iT邦幫忙

2025 iThome 鐵人賽

DAY 18
0
Security

30 工挑戰 CompTIA Security SY0—701系列 第 18

Day 18 Modifying enterprise capabilities to enhance security

  • 分享至 

  • xImage
  •  

1. Firewall

是根據事先定義的規則控制網路交通的出入。

  • Firewall Types
    Host-based firewall
    Network-based firewall
    Stateless firewall
    Stateful firewall
    Web Application Firewall(WAF)
    Unified Threat Management Firewall(UTM)
    Next-Generation Firewall(NGFW)
  • Rules
    • Inbound and outbound rules

    • Explicit allow and explicit deny

      • Port numbers
      • Protocol types
      • Port address
    • Access Control List

    • Zones
      資料 ùi 公司電腦移動 kàu internet,經過無仝款的 zones:

      • Wide Area Network(WAN)
      • Local Area Network(LAN)
      • Screened subnet

      這三个予兩个 firewall 分開。

2. IDSs/IPSs

  • Trends in IDSs/IPSs
    • Machine learning 佮 AI integration
    • Cloud-centric security
    • Zero-trust architecture
    • IoT 佮 OT protection
  • IDS/IPS Signatures
    • Signature-based detection
    • Anomaly/heuristic-based detection
    • Real-time updates
    • Custom signatures

3. Web Filtering

  • Agent-based filtering
  • Centralized proxy filtering
  • Universal Resource Locator(URL) scanninig
  • Content categorization
  • Block rules
  • Reputation-based filtering

4. Operating System Security

保護 OS 袂受 to̍h 攻擊。ē iōng 使用以下的方法:

  • Keep your system updated
  • User Account Control(UAC)
  • Minimize attack surface
  • Implement strong authentication
  • Employ access controls
  • Enable firewall protection
  • Encrypt data
  • Monitor and log activities
  • Patch management
  • Educate users
  • Back up your data
  • Disaster recovery plan

Group Policy
SELinux

5. The Implementation of Secure Protocols

  • Protocol selection
  • Port selection
  • Transport method

Insecure Protocols
Secure Protocols

6. DNS Filtering

  • Blcoks access to malicious sites
  • Content filtering
  • Enhancing privacy
  • Secuity reinforcement

7. Email Security

使用 encryption 佮 authentication 來保護 Email:

  • S/MIME
  • Pretty Good Privacy(PGP)
  • Domain-Based Message Authentication Reporting and Conformation(DMARC)
  • DomainKeys Identified Mail(DKIM)
  • Sender Policy Framework(SPF)
  • Gateway

8. File Integrity Monitoring

9. Data Loss Prevention(DLP)

10. Network Access Control(NAC)

  • Agents
  • Health authority
  • Remediation server

11. Endpoint Detection and Response(EDR) and Extended Detection and Response(XDR)

EDR 按怎運作:

  • Data Collection
  • Detection
  • Alerting
  • Response

XDR 的特點:

  • Data integration
  • Advanced analytics
  • Automation and orchestration
  • Scalability

12. User Behavior Analytics


上一篇
Day 17 Security alerting and monitoring concepts and tools
下一篇
Day 19 Implement and maintain identity and access management(IAM)
系列文
30 工挑戰 CompTIA Security SY0—70119
圖片
  熱門推薦
圖片
{{ item.channelVendor }} | {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言