FLASH CARDS

7.02 Summarize various security measures and their purposes

  • Physical Access Control

  • Physical security measures used to control who can enter buildings or restricted areas.

  • Perimeter Security

  • Security measures to protect the outside of buildings.

  • Types: (a) Barricades/Fences: Keep unauthorized individuals away. (b) Security Fencing: Transparent and hard to cut, tall to prevent climbing.

  • Access Control Vestibules

  • Enclosed areas that restrict access to one person at a time.

  • Purpose: Reduces tailgating and unauthorized entry.

  • Magnetometers

  • Metal detectors at entrances.

  • Purpose: Detect concealed weapons.

  • Security Guards

  • Human guards who monitor and control entry.

  • Duties: Verify ID, control access, log entry/exit, deter threats.

  • Lock Types

  • Key-operated

  • Traditional locks needing a key.

  • Electronic

  • Operated by PIN on a keypad.

  • Badge reader

  • Uses magnetic cards or smart cards.

  • Biometric Locks

  • Fingerprint Reader

  • Scans fingerprints.

  • Palmprint Scanner

  • Scans veins in the hand.

  • Retina Scanner

  • Scans blood vessels in the eye.

  • Equipment Lock Types:

  • Kensington Locks

  • Cable ties to secure laptops.

  • Chassis Locks

  • Prevent access to server hardware.

  • Lockable Rack Cabinets

  • Secures network equipment.

  • Alarms and Surveillance Types:

  • Circuit

  • Activated by opening/closing a circuit (e.g., door).

  • Motion Sensors

  • Detects movement using microwave or infrared.

  • Proximity

  • Uses RFID tags to track objects.

  • Duress Alarms

  • Manually triggered by staff under threat.

  • Video Surveillance

  • Monitors gateways and security zones.

  • Video Surveillance Types: (a) CCTV (b) Older camera systems (c) IP Cameras, and (d) Internet-connected cameras

  • Security Lighting

  • Purpose: Enhances safety at night and makes it harder for intruders to hide.

  • Good Design: Provides enough light, avoids shadows and glare.

  • Logical Security Controls

  • Controls applied by digital systems to secure resources.

  • Examples: Firewalls, antivirus software, access control systems.

  • The AAA Triad key components:

  • Authentication

  • Verifies user identity.

  • Authorization

  • Grants specific access based on permissions.

  • Accounting

  • Logs when and by whom resources were accessed.

  • Access Control Lists (ACLs)

  • Defines which users or systems can access specific resources.

  • Implicit Deny

  • Access is denied unless explicitly allowed.

  • Least Privilege

  • Users have the minimum access needed.

  • Authentication Factors

  • Knowledge: Something you know (e.g., password).

  • Possession: Something you have (e.g., smart card).

  • Inherence: Something you are (e.g., fingerprint).

  • Multifactor Authentication (MFA)

  • Requires at least two different factors for authentication.

  • 2-Step Verification

  • Sends a soft token to a trusted device.

  • Authenticator App

  • Used for passwordless login.

  • Hard Token

  • Uses a USB or smart card for authentication.

  • Windows Domains and Active Directory

  • Domain Controllers (DCs)

  • Manage domain authentication and user accounts.

  • Member Servers

  • Provide services like file sharing and databases.

  • Organizational Units (OUs)

  • Divide domains for easier management.

  • Group Policy

  • Manages computer settings and user profiles across a network.

  • gpupdate

  • Applies policies immediately.

  • Gpresult

  • Shows active policies.

  • Login Scripts

  • Purpose: Configure user environment, map drives, ensure security compliance during login.

  • Mobile Device Management (MDM)

  • Software used to control security policies for mobile devices.

  • MDM Policies:

  • App usage

  • Controls which apps can be used.

  • Corporate Data

  • Controls access to company data.

  • Built-in Functions

  • Restricts device features like cameras.