Use a vulnerability scanner to gather information about systems, such as the applications or
services running on the system. The vulnerability scanner often combines functions found in other
tools and can perform additional functions, such as identifying open firewall ports, missing
patches, and default or blank passwords.
A port scanner is a tool that probes systems for open ports. The port scanner will tell you which
ports are opened in the firewall, but it cannot identify services running on a server if the firewall
port has been closed. A network mapper is a tool that can discover devices on the network and
shows those devices in a graphical representation. Network mappers typically use a ping scan to
discover devices and a port scanner to identify open ports on those devices.
Use a protocol analyzer to identify traffic that is sent on the network medium and traffic sources.
Services could still be running on a server that do not generate network traffic a protocol analyzer
Penetration testing is classified by the knowledge that the attacker and system personnel have
prior to the attack.
• In a black box test, the tester has no prior knowledge of the target system.
• In a white box test, the tester has detailed information prior to starting the test.
• In a grey box test, the tester has the same amount of information that would be available to
a typical insider in the organization.
• A single blind test is one in which one side has advanced knowledge. For example, either the
attacker has prior knowledge about the target system, or the defender has knowledge about
the impending attack.
• A double blind test is one in which the penetration tester does not have prior information
about the system and the network administrator has no knowledge that the test is being
performed. The double blind test provides more accurate information about the security of the
A mobile device management (MDM) solution can be implemented that pushes security policies
directly to each tablet device over a network connection. This option enables policies to be
remotely enforced and updated without any action by the end user. The tablet devices must be
enrolled in the MDM system before the policy settings can be applied.
One of the key problems associated with managing mobile devices is the fact that they can't be
joined to a Windows domain. This means Group Policy can't be used to automatically push
security settings to mobile devices. For devices running Apple's iOS operating system, security
settings can be distributed in a configuration profile. The profile can be defined so that only an
administrator can delete the profile, or you can lock the profile to the device so that it cannot be
removed without completely erasing the device. However, this option relies on the end user to
install the profile, which can be problematic. It's also not a dynamic strategy; making even the
smallest change to your mobile device security policies requires a great deal of effort.
Join the tablets to a Windows domain
Require uses to install the configuration profile
Configure and distribute security settings in a configuration profile
Configure security settings in a Group Policy object
Configure and apply security policy settings in a mobile device management system
Enroll the devices in a mobile device management system
Extensible authentication protocol (EAP) is a set of interface standards that allows you to use
various authentication methods, including smartcards, biometrics, and digital certificates.
Password authentication protocol (PAP) transmits login credentials in cleartext. Challenge
handshake authentication protocol (CHAP) protects login credentials using a hash and allows for
periodic re-authentication. Point-to-point protocol (PPP) and serial line interface protocol (SLIP)
are not remote access authentication protocols; they are used to establish the connection, but do
not provide authentication.
You should change the administrative password used by the AP. Many AP manufacturers use a
default administrative user name and password that are well known. If you don't change these
parameters, anyone connecting to the AP can easily guess the password required to access the
AP's configuration utility.
Isolate the AP from the client's wired network
Implement MAC address filtering
Change the administrative password on the AP
Change the channel used by the AP's radio signal
802.1x authentication is an authentication method used on a LAN to allow or deny access based
on a port or connection to the network. 802.1x is used for port authentication on switches and
authentication to wireless access points. 802.1x requires an authentication server for validating
user credentials. This server is typically a RADIUS server. Authenticated users are allowed full
access to the network; unauthenticated users only have access to the RADIUS server.
Port security uses the MAC address to allow or deny connections based on the MAC address of
the device, not user authentication. Spanning tree is a protocol for identifying multiple paths
through a switched network. IPsec is a tunneling protocol that adds encryption to packets.
Use port security on a switch to restrict the devices that can connect to a switch. Port security
uses the MAC address to identify allowed and denied devices. When an incoming frame is
received, the switch examines the source MAC address to decide whether to forward or drop the
Port security cannot prevent sniffing or MAC address spoofing attacks. Use an access list on a
router to control sent and received packets.
