SlideShare a Scribd company logo

Study notes for CompTIA Certified Advanced Security Practitioner (ver2)

David Sweigert
David Sweigert

Uploaded as a courtesy by: Dave Sweigert

Internet
1 of 12
Notes for the CompTIA CASP exam Posted as a courtesy by: Dave Sweigert, CEH, CISSP, CISA, HCISPP, PCIP, PMP, SEC+ March 20, 2017 (Version Tw0) 1. vTPM Virtual Trusted Platform Module (vTPM). A vTPM is a software module that performs the function of a Trusted Platform Module (TPM). The TPM is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The vTPM makes secure storage and cryptographic functions available to operating systems and applications running in virtual machines. NOTE: BitLocker disk encryption normally requires a TPM on Windows. Microsoft’s EFS encryption can never use a TPM. The new “device encryption” feature on Windows 10 and 8.1 also requires a modern TPM, which is why it’s only enabled on new hardware. 2. SELinux Mandatory Access Control (MAC) MAC evolved out of the multi-level security (MLS) program at NSA and DoD. An NSA research project called SELinux added a Mandatory Access Control architecture to the Linux Kernel, which was merged into the mainline version of Linux in August 20031. NOTE: Red Hat Enterprise Linux version 4 (and later versions) come with an SELinux- enabled kernel. 3. Storage Area Network (SAN) A storage area network (SAN) is a network which provides access to consolidated, block level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear to the operating system as locally attached devices. A SAN typically has its own network of storage devices that are generally not accessible through the local area network (LAN) by other devices2. 1 https://en.wikipedia.org/wiki/Mandatory_access_control 2 https://en.wikipedia.org/wiki/Storage_area_network
4. Multiple O/S encryption on a single SDD A solid-state drive (SSD) is a nonvolatile storage device that stores persistent data on solid-state flash memory. Solid-state drives actually aren't hard drives in the traditional sense of the term, as there are no moving parts involved. A traditional hard disk drive (HDD) consists of a spinning disk with a read/write head on a mechanical arm called an actuator. An SSD, on the other hand, has an array of semiconductor memory organized as a disk drive, using integrated circuits (ICs) rather than magnetic or optical storage media. An SSD may also be referred to as a solid-state disk3. Windows 7: The first issue here is that the only versions of Windows 7 that support Bitlocker are Enterprise and Ultimate. If you have Windows 7 Pro, you're out of luck. You may also find issues on trying to boot the Windows 7 installer on a PC with UEFI, in which case you may have to drop back to legacy mode to work round this. Unlike Windows 8, if the PC doesn't have a Trusted Platform Module, the only way to unlock the Bitlocker drive on boot is to use a USB key. Without a TPM, you cannot use a password for Bitlocker in Windows 74. If the PC is using Windows 7 Ultimate or Enterprise, or Windows 8 Pro or Enterprise, you can use BitLocker, which comes with these versions of Windows. But you have to know what you're doing. BitLocker works best in an environment where a professional IT department serves users who may not know what the word encrypt means. You can set it up so that the user doesn't even know that the drive is encrypted. When they log into Windows with their password, they get access to the encrypted files. If they log into another account, or boot with another OS, the files are unreadable. What's more, if you need to reinstall Windows, or restore the files from a backup, you'll need a special digital key that's created when you encrypt the drive. That key has to be stored elsewhere and someone has to know where to find it5. 3 http://searchsolidstatestorage.techtarget.com/definition/SSD-solid-state-drive 4 http://www.stevenmaude.co.uk/posts/a-beginners-guide-to-os-encryption-dual 5 http://www.pcworld.com/article/2858642/you-can-encrypt-your-hard-drive-but-the-protection-may-not-be- worth-the-hassle.html
5. TOCTOU attacks In software development, time of check to time of use (TOCTTOU or TOCTOU, pronounced "TOCK too") is a class of software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. This is one example of a race condition.6 Time of check (TOC) — When the resource is inspected. For example, all data from the browser is considered “tainted” because a malicious user may have manipulated it. If the data passes a validation function, then the taint may be removed and the data permitted entry deeper into the app. For example, the app checks whether an email address is well-formed or text contains <script> tags. Time of use (TOU) — When the app performs an operation on the resource. For example, inserting the data into a SQL statement or inserting text into a web page. Weaknesses occur when the app assumes the state of the resource has not changed since the last check; vulnerabilities occur when the state change relates to a security control7. CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition Description Summary The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. Extended Description This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs8. 6 https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use 7 https://deadliestwebattacks.com/tag/toctou/ 8 https://cwe.mitre.org/data/definitions/367.html
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege9. 6. Network File System (NFS) and Common Internet File System (CIFS) What is the difference between NFS and CIFS? Can you explain when you should use CIFS vs. NFS? NFS is the "Network File System" for Unix and Linux operating systems. It allows files to be shared transparently between servers, desktops, laptops etc. It is a client/server application that allows a user to view, store and update files on a remote computer as though they were on their own computer. Using NFS, the user or a system administrator can mount all or a portion of a file system. CIFS is the "Common Internet File System" used by Windows operating systems for file sharing. CIFS uses the client/server programming model. A client program makes a request of a server program (usually in another computer) for access to a file or to pass a message to a program that runs in the server computer. The server takes the requested action and returns a response. CIFS is a public or open variation of the Server Message Block Protocol (SMB) developed and used by Microsoft, and it uses the TCP/IP protocol. NFS and CIFS are the primary file systems used in NAS. Comparing CIFS vs. NFS, CIFS tends to be a bit more "chatty" in its communications. This may require file protocol optimization over a wide area network. http://searchstorage.techtarget.com/answer/NFS-vs-CIFS 7. Storage Area Network (SAN) protocols Internet Small Computer System Interface (iSCSI). iSCSI (I.P.-based protocol) works on top of the Transport Control Protocol (TCP) and allows the SCSI command to be sent end-to-end over local-area networks (LANs), wide-area networks (WANs) or the Internet. IBM developed iSCSI as a proof of concept in 1998, and presented the first draft of the iSCSI standard to the Internet Engineering Task Force (IETF) in 2000. The protocol was ratified in 2003. The major server vendors offer iSCSI as a connectivity option, to provide virtual machines with block-level access to storage volumes, without the need to deploy high- performance Fibre Channel hardware. iSCSI has been proven capable of supporting 9 https://capec.mitre.org/data/definitions/29.html
enterprise-class applications assuming that the specific solution can reach the desired level of performance and scalability and that management is simple enough not to negatively affect the total cost of ownership (TCO)10. Fibre Channel over Ethernet (FCoE). FCoe is a standards-based protocol that natively maps Fibre Channel to Ethernet for transport in a lossless Ethernet LAN. FCoE allows the consolidation of LAN and Fibre Channel SAN traffic over a single switching infrastructure in the data center. http://imexresearch.com/new sletters/images/Feb09/fcoe_vs.jpg 10 http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/white_paper_c11- 495142.html
https://image.slidesharecdn.com/emcworldfcoeiscsi2009share-090522131252-phpapp01/95/fibre-channel-over-ethernet-fcoe- iscsi-and-the-converged-data-center-14-728.jpg?cb=1242998073 iSCSI, NFS, FC, and FCoE Basics iSCSI means you map your storage over TCP/IP. You typically put in dedicated Ethernet network cards and a separate network switch. Each server and each storage device has its own IP address(es), and you connect by specifying an IP address where your drive lives. In Windows, each drive shows up in Computer Manager as a hard drive, and you format it. This is called block storage. NFS means you access a file share like MyFileServerNameMyShareName, and you put files on it. In Windows, this is a mapped network drive. You access folders and files there, but you don’t see the network mapped drive in Computer Manager as a local drive letter. You don’t get exclusive access to NFS drives. You don’t need a separate network cable for NFS – you just access your file shares over whatever network you want. Fibre Channel is a lot like iSCSI, except it uses fiberoptic cables instead of Ethernet cables. It’s a separate dedicated network just for storage, so you don’t have to worry as much about performance contention – although you do still have to worry. Fibre Channel Over Ethernet (FCoE) runs the FC protocol over Ethernet cables, specifically 10Gb Ethernet. This gained niche popularity because you can use just one network (10Gb Ethernet) for both regular network traffic and storage network traffic rather than having one set of switches for fiber and one set for Ethernet. https://www.brentozar.com/archive/2012/05/storage-protocol-basics-iscsi-nfs-fibre-channel-fcoe/
