reflection 2 - Information Systems
For each reflection essay, students should write a short essay (at least 300 words) to reflect upon their learning experiences in lessons 6 - 10. The student should identify and discuss at least three concepts or issues in the essay. These concepts or issues can be something from the textbook or external sources. Also, every student must write a second post/comment to a classmates post.
Implementing Public Key Infrastructure
Lesson 6
1
Implement Certificates and Certificate Authorities
Topic 6A
2
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
3.9 Given a scenario, implement public key infrastructure
Syllabus Objectives Covered
3
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Public key cryptography
When you want others to send you confidential messages, you give them your public key to use to encrypt the message
When you want to authenticate yourself to others, you create a signature and sign it by encrypting the signature with your private key
But how does someone trust the public key?
Public key infrastructure (PKI) validates the identity of the owner of a public key
Public key is wrapped in a digital certificate signed by a certificate authority (CA)
Sender and recipient must both trust the CA
Public and Private Key Usage
4
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificate Authorities
Private CAs versus third-party CAs
Define services offered
Ensure validity of certificates and users
Establish trustworthy working procedures
Manage servers and keys
Screenshot used with permission from Microsoft.
5
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
PKI Trust Models and Certificate Chaining
Single CA
Hierarchical/chain of trust
Root CA
Intermediate CAs
Leaf certificates
Online versus offline
Screenshot used with permission from Microsoft.
6
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Registration identification and authentication procedures
Private versus third-party CAs
Certificate Signing Request (CSR)
Client generates key pair and sends public key to CA with CSR
CA performs subject identity checks
CA signs and issues certificate
Registration authority (RA)
Registration and CSRs
7
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Digital Certificates
Contains subject’s public key
Information identifying the subject plus usage and validity
Digital certificate standards
X.509 Public Key Infrastructure (PKIX)
PKCS (Public Key Cryptography Standards)
Screenshot used with permission from Microsoft.
8
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
Certificate Attributes
Field Usage
Serial Number A number uniquely identifying the certificate within the domain of its CA.
Signature Algorithm The algorithm used by the CA to sign the certificate.
Issuer The name of the CA.
Valid From/To Date and time during which the certificate is valid.
Subject The name of the certificate holder, expressed as a distinguished name (DN). Within this, the Common Name (CN) part should usually match either the fully qualified domain name (FQDN) of the server or a user email address.
Public Key Public key and algorithm used by the certificate holder.
Extensions V3 certificates can be defined with extended attributes, such as friendly subject or issuer names, contact email addresses, and intended key usage.
Subject Alternative Name (SAN) This extension field is the preferred mechanism to identify the DNS name or names by which a host is identified.
9
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Subject Name Attributes
Common Name (CN)
Legacy method of recording FQDN
Deprecated by standards
BUT still used in many implementations
Subject Alternative Name (SAN)
Structured identifiers
List multiple host/subdomains
Use wildcard subdomain
Screenshot used with permission from Microsoft.
10
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Types of Certificate
Certificate policies and templates
Key usage
Extended Key Usage/Enhanced Key Usage
Critical or non-critical
Screenshot used with permission from Microsoft.
11
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Web Server Certificate Types
Domain Validation (DV)
More rigorous identity checks
Extended Validation (EV)
Even more rigorous identity checks
Screenshot used with permission from Microsoft.
12
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Other Certificate Types
Machine/computer
Servers and network appliances
Identify by FQDN
Email/user certificate
Can be various types (email, encryption, smart card logon, and so on)
Identify by email address
Code signing
Validate publisher name
Root certificate
Self-signed certificate for the CA
Self-signed certificate
Must be manually trusted
Screenshot used with permission from Microsoft.
13
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificates and Certificate Authorities
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
Review Activity
Assisted Labs
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Managing the Lifecycle of a Certificate
15
Lab Activity
Implement PKI Management
Topic 6B
16
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
3.9 Given a scenario, implement public key infrastructure
4.1 Given a scenario, use the appropriate tool to assess organizational security (OpenSSL only)
Syllabus Objectives Covered
17
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificate and Key Management
Key life cycle
Key generation
Certificate generation
Storage
Revocation
Expiration and renewal
Vulnerabilities from improper management
18
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Key Recovery and Escrow
M-of-N control for critical keys (root servers)
Keys can be backed up to protect against data loss
Anyone with access to backup keys could impersonate the true key holder
Key recovery processes can be protected by M of N control
Escrow backup
Placing archived keys with a trusted third party
19
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificate Expiration
Certificate duration
Certificate renewal
Use existing key pair
Re-key with newly generated key pair
Expiration
Public key will no longer be accepted
Archiving versus destroying key material
Secure erasing methods
20
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificate Revocation Lists
Revocation versus suspension
Reason codes
Certificate Revocation List (CRL)
List of revoked and suspended certificates
Browser CRL checking
Screenshot used with permission from Microsoft.
21
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Online Certificate Status Protocol Responders
Online Certificate Status Protocol (OCSP)
OCSP responder
Provide real-time status information (though some rely on CRLs)
Client queries single certificate per transaction
OCSP stapling
Clients might need to make lots of certificate queries for a chain of trust
Queries can be used to track clients
Stapling proxies the OCSP response
22
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificate Pinning
Defend against MitM attacks on chain of trust
Web server references authorized public key(s) in HTTP header
HTTP Public Key Pinning (HPKP)
Certificate Transparency framework
23
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certificate Formats
Distinguished Encoding Rules (DER)
Binary format
Privacy-enhanced Electronic Mail (PEM)
Represent binary as ASCII using Base64 encoding
.CER and .CRT file formats may be either binary or ASCII
Personal information exchange
Export a private key (binary and password-protected)
.PFX or .P12 (PKCS #12)
Export a certificate chain
.P7B (PKCS #7)
Screenshot used with permission from Microsoft.
