rest of security + firewall + SOHO + troubleshooting +backups + approval

block all connections only allowed

very strict policy

deny list for connections

more of a reasonable restriction

cutomize firewall rules

by applicaiton, port, ingoing/outgoing

PIN

personal information number

PII

personal identification info

explicit file perms

set perms by admin

inherent file persm

set automatically/inhernited from prent file

UAC

user account control, what needs admin

admin prompt

secure desktop, only say yes if you know what it is

EFS function

encrypt only certain files unlock bitlocker, usually is users password, if reset could lead to files being lost

managing decyprtion key

often AD might have decypriton key

security techniques

change default password, minium permission, disable geust account, disable interactive login on unneccassary accounts or delet them, log in time restrictions, lock down laptop ports, screen saver password, be aware of who is looking at screen, disable auto play and auto run

keep drive in mobile device secure

remote wipe and FDE

firewalls on mobile

most phones dont hav eone

IOT security vulnerabilites

should be isolated from main network, often are not built to be concerned with security

best type of data destruction

physical destruction

low level format

usually done by factory ,deletes data

quick setup

setups file systems doesnt really delte old data

fegular format

writes 0 to drive

how to secure a SOHO

change defualt passwords/SSID, firmware updates

physical placement of routers or ports

watch out for ethernet ports or access point being opened, use NAC to stop ethernets from being plugged into

static WAN IP

also known as public IP

company wants for public ip

to be static, must talk to ISP to get this

UPnP

disable, allows for auotmatical firewall rules and port forwading

screened subnet

a way to isolate public resources away from private network

NAC abbreivation

network access control to sdisable ethernets

externtal to internal

how public info goes to router than it goes to the right private IP

browser security

hash to verify download, update firmware, watch extensions, block pop ups, watch certifications, watch cookies

window scant find OS

bootloader/multiple parittion issue

BCD

windows boot configuration database, can recover and reappir

missing NTDLR

missing bootlader, repair can reinstall

relaibliity monitor

view history of crashes of applications

USB endpoitns

if not enough endpoints will say not enough resouces, try a different port

romaing user profile

nerwork poblems with aLDAP queries

fix missing user profile

backup important files from user, delete file and regedit file after backup, then log in and recopy files

clock drift error

select automatic time confirguration

sfc /scannnow

verify intergirty

what to do if device has virus

quarentine everything, networ, removable accesss, disable all local restore points, boot in safe mode

WMPE

windows pree install enviornment

ADR

assesment and deployment kit

reason for battery life depletion

constant search for cellular signal that isnt there

APKs

only form trusted sources

Xcode

developer mode for IOS requires a MAC

aplicaton spoofing and fake apps

way to infect mobile deives

signs of virus on mobile device

high networking, data reports, leaked personal files

ticketing sytsem

needs concise and descipritive data

ticketing system process

document assign resolve reporty

help desk dteremines what

sevirty type of issue and escalation

ways to view past tickets

past solutoins and connections

assest managment

have RFIDS on everything, finical data, associatre users with ddevices, warranty, software leasing,

AUP

acceptable use policies

network topology

thew ay the network works

copmliance

compliance with legal laws

splash screen

informational

standard operation prosucdres

down time maintenace facitly isues on boarding

onboarding

need AUP hardware software account rights

termination

data account hardware

change managment

have policies rollback plan test in sandbox in evironment including rolback

changes aspectsa

purpose of change cost benfits of no doing chagne or doing change, scope

bakckups

type amount how often what software on site vs off site

differential backup

will backup everything from full backup moderate/moderateful

full backup

slow/fast

synthetic backup

rendering full backup from old full backup and incremetnal/differnetial backups

incremental backups

fast/slow records changes from very last backup

3 2 1rule

3 copies of data 2 different storage methods and 1 off site

grandfather father son rule

grandfather full backup every month father is syntheitc every month and son is daily

periodic audit

to test backup system and make sure it works

on site advantatges

no internet, less expensive have full acces

off site

expensive can backup from everwhere network speed

off site vs on site

use both

NAS

network attached storage