8. NAS vs. SANS Network-attached storage (NAS) is a file-level computer data storage server connected to a computer network providing data access to a heterogeneous group of clients. NAS is specialized for serving files either by its hardware, software, or configuration. It is often manufactured as a computer appliance – a purpose-built specialized computer. NAS systems are networked appliances which contain one or more storage drives, often arranged into logical, redundant storage containers or RAID. Network-attached storage removes the responsibility of file serving from other servers on the network. They typically provide access to files using network file sharing protocols such as NFS, SMB/CIFS, or AFP. From the mid-1990s, NAS devices began gaining popularity as a convenient method of sharing files among multiple computers. Potential benefits of dedicated network-attached storage, compared to general-purpose servers also serving files, include faster data access, easier administration, and simple configuration.11 NAS allows files to be retrieved across a computer network. It includes a dedicated hardware device (often called the head) that connects to a local area network (usually via Ethernet). This NAS “server” authenticates clients and manages file operations in much the same manner as traditional file servers, through well-established network protocols like NFS (Network File Service) and CIFS/SMB (Common Internet File System/System Message Block).12 11 https://en.wikipedia.org/wiki/Network-attached_storage 12 http://www.hosting.com/cloud-storage-the-difference-between-nas-vs-san/
http://cdn2.hubspot.net/hub/62530/file-14948438-png/images/difference-betw een-nas-and-san.png As Internet technologies like TCP/IP and Ethernet have proliferated worldwide, some SAN products are making the transition from Fibre Channel to the same IP-based approach NAS uses. Also, with the rapid improvements in disk storage technology, today's NAS devices now offer capacities and performance that once were only possible with SAN. These two industry factors have led to a partial convergence of NAS and SAN approaches to network storage.13 Note about FCoE: Data is transmitted over this channel in an unencrypted fashion (as is true for NAS). Therefore, this channel can be susceptible to hackers. FCoE is NOT routable, it is operated over Ethernet. The outset of 10 G/b/p/s over Ethernet made FCoE possible. FCoE uses FCP, the Fibre Channel Protocol encapsulated in an Ethernet header. FCoE abandons IP protocol and IP addresses (e.g. 192.168.1.xx), instead employing a new 802.3 Ethertype. The approach eliminates TCP altogether, replacing it with a hardware flow control scheme which guarantees packet delivery and can match performance metrics found on native Fiber channel networks. NICs are called Converged Network Adapters (CAN). 13 https://www.lifewire.com/san-vs-nas-818005
9. Dynamic Disk Pools vs. RAID Dynamic Disk Pooling (DDP) dynamically distributes data, spare capacity, and protection information across a pool of disk drives. DDP improves the time and performance of traditional RAID arrays. Because RAID cannot keep up with increasing disk capacities, DDP was created to be more versatile by providing better rebuild times. In an RAID array when a drive fails, the remaining drives are read, parity recomputed, and the result is written to the spare drive. This is done from the initial logical block of the array to the last block in the array. This operation is time consuming because all data needs to be recomputed from the beginning of the array to the end of the array, and degrades performance, because although there are parallel reads, there is one single write to the spare drive. Thus, this single write becomes a bottleneck in the system. In DDP, a disk pool is a set of drives that are logically grouped together in the storage subsystem, where data is distributed across all drives in the pool. The drives in each disk pool must be of the same drive type and drive media type, and they must be similar in size. Unlike RAID, there is no specific spare drive, rather, all drives have spare space that is reserved. When a drive fails, the remaining drives are read, the missing data is recomputed, and the result is written to multiple drives in their spare space. This operation is done on the pieces of data that are missing. The result is parallel reads and parallel writes, which significantly speeds up the rebuild time after a single drive failure. Both RAID and DDP are techniques for striping data and parity information across a set of disks to provide fault tolerance, but how they operate to attain this goal is different. https://www.ibm.com/support/knowledgecenter/en/STFS69_4.0.0/ts7760_ddp.html 10.Microsoft Group Policies Group Policy, in part, controls what users can and cannot do on a computer system: for example, to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. A set of such configurations is called a Group Policy Object (GPO). As part of Microsoft's IntelliMirror technologies, Group Policy aims to reduce the cost of supporting users. IntelliMirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folder redirection, and offline files.14 Group Policy Objects are processed in the following order (from top to bottom) 1. Local - Any settings in the computer's local policy. Prior to Windows Vista, there was only one local group policy stored per computer. Windows Vista and later Windows versions allow individual group policies per user accounts.[5] 14 https://en.wikipedia.org/wiki/Group_Policy
2. Site - Any Group Policies associated with the Active Directory site in which the computer resides. (An Active Directory site is a logical grouping of computers, intended to facilitate management of those computers based on their physical proximity.) If multiple policies are linked to a site, they are processed in the order set by the administrator. 3. Domain - Any Group Policies associated with the Windows domain in which the computer resides. If multiple policies are linked to a domain, they are processed in the order set by the administrator. 4. Organizational Unit - Group policies assigned to the Active Directory organizational unit (OU) in which the computer or user are placed. (OUs are logical units that help organizing and managing a group of users, computers or other Active Directory objects.) If multiple policies are linked to an OU, they are processed in the order set by the administrator. http://i1-new s.softpedia-static.com/images/new s2/Microsoft-Patches-Critical-Remote-Code-Execution-Glitch-in-Group-Policy- 472770-2.jpg WMI filters You can use WMI filters to add a decision on when to apply a given group policy. This can be very useful when users or computers are located in a relatively flat structure instead of specific OU’s, for example. Filters can also help when you need to apply certain policies based on server roles, operating system version, network configuration, or other criteria. Windows evaluates these filters in the following order of overall Group Policy Processing:
1. Policies in hierarchy are located. 2. WMI Filters are checked. 3. Security settings are checked. 4. Finally, once everything has ‘passed’, a policy is applied. So we find all the policies that exist in the user/computer’s Local, Site, Domain, and OU hierarchy. Then we determine if the WMI filter evaluates as TRUE. Then we verify that the user/computer has Read and Apply Group permissions for the GPO. This means that WMI filters are still less efficient than hierarchical linking, but can definitely use filters to make decisions in a non-hierarchical Active Directory design15. 11. Secure Boot Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system. The following versions of Windows support Secure Boot: Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 8, Windows Server 2012, and Windows RT16. BIOS Basic Input/Output System (BIOS) and also known as the System BIOS, ROM BIOS or PC BIOS) is a type of firmware used to perform hardware initialization during the booting process (power-on startup) on IBM PC compatible computers, and to provide runtime services for operating systems and programs.[ BIOS works by reading the first sector of the hard drive which has the next device’s address to initialize or code to execute. BIOS also selects the boot device that needs to be initialized for starting the operating system. Since BIOS has been in use since the very beginning, it still works in 16-bit mode, limiting the amount of code that can be read and executed from the firmware ROM17. 15 https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/ 16 https://technet.microsoft.com/en-us/library/hh824987.aspx 17 https://www.maketecheasier.com/differences-between-uefi-and-bios/
UEFI Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer's firmware to its operating system (OS). UEFI is expected to eventually replace BIOS. Like BIOS, UEFI is installed at the time of manufacturing and is the first program that runs when a computer is turned on. It checks to see what hardware components the computing device has, wakes the components up and hands them over to the operating system. The new specification addresses several limitations of BIOS, including restrictions on hard disk partition size and the amount of time BIOS takes to perform its tasks. Because UEFI is programmable, original equipment manufacturer (OEM) developers can add applications and drivers, allowing UEFI to function as a lightweight operating system18. 18 http://whatis.techtarget.com/definition/Unified-Extensible-Firmware-Interface-UEFI

