CompTIA CSA+ Study Guide. Mike Chapple

Читать онлайн книгу.

CompTIA CSA+ Study Guide - Mike Chapple


Скачать книгу
includes disabling any unnecessary services on the endpoints to reduce their susceptibility to attack, ensuring that secure configuration settings exist on devices and centrally controlling device security settings. Patch management ensures that operating systems and applications are not susceptible to known vulnerabilities. Group Policy allows the application of security settings to many devices simultaneously, and endpoint security software protects against malicious software and other threats.

      Penetration tests provide organizations with an attacker’s perspective on their security. The NIST process for penetration testing divides tests into four phases: planning, discovery, attack, and reporting. The results of penetration tests are valuable security planning tools, since they describe the actual vulnerabilities that an attacker might exploit to gain access to a network.

      Reverse engineering techniques attempt to determine how hardware and software functions internally. Sandboxing is an approach used to detect malicious software based on its behavior rather than its signatures. Other reverse engineering techniques are difficult to perform, are often unsuccessful, and are quite time-consuming.

      Lab Exercises

Activity 1.1: Create an Inbound Firewall Rule

      In this lab, you will verify that the Windows Firewall is enabled on a server and then create an inbound firewall rule that blocks file and printer sharing.

      This lab requires access to a system running Windows Server 2012 or Windows Server 2012 R2.

Part 1: Verify that Windows Firewall is enabled

      1. Open the Control Panel for your Windows Server.

      2. Choose System And Security.

      3. Under Windows Firewall, click Check Firewall Status.

      4. Verify that the Windows Firewall state is set to On for Private networks. If it is not on, enable the firewall by using the “Turn Windows Firewall on or off” link on the left side of the window.

Part 2: Create an inbound firewall rule that blocks file and printer sharing

      1. On the left side of the Windows Firewall control panel, click “Allow an app or feature through Windows Firewall.”

      2. Scroll down the list of applications and find File And Printer Sharing.

      3. Uncheck the box to the left of that entry to block connections related to File And Printer Sharing.

      4. Click OK to apply the setting.

      Note: You should perform this lab on a test system. Disabling file and printer sharing on a production system may have undesired consequences.

Activity 1.2: Create a Group Policy Object

      In this lab, you will create a Group Policy Object and edit its contents to enforce an organization’s password policy.

      This lab requires access to a system running Windows Server 2012 or Windows Server 2012 R2 that is configured as a domain controller.

      1. Open the Group Policy Management Console. (If you do not find this console on your Windows 2012 Server, it is likely that it is not configured as a domain controller.)

      2. Expand the folder corresponding to your Active Directory forest.

      3. Expand the Domains folder.

      4. Expand the folder corresponding to your domain.

      5. Right-click the Group Policy Objects folder and click New on the pop-up menu.

      6. Name your new GPO Password Policy and click OK.

      7. Right-click the new Password Policy GPO and choose Edit from the pop-up menu.

      8. When Group Policy Editor opens, expand the Computer Configuration folder.

      9. Expand the Policies folder.

      10. Expand the Windows Settings folder.

      11. Expand the Security Settings folder.

      12. Expand the Account Policies folder.

      13. Click on Password Policy.

      14. Double-click Maximum password age.

      15. In the pop-up window, select the Define This Policy Setting check box and set the expiration value to 90 days.

      16. Click OK to close the window.

      17. Click OK to accept the suggested change to the minimum password age.

      18. Double-click the Minimum Password Length option.

      19. As in the prior step, click the box to define the policy setting and set the minimum password length to 12 characters.

      20. Click OK to close the window.

      21. Double-click the Password Must Meet Complexity Requirements option.

      22. Click the box to define the policy setting and change the value to Enabled.

      23. Click OK to close the window.

      24. Click the X to exit Group Policy Editor

      You have now successfully created a Group Policy Object that enforces the organization’s password policy. You may apply this GPO to users and/or groups as needed.

Activity 1.3: Write a Penetration Testing Plan

      For this activity, design a penetration testing plan for a test against an organization of your choosing. If you are employed, you may choose to use your employer’s network. If you are a student, you may choose to create a plan for a penetration test of your school. Otherwise, you may choose any organization, real or fictitious, of your choice.

      Your penetration testing plan should cover the three main criteria required before initiating any penetration test:

      ● Timing

      ● Scope

      ● Authorization

      One word of warning: You should not conduct a penetration test without permission of the network owner. This assignment only asks you to design the test on paper.

Activity 1.4: Security Tools

      Match each of the security tools listed in this table with the correct description.

      Конец ознакомительного фрагмента.

      Текст предоставлен ООО «ЛитРес».

      Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.

      Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.

      1

      C. These three TCP ports are associated with SSH (22), HTTPS (443), and Oracle databases (1521). Other ports mentioned in the potential answers are SMTP (25), NetBIOS (137–139), MySQL (3306), WINS (1512), FTP (20 and 21), and MS-SQL (1433/1434).

      2

      D. Regional Internet registries like ARIN are best queried either via their websites or using tools like Whois. Nmap is a useful port scanning utility, traceroute is used for testing the path packets take to a remote system, and regmon is an outdated Windows Re

1

C. These three TCP ports are associated with SSH (22), HTTPS (443), and Oracle databases (1521). Other ports mentioned in the potential answers are SMTP (25), NetBIOS (137–139),


Скачать книгу