Jump to content

Exam 98-367: Security Fundamentals/Understanding Operating System Security

Add links
From Wikiversity
Security Fundamentals
  1. Understanding Security Layers
  2. Understanding Operating System Security
  3. Understanding Network Security
  4. Understanding Security Software

This lesson covers Understanding Operating System Security. It looks at user authentication, permissions, password policies, audit policies, encryption, and malware.

Activity 1 - Understand User Authentication

[edit | edit source]

This objective may include but is not limited to: multifactor; smart cards; RADIUS; Public Key Infrastucture (PKI); understand the certificate chain; biometrics; Kerberos and time skew; using Run As to perform administrative tasks; password reset procedures.

  1. Read Wikipedia: Active Directory.
  2. Read What is Kerberos?.
  3. Read Overview of Authentication and Authorization Technologies.
  4. Read Using the Runas Command.
  5. Read Reset a Password.
  6. Read PKI Basics.

Activity 2 - Understand Permissions

[edit | edit source]

This objective may include but is not limited to: file; share; registry; Active Directory; NTFS vs. FAT; enabling or disabling inheritance; behavior when moving or copying files within the same disk or on another disk; multiple groups with different permissions; basic permissions and advanced permissions; take ownership; delegation.

  1. Read Advanced Security Settings.
  2. Read What are Permissions?.
  3. Read Introduction to File Server Resource Manager.

Activity 3 - Understand Password Policies

[edit | edit source]

This objective may include but is not limited to: password complexity; account lockout; password length; password history; time between password changes; enforce by using group policies; common attack methods.

  1. Read Password Best Practices.

Activity 4 - Understand Audit Policies

[edit | edit source]

This objective may include but is not limited to: types of auditing; what can be audited; enabling auditing; what to audit for specific purposes; where to save audit information; how to secure audit information.

  1. Read Advanced Security Audit Policy.
  2. Read Audit Policy.

Activity 5 - Understand Encryption

[edit | edit source]

This objective may include but is not limited to: EFS; how EFS encrypted folders impact moving/copying files; BitLocker (To Go); TPM; software-based encryption; MAIL encryption and signing and other uses; VPN; public-key / private key; encryption algorithms; certificate properties; certificate services; PKI/certificate services infrastructure; token devices.

  1. Read BitLocker and BitLocker To Go.
  2. Read BitLocker Drive Encryption Overview.
  3. Read What Threats Does BitLocker Protect Against?.
  4. Read What Do You Want to Protect with BitLocker?.
  5. Read Certificates.

Activity 6 - Understand Malware

[edit | edit source]

This objective may include but is not limited to: buffer overflow; worms; Trojans; spyware.

  1. Read Protecting Against Buffer Overflows.

References

[edit | edit source]
Retrieved from "https://en.wikiversity.org/w/index.php?title=Exam_98-367:_Security_Fundamentals/Understanding_Operating_System_Security&oldid=2114520"