Recommended

VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsDavidlohr Bueso
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
101 1.1 hardware settings v2
101 1.1 hardware settings v2101 1.1 hardware settings v2
101 1.1 hardware settings v2Acácio Oliveira
 
windows.pptx
windows.pptxwindows.pptx
windows.pptxAdityaKumar1548
 

Recommended

VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsDavidlohr Bueso
 
SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5SanDisk SecureAccess Encryption 1.5
SanDisk SecureAccess Encryption 1.5Brent Muir
 
Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Ducky USB - Indicators of Compromise (IOCs)
Ducky USB - Indicators of Compromise (IOCs)Brent Muir
 
101 1.1 hardware settings v2
101 1.1 hardware settings v2101 1.1 hardware settings v2
101 1.1 hardware settings v2Acácio Oliveira
 
windows.pptx
windows.pptxwindows.pptx
windows.pptxAdityaKumar1548
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
Looking into trusted and encrypted keys
Looking into trusted and encrypted keysLooking into trusted and encrypted keys
Looking into trusted and encrypted keysSUSE Labs Taipei
 
1.1 hardware settings v2
1.1 hardware settings v21.1 hardware settings v2
1.1 hardware settings v2Acácio Oliveira
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Upgrade Ubuntu 18.04 Security with Secureboot
Upgrade Ubuntu 18.04 Security with SecurebootUpgrade Ubuntu 18.04 Security with Secureboot
Upgrade Ubuntu 18.04 Security with SecurebootJonathan MICHEL-VILLAZ
 
Ch21 windows 10
Ch21 windows 10Ch21 windows 10
Ch21 windows 10jmantilla
 
Users guide-to-winfe
Users guide-to-winfeUsers guide-to-winfe
Users guide-to-winfeGol D Roger
 
Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2laurentgras
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Top 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance SecurityTop 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security9 series
 
Ch20 the linux systems
Ch20 the linux systemsCh20 the linux systems
Ch20 the linux systemsjmantilla
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
1 introduction to linux os
1 introduction to linux os1 introduction to linux os
1 introduction to linux osSukkur IBA
 
