What is data encryption?
Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered. Encryption provides for a secure means of transmitting data and authenticating users. It is also used to store data securely. Encryption uses different types of cipher and one or more keys. The size of the key is one factor in determining the strength of the encryption product.
What is the purpose of data management policies?
Its what an organization uses to govern data through its lifecycle.
Aspects of this management include data creation (applications), internal data storage (file servers or databases), external data storage (on-premises vs. off-site), data backup, data security (permissions, encryption), data policies (acceptable use), and data transmission (network encryption).
What are the goals of encryption?
Confidentiality: Making data available only to authorized users.
Confidentiality provides privacy and is a common use of encryption.
Integrity: Ensuring that data has not changed unexpectedly.
You can run the command md5sum to generate a hash result so you can compare if a file was changed.
ex. md5sum file1.txt
Non-repudiation: Ensuring that a particular transaction cannot be denied or renounced. (you cant say this wasn’t sent)
What are the 2 different times when data encryption protects information?
When data is in transit and when it is at rest.
What are some tools that provide encryption for network communication? (Data in Transit)
SSH- used primarily for remote administration
HTTPS-secure, mainly used for encrypted web browsing
RDP-encrypts the remote desktop connection when used for remote administration with Windows Servers
What are the 2 approaches for protecting data at rest?
drive/partition encryption and file encryption.
Ex of drive encryption:
-Microsoft BitLocker
-Linux LUKS (Linux Unified Key Setup)
Ex of file encryption:
-Microsoft Encrypting File System (EFS)
-TrueCrypt (Linux, Windows, macOS)
-7Zip (Linux, Windows)
-GnuPG (Linux)
What are data retention policies?
The process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations.
Companies should retain data as long as required and no longer.
Retaining data for longer than necessary incurs storage and management costs that do not contribute to the organization’s business objectives.
In some cases, legal or regulatory requirements govern data retention policies.
It is critical to track this data in the case of subpoenas.
What is the difference between having on site storage and on site storage?
On-site storage: Business retains control, and sysadmins must be security experts
Off-site storage: Business gives up some control and relies on the security expertise of the remote storage staff
How do boot loader passwords and UEFI/BIOS passwords add additional data security measures?
UEFI/BIOS: you can disable things like physical ports and keep the boot order to the DAS or PXE so threat actors cant access, putting a password ensures these cannot be changed.
Bootloader PW: The boot loader manages the startup of the OS, configuring a PW prevents unauthorized users from making changes to OS startup setting that can expose data threat actors want to access.
What are things that affect your risk mitigation techniques?
Industry and government regulations
Industry- The management of PII and the PCI DSS requirements may require additional research by the security team and the legal team.
Government regulations may have additional regulations and constraints that govern your particular industry.
What are PII primary and secondary Identifiers?
Primary:
-social security
-passport information
-drivers license
- bank information
Secondary:
-name
-phone #
-credit card #
What are things to consider when doing general troubleshooting?
Resource access- these issues are frequently tied to permissions, ensure permissions are correctly set. Viruses and other malware can affect users access to resources.
Group Policy- Misconfigured group policy settings impact firewalls, services, applications, antimalware, and other data loss preventions configurations.
Firewall Configurations- Misconfigured firewall settings can cause users to be unable to access network resources.
Firewalls can also be configured to be too open, ports that are opened and unused expose the server to unauthorized access.
Service Configuration- Services enable or disable additional functionality on the server. Service misconfiguration that disables essential services limits the servers functionality.
What tool is used to ensure firewalls and services are configured correctly?
port scanners
What’s is another tool besides port scanners that ensure firewalls are configured correctly?
packet sniffers.
-
Server Admin Concepts8
-
Virtualization and cloud computing22
-
Physical and Network Security Concepts22
-
Managing Physical Assets45
-
Managing Server Hardware38
-
Configuring Storage Management36
-
Installing and Configuring an Operating system52
-
Troubleshooting OS, Application, and Network Configurations43
-
Managing Post- Installation Administrative tasks58
-
Managing Data Security16
-
Managing Service and Data Availiblity47
-
Decommissioning Servers6
