplace use - adult websites, digital piracy tools, or social media. Poorly configured content filters can block access to legitimate sites.
Security appliances: Proxy server
Intercepts and mediates communications between internal and external hosts on the network. Often a proxy server also performs network address translation.
What describes a network scenario where a secure connection to your internal network is made over an insecure external network?
Virtual private network (VPN)
What enables a server to provide standardized and centralized authentication for remote users?
RADIUS
What refers to a single security solution that provides multiple security functions at a single point on the network?
UTM
You want to replace the network firewall, IDS, and content filter with a single device which will provide comprehensive network security protection. What sort of product should you look for?
UTM
IDS
Intrusion detection systems
IPS
intrusion prevention systems
Firewall controls incoming and outgoing traffic. True or False?
True
Firewall hardware firewall is a traffic control program that is installed on an individual device. True or False?
False
Firewall software firewall is a specialized network device that sits between the internal computer network and the Internet. True or False?
False
Firewalls prevents unauthorized access to or from the network. True or False?
True
Firewalls are part of the digital security protection program. True or False?
True
Easier for an attacker to watch for legitimate MAC addresses to imitate - Port security or MAC filtering?
MAC filtering
Prevents multiple MAC addresses from connecting to a single physical port - Port security or MAC filtering?
Port security
Tracks device MAC addresses connected to each port on a switch and allows or blocks traffic based on source MAC addresses - Port security or MAC filtering?
Port security
Used to restrict devices which connect to the network or to detect and block some attacks using spoofed MAC addresses - Port security or MAC filtering?
Port security
Used for WAPs and much easier to circumvent because a WAP transceiver only has one port - Port security or MAC filtering?
MAC filtering
Proxy Server
Intercepts and mediates communications between internal and external hosts on the network.
Network Antimalware
Describes roles ranging from appliances that monitor traffic for virus-related activity to appliances that monitor and update antivirus suites on all hosts
Content Filter
Filters designed to prevent access to certain types of subject matter.
WAF ( web application firewall )
Specialized firewalls that can evaluate rules based on higher level protocols used by web servers
Spam Filter
Performs ingoing and outgoing email filtering for an entire organisation, usually by connection to a specific email server.
Which security appliance intercepts and mediates communications between internal and external hosts on a network?
Proxy server
Which Windows security feature notifies you when an action will change Windows settings and gives you an option to stop?
User Account Control
Which Windows security feature runs in the background to protect critical system files, folders, and registry keys from unplanned alterations?
Windows Resource Protection
What is the function of a web application firewall (WAF)?
It evaluates rules based on higher level protocols used by web servers.
What is the purpose of the Archive (A) file attribute?
Specify that the file should be backed up.
What command allows you to copy objects while preserving their existing permissions?
xcopy
Which of the following is used to restrict devices which connect to the network or to detect and block some attacks using spoofed MAC addresses?
Port security
Which file attribute suppresses the display of the file in directory lists?
Hidden
Which of the following is used to monitor and analyze network traffic to protect a system from network-based threats?
NIDS
The VPN protocols are managed either by software running on a host or router, or on a specialized hardware appliance known as ________.
VPN concentrator
Which of the following is used to monitor network traffic to look for signs of intrusion or other unwanted activities?
IDS
