Securing individual systems

RAID configurations can enhance the performance and availability of stored data, depending on the level of RAID used. In this demo, software RAID level 1 (disk mirroring) is configured in Linux.

All IT solutions, in the end, run on hardware somewhere. Restricting physical access to IT hardware such as through locked server rooms and encryption of data at rest provide a layer of security.

CompTIA Security+ establishes the core knowledge required of any cybersecurity role and provides a jumping point to intermediate-level cybersecurity jobs. Security+ Lab incorporates best practices in hands-on trouble-shooting to ensure security professionals have practical security problem-solving skills. This Lab aids the CompTIA Security+ training set by providing several challenges specially crafted to convey the concept of Authentication Management and Access Control Schemes clearly and comprehensively.

‘AAA is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.’

Distributed Denial of Service (DDoS) attacks use collections of infected bots, or zombies in a botnet, to flood victims hosts or networks. Bots periodically contact a malicious-user controlled command and control server.

Malicious actors can trick victims into installing malicious code such as driver shims. Software programming flaws related to memory allocation can result in security threats. Secure coding, patching, and user awareness go a long way in mitigating these types of security issues.

A lack of secure configurations for networks, devices, and hosts results in an increased attack surface. Default settings, especially credentials, should not be used. Deprecated security protocols such as WEP and SSL should also be avoided.

Securing hosts properly should involve both a proactive and a reactive approach. This episode discusses what can be done about zero-day attacks.

Monitoring the network for intrusions is paramount to ensure a timely mitigation. This episode presents a monitoring scenario that requires the view to identify which type of attack took place.

In the enterprise, endpoint detection and response solutions report to a centralized SIEM solution when abnormal activity, including malware, is detected on hosts and devices. Intrusion detection and prevention systems (IDS/IPS) are the engine for this type of solution and can be configured with allow/deny lists.

Data availability, including through disk redundancy, is an aspect of IT security. There are various RAID levels that organize physical disks together to provide performance and/or fault tolerant benefits.

Username and password authentication remains common, as do related dictionary and brute-force attacks. Account lockout threshold can mitigate password attacks other than password spraying attacks.

Staying up-to-date with the latest types of security attacks is form of attack mitigation. Keeping systems hardened helps protect against zero-day attacks. Software develops must adhere to secure coding practices to ensure deployed code does not contain security flaws.

Malicious software is referred to as malware and includes various types including ransomware, fileless viruses, worms, keyloggers, and trojan horses. Infected computers that periodically contact command and control servers are called bots or zombies.