Red hat enterprise_linux-5.5-release_notes-en-us
Red hat enterprise_linux-5.5-release_notes-en-usRed hat enterprise_linux-5.5-release_notes-en-us
Red hat enterprise_linux-5.5-release_notes-en-usDuong Hieu
 
Linux
LinuxLinux
Linuxjc1258
 
Microsoft Windows Nt
Microsoft Windows NtMicrosoft Windows Nt
Microsoft Windows Ntisma ishak
 
101 4.5 manage file permissions and ownership
101 4.5 manage file permissions and ownership101 4.5 manage file permissions and ownership
101 4.5 manage file permissions and ownershipAcácio Oliveira
 
Guide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGuide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGene Carboni
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
 
Data Science - Poster - Kirk Borne - RDAP12
Data Science - Poster - Kirk Borne - RDAP12Data Science - Poster - Kirk Borne - RDAP12
Data Science - Poster - Kirk Borne - RDAP12ASIS&T
 
What is Deep Learning?
What is Deep Learning?What is Deep Learning?
What is Deep Learning?NVIDIA
 

More Related Content

What's hot

WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
Looking into trusted and encrypted keys
Looking into trusted and encrypted keysLooking into trusted and encrypted keys
Looking into trusted and encrypted keysSUSE Labs Taipei
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Upgrade Ubuntu 18.04 Security with Secureboot
Upgrade Ubuntu 18.04 Security with SecurebootUpgrade Ubuntu 18.04 Security with Secureboot
Upgrade Ubuntu 18.04 Security with SecurebootJonathan MICHEL-VILLAZ
 
Ch21 windows 10
Ch21 windows 10Ch21 windows 10
Ch21 windows 10jmantilla
 
Users guide-to-winfe
Users guide-to-winfeUsers guide-to-winfe
Users guide-to-winfeGol D Roger
 
Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2laurentgras
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Top 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance SecurityTop 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security9 series
 
Ch20 the linux systems
Ch20 the linux systemsCh20 the linux systems
Ch20 the linux systemsjmantilla
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
1 introduction to linux os
1 introduction to linux os1 introduction to linux os
1 introduction to linux osSukkur IBA
 
Red hat enterprise_linux-5.5-release_notes-en-us
Red hat enterprise_linux-5.5-release_notes-en-usRed hat enterprise_linux-5.5-release_notes-en-us
Red hat enterprise_linux-5.5-release_notes-en-usDuong Hieu
 
Microsoft Windows Nt
Microsoft Windows NtMicrosoft Windows Nt
Microsoft Windows Ntisma ishak
 
101 4.5 manage file permissions and ownership
101 4.5 manage file permissions and ownership101 4.5 manage file permissions and ownership
101 4.5 manage file permissions and ownershipAcácio Oliveira
 
Guide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGuide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGene Carboni
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
 

What's hot (20)

WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
Looking into trusted and encrypted keys
Looking into trusted and encrypted keysLooking into trusted and encrypted keys
Looking into trusted and encrypted keys
 
1.1 hardware settings v2
1.1 hardware settings v21.1 hardware settings v2
1.1 hardware settings v2
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Upgrade Ubuntu 18.04 Security with Secureboot
Upgrade Ubuntu 18.04 Security with SecurebootUpgrade Ubuntu 18.04 Security with Secureboot
Upgrade Ubuntu 18.04 Security with Secureboot
 
Ch21 windows 10
Ch21 windows 10Ch21 windows 10
Ch21 windows 10
 
Users guide-to-winfe
Users guide-to-winfeUsers guide-to-winfe
Users guide-to-winfe
 
Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2Power vault md32xxi deployment guide for v mware esx4.1 r2
Power vault md32xxi deployment guide for v mware esx4.1 r2
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0
 
Top 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance SecurityTop 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security
 
Ch20 the linux systems
Ch20 the linux systemsCh20 the linux systems
Ch20 the linux systems
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
1 introduction to linux os
1 introduction to linux os1 introduction to linux os
1 introduction to linux os
 
Red hat enterprise_linux-5.5-release_notes-en-us
Red hat enterprise_linux-5.5-release_notes-en-usRed hat enterprise_linux-5.5-release_notes-en-us
Red hat enterprise_linux-5.5-release_notes-en-us
 
Linux
LinuxLinux
Linux
 
Microsoft Windows Nt
Microsoft Windows NtMicrosoft Windows Nt
Microsoft Windows Nt
 
101 4.5 manage file permissions and ownership
101 4.5 manage file permissions and ownership101 4.5 manage file permissions and ownership
101 4.5 manage file permissions and ownership
 
Guide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGuide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing Disks
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 

Viewers also liked

Data Science - Poster - Kirk Borne - RDAP12
Data Science - Poster - Kirk Borne - RDAP12Data Science - Poster - Kirk Borne - RDAP12
Data Science - Poster - Kirk Borne - RDAP12ASIS&T
 
What is Deep Learning?
What is Deep Learning?What is Deep Learning?
What is Deep Learning?NVIDIA
 
Security Everywhere in the Digital Economy
Security Everywhere in the Digital EconomySecurity Everywhere in the Digital Economy
Security Everywhere in the Digital EconomyConnected Futures
 
10分で分かるリアクティブシステム
10分で分かるリアクティブシステム10分で分かるリアクティブシステム
10分で分かるリアクティブシステムTIS Inc.
 