24
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
OpenSSL
Windows Certificate Services and certutil/PowerShell
OpenSSL
Key pair generation and CA root certificate
Certificate requests
Viewing and verifying certificates
Converting certificate formats
25
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
25
Certificate Issues
Troubleshoot rejection of certificates by servers and clients
Existing certificate—check expiry and status
New certificate
Check key usage settings and requirements
Check subject name
Check chain of trust/root certificates
Verify time and date settings
Audit certificate and PKI infrastructure
26
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
PKI Management
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
Review Activity
Assisted Labs
Managing Certificates with OpenSSL
28
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Lab Activity
Summary
Lesson 6
CompTIA Security+ Lesson 6 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
29
Implementing Identity and Account Management Controls
Lesson 8
1
Implement Identity and Account Types
Topic 8A
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
3.7 Given a scenario, implement identity and account management controls
5.3 Explain the importance of policies to organizational security
Syllabus Objectives Covered
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
Identity Management Controls
Certificates and smart cards
Public key cryptography
Subject identified by a public key, wrapped in digital certificate
Private key must be kept secure
Tokens
Authorizations issued under single sign-on
Avoids need for user to authenticate to each service
Identity provider
Provisions and manages accounts
Processes authentication
Federated identity management
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
Background Check and Onboarding Policies
Human resources (HR) and personnel policies
Recruitment (hiring)
Operation (working)
Termination/separation (firing or retiring)
Background check
Onboarding
Welcoming a new employees or contractors to the organization
Account provisioning
Issuing credentials
Asset allocation
Training/policies
Non-disclosure Agreement (NDA)
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
Personnel Policies for Privilege Management
Mitigate insider threat
Separation of duties
Standard operating procedures (SOPs)
Shared authority
Least privilege
Assign sufficient permissions only
Reduce risk from compromised accounts
Job rotation
Distributes institutional knowledge and expertise
Reduces critical dependencies
Mandatory vacations
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
Offboarding Policies
Identity and access management checks
Disable the user account and privileges
Ensure integrity and availability of information assets managed by the employee
Retrieving company assets
Returning personal assets
Consider shared/generic accounts, security procedures that must be changed
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
7
Security Account Types and Credential Management
Standard users
Limited privileges
Should not be able to change the system configuration
Restricted to account profile
Credential management policies for personnel
Password policy
Protect access to the account and prevent compromise
Educate risks from reusing credentials and social engineering
Guest accounts
Account with no credentials (anonymous logon)
Unauthenticated access to hosts and websites
Must have very limited privileges or be disabled
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
Security Group-Based Privileges
User-assigned privileges
Assign privileges directly to user accounts
Unmanageable if number of users is large
Group-based privileges
Assign permissions to security groups and assign user accounts to relevant groups
Issues with users inheriting multiple permissions
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
9
Images © 123RF.com.
9
Administrator/Root Accounts
Privileged/administrative accounts
Can change system configuration
Generic administrator/root/superuser
User account with full control over system
Key target for attackers
Often disabled or usage restricted after install
Administrator credential policies
Create specific accounts with least privileges (generic account prohibition)
Enforce multifactor authentication
Default security groups
Administrators/sudoers
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
Service Accounts
Windows service accounts
System
Local Service
Network Service
Linux accounts to run services (daemons)
Deny shell access
Managing shared service account credentials
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
Screenshot used with permission from Microsoft.
Shared/Generic/Device Accounts and Credentials
Shared accounts
Accounts whose credentials are known to more than one person
Generic accounts
Accounts created by default on OS install
Only account available to manage a device
Might use a default password
Risks from shared and generic accounts
Breaks principle of non-repudiation
Difficult to keep credential secure
Credential policies for devices
Privilege access management software
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
Secure Shell Keys and Third-party Credentials
Secure Shell (SSH) used for remote access
Host key identifies the server
User key pair used to authenticate to server
Server holds copy of valid users’ public keys
Keys must be actively managed
Third-party credentials
Passwords and keys to manage cloud services
Highly vulnerable to accidental disclosure
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
Screenshot used with permission from Amazon.com.
Identity and Account Types
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
Review Activity
Implement Account Policies
Topic 8B
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
15
3.7 Given a scenario, implement identity and account management controls
Syllabus Objectives Covered
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
Account Attributes and Access Policies
Account attributes
Security ID, account name, credential
Extended profile attributes
Per-app settings and files
Access policies
File permissions
Access rights
Active Directory Group Policy Objects (GPOs)
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
Account Password Policy Settings
Length
Complexity
Character combinations
Aging
History and reuse
NIST guidance
Password hints
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
Account Restrictions
Network location
Connecting from a VLAN or IP subnet/remote IP
Connecting to a machine type or group (clients versus servers)
Interactive versus remote logon
Geolocation
By IP address
By Location Services
Geofencing
Geotagging
Time-based restrictions
Logon hours
Logon duration
Impossible travel time/risky login
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
19
Account Audits
Accounting and auditing to detect account misuse
Use of file permissions to read and modify data
Failed login or resource access attempts
Recertification
Monitoring use of privileges
Granting/revoking privileges
Communication between IT and HR
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
Account Permissions
Impact of improperly configured accounts
Insufficient permissions
Unnecessary permissions
Escalating and revoking privileges
Permission auditing tools
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21
Usage Audits
Account logon and management events
Process creation
Object access (file system / file shares)
Changes to audit policy
Changes to system security and integrity (anti-virus, host firewall, and so on)
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
Account Lockout and Disablement
Disablement
Login is disabled until manually re-enabled
Combine with remote logoff
Lockout
Login is prevented for a period and then re-enabled
Policies to enforce automatic lockout
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
Screenshot used with permission from Microsoft.
Account Policies
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
Review Activity
Assisted Labs
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Managing Access Controls in Windows Server
Configuring a System for Auditing Policies
25
Lab Activity
Implement Authorization Solutions
Topic 8C
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
26
2.4 Summarize authentication and authorization design concepts
3.8 Given a scenario, implement authentication and authorization solutions
4.1 Given a scenario, use the appropriate tool to assess organizational security (chmod only)
Syllabus Objectives Covered
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
Discretionary and Role-Based Access Control
Access control model determines how users receive permissions/rights
Discretionary Access Control (DAC)
Based on resource ownership
Access Control Lists (ACLs)
Vulnerable to compromised privileged user accounts
Role-Based Access Control (RBAC)
Non-discretionary and more centralized control
Based on defining roles then allocating users to roles
Users should only inherit role permissions to perform particular tasks
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28
File System Security
Access Control List (ACL)
Access Control Entry (ACE)
File system support
Linux permissions and chmod
Symbolic (rwx)
User, group, world
Octal
r=4
w=2
x=1
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
29
Mandatory and Attribute-Based Access Control
Mandatory Access Control (MAC)
Labels and clearance
System policies to restrict access
Attribute-Based Access Control (ABAC)
Access decisions based on a combination of subject and object attributes plus any context-sensitive or system-wide attributes
Conditional access
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
Rule-Based Access Control
Non-discretionary
System determines rules, not users
Conditional access
Continual authentication
User account control (UAC)
Privileged access management
Policies, procedures, and technical controls to prevent the malicious abuse of privileged accounts
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
31
Directory Services
Database of subjects
Users, computers, security groups/roles, and services
Access Control Lists (authorizations)
X.500 and Lightweight Directory Access Protocol (LDAP)
Distinguished names
Attribute=Value pairs
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
32
CN=WIDGETWEB, OU=Marketing, O=Widget, C=UK, DC=widget, DC=foo
Federation and Attestation
Federated identity management
Networks under separate administrative control share users
Identity providers and attestation
Cloud versus on-premises requirements
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
33
Images © 123rf.com.
