Professional Documents
Culture Documents
Chapter 03
I.
VLAN hopping,
VLAN hopping act of gaining access to traffic on other VLANs that would not normally
be accessible by jumping from one VLAN to another.
(Page 478)
II.
Cloud computing,
Cloud computing, a way of offering on-demand services that extend the capabilities of a
persons computer or an organizations network.
(Page 465)
III.
IV.
V.
VI.
Hardening
Hardening of the Operating System is the act of configuring an OS securely, updating it,
creating rules and policies to help govern the system in a secure manner, and removing
unnecessary applications and services. This is done to minimize OS exposure to threats
and to mitigate possible risk. Although it is impossible to reduce risk to zero, Ill show
some tips and tricks that can enable you to diminish current and future risk to an
acceptable level.
(Page 57)
VII.
Application Blacklisting
Application blacklisting is when individual applications are disallowed. This can be a
more useful (and more efficient) solution if your end users work with, and frequently add,
a lot of applications. In this scenario, an individual application (say a social media or chat
program) is disabled across the network.
(Page 59)
VIII.
IX.
X.
XI.
Critical Updates
Critical updates and SPs: Include the latest SP and other security and stability updates.
Some updates must be installed individually; others can be installed as a group.
(Page 65)
XII.
Service Packs
A service pack (SP) is a Microsoft-centric group of updates, bug fixes, updated drivers,
and security fixes installed from one downloadable package or from one disc. When the
number of patches for an OS reaches a certain limit, they are gathered together into an SP.
This might take one to several months after the OS is released.
(Page 63)
XIII.
Windows Updates
Windows updates: Recommended updates to fix noncritical problems certain users might
encounter; also adds features and updates to features bundled into Windows.
(Page 65)
XIV.
Driver Updates
Hotfix
Hotfix Originally, a hotfix was defined as a single problem fixing patch to an individual
OS or application that was installed live while the system was up and running, and
without a reboot necessary. However, this term has changed over time and varies from
vendor to vendor.
(Page 468)
XVI.
Patches
Patch is an update to a system. Patches generally carry the connotation of a small fix in
the mind of the user or system administrator, so larger patches often are referred to as
software updates, service packs, or something similar.
(Page 472)
XVII.
Patch Management
Patch management
(Page 472)
XVIII.
Planning
Planning: Before actually doing anything, a plan should be set into motion. The first thing
that needs to be decided is whether the patch is necessary and whether it is compatible
with other systems. Microsoft Baseline Security Analyzer (MBSA) is one example of a
program that can identify security misconfigurations on the computers in your network,
letting you know whether patching is needed. If the patch is deemed necessary, the plan
should consist of a way to test the patch in a clean network on clean systems, how and
when the patch will be implemented, and how the patch will be checked after it is
installed.
(Page 68)
XIX.
Testing
Testing: Before automating the deployment of a patch among a thousand computers, it
makes sense to test it on a single system or small group of systems first. These systems
should be reserved for testing purposes only and should not be used by civilians or
regular users on the network. I know this is asking a lot, especially given the amount of
resources some companies have. But the more you can push for at least a single testing
system that is not a part of the main network, the less you will be to blame if a failure
occurs!
(Page 68)
XX.
Implementing
If the test is successful, the patch should be deployed to all the necessary systems. In
many cases this is done in the evening or over the weekend for larger updates. Patches
Auditing
Auditing: When the implementation is complete, the systems (or at least a sample of
systems) should be audited; first, to make sure the patch has taken hold properly, and
second, to check for any changes or failures due to the patch. SCCM, SMS, and other
third-party tools can be used in this endeavor.
(Page 68)
XXII.
Group Policy
A Group Policy is used in Microsoft and other computing environments to govern user
and computer accounts through a set of rules. Built-in or administrator-designed security
templates can be applied to these to configure many rules at one time. Afterward,
configuration baselines should be created and used to measure server and network
activity.
(Page 68)
XXIII.
Security Template
Security template is a Groups of policies that can be loaded in one procedure.
(Page 475)
XXIV.
Baselining
Baselining is the process of measuring changes in networking, hardware, software, and so
on."
(Page 463)
XXV.
XXVI.
System VM
System virtual machine is a complete platform meant to take the place of an entire
computer, enabling you to run an entire OS virtually.
(Page 74)
XXVII.
Process VM
Process virtual machine: Designed to run a single application, such as a virtual web
browser.
(Page 74)
XXVIII.
Hypervisor (HV)
Hypervisor
The portion of virtual machine software that allows multiple virtual
operating systems (guests) to run at the same time on a single computer.
(Page 469)
XXIX.
Native HV
The native hypervisor runs directly on the host computers hardware. Because of this it is
also known as bare metal. Examples of this include VMware vCenter and vSphere,
Citrix XenServer, and Microsoft Hyper-V. Hyper-V can be installed as a standalone
product, known as Microsoft Hyper-V Server, or it can be installed as a role within a
standard installa- tion of Windows Server 2008 (R2) or higher. Either way, the hypervisor
runs independently and accesses hardware directly, making both versions of Windows
Server Hyper-V Type 1 hypervisors.
(Page 75)
XXX.
Hosted HV
The hosted hypervisor runs directly on the host computers hardware. Because of this it is
also known as bare metal. Examples of this include VMware vCenter and vSphere,
Citrix XenServer, and Microsoft Hyper-V. Hyper-V can be installed as a standalone
product, known as Microsoft Hyper-V Server, or it can be installed as a role within a
standard installa- tion of Windows Server 2008 (R2) or higher. Either way, the hypervisor
runs independently and accesses hardware directly, making both versions of Windows
Server Hyper-V Type 1 hypervisors.
(Page 75)
IPv4 address will translate to a single public IPv4 address. This is also called one-to-one
mapping.
It is also important to know the difference between private and public addresses. A
private address is one not displayed directly to the Internet and is normally behind a
firewall (or NAT-enabled device). Typically, these are addresses that a SOHO router or
DHCP server would assign automatically to clients."
2. Identify the three types of NAT?
There are three main types of NAT exist. In order of complexity (from simple to
complex), they are:
Static NAT--With this type of NAT, a NAT router maintains a table that associates each
internal IP address with a corresponding external allocated (i.e., registered) Internet IP
address. With static NAT, you must register an IP address for every machine that connects
to the Internet. This approach isn't used very often because it doesn't save on registering
IP addresses. However, static NAT can be useful for making devices accessible from the
Internet--the external IP address will always point to the internal address stored on the
NAT router.
Dynamic NAT--With dynamic NAT, a NAT router maintains a list of registered Internet
IP addresses. Every time an internal client tries to access the Internet, the router maps it
to one of the registered IP addresses that isn't currently in use. As a result, you need
registered IP addresses only for the number of concurrent Internet users.
Single-Address NAT/Overloading/Masquerading/Network Address Port Translation
(NAPT)--With this type of NAT, a NAT router has only one registered IP address. The
NAT router maps each internal client that needs to communicate with the Internet to a
different port from the registered IP address. The router writes the address request in the
form x.x.x.x:y--for example, 10.0.0.1:100 would be IP address 10.0.0.1, port 100.
Responses from the Internet include the originating port so that the router knows which
internal IP address to map the response to.
The figure below illustrates the use of single-address NAT. The NAT router in the figure
maintains a translation table that specifies the port that each internal IP address uses for
external communication, as follows:
Internal Address
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
External Address
14.1.23.5:62450
14.1.23.5:62451
14.1.23.5:62452
14.1.23.5:62453