Fonder et Financer son Entreprise
Fonder et Financer son EntrepriseFonder et Financer son Entreprise
Fonder et Financer son EntrepriseMarc Deschenaux
 
7.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M168
7.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M1687.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M168
7.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M168Igor Golovin
 
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning ResearchJeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning ResearchAI Frontiers
 
CSCA 2017 - Water Nonprofit Case Studies
CSCA 2017 - Water Nonprofit Case StudiesCSCA 2017 - Water Nonprofit Case Studies
CSCA 2017 - Water Nonprofit Case StudiesRahul Mitra
 
Strux engels lezen week 26
Strux engels lezen week 26Strux engels lezen week 26
Strux engels lezen week 26Jos Begeman
 
VIPER アーキテクチャによる iOS アプリの設計
VIPER アーキテクチャによる iOS アプリの設計VIPER アーキテクチャによる iOS アプリの設計
VIPER アーキテクチャによる iOS アプリの設計Yuichi Adachi
 
Några myter om dubbade och odubbade vinterdäck
Några myter om dubbade och odubbade vinterdäckNågra myter om dubbade och odubbade vinterdäck
Några myter om dubbade och odubbade vinterdäckJohan Granlund
 
Uma análise da obra amor de perdição de
Uma análise da obra amor de perdição deUma análise da obra amor de perdição de
Uma análise da obra amor de perdição deFernanda Pantoja
 
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platformsCSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platformsCanSecWest
 
Cancer Care in a Post Truth World
Cancer Care in a Post Truth World Cancer Care in a Post Truth World
Cancer Care in a Post Truth World Matthew Katz
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineExamcollection
 
Information Security
Information SecurityInformation Security
Information SecurityHuy Pham
 
Python Programming: Class and Object Oriented Programming
Python Programming: Class and Object Oriented ProgrammingPython Programming: Class and Object Oriented Programming
Python Programming: Class and Object Oriented ProgrammingChan Shik Lim
 
Cybercrime in Russia: Trends and Issues
Cybercrime in Russia: Trends and IssuesCybercrime in Russia: Trends and Issues
Cybercrime in Russia: Trends and IssuesAlex Matrosov
 

Viewers also liked (20)

Data Science - Poster - Kirk Borne - RDAP12
Data Science - Poster - Kirk Borne - RDAP12Data Science - Poster - Kirk Borne - RDAP12
Data Science - Poster - Kirk Borne - RDAP12
 
What is Deep Learning?
What is Deep Learning?What is Deep Learning?
What is Deep Learning?
 
Security Everywhere in the Digital Economy
Security Everywhere in the Digital EconomySecurity Everywhere in the Digital Economy
Security Everywhere in the Digital Economy
 
10分で分かるリアクティブシステム
10分で分かるリアクティブシステム10分で分かるリアクティブシステム
10分で分かるリアクティブシステム
 
Fonder et Financer son Entreprise
Fonder et Financer son EntrepriseFonder et Financer son Entreprise
Fonder et Financer son Entreprise
 
7.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M168
7.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M1687.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M168
7.14.2 Решения по управлению агрегатами HVAC и холодильными машинами HVAC M168
 
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning ResearchJeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
 
CSCA 2017 - Water Nonprofit Case Studies
CSCA 2017 - Water Nonprofit Case StudiesCSCA 2017 - Water Nonprofit Case Studies
CSCA 2017 - Water Nonprofit Case Studies
 
Strux engels lezen week 26
Strux engels lezen week 26Strux engels lezen week 26
Strux engels lezen week 26
 
VIPER アーキテクチャによる iOS アプリの設計
VIPER アーキテクチャによる iOS アプリの設計VIPER アーキテクチャによる iOS アプリの設計
VIPER アーキテクチャによる iOS アプリの設計
 
LAK17 Reflective Writing Analytics
LAK17 Reflective Writing AnalyticsLAK17 Reflective Writing Analytics
LAK17 Reflective Writing Analytics
 
Några myter om dubbade och odubbade vinterdäck
Några myter om dubbade och odubbade vinterdäckNågra myter om dubbade och odubbade vinterdäck
Några myter om dubbade och odubbade vinterdäck
 
Uma análise da obra amor de perdição de
Uma análise da obra amor de perdição deUma análise da obra amor de perdição de
Uma análise da obra amor de perdição de
 
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platformsCSW2017 Mickey+maggie low cost radio attacks on modern platforms
CSW2017 Mickey+maggie low cost radio attacks on modern platforms
 
Cancer Care in a Post Truth World
Cancer Care in a Post Truth World Cancer Care in a Post Truth World
Cancer Care in a Post Truth World
 
Digital in 2016
Digital in 2016Digital in 2016
Digital in 2016
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
 
Information Security
Information SecurityInformation Security
Information Security
 
Python Programming: Class and Object Oriented Programming
Python Programming: Class and Object Oriented ProgrammingPython Programming: Class and Object Oriented Programming
Python Programming: Class and Object Oriented Programming
 
Cybercrime in Russia: Trends and Issues
Cybercrime in Russia: Trends and IssuesCybercrime in Russia: Trends and Issues
Cybercrime in Russia: Trends and Issues
 

Similar to Study notes for CompTIA Certified Advanced Security Practitioner (ver2)

Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnetrosu555
 
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]Krisman Tarigan
 
final-unit-ii-cc-cloud computing-2022.pdf
final-unit-ii-cc-cloud computing-2022.pdffinal-unit-ii-cc-cloud computing-2022.pdf
final-unit-ii-cc-cloud computing-2022.pdfSamiksha880257
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Ap 06 4_10_simek
Ap 06 4_10_simekAp 06 4_10_simek
Ap 06 4_10_simekNguyen Vinh
 
IRJET- Distributed Decentralized Data Storage using IPFS
IRJET- Distributed Decentralized Data Storage using IPFSIRJET- Distributed Decentralized Data Storage using IPFS
IRJET- Distributed Decentralized Data Storage using IPFSIRJET Journal
 
Desktop interview qestions & answer
Desktop interview qestions & answerDesktop interview qestions & answer
Desktop interview qestions & answermandarshetye45
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systemsSZ Lin
 
Lavigne bsdmag-jan2012
Lavigne bsdmag-jan2012Lavigne bsdmag-jan2012
Lavigne bsdmag-jan2012Dru Lavigne
 
A cloud environment for backup and data storage
A cloud environment for backup and data storageA cloud environment for backup and data storage
A cloud environment for backup and data storageIGEEKS TECHNOLOGIES
 
A cloud enviroment for backup and data storage
A cloud enviroment for backup and data storageA cloud enviroment for backup and data storage
A cloud enviroment for backup and data storageIGEEKS TECHNOLOGIES
 

