Exam Essentials

Previous page
Table of content
Next page

Be able to describe the various aspects of information security. Ensuring a secure network involves good design, implementation, and maintenance. The information in your organization is potentially vulnerable to both internal and external threats. Identify these threats and create methods of countering them before they happen.

Be able to identify the potential physical, operational, and management policy decisions that affect your information security efforts. It is not good enough to have a plan if the plan is unsound or has gapping holes in it. Your must make sure that the plans you develop and procedures that you follow to ensure security make sense for the organization and are effective in addressing the needs of the organization.

Be able to explain the relative advantages of the technologies available to you for authentiation. You have many tools available to establish authentication processes. Some of these tools start with a password and user ID. Others involve physical devices or the physical characteristics of the person who is requesting authentication. This area is referred to as I&A.

Be able to explain the relative capabilities of the technologies available to you for network security. You have the ability in most situations to create virtual LANs, create connections that are encrypted, and isolate high-risk assets from low-risk assets. You can accomplish this using tunneling, DMZs, and network segmenting.

Be able to identify and describe the goals of information security. The three primary goals of information are Prevention, Detection, and Response. Your policies and systems must include these three aspects of information security in order to be effective. Ideally you want to prevent a security breach. If a breach happens, you want to have methods to detect and respond to them in as quick a manner as is possible.

Be able to describe the process and mechanisms that can be used to implement a secure environment. Antivirus software, Access Control, and Authentication are the three primary methods you have to implement a secure environment.

Be able to identify the various access control methods used in systems and networks. Three primary access control methods are used in computer systems today. These methods are MAC, DAC, and RBAC. The MAC method establishes all connections and relationships between users statically. The DAC method allows the user to have some control over what information and resources are accessible. The RBAC method sets access levels and permissions based upon the role that the user plays in a particular situation or job.

Be able to identify which services and protocols should be offered and which should not. Many protocols and services offered in modern operating systems offer little if any security ability. These protocols and services may also be vulnerable to attack or offer no encryption in the logon process. Services that should be offered include e-mail, the Web, DNS, NNTP, and ICMP. Services that should not be offered, or offered on a very limited basis, include NetBIOS, NFS, Telnet, and FTP.

Be able to identify the design goals of any security topology. The design goals of a security topology must take into consideration the needs for Confidentiality, Integrity, and Availability. These three aspects are called the CIA of security topology. Additionally, you must consider issues of accountability. Who owns the data or is responsible for verifying that it is accurate?

Be able to identify the characteristics of the three types of commonly used security zones. The three common security zones in place are the Internet, Intranet, and Extranet. Internets are considered to offer low security. Intra- nets are considered high security, and Extranets may be low to high security. Any time you connect your network to another network, you increase the vulnerability of your network. One of the primary tools you can use to isolate less secure resources from more secure resources is a DMZ.

Be able to identify the differences and characteristics of the technologies available to you. A network can be segmented and VLANs can be created to improve security. NAT presents only one Internet address to the world, hiding the other elements of the network. Tunneling allows you to make relatively secure connections to other networks using the Internet.

Be able to identify the four business requirements of a network security design. Asset Identification, Risk Assessment, Threat identification, and Vulnerabilities are the four primary business requirements that must be considered in a security design.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
The Complete Cisco VPN Configuration Guide
Java How to Program (6th Edition) (How to Program (Deitel))
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Quantitative Methods in Project Management
MPLS Configuration on Cisco IOS Software
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy