Logical Security Concepts | CompTIA A+ 220-1002 | 2.2

In this video you will learn about logical security concepts pertaining to safeguarding and protecting information systems & data.

Active Directory

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management, but later it became an umbrella title for a broad range of directory-based identity-related services that can determine what people can see and do within a domain network. The basics of Active Directory are as follows:

  • Login Script:  Series of instructions that a workstation follows every time a user logs onto a network. Some of these instructions are virus updates, drive mapping, and printer assignments.
  • Domain:  A logical grouping of computers. The computers in a domain can share physical proximity on a small LAN or they can be located in different parts of the world.
  • Group Policy:  A feature that controls the working environment of user and computer accounts. Group Policy Object (GPO) provides centralized management & configuration of operating systems, applications, and users’ settings in an Active Directory environment.
  • Organizational Unit (OU): An OU provides a way of classifying objects located in directories, or names in a digital certificate hierarchy, typically used either to differentiate between objects with the same name, or to parcel out authority to create and manage objects. Example, the HR department may be assigned to an OU with certain privileges, and the IT department may be assigned to another with a different set of privileges.
  • Home Folder:  Also known as a home directory, is a user’s private folder for storing personal files locally; which may be accessible by a network administrator as well.
  • Folder Redirection:  In computing, specifically in the context of Microsoft Windows OS, Microsoft refers to folder redirection when automatically rerouting I/O to/from standard folders (directories) to use storage elsewhere on a network. It allows for the work done by an OU to be saved on a common folder in the domain as directed by the administrator instead of the user.

Software Tokens

A software token is a piece of a two-factor authentication security device that may be used to authorize the use of computer services. Software tokens are stored on a general-purpose electronic device such as a desktop, laptop, PDA, or mobile phone and can be duplicated. Because software tokens are something one does not physically possess (unlike a hardware token), they are exposed to unique threats based on duplication of the underlying cryptographic material, such as computer viruses and software attacks. An example of a software token is the Google Authenticator app that is downloaded to a device which provides a shared secret key which must be utilized in conjunction with a username and password to gain access a system.

Google Authenticator

MDM Policies

Mobile Device Management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. These products push updates and allow an administrator to configure many mobile devices from a central location.

Port Security

Port security helps secure the network by preventing unknown devices from forwarding TCP or UDP packets. Turning off unused ports on devices such as firewall or switches makes it harder for hackers to gain access to a machine.

Port Security

MAC Address Filtering

MAC (media access control) filtering refers to a security access control method whereby the MAC address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While MAC filtering does give a network some additional protection, it can be circumvented by using a packet analyzer to find a valid MAC address and then using MAC spoofing software to access the network using that MAC address because MAC addresses are not encrypted. If a network adapter is already installed, enter ipconfig /all at a command prompt to display the MAC address.

MAC Filtering

Certificates

A digital certificate is a unique, digitally signed document which authoritatively identifies the identity of an individual or organization. Using public key cryptography, its authenticity can be verified to ensure that the software or website you are using is legitimate. On the internet, a certificate is signed by a trusted CA (certificate authority), and verified with the authority’s public key. The decrypted certificate contains a verified public key of the certificate holder (website operator), with which encrypted HTTPS communications can be established. When trying to install an app from an unknown website, most operating systems will present a warning message informing you that the site doesn’t have a verified digital certificate and to then proceed with caution or the OS may just block the installation of the app altogether. In Windows 10 the Certificate Manager keeps track of and checks certificates. To access Certificate Manager in Windows 10, click the Start button, type certmgr.msc in the search field, and press Enter.

Certificate Manager

Antivirus/Anti-Malware

Antivirus/anti-malware is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect users from:

  • Ransomware
  • Keyloggers
  • Rootkits
  • Trojan horses
  • Worms
  • Adware
  • Spyware
  • Browser hijackers, etc.

Some of the leading antivirus/anti-malware software vendors are McAfee, Norton, and Trend, and Trend Micro for mobile operating systems such as iOS.