Similar to Study notes for CompTIA Certified Advanced Security Practitioner (ver2) (20)

Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
 
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
 
Rhel7 vs rhel6
Rhel7 vs rhel6Rhel7 vs rhel6
Rhel7 vs rhel6
 
final-unit-ii-cc-cloud computing-2022.pdf
final-unit-ii-cc-cloud computing-2022.pdffinal-unit-ii-cc-cloud computing-2022.pdf
final-unit-ii-cc-cloud computing-2022.pdf
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
Ap 06 4_10_simek
Ap 06 4_10_simekAp 06 4_10_simek
Ap 06 4_10_simek
 
Win 7 Tuto.ppt
Win 7 Tuto.pptWin 7 Tuto.ppt
Win 7 Tuto.ppt
 
IRJET- Distributed Decentralized Data Storage using IPFS
IRJET- Distributed Decentralized Data Storage using IPFSIRJET- Distributed Decentralized Data Storage using IPFS
IRJET- Distributed Decentralized Data Storage using IPFS
 
Desktop interview qestions & answer
Desktop interview qestions & answerDesktop interview qestions & answer
Desktop interview qestions & answer
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
 
Chapter 5.0
Chapter 5.0Chapter 5.0
Chapter 5.0
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systems
 
Lavigne bsdmag-jan2012
Lavigne bsdmag-jan2012Lavigne bsdmag-jan2012
Lavigne bsdmag-jan2012
 
A cloud environment for backup and data storage
A cloud environment for backup and data storageA cloud environment for backup and data storage
A cloud environment for backup and data storage
 
A cloud enviroment for backup and data storage
A cloud enviroment for backup and data storageA cloud enviroment for backup and data storage
A cloud enviroment for backup and data storage
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIDavid Sweigert
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184David Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level II
 
NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184NIST Cybersecurity Event Recovery Guide 800-184
NIST Cybersecurity Event Recovery Guide 800-184
 

Recently uploaded

Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 

Recently uploaded (9)

Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 

Study notes for CompTIA Certified Advanced Security Practitioner (ver2)

