More on this book
Community
Kindle Notes & Highlights
Remember this Bluejacking is the unauthorized sending of text messages to a nearby Bluetooth device. Bluesnarfing is the unauthorized access to, or theft of information from, a Bluetooth device. Ensuring devices cannot be paired without manual user intervention prevents these attacks.
Radio-frequency identification (RFID) systems include an RFID reader and RFID tags placed on objects.
Remember this WPA2 using CCMP and AES prevents wireless replay attacks. TKIP is vulnerable and should not be used. Radio-frequency identification (RFID) attacks include eavesdropping, replay, and DoS.
Secure Shell (SSH) and Remote Desktop Protocol (RDP). A virtual private network (VPN) is another method used for remote access. VPNs allow users to access private networks via a public network.
Remember this A virtual private network (VPN) provides remote access to a private network via a public network. VPN concentrators are dedicated devices used for VPNS. They include all the services needed to create a secure VPN supporting many clients.
Remember this IPsec is a secure encryption protocol used with VPNs. Encapsulating Security Payload (ESP) provides confidentiality, integrity, and authentication for VPN traffic. IPsec uses Tunnel mode for VPN traffic and can be identified with protocol ID 50 for ESP. It uses IKE over port 500. A full tunnel encrypts all traffic after a user has connected to a VPN. A split tunnel only encrypts traffic destined for the VPN’s private network.
Network access control (NAC) methods provide continuous security monitoring by inspecting computers and preventing them from accessing the network if they don’t pass the inspection.
Remember this Network access control (NAC) includes methods to inspect clients for health, such as having up-to-date antivirus software. NAC can restrict access of unhealthy clients to a remediation network. You can use NAC for VPN clients and for internal clients. Permanent agents are installed on the clients. Dissolvable agents (sometimes called agentless) are not installed on the clients and are often used to inspect employee-owned mobile devices.
Password Authentication Protocol (PAP) is used with Point-to-Point Protocol (PPP) to authenticate clients.
Challenge Handshake Authentication Protocol (CHAP)
Remember this PAP authentication uses a password or a PIN. A significant weakness is that PAP sends the information across a network in cleartext, making it susceptible to sniffing attacks. CHAP is more secure than PAP because passwords are not sent over the network in cleartext.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
Remote Authentication Dial-In User Service (RADIUS)
Terminal Access Controller Access-Control System Plus
Remember this RADIUS, TACACS+, and Diameter all provide centralized authentication. TACACS+ is proprietary to Cisco, but can be used with Kerberos. Diameter is an improvement over RADIUS, and it supports many additional capabilities, including securing transmissions with EAP.
AAA protocols provide authentication, authorization, and accounting.
C.
B.
C.
D.
D.
D.
D.
A.
C.
A.
A.
B.
C.
a system is any host such as a server, workstation, laptop, network device, or mobile device.
least functionality. Systems should be deployed with only the applications, services, and protocols they need to meet their purpose.
File Transfer Protocol (FTP)
Remember this Least functionality is a core security principle stating that systems should be deployed with the least amount of applications, services, and protocols.
There are three primary types of computer operating systems (OSs): Windows, Apple’s operating systems, and Linux- or Unix-based systems.
A trusted operating system meets a set of predetermined requirements with a heavy emphasis on authentication and authorization.
the mandatory access control (MAC) model,
Remember this A trusted operating system meets a set of predetermined requirements, such as those identified in the Common Criteria. It uses the mandatory access control (MAC) model.
Secure starting point. The image includes mandated security configurations for the system.
Reduced costs. Deploying imaged systems reduces the overall maintenance costs and improves reliability.
1. Initial baseline configuration. Administrators use various tools to deploy systems consistently in a secure state.
Integrity measurements for baseline deviation. Automated tools monitor the systems for any baseline changes, which is a common security issue.
3. Remediation. Chapter 4, “Securing Your Network,” covers network access control (NAC).
Remember this A master image provides a secure starting point for systems. Administrators sometimes create them with templates or with other tools to create a secure baseline. They then use integrity measurements to discover when a system deviates from the baseline.
Patch management ensures that systems and applications stay up to date with current patches. This is one of the most efficient ways to reduce operating system and application vulnerabilities because it protects systems from known vulnerabilities.
Change management defines the process for any type of system modifications or upgrades, including changes to applications.
Remember this Patch management procedures ensure that operating systems and applications are up to date with current patches. This protects systems against known vulnerabilities. Change management defines the process and accounting structure for handling modifications and upgrades. The goals are to reduce risks related to unintended outages and provide documentation for all changes.
An application whitelist is a list of applications authorized to run on a system. An application blacklist is a list of applications the system blocks.
many mobile device management (MDM)
Remember this An application whitelist is a list of authorized software and it prevents users from installing or running software that isn’t on the list. An application blacklist is a list of unauthorized software and prevents users from installing or running software on the list.
Sandboxing is the use of an isolated area on a system and it is often used for testing.
