A+ Core 2 Certification Cram Notes : Security

2.1 Summarize the following security measures and their purposes

Explain the following Logical security processes/methods

1. Principle of least privilege: This security principle limits the access of users and processes to only those resources necessary to perform their work. This minimizes the potential damage in the event of a security breach.

2. Access control lists (ACLs): ACLs are used to define and manage access to resources, such as files and folders, based on the user or group attempting to access them.

3. Multifactor authentication (MFA): MFA requires users to provide multiple forms of authentication to access a system or resource. This can include a password, a smart card, or a biometric scan.

4. Email: Email security involves protecting messages and attachments from unauthorized access, modification, and disclosure.

5. Hard token: A hard token is a physical device, such as a USB key, that generates one-time passwords for authentication.

6. Soft token: A soft token is a software application that generates one-time passwords for authentication, typically installed on a mobile device.

7. Short message service (SMS): SMS is a text messaging service used for sending messages to mobile devices. It can be used for two-factor authentication.

8. Voice call: Voice call is a communication method that can be used for two-factor authentication.

9. Authenticator application: An authenticator application is a software application that generates one-time passwords for authentication, typically installed on a mobile device.

Mobile device management (MDM)

Mobile device management is a security and management solution that allows organizations to manage and secure mobile devices used by employees.

MDM can be used to enforce security policies, deploy applications, and manage device configurations across a fleet of mobile devices.

MDM software is typically installed on a server, and devices can be enrolled into the MDM system using a variety of methods.

Active Directory

Active Directory is a directory service that is used by Microsoft Windows networks to store information about users, groups, computers, and other network resources.

Active Directory provides a centralized location for managing network resources, and allows administrators to control access to resources based on user and group permissions.

Some of the key features of Active Directory include login scripts, domain management, group policy updates, organizational units, home folders, folder redirection, and security groups.

2.2 Explain the following wireless security protocols and authentication methods

Protocols and encryption

WiFi Protected Access 2 (WPA2): This is a security protocol that secures wireless networks by encrypting data transmission over the network using either AES or TKIP encryption.

WPA3: This is the latest security protocol that provides more robust encryption and protection against offline attacks. It also includes a new handshake protocol that makes it harder for attackers to crack passwords.

Temporal Key Integrity Protocol (TKIP): This is an older encryption protocol that was used with WPA and WPA2 to secure wireless networks. It is not as secure as AES encryption.

Advanced Encryption Standard (AES): This is a secure encryption protocol that is used with WPA2 and WPA3 to encrypt data transmission over wireless networks.

Authentication methods

Pre-shared key (PSK): This is a simple authentication method that uses a password or passphrase to authenticate users and devices on a wireless network.

802.1X: This is a more secure authentication method that uses digital certificates and a backend authentication server to authenticate users and devices on a wireless network.

Extensible Authentication Protocol (EAP): This is a framework for providing different types of authentication methods for wireless networks, including 802.1X authentication.