  • 1. Notes for the CompTIA CASP exam Posted as a courtesy by: Dave Sweigert, CEH, CISSP, CISA, HCISPP, PCIP, PMP, SEC+ March 20, 2017 (Version Tw0) 1. vTPM Virtual Trusted Platform Module (vTPM). A vTPM is a software module that performs the function of a Trusted Platform Module (TPM). The TPM is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The vTPM makes secure storage and cryptographic functions available to operating systems and applications running in virtual machines. NOTE: BitLocker disk encryption normally requires a TPM on Windows. Microsoft’s EFS encryption can never use a TPM. The new “device encryption” feature on Windows 10 and 8.1 also requires a modern TPM, which is why it’s only enabled on new hardware. 2. SELinux Mandatory Access Control (MAC) MAC evolved out of the multi-level security (MLS) program at NSA and DoD. An NSA research project called SELinux added a Mandatory Access Control architecture to the Linux Kernel, which was merged into the mainline version of Linux in August 20031. NOTE: Red Hat Enterprise Linux version 4 (and later versions) come with an SELinux- enabled kernel. 3. Storage Area Network (SAN) A storage area network (SAN) is a network which provides access to consolidated, block level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear to the operating system as locally attached devices. A SAN typically has its own network of storage devices that are generally not accessible through the local area network (LAN) by other devices2. 1 https://en.wikipedia.org/wiki/Mandatory_access_control 2 https://en.wikipedia.org/wiki/Storage_area_network
  • 2. 4. Multiple O/S encryption on a single SDD A solid-state drive (SSD) is a nonvolatile storage device that stores persistent data on solid-state flash memory. Solid-state drives actually aren't hard drives in the traditional sense of the term, as there are no moving parts involved. A traditional hard disk drive (HDD) consists of a spinning disk with a read/write head on a mechanical arm called an actuator. An SSD, on the other hand, has an array of semiconductor memory organized as a disk drive, using integrated circuits (ICs) rather than magnetic or optical storage media. An SSD may also be referred to as a solid-state disk3. Windows 7: The first issue here is that the only versions of Windows 7 that support Bitlocker are Enterprise and Ultimate. If you have Windows 7 Pro, you're out of luck. You may also find issues on trying to boot the Windows 7 installer on a PC with UEFI, in which case you may have to drop back to legacy mode to work round this. Unlike Windows 8, if the PC doesn't have a Trusted Platform Module, the only way to unlock the Bitlocker drive on boot is to use a USB key. Without a TPM, you cannot use a password for Bitlocker in Windows 74. If the PC is using Windows 7 Ultimate or Enterprise, or Windows 8 Pro or Enterprise, you can use BitLocker, which comes with these versions of Windows. But you have to know what you're doing. BitLocker works best in an environment where a professional IT department serves users who may not know what the word encrypt means. You can set it up so that the user doesn't even know that the drive is encrypted. When they log into Windows with their password, they get access to the encrypted files. If they log into another account, or boot with another OS, the files are unreadable. What's more, if you need to reinstall Windows, or restore the files from a backup, you'll need a special digital key that's created when you encrypt the drive. That key has to be stored elsewhere and someone has to know where to find it5. 3 http://searchsolidstatestorage.techtarget.com/definition/SSD-solid-state-drive 4 http://www.stevenmaude.co.uk/posts/a-beginners-guide-to-os-encryption-dual 5 http://www.pcworld.com/article/2858642/you-can-encrypt-your-hard-drive-but-the-protection-may-not-be- worth-the-hassle.html
  • 3. 5. TOCTOU attacks In software development, time of check to time of use (TOCTTOU or TOCTOU, pronounced "TOCK too") is a class of software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. This is one example of a race condition.6 Time of check (TOC) — When the resource is inspected. For example, all data from the browser is considered “tainted” because a malicious user may have manipulated it. If the data passes a validation function, then the taint may be removed and the data permitted entry deeper into the app. For example, the app checks whether an email address is well-formed or text contains <script> tags. Time of use (TOU) — When the app performs an operation on the resource. For example, inserting the data into a SQL statement or inserting text into a web page. Weaknesses occur when the app assumes the state of the resource has not changed since the last check; vulnerabilities occur when the state change relates to a security control7. CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition Description Summary The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. Extended Description This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs8. 6 https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use 7 https://deadliestwebattacks.com/tag/toctou/ 8 https://cwe.mitre.org/data/definitions/367.html
  • 4. CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege9. 6. Network File System (NFS) and Common Internet File System (CIFS) What is the difference between NFS and CIFS? Can you explain when you should use CIFS vs. NFS? NFS is the "Network File System" for Unix and Linux operating systems. It allows files to be shared transparently between servers, desktops, laptops etc. It is a client/server application that allows a user to view, store and update files on a remote computer as though they were on their own computer. Using NFS, the user or a system administrator can mount all or a portion of a file system. CIFS is the "Common Internet File System" used by Windows operating systems for file sharing. CIFS uses the client/server programming model. A client program makes a request of a server program (usually in another computer) for access to a file or to pass a message to a program that runs in the server computer. The server takes the requested action and returns a response. CIFS is a public or open variation of the Server Message Block Protocol (SMB) developed and used by Microsoft, and it uses the TCP/IP protocol. NFS and CIFS are the primary file systems used in NAS. Comparing CIFS vs. NFS, CIFS tends to be a bit more "chatty" in its communications. This may require file protocol optimization over a wide area network. http://searchstorage.techtarget.com/answer/NFS-vs-CIFS 7. Storage Area Network (SAN) protocols Internet Small Computer System Interface (iSCSI). iSCSI (I.P.-based protocol) works on top of the Transport Control Protocol (TCP) and allows the SCSI command to be sent end-to-end over local-area networks (LANs), wide-area networks (WANs) or the Internet. IBM developed iSCSI as a proof of concept in 1998, and presented the first draft of the iSCSI standard to the Internet Engineering Task Force (IETF) in 2000. The protocol was ratified in 2003. The major server vendors offer iSCSI as a connectivity option, to provide virtual machines with block-level access to storage volumes, without the need to deploy high- performance Fibre Channel hardware. iSCSI has been proven capable of supporting 9 https://capec.mitre.org/data/definitions/29.html
  • 5. enterprise-class applications assuming that the specific solution can reach the desired level of performance and scalability and that management is simple enough not to negatively affect the total cost of ownership (TCO)10. Fibre Channel over Ethernet (FCoE). FCoe is a standards-based protocol that natively maps Fibre Channel to Ethernet for transport in a lossless Ethernet LAN. FCoE allows the consolidation of LAN and Fibre Channel SAN traffic over a single switching infrastructure in the data center. http://imexresearch.com/new sletters/images/Feb09/fcoe_vs.jpg 10 http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/white_paper_c11- 495142.html
  • 6. https://image.slidesharecdn.com/emcworldfcoeiscsi2009share-090522131252-phpapp01/95/fibre-channel-over-ethernet-fcoe- iscsi-and-the-converged-data-center-14-728.jpg?cb=1242998073 iSCSI, NFS, FC, and FCoE Basics iSCSI means you map your storage over TCP/IP. You typically put in dedicated Ethernet network cards and a separate network switch. Each server and each storage device has its own IP address(es), and you connect by specifying an IP address where your drive lives. In Windows, each drive shows up in Computer Manager as a hard drive, and you format it. This is called block storage. NFS means you access a file share like MyFileServerNameMyShareName, and you put files on it. In Windows, this is a mapped network drive. You access folders and files there, but you don’t see the network mapped drive in Computer Manager as a local drive letter. You don’t get exclusive access to NFS drives. You don’t need a separate network cable for NFS – you just access your file shares over whatever network you want. Fibre Channel is a lot like iSCSI, except it uses fiberoptic cables instead of Ethernet cables. It’s a separate dedicated network just for storage, so you don’t have to worry as much about performance contention – although you do still have to worry. Fibre Channel Over Ethernet (FCoE) runs the FC protocol over Ethernet cables, specifically 10Gb Ethernet. This gained niche popularity because you can use just one network (10Gb Ethernet) for both regular network traffic and storage network traffic rather than having one set of switches for fiber and one set for Ethernet. https://www.brentozar.com/archive/2012/05/storage-protocol-basics-iscsi-nfs-fibre-channel-fcoe/