Firewalls

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.  A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the internet. Firewalls can be either software or hardware.  Firewalls are frequently incorporated into wireless routers, Microsoft Windows & mac OS. Software firewalls are also known as host firewalls.

Firewalls work like this:  A computer from outside the network attempts to gain access to a server on the network that has a firewall.  The firewall blocks the incoming traffic from that computer because no computer from inside the network has sent a request to the outside computer.  A computer on the network sends a request to a remote server hosting a website. The remote server responds back to the computer on the network. Because the remote server is responding to a request from the network, the firewall permits the incoming traffic.

Firewall

User Authentication/Strong Passwords

User authentication is a process that allows a device to verify the identity of someone who connects to a network resource. Authenticating users mean making sure those who are logging in are truly who they say they are. One way to prove a user is who they say they are is to require the implementation of strong passwords to make access to a system more secure. The characteristics of strong passwords are as follows:

  • At least eight characters long
  • A variety of uppercase & lowercase letters, numbers, and symbols.
  • Do not include real names & words.

Multifactor Authentication

Multifactor authentication (MFA or 2FA (two-factor authentication)) is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (factors) to an authentication mechanism such as:

  • Knowledge (something only the user knows, i.e., a username/password)
  • Possession (something only the user has, i.e., a smart card)
  • Inherence (something only the user is, i.e., fingerprint)

MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets.

Multifactor Authentication

Directory Permissions

Most file systems have methods to assign permissions or access rights to specific users and groups of users. These permissions control the ability of the users to view, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made or hidden depending on a user’s permission level; this kind of user interface is referred to as permission-driven. In Windows, the directory term is referred to as file and folder permissions.

In Windows, file and folder permissions on the Security tab of the file/folder properties sheet include the following:

  • Full Control
  • Modify
  • Read & Execute
  • List folder contents (applies to folders only)
  • Read
  • Write

In Linux and macOS, directory permissions allow:

  • Read (opens file but no changes)
  • Write (able to read and change file)
  • Execute (runs executable file or opens directory)

In Linux, the chmod command is used to change directory permissions.  The Get Info menu’s Sharing & Permissions submenu in macOS is used to change directory permissions.

VPN

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.  A VPN connection requires a VPN server at the remote site and a VPN client at the client site. VPN traffic between client and server is encrypted and encapsulated into packets suitable for transmission over the network. VPN connections are often referred to as “tunnels” and the process of setting up a VPN as “tunneling”.

DLP

Data loss prevention software detects potential data breach/data ex-filtration transmissions (emails, instant messages, etc) and prevents them by monitoring, detecting and blocking sensitive data while in use (endpoint actions), in motion (network traffic), and at rest (data storage).

Access Control Lists

An access control list is a list of permissions associated with a system resource. An ACL specifies which user or system processes are granted access to objects, as well as what operations are allowed on given objects.

Smart Card

A smart card is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless (proximity cards), and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. To further enhance security, smart card security systems can also be multifactor, requiring the user to input a PIN or security password as well as provide the smart card at secured checkpoints.

Smart Card

Email Filtering

Email filtering is the processing of email to organize it to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly applying anti-spam techniques & the blocking of potentially dangerous messages. Filtering can be applied to incoming emails as well as to outgoing emails. Email filtering can be performed at the point of entry to a network or by enabling spam and threat detection features built into email clients or security software.

Trusted/Untrusted Software Sources

Trusted software sources are software providers that hav been vetted and approved by an operating system and awarded digital certificates to prove their authenticity. Untrusted software sources are the complete opposite and the installation of the untrusted software could possibly be blocked by certain operating systems.

Principle of Least Privilege

The principle of least privilege requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose. In layman’s terms, the principle means giving a user account or process only those privileges which are essential to perform its intended job or function. For example, a user account for the sole purpose of creating backups does not need to install software: hence, it has rights only to run backups and backup-related applications. Any other privileges, such as installing new software, are blocked.