Security Assertions Markup Language
Open standard for implementing identity and service provider communications
Attestations/assertions
XML format
Signed using XML signature specification
Communications protocols
HTTPS
Simple Object Access Protocol (SOAP)
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
34
OAuth and OpenID Connect
“User-centric” federated services better suited to consumer websites
Representational State Transfer (REST) Application Programming Interfaces (APIs) (RESTful APIs)
Framework for implementation not a protocol
OAuth
Designed to communicate authorizations rather than explicitly authenticate a subject
Client sites and apps interact with OAuth IdPs and resource servers that hold the principal’s account/data
Different flow types for server to server or mobile app to server
JavaScript object notation (JSON) web token (JWT)
OpenID Connect (OIDC)
Adds functions and flows to OAuth to support explicit authentication
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
35
Authorization Solutions
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
36
Review Activity
Assisted Lab
Managing Access Controls in Linux
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
37
Lab Activity
Explain the Importance of Personnel Policies
Topic 8D
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
38
38
5.3 Explain the importance of policies to organizational security
Syllabus Objectives Covered
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
39
Conduct Policies
Acceptable use policy (AUP)
Employee use of employer’s hardware and software assets
Rules of behavior and social media analysis
General requirements for professional standards
Covers personal communications and social media accounts
Additional clauses for privileged users
Use of personally owned devices
Bring your own device
Shadow IT
Clean desk
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
40
User and Role-based Training
Impacts and risks from untrained users
Topics for security awareness
Overview of security policies
Incident response procedures
Site security procedures
Data handling
Password and account management
Awareness of social engineering and malware threats
Secure use of software such as browsers and email clients
Role-based training
Appropriate language
Level of technical content
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
41
Engagement and retention
Training delivery methods
Phishing campaigns
Simulating phishing messages to test employee awareness
Capture the flag
Computer-based training (CBT)
Simulations
Branching scenarios
Gamification elements
Diversity of Training Techniques
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
42
Importance of Personnel Policies
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
43
Review Activity
Applied Lab
Configuring Identity and Access Management Controls
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
44
Lab Activity
Summary
Lesson 8
CompTIA Security+ Lesson 8 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
45
45
<samlp:Response xmlns:samlp=urn:oasi s:names:tc:SAML:2.0:protocol
xmlns:saml=urn:oasis:names:tc:SAML:2.0:assertion ID=200
Version=2.0
IssueInstant=2020-01-01T20:00:10Z
Destination=https://sp.foo/saml/acs InResponseTo=100.
<saml:Issuer>https://idp.foo/sso</saml:Issuer>
<ds:Signature>...</ds:Signature>
<samlp:Status>...(success)...</samlp:Status.
<saml:Assertion xmlns:xsi=http://www.w3.org/2001/XMLSchema -instance
xmlns:xs=http://www.w3.org/2001/XMLSchema ID=2000 Version=2.0
IssueInstant=2020-01-01T20:00:09Z>
<saml:Issuer>https://idp.foo/sso</saml:Issuer>
<ds:Signature>...</ds:Signature>
<saml:Subject>...
<saml:Conditions>...
<saml:AudienceRestriction>...
<saml:AuthnStatement>...
<saml:AttributeStatement>
<saml:Attribute>...
<saml:Attribute>...
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Implementing Network Security Appliances
Lesson 10
1
Implement Firewalls and Proxy Servers
Topic 10A
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
3.3 Given a scenario, implement secure network designs
Syllabus Objectives Covered
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
Packet Filtering Firewalls
Enforce a network access control list (ACL)
Act to deny (block or drop), log, or accept a packet
Inspect headers of individual packets
Source and destination IP address
Protocol ID/type (TCP, UDP, ICMP, routing protocols, and so on)
Source and destination port numbers (TCP or UDP application type)
Inbound, outbound, or both
Stateless operation
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
State table stores connection
information
Transport layer (layer 4)
TCP handshake
New versus established and related connections
Application layer (layer 7)
Validate protocol
Match threat signatures
Application-specific filtering
Stateful Inspection Firewalls
Screenshot used with permission from Rubicon Communications, LLC
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
iptables
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
6
Firewall Implementation
Firewall appliances
Routed (layer 3)
Bridged/transparent (layer 2)
Router/firewall
Application-based firewalls
Host-based (personal)
Application firewall
Network operating system (NOS) firewall
Screenshot used with permission from Cisco.
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
Proxies and Gateways
Forward proxy server
Proxy opens connections with external servers on behalf of internal clients
Application-specific filters
Non-transparent and transparent proxies
User authentication
Reverse proxy server
Proxy opens connections with internal servers on behalf of external clients
Screenshot used with permission from Rubicon Communications, LLC.
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
Access Control Lists
Least access
Top to bottom processing order
Implicit deny
Explicit deny all
Criteria for rules (tuples)
Documenting and testing configuration
Screenshot used with permission from Rubicon Communications, LLC.
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
9
Network Address Translation
Source NAT
Static and dynamic NAT
Overloaded NAT/Network Address Port Translation (NAPT)/Port Address Translation (PAT)
Destination NAT/port forwarding
Advertise a resource using a global IP address but forward it to a local IP address
Usually forward specific ports only
Screenshot used with permission from Rubicon Communications, LLC.
