The cheat sheet is a condensed format of the main facts that you need to know before taking the exam. We must learn the exam concepts and not just the answers to a bank of questions.
Access Control Lists (ACLs)
- Firewalls and routers use ACL. No allow rule means implicit deny.
Firewalls
- Unified Threat Management (UTM)– all in one URL and content filter
- Stateful firewall – inspect deep into the packet, including size and commands
- Stateful firewall – protects against DDoS attacks
- Web application firewall – protect the web server and web applications
- Host-based – only protects the local computer
- Network-based – only protects the network
Network Protection
- Network Intrusion Prevention System (NIPS) – additional layer of protection placed close to firewall
- Network Intrusion Detection System (NIDS) – detects changes in network, uses sensor and collectors, and alerts the NIPS
- Signature-based – work from a local database
- Anomaly-based – start with a database but can learn new patterns
Proxy Server
- URL filter
- Content filter
- Caches web pages
Reverse Proxy
- Authenticates incoming connections
- Decrypts incoming traffic
Load Balancer
- Deals with a high load of web traffic
- Sends traffic to the least utilized host
- Affinity – sends the host to the same web server
- Round robin – balances traffic using DNS A records
SIEM System
- Real-time monitoring
- Correlates events on the network
- Measures account lockout, even with attempts on different computers
- Needs the correct filter, otherwise false position
Tools
- Packet sniffer/protocol analyzer – analyze network traffic
- Banner grabbing – analyze web server
- Banner grabbing – three main tools: Telnet, Nmap, and Netcat (nc)
- Nmap – maps out whole network – identifies new hosts
- NAC – ensures network clients are fully patched
- DLP – prevents exfiltration of PII, sensitive information, or credit card details
- Mail gateway – filters out spam
- Wireless scanner – troubleshoots WAP problems
- Wireless scanner and SSID decloak device – finds the SSID even if it's disabled
- Password cracker – can find the hash of a password
- Honeypot – looks like a legitimate website with lower security
- Honeypot – analyzes attack methods being used
Data Sanitization Tools
- Hard drive – best to worst: shred, pulverize, then degauss
- Paper – best to worst: pulping then shredding
- Paper – classified – burn bag – destroy by third party – certificate given
Command-Line Tools
- Netstat – shows established connection
- Netcat (nc) – shows established connections on Linux
- Tcpdump – Linux packet analyzer
- Nslookup – troubleshoot DNS issues
- DIG – Linux – troubleshoot DNS issues
Mobile Devices
- Mobile device management – policies and management of mobile devices
- Download manager – controls download speed
- Remote wipe – lost or stolen devices – back to factory reset
- Camera – can record videoconferencing, conversations, or take pictures
- Protect access – screen locks and strong passwords
- Protect data at rest – FDE – Full Disk Encryption or small devices Full Device Encryption
- Containerization/storage segmentation – separates private and business data
- BYOD – needs AUP and on/offboarding policies
- Geofencing – prevent theft of devices
- Geolocation – shows the location of the device
- Carrier unlocking – jailbreaking/rooting followed by sideloading the app
