Chapter 1.pdf

Chapter 1 1.1 Server Security 1. What is Server Hardening? Process of enhancing server security through a variety of security measures. 2. What are the key security principles? Definition Principle Defense-in-Depth Provide multiple layers of protection Grant the least amount of permission necessary to Least privilege perform required tasks Minimized attack Reduce the number of vulnerable points on the surface network 3. How can you improve a server security? Stop and/or uninstall unneeded services Close unneeded ports Minimise software installations Keep security patches up to date Use Anti-malware software Run vulnerability scans Disable unneeded hardware and physical ports/devices Implement Intrusion Detection System 4. How does Microsoft Baseline Security Analyzer secure a system? It analyze server security state in accordance with Microsoft security recommendations It can detect - common administrative vulnerabilities - missing security updates 5. What are Security templates? A file containing pre-configured security settings. Used to automate and enforce a consistent/standard security policy. 6. What is User Account Control (UAC)? - a security mechanism to prevent unauthorized changes to the OS without the administrator’s approval. - Two types of prompts ► Credential ► Privilege elevation 7. What is Secure Desktop? It suppress the operation of all desktop controls except the Windows processes to interact with the UAC prompt. The objective is to prevent malware from automating a response to the elevation or credential prompt and bypassing the human reply. 8. What is Applocker? An application control policy to identify software and control its execution. It prevent potentially dangerous applications from running. 9. Describe type of Attack Network scanner - Application that probe systems for unguarded ports, which can used to gain access to the system. Trojan horse - Applications that open a connection to a computer on the Internet, - Enables an attacker to run programs and store/retrieve data. Social engineering - Attackers obtain passwords by illicit means - Security information is use to remotely access the computer to compromise it. Denial of service attacks  Uses authorized access points to bombard a system with traffic, preventing legitimate traffic from reaching the computer. 10. What is a firewall? Is a program that protects a computer or a network by controlling types of incoming and outgoing network traffic of a system. Uses filters to examine the contents of packets and traffic patterns determine which packets they should allow to pass through the filter. 11. What tools or utilities can you use to configure Windows Firewall? Basic Firewall configuration in Control Panel - provides a simplified interface Windows Firewall with Advanced Security - Provide full access to firewall rules and functions. Group Policy - Used to apply settings to multiple computers 12. What are the 3 main criteria used in firewalls rules? IP addresses: - Identify specific hosts on the network. Eg allow/block traffic based on IP address Protocol numbers: - filter protocol numbers to block packets containing certain types of traffic. Port numbers: - Identify specific applications running on the computer based on its Port number 13. What are the default firewall rules? The firewall is turned on. Incoming traffic is blocked unless it matches a rule. Outgoing traffic is allowed unless it matches a rule. 14. What is the built-in firewall available on Ubuntu system? IPtables 15. What are the common port numbers? 80, 443 http & https 23 Telnet 3389 RDP 25 SMTP 21 FTP 110 POP3 53 DNS 143 IMAP4 22 SSH 2.2 Account Security 1. What does the AAA in the security framework represent? Authentication – prove user identity. Authorization – Restrict access to resource based on user identity. Accounting – Track and audit access based on user identity. 2. Why is Multifactor authentication (MFA) more secured than password? It requires more than one method of authentication to verify the user’s identity - Type 1 : what the user knows (password) - Type 2: what the user has (security token) - Type 3: what the user is (biometric verification) 3. What is an Account policy? Policy settings implemented at the domain level and will affect all accounts. Consists of: - Password policy - Account lockout policy Kerberos policy 4. What is the purpose of setting the following account options ? Security Option Purpose User must change password at next Used to ensure only the user knows the password. logon User cannot change password Generally used for shared accounts. Used for service accounts which are used to start Password never expires services. Account is disabled Prevent account from being used. Smart card is required for interactive Require use of smart card to logon. logon Logon Hours Restrict logon hours. Logon To Restrict which computer account be used.. 5. What is the effect of configuring the Password Policy as follows? Users cannot re-use their last 24 passwords Password expire every 42 days User can only change their password after 1 day Password must be at least 7 character Password must contain 3 of the following : (uppercase, lowercase, symbol & number). Must be at least 6 character and not use part of their user name as password 6. What is the effect of setting the Account Lockout Policy as follows? User accounts will be locked out for 30 minutes. If the user enters 5 wrong passwords within 3 minutes. The counter will reset to 0 after 3 minutes. 7. What is the effect of setting the Account lockout duration to 0? The account must be manually unlocked by the administrator. 8. What is Fine-grained password policy? used to configure policies for a user or group enable support of multiple password policies in the domain 9. How can you secured high privileged account? Stronger password policy using fine-grained password policy Multi-factor Authentication Enable Audit for the account 10. What is the purpose of creating restricted groups? Used to restrict membership of groups Ensures only configured members remain in the list. 2.3 Data Security 1. What are the Data security goals of Security framework? Confidentiality : Data is accessible only to authorized users. Integrity : Data can only be created and modified by authorized users. Availability : Data is available and accessible when required. Accountability : Abe to track when, where and who has access to the data 2. What is data encryption? Process of encoding messages or information to maintain confidentiality. Only authorized parties is allowed to read the content. 3. What are the 3 Types of encryption? Symmetric uses same key to encrypt and decrypt Eg AES, DES & 3DES Asymmetric requires a key pair public key to encrypt, private key to decrypt Eg RSA, Encryption keys are stored in digital certificates Hash provide one way encryption. Eg MD5, SHA-1 4. What is Encrypting File System? Built-in file-system-level encryption on NTFS volumes. Encrypt files to protect confidential data. Can use self-signed certificate or with a Certificate Authority Uses symmetric and asymmetric encryption 5. How do you ensure that EFS encrypted files can be recovered? Back up user certificates Configure a recovery agent 6.. What is BitLocker? used to encrypt an entire hard drive or only the used parts of a hard drive Can be combined with EFS Protects the integrity of the Windows boot process 7. How do you recover a disk which has been encrypted using Bitlocker? Using the recovery key file to obtain the key. Obtaining the recovery key from AD DS. Using a DRA. Using the original BitLocker password. 8. What is an audit policy? It specifies categories of security-related events to audit Used to track events Enabled based on success or failure Logs are captured in security log (only accessible to Administrators) 9. How can you protect data? Encryption to ensure confidentiality & integrity to authorised user. Access control to restrict access to authorised user. o Use ACL eg NTFS permission Enable audit to track and monitor access. Backup to ensure data recovery

Document Details

Tags

Related

Full Transcript

Upgrade to continue