More on this book
Community
Kindle Notes & Highlights
Read between
January 9 - January 13, 2020
Here’s a list of some of the passwords in the top 10 list that users had created for their accounts: 123456, 12345, password, DEFAULT, 123456789, qwerty, 12345678, abc123, and 1234567. Over 120,000 users had 123456 as their password.
Before resetting passwords for users, it’s important to verify the user’s identity. When resetting passwords manually, it’s best to create a temporary password that expires upon first use.
Windows domains use Group Policy to manage multiple users and computers in a domain.
Active Directory Domain Services (AD DS) is a directory service Microsoft developed for Windows domain networks.
Smart cards are credit card-sized cards that have an embedded microchip and a certificate.
they are digital files that support cryptography for increased security.
HOTP creates a one-time use password that does not expire until it is used. TOTP creates a one-time password that expires after 30 seconds. Both can be used as software tokens for authentication.
Biometric methods are the strongest form of authentication
passwords are the weakest form of authentication.
occur. By increasing the sensitivity, it decreases the number of false matches and increases the number of false rejections. In contrast, decreasing the sensitivity increases the false matches and decreases the false rejections.
It’s worth noting that using two methods of authentication in the same factor is not dual- factor authentication. For example, requiring users to enter a password and a PIN (both in the something you know factor) is single-factor authentication, not dual-factor authentication.
A common goal they have is to ensure that unencrypted credentials are not sent across a network.
Kerberos provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks.
Additionally, Kerberos uses symmetric-key cryptography to prevent unauthorized disclosure and to ensure confidentiality.
SSO increases security because the user only needs to remember one set of credentials and is less likely to write them down.
SSO requires strong authentication to be effective.
(SAML) is an Extensible Markup Language (XML)– based data format used for SSO on web browsers.
SAML is an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications.
A federation requires a federated identity management system that all members of the federation use.
Privileges are the rights and permissions assigned to authorized users.
A primary goal of implementing least privilege is to reduce risks.
job. Notice that need to know is focused on data and information, which is typically protected with permissions. In contrast, the principle of least privilege includes both rights and permissions.
Note that having a single, temporary user log on with the Guest account does support identification, authentication, authorization, and accounting. It is only when multiple users are sharing the same account that you lose these controls.
Remember this Requiring administrators to use two accounts, one with administrator privileges and another with regular user privileges, helps prevent privilege escalation attacks. Users should not use shared accounts.
Disabling the account ensures that data associated with it remains available. Security keys associated with an account remain available when the account is disabled, but are no longer accessible if the account is deleted.
It’s also possible to identify a set of IP addresses as the only addresses that are acceptable. This is often referred to as whitelisting the IP addresses.
Credential management systems help users store these credentials securely. The goal is to simplify credential management for users, while also ensuring that unauthorized personnel do not have access to the users’ credentials.
The access control helps determine how a system grants authorization to objects.
Without groups, you would use user-assigned privileges.
Group-based privileges reduce the administrative workload of access management. Administrators put user accounts into security groups, and assign privileges to the groups. Users within a group automatically inherit
the privileges assigned to the group.
The DAC model is significantly more flexible than the MAC model described in the next section. MAC has predefined access privileges, and the administrator is required to make the changes.
Trojan horses are executable files. They masquerade as something useful, but they include malware.
The mandatory access control (MAC) model uses labels (sometimes referred to as sensitivity labels or security labels) to determine access.
Military units make wide use of this model to protect data.
Security-enhanced Linux (SELinux) is one of the few operating systems using the mandatory access control model.
An administrator is responsible for establishing access, but only someone at a higher authority can define
Multiple approval levels are usually involved in the decision-making process to determine what a user can access.
The current objectives have deemphasized the importance of ports. However, you still need to know them when implementing access control lists (ACLs) in routers and stateless firewalls, and when disabling unnecessary ports and services. With that in mind, I’ve included the well- known ports for many of the protocols in this chapter.
TCP/ IP uses the IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC address to get it to the correct host.
UDP is commonly used instead of
TCP as the underlying protocol with voice and video streaming.
The Real-time Transport Protocol (RTP) delivers audio and video over IP networks.
The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for RTP.
Transfer Protocol (FTP) uploads and downloads large files to and from an FTP server.
• TFTP. Trivial File Transfer Protocol (TFTP) uses UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices.
SSH. Secure Shell (SSH) encrypts traffic in transit and can be used to encrypt other protocols such
as FTP.
The Secure Sockets Layer (SSL) protocol was the primary method used to secure HTTP traffic as Hypertext Transfer Protocol Secure (HTTPS).
The Transport Layer Security (TLS) protocol is the designated replacement for SSL and should be used instead of SSL.