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
Hypervisor-based
Filtering built into the hypervisor or cloud service
Virtual appliance
Deployed as a virtual machine to the cloud
Multiple context
Firewall appliance running multiple instances
East-west security design and microsegmentation
Virtual Firewalls
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
11
Source code inspection and supply chain issues
Wholly proprietary appliance OS
UNIX or Linux kernel with proprietary features
Wholly open-source
Support arrangements and subscription features
Open-source versus Proprietary Firewalls
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
Firewalls and Proxy Servers
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
Review Activity
Assisted Lab
Configuring a Firewall
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
Lab Activity
Implement Network Security Monitoring
Topic 10B
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
15
3.3 Given a scenario, implement secure network designs
Syllabus Objectives Covered
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
Network-Based Intrusion Detection Systems
Intrusion detection system (IDS)
Network sensor captures traffic
Detection engine performs real-time analysis of indicators
Passive logging/alerting
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
Screenshot Security Onion securityonion.net
TAPs and Port Mirrors
Sensor placement
Inside firewall
In front of application servers
Managing volume of traffic/alerts
Switched port analyzer (SPAN)/mirror port
Passive test access point (TAP)
Active TAP
Aggregation TAP
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
Network-Based Intrusion Prevention Systems
Intrusion prevention system (IPS)
Active response to threats
Reset session
Apply firewall filters on the fly to shun traffic
Bandwidth throttling
Packet modification
Run a script or other process
Anti-virus scanning/content filtering
Inline placement—risk of failure
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
Signature-Based Detection
Analysis engine
Signature-based detection
Pattern matching
Database of known attack signatures
Must be updated with latest definitions
/plug-ins/feeds
Many attack tools do not conform to
specific signatures
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
Behavior and Anomaly-Based Detection
Behavioral-based detection
Train sensor with baseline normal behavior to recognize anomalous behavior
Network behavior and anomaly detection (NBAD)
Heuristics (learning from experience)
Statistical model of behavior
Machine learning assisted analysis
User and entity behavior analytics (UEBA)
Network traffic analysis (NTA)
Anomaly-based detection as irregularity in packet construction
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21
Next-generation Firewalls and Content Filters
Next-generation firewall
Application-aware filtering, user account-based filtering, IPS, cloud inspection, …
Unified threat management (UTM)
Combining security controls into single agent and management platforms
Firewall, anti-malware, network intrusion prevention, spam filtering, content filtering, data loss prevention, VPN, cloud access gateway, …
Content/URL filter
Focuses on outgoing user traffic
Content block lists and allow lists
Time-based restrictions
Secure web gateway (SWG)
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
Host-Based Intrusion Detection Systems
Host-based IDS
Network, log, and file system monitoring for endpoints
File integrity monitoring (FIM)
Cryptographic hash or file signature verifies integrity of files
Compare hashes manually or verify signature with publisher’s public key
Windows File Protection/sfc
Tripwire and OSSEC
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
Web Application Firewalls
Able to inspect code in HTTP
packets
Matches suspicious code to
vulnerability database
Can be implemented as software
on host or as appliance
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
Network Security Monitoring
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
25
Review Activity
CompTIA Lab
Configuring an Intrusion Detection System
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
Lab Activity
Summarize the Use of SIEM
Topic 10C
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
27
1.7 Summarize the techniques used in security assessments
3.3 Given a scenario, implement secure network designs
4.1 Given a scenario, use the appropriate tool to assess organizational security
Syllabus Objectives Covered
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28
Packet capture
Sniffers and flow analysis
Traffic and protocol statistics
Packet analysis
Network monitors
Appliance state data
Heartbeat availability monitoring
Logs
System logs to diagnose availability issues
Security logs to audit access
Monitoring Services
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
29
Security Information and Event Management
Log collection
Agent-based
Local agent to forward logs
Listener/collector
Protocol-based remote log forwarding (syslog)
Sensor
Packet capture and traffic flow data
Log aggregation
Consolidation of multiple log formats to facilitate search/query and correlation
Normalization of fields
Time synchronization
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
Screenshots used with permission from AT&T Cybersecurity.
Analysis and Report Review
Correlation
Relating security data and threat intelligence
Alerting of indicators of compromise (IOC)
Basic rules versus machine learning
User and entity behavior analytics (UEBA)
Sentiment analysis
Machine interpretation of natural language
Emotion AI
Security orchestration, automation, response (SOAR)
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
31
31
cat
View contents of one or more files
head and tail
View first and last lines of file
logger
Write input to system log
File Manipulation
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
32
Regular expression syntax
Search operators, quantifiers, logic statements, and anchors/boundaries
grep
Searches file contents
Simple string matching or regex syntax
Regular Expressions and grep
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
33
grep -F 192.168.1.254 access.log
grep -r 192\.168\.1\.[\d]{1,3}
Use of SIEM
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
34
Review Activity
Summary
Lesson 10
CompTIA Security+ Lesson 10 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
35
35
Implementing Secure Network Designs
Lesson 9
1
Implement Secure Network Designs
Topic 9A
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
3.3 Given a scenario, implement secure network designs
Syllabus Objectives Covered
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
Secure Network Designs
What problems arise from weaknesses in the network design/architecture?
Single points of failure
Complex dependencies
Availability over confidentiality and integrity
Lack of documentation and change control
Overdependence on perimeter security
Best practice design and architecture guides
Cisco’s SAFE Architecture
Places in the Network
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
Corporate network
Access
Email mailbox server
Mail transfer server
Segmentation
Data flows and access controls
Business Workflows and Network Architecture
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
Network Appliances
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
Images © 123rf.com.
6
Routing and Switching Protocols
Forwarding
Layer 2 forwarding
Layer 3 forwarding
Address Resolution Protocol (ARP)
Map IP addresses to MAC addresses
Internet Protocol (IP)
IPv4 and IPv6
Network prefix/subnet mask
Routing protocols
Communicate routing table updates
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
7
Network segment
Nodes can communicate at layer 2
Broadcast domain
Implementing network segments
Separate unmanaged switches
Configure virtual LANs (VLANs) on managed switches
Layer 3 subnets
Map subnets to VLANs
Network Segmentation
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
Network Topology and Zones
Physical and logical topologies
Zones represent isolated segments for hosts that have the same security requirement
Traffic between zones is subject to filtering by a firewall
Main zone types
Intranet (private)
Extranet
Internet (public)
Enterprise architecture zones
Access blocks representing host groups
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
9
Images © 123rf.com.
Demilitarized Zones
Demilitarized zones (DMZs) isolate hosts that are Internet-facing
Communications through the DMZ should not be allowed
Ideally use proxies to rebuild packets for forwarding
Bastion hosts
Not fully trusted by internal network
Run minimal services
Do not store local network account credentials
Using different types of DMZ for different functions
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
Demilitarized Zone Topologies
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
Images © 123rf.com.
Screened host
Local network screened by a single firewall
“SOHO DMZ”
SOHO router configuration option
Host configured to accept connections from the Internet
Screened Host
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
Images © 123rf.com.
