Chapter 5. Implementing and Maintaining a Secure Network

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

• 1.3 Implement OS hardening practices and procedures to achieve workstation and server security.

  • Hotfixes

  • Service packs

  • Patches

  • Patch management

  • Group policies

  • Security templates

  • Configuration baselines

• 2.1 Differentiate between the different ports and protocols, their respective threats and mitigation techniques.

  • DNS poisoning

  • ARP poisoning

• 2.3 Determine the appropriate use of network security tools to facilitate network security.

  • Internet content filters

• 2.4 Apply the appropriate network tools to facilitate network security.

  • Internet content filters

• 3.7 Deploy various authentication models and identify the components of each.

  • LDAP

• 4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.

• 4.4 Use monitoring tools on systems and networks and detect security-related anomalies.

  • Performance monitor

  • Systems monitor

  • Performance baseline

• 4.7 Conduct periodic audits of system security settings.

  • Group policies

• 5.1 Explain general cryptography concepts.

  • Whole disk encryption

The operating systems, applications, and network products you deal with are usually secure when they're implemented the way the manufacturer intends. This chapter deals with the process of ensuring that the products you use are as secure as they can be.

The primary focus of this chapter is hardening. Hardening refers to the process of reducing or eliminating weaknesses, securing services, and attempting to make your environment immune to attacks. Typically, when you install operating systems, applications, and network products, the defaults from the manufacturer are to make the product as simple to use as possible and allow it to work with your existing environment as effortlessly as possible. That isn't always the best scenario when it comes to security.

In this chapter, you'll learn the general process involved in securing or hardening the systems, network, and applications that are typically found in a business. This chapter also develops the issues of threats to your network and the concept of developing a security baseline.