More 298 notes

PsoasmanPsoasman Senior MemberMember Posts: 2,687 ■■■■■■■■■□
Here is another section.

23. EMS provides a way to remotely recover a server that cannot be recovered by other means.
24. Manage administrative risks by:
a. Developing secure work practices.
b. Limiting administrative powers.
c. Locking down admin tools.
25. You should apply as many technical controls as possible; this includes forests, domains, and OUs.
26. Use separation of duties to provide security.
27. Reduce the attack area by disabling unnecessary services and software.
28. Monitor all admin tasks.
29. EMS must be secured by securing the out-of-band infrastructure.
30. Autonomy is external control is possible even while local control is the way things are done.
31. Isolation is where there is a clear boundary, in which there is no way for admins to administer another.
32. A security update process is necessary, includes patching the OS, infrastructure, and applications.
33. SUS can automatically download updates and deploy to clients.
34. Monitor patch management by using MBSA.
35. You cannot add SP or drivers for SUS to deploy.
36. SUS works with 2k, 2k3, and XP.
37. Creating a logical authentication design doesn’t always mean standardizing on a single authentication protocol.
38. Know the weaknesses, strengths of the protocols you use.
39. Forest trusts provide a way to quickly open access between forests w/o having to create multiple trust relationships.
40. External and forest trusts can be restricted by using:
a. Selective authentication
b. TopLevelExclusion
c. Disabling domain info records.
41. To design a strong password policy, you must use more than technical controls.
42. Consider the impact of each setting on the password policy.
43. You can obtain SSO and some interoperability between UNIX and windows systems and you can standardize the account policy for UNIX systems on the windows-implemented policy by providing AD accounts for UNIX workstation users, creating keys for the encryption of Kerberos messages between UNIX and KDC and configuring Kerberos on UNIX w/s.
44. Consider carefully using legacy authentication systems like LM.
45. The VPN protocol depends on:
a. The OS and the organization’s willingness to add client software.
b. The requirement for security level and speed of implementation.
c. The existing certificate infrastructure or the ability to acquire one.
46. VPN network infrastructure must be considered in the development of technical solutions. Particular attention must be paid to firewall and NAT server location and configuration.
47. Network access quarantine control can provide additional protection for networks that are remotely accessed.
48. 48. Trust infrastructure must support proposed VPN connections when certificates are required.
Sign In or Register to comment.