This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher. All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or gtslearning. 5.4 Security Software CompTIA Server+ Certification (Exam SK0-004)
Objectives Understand the role of security software such as anti-malware, IDS, and NAC Diagnose and troubleshoot security issues 5.4 Security Software 416
Privilege escalation Malware symptoms o Computer fails to boot / locks up o File system corrupted or deleted o Date stamps and file sizes of infected files change o Permissions attributes of files change, resulting in "Access Denied" errors o New executable files (EXEs and DLLS) appear o Strange messages or graphics appear on the screen o Security applications or services stop working o Applications or Windows tools stop working or crash frequently o Performance at startup or generally is very slow - excessive use of CPU and memory resources by suspicious processes o Network performance is slow or Internet connections are disrupted Malware 5.4 Security Software 416
Anti-virus / Anti-malware Software Virus identification Removal / quarantine Policies 5.4 Security Software 417
File system integrity o sfc o ReFS o SecureCheq o AIDE Downloaded files o Checksums File Integrity Issues 5.4 Security Software 418
Preventive Measures Configure and update security software Audit permissions 5.4 Security Software 419
Intrusion Detection Systems Real-time analysis of network traffic Network IDS (NIDS) o Sensor inside firewall o Spanned port on switch o Passive detection o Limited prevention 5.4 Security Software 420
Unified Threat Management o Intrusion detection / prevention o Malware scanning o Firewall o Traffic filtering Intrusion Detection and Prevention Systems (IDP / IPS) o Throttle bandwidth o Reconfigure firewall o Rewrite packets Unified Threat Management 5.4 Security Software 421
Host Intrusion Detection 5.4 Security Software 422
Signature-based o Must be updated with latest definitions o Many attacks do not conform to specific signatures Behavior-based (statistical / profile) o Train sensor to recognize baseline “normal” behavior o Heuristics (learning from experience) o Statistical model of behavior o Tuning period o High error rates Anomaly-based o Identify traffic that is non-compliant with RFCs Analysis Engine 5.4 Security Software 423
Defense-in-depth Device control Physical port security MAC address filtering and limiting o DHCP snooping IEEE 802.1X o Port-based Network Access Control (PNAC) Endpoint Security 5.4 Security Software 424
Network Access Control 5.4 Security Software 425
Vulnerability assessment o In-depth analysis of security systems and policies Pentest o Attack on live or test system Either can be disruptive to a production network Vulnerability Assessments 5.4 Security Software 426
Vulnerability Scanners Software configured with list of known exploits / vulnerabilities Active or passive detection Host / OS or web application 5.4 Security Software 426
Packet Sniffers 5.4 Security Software 427
Review Understand the role of security software such as anti-malware, IDS, and NAC Diagnose and troubleshoot security issues 5.4 Security Software 428