  • 7. 8. NAS vs. SANS Network-attached storage (NAS) is a file-level computer data storage server connected to a computer network providing data access to a heterogeneous group of clients. NAS is specialized for serving files either by its hardware, software, or configuration. It is often manufactured as a computer appliance – a purpose-built specialized computer. NAS systems are networked appliances which contain one or more storage drives, often arranged into logical, redundant storage containers or RAID. Network-attached storage removes the responsibility of file serving from other servers on the network. They typically provide access to files using network file sharing protocols such as NFS, SMB/CIFS, or AFP. From the mid-1990s, NAS devices began gaining popularity as a convenient method of sharing files among multiple computers. Potential benefits of dedicated network-attached storage, compared to general-purpose servers also serving files, include faster data access, easier administration, and simple configuration.11 NAS allows files to be retrieved across a computer network. It includes a dedicated hardware device (often called the head) that connects to a local area network (usually via Ethernet). This NAS “server” authenticates clients and manages file operations in much the same manner as traditional file servers, through well-established network protocols like NFS (Network File Service) and CIFS/SMB (Common Internet File System/System Message Block).12 11 https://en.wikipedia.org/wiki/Network-attached_storage 12 http://www.hosting.com/cloud-storage-the-difference-between-nas-vs-san/
  • 8. http://cdn2.hubspot.net/hub/62530/file-14948438-png/images/difference-betw een-nas-and-san.png As Internet technologies like TCP/IP and Ethernet have proliferated worldwide, some SAN products are making the transition from Fibre Channel to the same IP-based approach NAS uses. Also, with the rapid improvements in disk storage technology, today's NAS devices now offer capacities and performance that once were only possible with SAN. These two industry factors have led to a partial convergence of NAS and SAN approaches to network storage.13 Note about FCoE: Data is transmitted over this channel in an unencrypted fashion (as is true for NAS). Therefore, this channel can be susceptible to hackers. FCoE is NOT routable, it is operated over Ethernet. The outset of 10 G/b/p/s over Ethernet made FCoE possible. FCoE uses FCP, the Fibre Channel Protocol encapsulated in an Ethernet header. FCoE abandons IP protocol and IP addresses (e.g. 192.168.1.xx), instead employing a new 802.3 Ethertype. The approach eliminates TCP altogether, replacing it with a hardware flow control scheme which guarantees packet delivery and can match performance metrics found on native Fiber channel networks. NICs are called Converged Network Adapters (CAN). 13 https://www.lifewire.com/san-vs-nas-818005
  • 9. 9. Dynamic Disk Pools vs. RAID Dynamic Disk Pooling (DDP) dynamically distributes data, spare capacity, and protection information across a pool of disk drives. DDP improves the time and performance of traditional RAID arrays. Because RAID cannot keep up with increasing disk capacities, DDP was created to be more versatile by providing better rebuild times. In an RAID array when a drive fails, the remaining drives are read, parity recomputed, and the result is written to the spare drive. This is done from the initial logical block of the array to the last block in the array. This operation is time consuming because all data needs to be recomputed from the beginning of the array to the end of the array, and degrades performance, because although there are parallel reads, there is one single write to the spare drive. Thus, this single write becomes a bottleneck in the system. In DDP, a disk pool is a set of drives that are logically grouped together in the storage subsystem, where data is distributed across all drives in the pool. The drives in each disk pool must be of the same drive type and drive media type, and they must be similar in size. Unlike RAID, there is no specific spare drive, rather, all drives have spare space that is reserved. When a drive fails, the remaining drives are read, the missing data is recomputed, and the result is written to multiple drives in their spare space. This operation is done on the pieces of data that are missing. The result is parallel reads and parallel writes, which significantly speeds up the rebuild time after a single drive failure. Both RAID and DDP are techniques for striping data and parity information across a set of disks to provide fault tolerance, but how they operate to attain this goal is different. https://www.ibm.com/support/knowledgecenter/en/STFS69_4.0.0/ts7760_ddp.html 10.Microsoft Group Policies Group Policy, in part, controls what users can and cannot do on a computer system: for example, to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. A set of such configurations is called a Group Policy Object (GPO). As part of Microsoft's IntelliMirror technologies, Group Policy aims to reduce the cost of supporting users. IntelliMirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folder redirection, and offline files.14 Group Policy Objects are processed in the following order (from top to bottom) 1. Local - Any settings in the computer's local policy. Prior to Windows Vista, there was only one local group policy stored per computer. Windows Vista and later Windows versions allow individual group policies per user accounts.[5] 14 https://en.wikipedia.org/wiki/Group_Policy
  • 10. 2. Site - Any Group Policies associated with the Active Directory site in which the computer resides. (An Active Directory site is a logical grouping of computers, intended to facilitate management of those computers based on their physical proximity.) If multiple policies are linked to a site, they are processed in the order set by the administrator. 3. Domain - Any Group Policies associated with the Windows domain in which the computer resides. If multiple policies are linked to a domain, they are processed in the order set by the administrator. 4. Organizational Unit - Group policies assigned to the Active Directory organizational unit (OU) in which the computer or user are placed. (OUs are logical units that help organizing and managing a group of users, computers or other Active Directory objects.) If multiple policies are linked to an OU, they are processed in the order set by the administrator. http://i1-new s.softpedia-static.com/images/new s2/Microsoft-Patches-Critical-Remote-Code-Execution-Glitch-in-Group-Policy- 472770-2.jpg WMI filters You can use WMI filters to add a decision on when to apply a given group policy. This can be very useful when users or computers are located in a relatively flat structure instead of specific OU’s, for example. Filters can also help when you need to apply certain policies based on server roles, operating system version, network configuration, or other criteria. Windows evaluates these filters in the following order of overall Group Policy Processing:
  • 11. 1. Policies in hierarchy are located. 2. WMI Filters are checked. 3. Security settings are checked. 4. Finally, once everything has ‘passed’, a policy is applied. So we find all the policies that exist in the user/computer’s Local, Site, Domain, and OU hierarchy. Then we determine if the WMI filter evaluates as TRUE. Then we verify that the user/computer has Read and Apply Group permissions for the GPO. This means that WMI filters are still less efficient than hierarchical linking, but can definitely use filters to make decisions in a non-hierarchical Active Directory design15. 11. Secure Boot Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system. The following versions of Windows support Secure Boot: Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 8, Windows Server 2012, and Windows RT16. BIOS Basic Input/Output System (BIOS) and also known as the System BIOS, ROM BIOS or PC BIOS) is a type of firmware used to perform hardware initialization during the booting process (power-on startup) on IBM PC compatible computers, and to provide runtime services for operating systems and programs.[ BIOS works by reading the first sector of the hard drive which has the next device’s address to initialize or code to execute. BIOS also selects the boot device that needs to be initialized for starting the operating system. Since BIOS has been in use since the very beginning, it still works in 16-bit mode, limiting the amount of code that can be read and executed from the firmware ROM17. 15 https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/ 16 https://technet.microsoft.com/en-us/library/hh824987.aspx 17 https://www.maketecheasier.com/differences-between-uefi-and-bios/
  • 12. UEFI Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer's firmware to its operating system (OS). UEFI is expected to eventually replace BIOS. Like BIOS, UEFI is installed at the time of manufacturing and is the first program that runs when a computer is turned on. It checks to see what hardware components the computing device has, wakes the components up and hands them over to the operating system. The new specification addresses several limitations of BIOS, including restrictions on hard disk partition size and the amount of time BIOS takes to perform its tasks. Because UEFI is programmable, original equipment manufacturer (OEM) developers can add applications and drivers, allowing UEFI to function as a lightweight operating system18. 18 http://whatis.techtarget.com/definition/Unified-Extensible-Firmware-Interface-UEFI