12
Enabled by default configuration issues
Risks of unmanaged configurations
IPv6-specific attack vectors
Map IPv6 address space to appropriate security zones
Configure IPv6 firewall rules
Typically no need for address translation
Implications of IPv6
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
Other Secure Network Design Considerations
Data center and cloud design requirements
East-west traffic
North-south traffic enters and leaves data center
East-west traffic is between servers within the data center
Problem for security inspection and filtering
Zero trust
Do not rely on perimeter security
Continuous/context-based authentication
Microsegmentation
Single host zones
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
14
Secure Network Designs
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
Review Activity
Implement Secure Switching and Routing
Topic 9B
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
16
1.4 Given a scenario, analyze potential indicators associated with network attacks
3.1 Given a scenario, implement secure protocols
Routing and switching only
3.3 Given a scenario, implement secure network designs
Syllabus Objectives Covered
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
Man-in-the-Middle (MitM) attacks
Threat actor can intercept and modify communications
On-path attack
Snooping
Spoofing
MAC address cloning/spoofing
Media Access Control (MAC) hardware interface address
Easy to change for a different value
Man-in-the-Middle and Layer 2 Attacks
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
ARP Poisoning and MAC Flooding Attacks
Address Resolution Protocol (ARP) poisoning
Broadcasting unsolicited ARP replies to poison the cache of local hosts with spoofed MAC address
Attacker usually tries to masquerade as default gateway
MAC flooding
Overwhelm switch memory to trigger unicast flooding
Facilitates sniffing
Screenshot used with permission from wireshark.org.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
Loop Prevention
Spanning Tree Protocol (STP)
Broadcast storm prevention
Broadcast and flooded unicast getting amplified as it loops continually around network
Storm control if STP has failed
Bridge Protocol Data Unit (BPDU) guard
Configure switches to defeat attempts to engineer a loop
Portfast setting configured for access ports
BPDU guard disables port if STP traffic is detected
Images © 123RF.com.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
20
Physical Port Security and MAC Filtering
Physical port security
Secure switch hardware
Physically disconnect unused ports
Disable unused ports via management interface
MAC address limiting and filtering
Configure permitted MACs
Limit number of MAC changes
DHCP snooping
Dynamic ARP inspection
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21
Network Access Control
Endpoint security/defense in depth
IEEE 802.1X/port-based network access control (PNAC)
Can also enforce health policy
Posture assessment
Agent-based
Persistent versus non-persistent
Agentless
Scanning software
Device polling
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
Screenshot used with permission from packetfence.org.
Route Security
Sources of routing table updates
Preventing route injection
Source routing
Patch management and router appliance hardening
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
Secure Switching and Routing
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
Review Activity
Assisted Lab
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Implementing a Secure Network Design
25
Lab Activity
Implement Secure Wireless Infrastructure
Lesson 9C
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
26
1.4 Given a scenario, analyze potential indicators associated with network attacks
3.4 Given a scenario, install and configure wireless security settings
Syllabus Objectives Covered
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
27
Wireless Network Installation Considerations
Ensure maximum availability from legitimate access points
Wireless access point (WAP) placement
Service set identifier (SSID) and basic service set identifier (BSSID)
Frequency bands and channels
Co-channel interference (CCI)
Adjacent channel interference (ACI)
Site surveys and heat maps
Architectural plan
Wi-Fi analyzer
Heat map plots signal strength from high (red) to low (green/blue)
Channel layout shows overlapping usage
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28
28
Controller and Access Point Security
Configuration of multi-WAP WLANs
Hardware and software controllers
Fat versus thin WAPs
Physical security and management interfaces
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
Screenshot used with permission from Ubiquiti Networks.
Wi-Fi Protected Access
WPA (v1)
RC4 with Temporal Key Integrity Protocol (TKIP)
Wi-Fi protected access 2 (WPA2)
Advanced Encryption Standard (AES) replaces RC4
Counter Mode with Cipher Block Chaining Message Authentication Code (CBC-MAC) Protocol (CCMP) replaces TKIP
Also enables enterprise authentication options
Wi-Fi protected access 3 (WPA3)
Simultaneous Authentication of Equals (SAE)
Enhanced Open
Updated cryptography
Management protection frames
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
Screenshot used with permission from TP-Link Technologies.
30
Wi-Fi Authentication Methods
WPA2 pre-shared key authentication
Passphrase used to generate a pairwise master key (PMK)
4-way handshake
PMK is used to derive session keys
WPA3 personal authentication
Password Authenticated Key Exchange (PAKE)
Simultaneous Authentication of Equals (SAE) protocol replaces the 4-way handshake
Dragonfly handshake
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
31
31
Wi-Fi Protected Setup (WPS)
Pushbutton or passcode autoconfiguration of access points and clients
Brute-force vulnerability in passcode algorithm
Access point may support lockout to mitigate
Make sure access point firmware is up-to-date
EasyConnect and Device Provisioning Protocol (DPP)
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
32
Open Authentication and Captive Portals
Use an access point without authentication (or encryption)
Secondary authentication via captive portal or splash page
Everything sent over link can be snooped
Use secure protocols for confidential data (HTTPS, Secure IMAP, FTPS)
Use a Virtual Private Network (VPN) to create a secure tunnel
Wi-Fi Enhanced Open
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
33
Enterprise/IEEE 802.1X Authentication
Extensible Authentication Protocol (EAP) over Wireless (EAPoW)
Network directory authorization via RADIUS or TACACS+
User credential is used to generate session encryption key
Screenshot used with permission from Cisco.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
34
Extensible Authentication Protocol
Designed to provide for interoperable security devices and software
EAP-TLS
Transport Layer Security (TLS) to authenticate via device certificates/smart cards
Both server and supplicant must have certificates
Mutual authentication
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
35
PEAP, EAP-TTLS, and EAP-FAST
Secure tunneling for user credentials
Protected EAP (PEAP)
Password authentication through a TLS-protected tunnel
Server certificate only
PEAPv0 (EAP-MSCHAPv2)
PEAPv1 (EAP-GTC)
EAP with Tunneled TLS (EAP-TTLS)
Similar to PEAP but with more flexibility on inner authentication method
EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)
Cisco alternative to PEAP that can be set up without certificate infrastructure
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
36
RADIUS Federation
Federated identity solution
Mesh network for RADIUS servers operated by different institutions
Eduroam
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
37
Rogue Access Points and Evil Twins
Rogue access point
Troubleshooting access point misconfiguration
Disable unused devices and interfaces
Evil twin
Masquerade as legitimate AP
Use similar SSID
Capture authentication information
Wi-Fi analyzers
Screenshot used with permission from Xirrus.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
38
Disassociation and Replay Attacks
Deauthentication attack
Attacker sends spoofed deauth packet
DoS and assists other attacks
Disassociation attack
Similar but just causes station to disassociate
Configure Management Frame Protection (MFP/802.11w)
Initialization vector (IV) attack
Generate packets to strip IV
KRACK/key reinstallation
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
39
Jamming Attacks
Environmental versus malicious interference
Jamming attacks
Denial of service
Promote evil twin
Use spectrum analyzer to locate source
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
40
Secure Wireless Infrastructure
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
41
Review Activity
Implement Load Balancers
Topic 9D
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
42
42
1.4 Given a scenario, analyze potential indicators associated with network attacks
3.3 Given a scenario, implement secure network designs
Syllabus Objectives Covered
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
43
Distributed Denial of Service (DDoS)
Leverage bandwidth from compromised hosts/networks
Handlers form a command and control (C&C) network
Compromised hosts installed with bots that can run automated scripts
Co-ordinated by the C&C network as a botnet
Overwhelm with superior bandwidth (number of bots)
Consume resources with spoof session requests (SYN flood)
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
44
44
Amplification, Application, and OT Attacks
Distributed Reflection DoS (DRDoS)
Amplified SYN flood
Spoof victims IP address and attempt to open connections with multiple servers
Those servers direct their SYN/ACK responses to the victim
Application attacks
Bogus DNS/NTP queries
Direct responses at victim
Queries can be constructed to generate large response packets
Operational technology (OT) networks
DoS against embedded systems
Can be more vulnerable to miscrafted packets than computing hosts
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
45
Distributed Denial of Service Attack Mitigation
Attacks use spoofed addresses,
making them hard to block
Drop traffic to protect other
hosts in the routing domain
Access control list (ACL)
remotely triggered blackhole (RTBH)
Sinkhole routing
Cloud DDoS mitigation services
Screenshot used with permission from Security Onion.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
46
Load Balancing
Distributes requests across farm or pool of servers (nodes)
Layer 4 load balancer
Layer 7 load balancer (content switch)
Scheduling
Round robin
Fewest existing connections / best response time
Weighting
Heartbeat and health checks
Source IP affinity
Session persistence
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
47
Images © 123rf.com.
