< All CompTIA Cloud+ Notes

tsirhCdneM | CompTIA Cloud+ | Module 10

By: Raul Pop | Related Course: CompTIA Cloud+ | Published: June 13, 2017 | Modified: June 13, 2017
Join Cybrary

NotepadSecurity and Recovery

Access Control

Information Security

Network Security

High Availability

Recovery

 

Access Control

Authentification

Single Sign-On

Federation

Role-Based Access Controls(RBAC)

Mandatory Access Controls(MAC)

Discretionary Access Controls(DAC)

 

Authentication

Something you know

Something you have

Something you are

 

Single Sign-On

Allows a shared login to many networks

 

Federation

Uses SSO to allow users or devices to other network resources

When two companies agree that users can login to one network and access information form another server

 

Role-Based Access Controls(RBAC)

Most commonly used with Active Directory

Groups and/or roles manage the permissions

Permissions are inherited

Groups permissions is called implicit permissions

Users permissions is called explic permissions

 

Mandatory Access Controls(MAC)

Permissions are determined by policies

The OS enforces the polices

 

Discretionary Access Controls(DAC)

The OS or applications do not have power over the permissions

Permissions are allowed only be the owner of the data

Resources have an access control list (ACL)

 

Information Security

Symmetric Encryption

Asymmetric Encryption

Common Ciphers

 

Symmetric Encryption

Uses one key that encrypts and decrypts data

Used to encrypt files

VPN and Wi-Fi networks can be secured

PGP

 

Assymetric Encryption

Uses two key that encrypts and decrypts data

A public key and a private key

Keys are stored in an account database or on a smartcard

Public key is shared

Private key is saved by the owner of the key

 

Common Ciphers

AES-256 Wifi (WPA2)

DES-56 however 3DES is 56+56+56=168(Hash algorithm)

RC4-128 old WIFI and RADIUS

 


NotepadSecurity and Recovery

Network Security

Layered security

Hardening

Penetration testing

Vulnerability asssessments

Secure Storage

Training and up-to-date tools

 

Layered Security

DMZ

IDS/IPS Host and Network

Firewall

Denial of Service(DoS)

Distributed Denial of Service(DDoS)

Ping of Death(PoD)

Ping Flood

 

Hardening

Unnecessary software

Firmware

Control Account access

Disable unneeded network ports

Antivirus software

 

Penetration Testing

Simulates an attack on the network

Designed to look for vulnerabilities in the network

Exploits security vulnerabilities

 

Vulnerability Assessments

Finds vulnerabilities and weakness in a network

Designed to fix vulnerabilities and keep the network secure

 

Secure Storage

Most important part of any network

Encryption

Backups

 

Training and up-to-date tools

Needed to keep the IT staff up-to-date with current technologies

Allows the IT staff to release software that keep the network safe

Gives admins the ability to perform job functions and respond to incidents

Rapid deployment allows admins to release solutions as qucik as possible

 

It also addresses high availability:

Fault Tolerance

Multipathing

Load Balancing

 

Fault tolerance

Allows a device to function after  a hardware failure

Hard drives are the most common fault tolerance device

Geoclustering connects multiple computers in different geographic locations

 

Multipathing

Multipathing gives multiple paths to a device

Allows redudancy for the system

Usually used with storage devices

 

Load Balancing

Distributes the workload

 

 

Recovery

Disaster Recovery Methods

Multisite Configuration

Backups and Recovery

Snapshots

 

Disaster Recovery Methods

Mean Time Between Failures(MTBF)

How long a device will function before it fails

Mean Time to Repair(MTTR)

The typical amount of time it takes to repair a failed component

Recovery Time Objective(RTO)

The time in between an outage and the restoration

Recovery Point Objective (RPO)

The max time that data can be missed due to an incident

 

Multisite Configuration

Cold site

Hot site

Warm site

 

Backups and Recovery

Backup is used to copy data in the event of a failure

Four different backup functions:

Full

Incremental

Differential

Image

 

Snapshots

Used with VM

Captures the state of a VM

Is not a replacement for backups

Has all data and files in the VM

Used for short term recovery


< All CompTIA Cloud+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel