Be able to describe the various aspects of information security. Ensuring a secure network involves good design, implementation, and maintenance. The information in your organization is potentially vulnerable to both internal and external threats. Identify these threats and create methods of countering them before they happen.
Be able to identify the potential physical, operational, and management policy decisions that affect your information security efforts. It isn’t good enough to have a plan if the plan is unsound or has gaping holes. You must make sure that the plans you develop and the procedures you follow to ensure security make sense for the organization and are effective in ...view middle of the document...
Be able to identify the various access control methods used in systems and networks. Three primary access control methods are used in computer systems today: MAC, DAC, and RBAC. The MAC method establishes all connections and relationships between users statically. The DAC method allows the user to have some control over what information and resources are accessible. The RBAC method sets access levels and permissions based on the role the user plays in a particular situation or job.
Be able to identify which services and protocols should be offered and which should not. Many protocols and services offered in modern operating systems offer little if any security. These protocols and services may also be vulnerable to attack or offer no encryption in the logon process. Services that should be offered include only those that are necessary for legitimate business needs.
Be able to identify the design goals of any security topology. The design goals of a security topology must take into consideration the need for confidentiality, integrity, and availability. These three aspects are called the CIA of security topology. Additionally, you must consider issues of accountability. Who owns the data or is responsible for verifying that it is accurate?
Be able to identify the characteristics of the three types of commonly used security zones. The three common security zones in place are the Internet, intranets, and extranets. The Internet offers low security. Intranets are considered high security, and extranets may be low to high security. Any time you connect your network to another network, you increase the vulnerability of your network. One of the primary tools you can use to isolate less secure resources from more secure resources is a DMZ.
Be able to identify the differences and characteristics of the technologies available to you. A network can be segmented and VLANs can be created to improve security. NAT presents only one Internet address to the world, hiding the other elements of the network. Tunneling allows you to make relatively secure connections to other networks using the Internet.
Be able to identify the four business requirements of a network security design. Asset Identification, Risk Assessment, Threat identification, and Vulnerabilities are the four primary business requirements that must be considered in a security design.
Be able to describe the various types of attacks to which your systems are exposed. Your network is vulnerable to DoS attacks caused by either a single system or multiple systems. Multiple system attacks are called distributed DDoS. Your systems are also susceptible to access, modification, and repudiation attacks.
Be able to describe the methods used to conduct a back door attack. Back door attacks occur using either existing maintenance hooks or developmental tools to examine the internal operations of a program. These hooks are usually removed when a product is prepared for market or...