Clustering
Configure nodes for failover
Virtual IP
Common Address Redundancy Protocol (CARP)
Active/passive versus active/active
Application clustering
Provides stateful fault tolerance
Images © 123RF.com.
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
48
Compared to best effort and first in, first out (FIFO)
Quality of service (QoS) to prioritize traffic with certain characteristics
Bandwidth
Latency and jitter
Traffic marking
DiffServ and 802.1p
Traffic policing
Denial of service and trust boundaries for traffic marking
Ensure bandwidth for management and security monitoring traffic
Quality of Service
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
49
49
Load Balancers
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
50
Review Activity
Summary
Lesson 9
CompTIA Security+ Lesson 9 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
51
51
Implementing Authentication Controls
Lesson 7
1
Summarize Authentication Design Concepts
Topic 7A
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
2
2
2.4 Summarize authentication and authorization design concepts
Syllabus Objectives Covered
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
3
Identity and Access Management
Subjects
Users or software that request access
Objects
Resources such as networks, servers, and data
Identification
Associating a valid subject with a computer/network account
Authentication
Challenge to the subject to supply a credential to operate the account
Authorization
Rights, permissions, or privileges assigned to the account
Accounting
Auditing use of the account
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
4
Authentication Factors
Something you know
Knowledge factor
Password
Personal identification number (PIN)
Swipe pattern
Challenge questions/password reset
Something you have
Ownership factor
Hardware tokens and fobs
Something you are/do
Biometric factor
Screenshot used with permission from Microsoft.
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
5
Meet requirements for confidentiality, integrity, and availability
Confidentiality
Keep credentials secure
Integrity
Threat actors cannot bypass or subvert the authentication mechanism
Availability
The mechanism does not cause undue delay or support issues
Authentication Design
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
6
Multifactor Authentication
Strong authentication requires two (or three) types
Knowledge factor only is weak in terms of confidentiality
Multifactor authentication (MFA)
Two-factor authentication (2FA)
Something you KNOW and something you HAVE
Something you KNOW and something you ARE
NOT something you KNOW and something else you KNOW
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
7
Authentication Attributes
Somewhere you are
Geolocation via location services
IP location (logical versus geolocation)
Switch port, virtual LAN (VLAN), or wireless network name
Something you can do
Performing an action in a way that can be captured as a unique pattern
Something you exhibit
A behavior or personality trait that can be captured as a unique pattern
Someone you know
Web of trust
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
8
Authentication Design Concepts
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
9
Review Activity
Implement Knowledge-based Authentication
Topic 7B
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
10
10
1.2 Given a scenario, analyze potential indicators to determine the type of attack
3.8 Given a scenario, implement authentication and authorization solutions
4.1 Given a scenario, use the appropriate tool to assess organizational security (Password crackers only)
Syllabus Objectives Covered
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
11
Local , Network, and Remote Authentication
Authentication providers
Passwords versus password hashes
Windows authentication
Local sign-in
Network sign-in (Kerberos and NTLM)
Remote sign-in
Linux authentication
/etc/passwd and /etc/shadow
Pluggable authentication modules (PAMs)
Single sign-on (SSO)
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
12
12
Kerberos Authentication
Single sign-on authentication and authorization provider
Clients
Application servers
Key Distribution Center (KDC)
Authentication Service – Ticket Granting Ticket
Ticket Granting Service – Service Ticket
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
13
Images © 123rf.com.
Kerberos Authorization
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
14
Images © 123rf.com.
PAP, CHAP, and MS-CHAP Authentication
Password authentication designed to work with remote access protocols (Point-to-Point Protocol)
Password Authentication Protocol (PAP)
Completely unsecure
Challenge Handshake Authentication Protocol (CHAP)
Challenge/Response similar to NTLM
Challenge is repeated during the session to prevent replay
Various implementations (Cisco, MS-CHAPv2)
Not secure enough to use without an encrypted tunnel
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
15
Screenshot used with permission from Microsoft.
Password Attacks
Plaintext/unencrypted
Sniffing passwords from unsecure protocols
Locating passwords in documents/code repositories
Online password attack
Adversary interacts with authentication service
Restrict logon rates
Shun suspect hosts
Horizontal brute force/password spraying
Offline attacks
Password database
Hash transmitted directly
Hash used as key to sign an HMAC
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
16
Brute Force and Dictionary Attacks
Exploit weak user password selection or weak cryptographic mechanisms
Brute force attack
Generate every possible combination to match a hash
Large output space and sufficiently long input password increase time required
Dictionary attack and rainbow tables
Use a dictionary to test common words or phrases first
Rainbow tables assist dictionary attacks against Windows password databases by precomputing hash chains
Using salt means hash chains cannot be pre-computed
Hybrid attack
Dictionary and brute force
Fuzzing of dictionary terms (james1, james2, tom1, tom2,…)
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
17
Password Crackers
Cain and L0phtcrack
Hashcat
Hash type
Attack mode
Dictionary/word lists
Brute force
Masked
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
18
Screenshot hashcat (hashcat.net/hashcat.)
