CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
5. Page 5
If properly set up and
reviewed, log files are an
effective tool in helping to
ensure the security of any
networked system.
Log files tend to generate a lot of information. Unfortunately, all to
often, they are not reviewed until after a security incident has
occurred. By carefully establishing the parameters that will be
logged, and properly training personnel on how to review the
logs, security can be enhanced.
Even if an incident occurs, there is a greater possibility of it being
discovered earlier if log files are reviewed on a regular basis. The
earlier an incident is discovered, the easier it will be for the
response team to contain the damage.
Security enhancement techniques.
6. Page 6
– Monitoring system logs.
» Event log: records system events that usually require user
interaction.
» Audit log: a summary log file of other log files that has been
configured by an administrator to record and report significant
events.
» Security log: records security events that have occurred on the
system.
» Access log: most network devices can log who has accessed
the system and when the access occurred.
– Hardening individual systems.
» Security personnel should strive to harden all systems against
attacks.
• Disable unnecessary services.
• Disable unnecessary user accounts.
• Protect management interfaces and applications.
• Use password protection on all critical systems.
Security enhancement techniques.
7. Page 7
– Employ network security measures.
» Security personnel should strive to harden all networks against
attacks.
• Implement MAC limitations and filtering on switch and router
interfaces.
• Disable all unused switch and router interfaces.
• Whenever possible, use strong authentication protocols (e.g.,
802.1x).
• Conduct periodic site surveys, both wireless and wired, to
detect and remove rogue (non-authorized) systems.
– Establish a security posture.
» An initial baseline of the security configuration must be created
and reviewed on a periodic basis. All systems brought online
must meet or exceed the initial security baseline.
» Continuous security monitoring should be conducted to ensure
that all systems continue to meet or exceed the baselines that
have been established.
» As new vulnerabilities become known, they must be removed
(remediated) and the security baseline updated.
Security enhancement techniques.
9. Page 9
Along with log files, there
are other reporting methods
that can be used to enhance
the security of both a
network and a facility.
Alarms should be placed on all access points to critical areas of the
facility, including unmanned fire exits, server rooms, and network
equipment rooms.
Alerts should be enabled on all networking equipment and
applications that report access, both authorized and unauthorized,
to the appropriate administrator(s).
When reviewing monitoring logs, security personnel should create
graphs that show activity. These graphs can be used to establish
current trends in use, access, security events, etc. These trend
graphs make it easier to spot anomalies in activities.
Security enhancement techniques.
10. Page 10
– IDS (intrusion detection system) vs. IPS
(intrusion prevention system).
» An IDS is a passive system that is designed to detect
unauthorized system intrusions or attacks on a system.
• It is configured to only notify administrators when an event
occurs.
» An IPS is an active system that is designed to detect
unauthorized system intrusions or attacks on a system.
• It is configured to take specific actions upon detection of an
event and to notify administrators when an event occurs.
– Camera vs. guard.
» Cameras are a passive system that can be used to detect when
an intrusion or security incident has occurred at a facility.
» Guards are an active system that can be used to detect and
respond to an intrusion or security incident at a facility.
Security enhancement techniques.
11. Page 11
Security enhancement techniques.
If properly set up and reviewed, log files can be used to enhance the
security of any networked system. Additional enhancements that can be
used include: monitoring log files, hardening individual systems, employing
network security measures, and establishing a security posture.
Topic
Network security
enhancement techniques.
Summary
Reporting methods can be used to enhance the security of a network
system or facility. Reporting methods can include: alarms, alerts, and trend
reports. An IDS is a passive system used to report on security incidents
within a network. An IPS is an active system used to report and act on
security incidents within a network. Cameras are a passive detection
system, while guards represent an active detection system within a facility.
Detection controls vs.
prevention controls.
13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.