2.8 - CompTIA A+ Core 2

Hardening techniques

Device encryption

Screen locks

• Facial recognition: An authentication type that requires users to scan their face to unlock a device.

• PIN codes: An authentication type that requires users to enter a numeric code to unlock the device and access sensitive information.

• Fingerprint: An authentication type that requires users to provide a fingerprint to unlock a device.

• Pattern: An authentication type that requires users to draw a specific shape or design on the screen to unlock the device.

• Swipe: An authentication type that requires users to swipe their finger across a designated area on the screen to unlock the device - VERY insecure.

Configuration profiles

• Configuration profiles: XML or JSON formatted files used to manage secure devices by enforcing specific settings/policies - typically used by Mobile Device Management (MDM) software.

Patch management

OS updates

• OS updates: A security best practice that ensures your operating system is kept up-to-date. Includes security fixes to ensure your device is as safe as possible.

Application updates

• Application updates: A security best practice that ensures all applications present on a device are kept up-to-date.

Endpoint security

Antivirus

• Antivirus: Software that protects a device from viruses by detecting and removing them before they can harm the system. Many AV options are available through the App Store (iOS) and the Play Store (Android).

Anti-malware

• Anti-malware: Software that protects a device from malware by detecting and removing it before it can harm the system. Many anti-malware options are available through the App Store (iOS) and the Play Store (Android).

Content filtering

• Content filtering: A security measure that restricts access to certain websites or content based on predefined criteria, which can help protect users from harmful material. Various content filtering solutions are available as browser extensions or as integrated features within some antivirus and anti-malware software.

Locator applications

• Locator application: Software that allows users to track the location of their mobile devices if they are lost or left at another location.

Remote wipes

• Remote wipes: A security feature that enables users to erase all data from their mobile devices remotely, ensuring that sensitive information does not fall into the wrong hands if the device is lost or stolen.

Remote backup applications

• Remote backup applications: Software solutions that automatically copy data from mobile devices to a secure off-site location, allowing users to restore their information easily in case of device failure, loss, or theft.

Failed log-in attempts restrictions

• Failed log-in attempts restrictions: Policies that limit the number of unsuccessful attempts at which a restriction will be applied to an account, often resulting in temporary lockouts or additional verification steps to enhance security and protect sensitive information.

Policies and procedures

• MDM: Software solution used to apply corporate/security policies to a device.

• BYOD (Bring Your Own Device): Employees use their personal devices for work-related tasks, which can introduce security challenges if not properly managed.

• Corporate-owned devices: Devices that are owned and managed by the organization, allowing for stricter security controls and policies to be enforced.

• Profile security requirements: These are guidelines that outline the necessary security measures to protect sensitive data on devices, ensuring compliance with organizational policies - these can control the entire device or a corporate partition, and provide access control (e.g., screen locks, PINs).