Hardware and software solutions for storing and submitting multiple user passwords
Password key
USB token
Possibly Bluetooth/NFC connectivity
Password vaults
Software-based
Federal Information Processing standard (FIPS 140-2)
Authentication Management
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
19
Knowledge-Based Authentication
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
20
Review Activity
Assisted Lab
Auditing Passwords with a Password Cracking Utility
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
21
Lab Activity
Implement Authentication Technologies
Topic 7C
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
22
22
2.4 Summarize authentication and authorization design concepts
3.3 Given a scenario, implement secure network designs (HSM only)
3.8 Given a scenario, implement authentication and authorization solutions
Syllabus Objectives Covered
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
23
Smart Card Authentication
Kerberos-based smart card logon
Card readers
Card stores user’s private key and certificate
Use of card is protected by a PIN
Image © 123RF.com.
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
24
Key Management Devices
Provision keys with risk of insider threat reduced
Smart cards and USB keys
Trusted Platform Module (TPM)
Virtual smart cards
Hardware Security Module (HSM)
Provision keys to devices across the network
Key archive and escrow
Reduced attack surface and tamper-evident
Cryptographically secure pseudorandom number generator (CSPRNG)
Plug-in card and network rack form factors
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
25
Images © 123RF.com.
25
Extensible Authentication Protocol/IEEE 802.1X
Authenticate user at network access devices
Wireless networks
Port authentication for switched networks
Remote access over a virtual private network
Extensible Authentication Protocol (EAP)
Supports multiple authentication implementations
Certificates and smart cards
IEEE 802.1X Port-based Network Access Control
Supplicant
Network access server (NAS)
AAA server
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
26
Remote Authentication Dial-in User Service
27
Images © 123RF.com.
27
Terminal Access Controller Access-Control System
TACACS+
Centralizing administrative logins for network appliances
Reliable TCP transport (over port 49)
Data encryption
Discrete authentication, authorization, and accounting functions
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
28
Token Keys and Static Codes
One-time password (OTP)
Generated by some algorithm and used only once
RSA SecurID
Static code
“Dumb” smart cards
Fast Identity Online (FIDO) Universal Second Factor (U2F)
Image © 123RF.com.
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
29
Open Authentication (OATH)
HMAC-based One-time Password Algorithm (HOTP)
Time-based One-time Password Algorithm (TOTP)
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
30
Transmit a code via an out-of-band channel
Short message service (SMS)
Phone call
Push notification
Email account
Possibility of interception
2-Step Verification
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
31
31
Authentication Technologies
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
32
Review Activity
Assisted Lab
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Managing Centralized Authentication
33
Lab Activity
Summarize Biometrics Authentication Concepts
Topic 7D
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
34
34
2.4 Summarize authentication and authorization design concepts
Syllabus Objectives Covered
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
35
Biometric Authentication
Enrollment
Sensor and feature extraction
Efficacy rates and considerations
False Rejection Rate (FRR) or Type I error
False Acceptance Rate (FAR) or Type II error
Crossover Error Rate (CER)
Throughput (speed)
Failure to Enrol Rate (FER)
Cost/implementation
Privacy concerns
Accessibility concerns
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
36
Fingerprint Recognition
Fingerprint sensors
Small capacitive cells
Easy to implement
Relatively simple enrollment
Quite vulnerable to spoofing
Vein matching (vascular biometrics)
More complex scanner
Android is a trademark of Google LLC.
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
37
Facial Recognition
Facial recognition
Enrollment can be relatively slow
Privacy issues
Prone to relatively high false acceptance/rejection rates/spoofing
Retinal scan
Pattern of blood vessels
Scanning relatively intrusive and complex
Iris scan
Pattern of eye surface
Easier to scan
More vulnerable to spoofing
Photo by Ghost Presenter on Unsplash.
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
38
Behavioral Technologies
Something you do
Voice recognition
Gait analysis
Signature recognition
Typing
Other uses than authentication
Identification/alerting
Continuous authentication/account locking
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
39
Biometrics Authentication Concepts
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
40
Review Activity
Summary
Lesson 7
CompTIA Security+ Lesson 7 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
41
41
CATEGORIES
Economics
Nursing
Applied Sciences
Psychology
Science
Management
Computer Science
Human Resource Management
Accounting
Information Systems
English
Anatomy
Operations Management
Sociology
Literature
Education
Business & Finance
Marketing
Engineering
Statistics
Biology
Political Science
Reading
History
Financial markets
Philosophy
Mathematics
Law
Criminal
Architecture and Design
Government
Social Science
World history
Chemistry
Humanities
Business Finance
Writing
Programming
Telecommunications Engineering
Geography
Physics
Spanish
ach
e. Embedded Entrepreneurship
f. Three Social Entrepreneurship Models
g. Social-Founder Identity
h. Micros-enterprise Development
Outcomes
Subset 2. Indigenous Entrepreneurship Approaches (Outside of Canada)
a. Indigenous Australian Entrepreneurs Exami
Calculus
(people influence of
others) processes that you perceived occurs in this specific Institution Select one of the forms of stratification highlighted (focus on inter the intersectionalities
of these three) to reflect and analyze the potential ways these (
American history
Pharmacology
Ancient history
. Also
Numerical analysis
Environmental science
Electrical Engineering
Precalculus
Physiology
Civil Engineering
Electronic Engineering
ness Horizons
Algebra
Geology
Physical chemistry
nt
When considering both O
lassrooms
Civil
Probability
ions
Identify a specific consumer product that you or your family have used for quite some time. This might be a branded smartphone (if you have used several versions over the years)
or the court to consider in its deliberations. Locard’s exchange principle argues that during the commission of a crime
Chemical Engineering
Ecology
aragraphs (meaning 25 sentences or more). Your assignment may be more than 5 paragraphs but not less.
INSTRUCTIONS:
To access the FNU Online Library for journals and articles you can go the FNU library link here:
https://www.fnu.edu/library/
In order to
n that draws upon the theoretical reading to explain and contextualize the design choices. Be sure to directly quote or paraphrase the reading
ce to the vaccine. Your campaign must educate and inform the audience on the benefits but also create for safe and open dialogue. A key metric of your campaign will be the direct increase in numbers.
Key outcomes: The approach that you take must be clear
Mechanical Engineering
Organic chemistry
Geometry
nment
Topic
You will need to pick one topic for your project (5 pts)
Literature search
You will need to perform a literature search for your topic
Geophysics
you been involved with a company doing a redesign of business processes
Communication on Customer Relations. Discuss how two-way communication on social media channels impacts businesses both positively and negatively. Provide any personal examples from your experience
od pressure and hypertension via a community-wide intervention that targets the problem across the lifespan (i.e. includes all ages).
