Review A+ 2.1

Access Control Lists (ACLs)

Used to allow or deny traffic – Also used for NAT, QoS, etc. – Commonly used on the ingress or egress of a router interface

• ACLs evaluate on certain criteria – Source IP, Destination IP, – TCP port numbers, UDP port numbers, ICMP

• Deny or permit – What happens when an ACL matches the traffic?

• Also used in operating systems – Allow or deny access to the filesystem

Multi-factor authentication

More than one factor

– Something you are, something you have, something you know, somewhere you are, something you do

• Can be expensive – Separate hardware tokens

Software tokens

• Authenticator application – Pseudo-random number generator – Can’t guess it – Changes constantly

• Saves money – Free smartphone applications – No separate device to lose

Active Directory

A database of everything on the network – Computers, user accounts, file shares, printers, groups, and more

• Manage authentication – Users login using their AD credentials

• Centralized access control – Determine which users can access resources • Commonly used by the help desk – Reset passwords – Add and remove accounts

Domain

The name associated with this related group of users, computers, and resources – Each domain has a name

• Domain controllers store this central domain database – Active Directory is the service that manages this directory

• Often referenced when troubleshooting – Is this computer on the domain? – Can you reset the domain password?

Organizational units (OU)

Keep the (very large) database organized – Users, Computers

• Create your own hierarchy – Countries, states, buildings, departments, etc.

• Apply policies to an OU – Can be very large: – Domain Users – Can be for a specific group: – Marketing, North America, – Pegasus galaxy

Login script

Automate a series of tasks during login – Assign a script to a specific user, group, or OU

• Associate the script with a Group Policy – User Configuration > Policies > – Windows Settings > Scripts

• Create different login scripts for different OUs – Customize based on your needs

Home folder

Assign a user Home folder to a network folder – Manage and backup files from the network – Avoid storing files on the local computer

• When added to the user profile, the directories are automatically created – And proper permissions are assigned

• Requires some training – Encourage users to store files on the network Home folder

Folder redirection

Some users and applications use the Windows Library folders – Desktop, Downloads, – Music, Documents, etc.

• Redirect the folders to a network share – Group Policy > User Configuration > – Windows settings > Folder Redirection

• This is often paired with the Offline Files feature – You’re not always connected

Security groups

Create a group – Assign permissions to the group

• Set the rights and permissions to the group – Add users to the group

• Some built-in groups – Users, guests – Remote management users – Event Log Readers

• Save time – Avoid confusion and mistakes