4.5 Given a scenario, modify enterprise capabilities to enhance security

What is a screened subnet?

This is also known as a DMZ (Demilitarized zone) where you isolate a network segment between the internal network and external networks. The screened subnet contains public facing services, but has limited or no access to the internal network, protecting any kind of sensitive data.

What is a SPF and what does this do?

SPF stands for Sender Policy Framework. This defines which email servers are authorized to send mail on our behalf.

What is DKIM and what does this do?

DKIM stands for Domain Keys Identified Mail. This is an email authentication method used to ensure message aren’t altered in transit. This allows you to add an encryption key and digital signature which verifies an email was not faked or spoofed.

What is DMARC and what does this do?

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. This is an email authentication protocol designed to protect email domain owners from unauthorized use, commonly known as email spoofing. The primary purpose of DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, and email scams.

What does FIM stand for and what does this do?

FIM stands for File Integrity Monitoring. This monitors important operating system and application files that shouldn’t be changing. Windows for example is SFC for windows.

What’s the difference between EDR and XDR?

EDR: Stands for (Endpoint Detection and Response). EDR focuses on endpoint devices such as laptops, desktops, servers, and mobile devices, collecting data from these endpoints to detect threats like malware and ransomware.

XDR: Stands for (Extended Detection and Response). XDR extends the scope beyond endpoints to include data from multiple sources such as network traffic, cloud and SaaS applications, email, identity and access management, and SIEM systems.