Develop a community-wide intervention to reduce elevated blood pressure and hypertension in the State of Alabama that in
in body of the report
Conclusions
References (8 References Minimum)
*** Words count = 2000 words.
*** In-Text Citations and References using Harvard style.
*** In Task section I’ve chose (Economic issues in overseas contracting)"
Electromagnetism
w or quality improvement; it was just all part of good nursing care. The goal for quality improvement is to monitor patient outcomes using statistics for comparison to standards of care for different diseases
e a 1 to 2 slide Microsoft PowerPoint presentation on the different models of case management. Include speaker notes... .....Describe three different models of case management.
visual representations of information. They can include numbers
SSAY
ame workbook for all 3 milestones. You do not need to download a new copy for Milestones 2 or 3. When you submit Milestone 3
pages):
Provide a description of an existing intervention in Canada
making the appropriate buying decisions in an ethical and professional manner.
Topic: Purchasing and Technology
You read about blockchain ledger technology. Now do some additional research out on the Internet and share your URL with the rest of the class
be aware of which features their competitors are opting to include so the product development teams can design similar or enhanced features to attract more of the market. The more unique
low (The Top Health Industry Trends to Watch in 2015) to assist you with this discussion.
https://youtu.be/fRym_jyuBc0
Next year the $2.8 trillion U.S. healthcare industry will finally begin to look and feel more like the rest of the business wo
evidence-based primary care curriculum. Throughout your nurse practitioner program
Vignette
Understanding Gender Fluidity
Providing Inclusive Quality Care
Affirming Clinical Encounters
Conclusion
References
Nurse Practitioner Knowledge
Mechanics
and word limit is unit as a guide only.
The assessment may be re-attempted on two further occasions (maximum three attempts in total). All assessments must be resubmitted 3 days within receiving your unsatisfactory grade. You must clearly indicate “Re-su
Trigonometry
Article writing
Other
5. June 29
After the components sending to the manufacturing house
1. In 1972 the Furman v. Georgia case resulted in a decision that would put action into motion. Furman was originally sentenced to death because of a murder he committed in Georgia but the court debated whether or not this was a violation of his 8th amend
One of the first conflicts that would need to be investigated would be whether the human service professional followed the responsibility to client ethical standard. While developing a relationship with client it is important to clarify that if danger or
Ethical behavior is a critical topic in the workplace because the impact of it can make or break a business
No matter which type of health care organization
With a direct sale
During the pandemic
Computers are being used to monitor the spread of outbreaks in different areas of the world and with this record
3. Furman v. Georgia is a U.S Supreme Court case that resolves around the Eighth Amendments ban on cruel and unsual punishment in death penalty cases. The Furman v. Georgia case was based on Furman being convicted of murder in Georgia. Furman was caught i
One major ethical conflict that may arise in my investigation is the Responsibility to Client in both Standard 3 and Standard 4 of the Ethical Standards for Human Service Professionals (2015). Making sure we do not disclose information without consent ev
4. Identify two examples of real world problems that you have observed in your personal
Summary & Evaluation: Reference & 188. Academic Search Ultimate
Ethics
We can mention at least one example of how the violation of ethical standards can be prevented. Many organizations promote ethical self-regulation by creating moral codes to help direct their business activities
*DDB is used for the first three years
For example
The inbound logistics for William Instrument refer to purchase components from various electronic firms. During the purchase process William need to consider the quality and price of the components. In this case
4. A U.S. Supreme Court case known as Furman v. Georgia (1972) is a landmark case that involved Eighth Amendment’s ban of unusual and cruel punishment in death penalty cases (Furman v. Georgia (1972)
With covid coming into place
In my opinion
with
Not necessarily all home buyers are the same! When you choose to work with we buy ugly houses Baltimore & nationwide USA
The ability to view ourselves from an unbiased perspective allows us to critically assess our personal strengths and weaknesses. This is an important step in the process of finding the right resources for our personal learning style. Ego and pride can be
· By Day 1 of this week
While you must form your answers to the questions below from our assigned reading material
CliftonLarsonAllen LLP (2013)
5 The family dynamic is awkward at first since the most outgoing and straight forward person in the family in Linda
Urien
The most important benefit of my statistical analysis would be the accuracy with which I interpret the data. The greatest obstacle
From a similar but larger point of view
4 In order to get the entire family to come back for another session I would suggest coming in on a day the restaurant is not open
When seeking to identify a patient’s health condition
After viewing the you tube videos on prayer
Your paper must be at least two pages in length (not counting the title and reference pages)
The word assimilate is negative to me. I believe everyone should learn about a country that they are going to live in. It doesnt mean that they have to believe that everything in America is better than where they came from. It means that they care enough
Data collection
Single Subject Chris is a social worker in a geriatric case management program located in a midsize Northeastern town. She has an MSW and is part of a team of case managers that likes to continuously improve on its practice. The team is currently using an
I would start off with Linda on repeating her options for the child and going over what she is feeling with each option. I would want to find out what she is afraid of. I would avoid asking her any “why” questions because I want her to be in the here an
Summarize the advantages and disadvantages of using an Internet site as means of collecting data for psychological research (Comp 2.1) 25.0\% Summarization of the advantages and disadvantages of using an Internet site as means of collecting data for psych
Identify the type of research used in a chosen study
Compose a 1
Optics
effect relationship becomes more difficult—as the researcher cannot enact total control of another person even in an experimental environment. Social workers serve clients in highly complex real-world environments. Clients often implement recommended inte
I think knowing more about you will allow you to be able to choose the right resources
Be 4 pages in length
soft MB-920 dumps review and documentation and high-quality listing pdf MB-920 braindumps also recommended and approved by Microsoft experts. The practical test
g
One thing you will need to do in college is learn how to find and use references. References support your ideas. College-level work must be supported by research. You are expected to do that for this paper. You will research
Elaborate on any potential confounds or ethical concerns while participating in the psychological study 20.0\% Elaboration on any potential confounds or ethical concerns while participating in the psychological study is missing. Elaboration on any potenti
3 The first thing I would do in the family’s first session is develop a genogram of the family to get an idea of all the individuals who play a major role in Linda’s life. After establishing where each member is in relation to the family
A Health in All Policies approach
Note: The requirements outlined below correspond to the grading criteria in the scoring guide. At a minimum
Chen
Read Connecting Communities and Complexity: A Case Study in Creating the Conditions for Transformational Change
Read Reflections on Cultural Humility
Read A Basic Guide to ABCD Community Organizing
Use the bolded black section and sub-section titles below to organize your paper. For each section
Losinski forwarded the article on a priority basis to Mary Scott
Losinksi wanted details on use of the ED at CGH. He asked the administrative resident