You want to prevent MAC address spoofing.
You want to restrict the devices that could connect through a switch port.
You want to prevent sniffing attacks on the network.
You want to control the packets sent and received by a router.
A switch will only forward packets to the switch port that holds a destination device. This means
that when your packet sniffer is connected to a switch port, it will not see traffic sent to other
switch ports. To configure the switch to send all frames to the packet sniffing device, configure
port mirroring on the switch. With port mirroring, all frames sent to all other switch ports will be
forwarded on the mirrored port.
Promiscuous mode configures a network adapter to process every frame it sees, not just the
frames addressed to that network adapter. In this scenario, you know that the packet sniffer is
running in promiscuous mode because it can already see frames sent to other devices.
Bonding logically groups two or more network adapters to be used at the same time for a single
logical network connection. Spanning tree runs on a switch and ensures that there is only one
active path between switches, allowing for backup redundant paths.
Network communication security settings are configured in the Computer Policies section of a
Built-in containers (such as the Computers container) and folders cannot be linked to a GPO.
Create a GPO computer policy for the Computers container.
Create a GPO computer policy for the computers in the Development OU.
Create a GPO folder policy for the folders containing the files.
Create a GPO user policy for the Development OU.
SSH File Transfer Protocol uses Secure Shell (SSH) to provide security for authentication and data
FTPS uses SSL to secure FTP traffic. You can also secure FTP traffic by establishing an IPsec
tunnel between the client and the server, but IPsec is established independently of FTP.
A firewall log identifies traffic that has been allowed or denied through a firewall. You can detect
attempted attacks by examining firewall logs and looking for traffic allowed or blocked by the
A security log records information related to logons, such as incorrect passwords being used, and
the use of user rights. An application log records actions performed by an application. A
performance log records information about the use of system resources.
The best protection is to save log files to a remote server. In this way, compromise of a system
does not provide access to the log files for that system.
Configuring permissions on the log files would allow access for only the specified user accounts.
However, if an attacker has gained access to the system, he might also have access to the user
accounts that have been given access to the log files. Encrypting the log files protects the
contents from being read, but does not prevent the files from being deleted. Hashing of log files
ensures integrity for the files to prove that the files have not been altered since they were
Configure permissions on the log files to prevent access
Take a hash of the log files
Encrypt the log files
Use syslog to send log entries to another server
A best practice to secure log files is to save the archived logs to a remote log server. Archived log
server considerations include:
• The amount of disk space required to save the files on the server.
• Backup requirements on the server.
• Time stamping to ensure that the computer generating the event and the computer where
the logs are saved have common system clocks.
• Integrity of the logs to ensure logs have not been modified.
Retention policies and disk space available for saving files is a consideration on the syslog server,
not on the individual syslog clients. A fast network connection is not a requirement for using a
remote logging solution.
Retention policies on the syslog client
A fast network connection
Disk space on the syslog server
Clock synchronization between all devices
Virus detection software can almost eliminate the threat of viruses on your network. Versions
exist that automatically update virus databases every time you connect to the internet. A network
solution is preferable because it is less expensive and easier to administer than individual
Install a firewall.
Install a network virus detection software solution.
Allow users to access the internet only from terminals that are not attached to the main network.
Disconnect the user from the internet.
A host-based IDS is installed on a single host and monitors all traffic coming in to the host. A
host-based IDS can analyze encrypted traffic because the host operating system decrypts that
traffic as it is received.
A network-based IDS is a dedicated device installed on the network. It analyzes all traffic on the
network. It cannot analyze encrypted traffic because the packet contents are encrypted so that
only the recipient can read the packet contents.
A protocol analyzer examines packets on the network, but cannot look at the contents of
encrypted packets. A port scanner probes a device to identify open protocol ports. A VPN
concentrator is a device used to establish remote access VPN connections.
Apple App Storeで表示するTopgradeアプリを選択します。