CompTIA Network+ Exam N10-008 Lesson 17 Explaining Organizational and Physical Security Concepts Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 1 Objectives • Explain organizational documentation and policies • Explain physical security methods • Compare and contrast Internet of Things devices 2 Lesson 17 Topic 17A Explain Organizational Documentation and Policies Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 3 Operating Plans and Procedures • Configuration management: Identifying and documenting all the infrastructure and devices installed at a site. • Assets and configuration items • Baselines: configuration baseline (the ACL applied to a firewall, for instance) or a performance baseline (such as the throughput achieved by the firewall). • Change management • Reactive versus proactive • Change request and approval (a Request for Change (RFC)) • Standard Operating Procedures (SOPs) 4 System Life Cycle Plans and Procedures • Audit report • Identify and record assets • An asset management database can be configured to store as much or as little information as is deemed necessary, though typical data would be type, model, serial number, asset ID, location, user(s), value, and service information. • For each asset record, there should also be a copy of or link to the appropriate vendor documentation • • Assessment report • Evaluate configuration/performance • Compare to baselines System life cycle • Acquisition, deployment, use, and decommissioning 5 Physical Network Diagrams • Floor plan • Detailed scale diagram • Wiring diagram • Illustrate and document cable termination/ports • Distribution frame • Port IDs • Main versus intermediate distribution frames (MDF versus IDF) • Site survey report 6 Rack Diagrams • Rack format • Standard 19” width • 1.75” U multiples in height • Stencils • Position of appliances • Label network and power ports • Configuration and asset information 7 Logical versus Physical Network Diagrams • Diagram types • Detailed physical plans • Schematics (simplified) done in layers • Constrain to single OSI layer per diagram • PHY (Physical layer) • Data Link (layer 2) • Logical (IP/layer 3) • Application • Standard icons 8 Security Response Plans and Procedures • Incident response plan • Categorize incident types, such as data breach, malware/intrusion detection, denial of service (DoS), … • Restoring security versus preserving evidence (tough choice…) • Disaster recovery plan • Identify major incident scenarios • Business continuity plan • Identify and prioritize functions for investment in fault tolerance/redundancy • Business impact analysis (BIA) • IT contingency planning (ITCP) 9 Hardening and Security Policies • Security policy types • Human Resources (HR)-led policies • Onboarding • Offboarding 10 Usage Policies • Password policy • User behavior • System-enforced selection and change rules • Acceptable Use Policy (AUP) • Bring your own device (BYOD) policies • BYOD versus corporate owned • Mobile Device Management (MDM)/Enterprise Mobility Management (EMM) 11 Data Loss Prevention • Risks from data breach • Data loss prevention (DLP) software • Use some sort of dictionary database or algorithm (regular expression matching) to identify confidential or personal/sensitive data. • Control access, copying, e-mailing and printing 12 Remote Access Policies • Ensure remote devices and network connections do not create vulnerabilities • Malware protection and patching of remote hosts • Protection of credentials • Protection for data processed off-site • Treat remote hosts and networks as untrusted 13 Common Agreements • Service Level Agreement (SLA) requirements • Non-Disclosure Agreement (NDA) • Legal basis for protecting information assets • Used in employment contracts and between companies • Memorandum of Understanding (MoU) • exploratory agreement to express an intent to work together. 14 Review Activity: Documentation and Policies • Operating Plans and Procedures • System Life Cycle Plans and Procedures • Physical Network Diagrams and Rack Diagrams • Logical versus Physical Network Diagrams • Security Response Plans and Procedures • Hardening and Security Policies • Usage Policies • Data Loss Prevention • Remote Access Policies • Common Agreements 15 Lab Activity Assisted Lab: Develop Network Documentation • Lab types • Assisted labs guide you step-by-step through tasks • Applied labs set goals with limited guidance • Complete lab • Submit all items for grading and check each progress box • Select “Grade Lab” from final page • Save lab • Select the hamburger menu and select “Save” • Save up to two labs in progress for up to 7 days • Cancel lab without grading • Select the hamburger menu and select “End” 16 Lesson 17 Topic 17B Explain Physical Security Methods Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 17 Badges and Site Secure Entry Systems • Access control hardware • Badge reader • Biometric • Access control vestibule • Prevent tailgating and piggybacking • Turnstile • “Mantrap” 18 Physical Security for Server Systems • Locking racks • Lock whole rack • Bracket/shelf locks • Locking cabinets • Smart lockers • Smart card/biometric lock • Sensors to detect add/remove 19 Detection-Based Devices • Surveillance systems and security guards • Cameras • Fixed versus Pan-Tilt-Zoom (PTZ) • Focal length • Closed Circuit Television (CCTV) coax networks • IP camera data and PoE networks • Asset tags • Link asset to database/configuration management • Radio Frequency ID (RFID) monitored tags 20 Alarms and Tamper Detection • Alarm types • Circuit/tamper detection • Motion detection • Alarms for rack systems and chassis intrusion • Tamper detection for cabling • A physically secure cabled network is referred to as a Protected Distribution System (PDS). 21 Asset Disposal • Factory reset/configuration wipe • Remove accounts and passwords • Remove configuration information • Remove licensing keys and registration • Data remnants and media sanitization • Physical destruction • Overwriting and HDDs versus SSDs • Secure Erase (SE) • Instant Secure Erase (ISE) ➢ It's important to know what a factory reset actually does, though. ➢ It puts all applications back into their original state and removes anything that wasn't there when the computer left the factory. ➢ That means user data from the applications will also be deleted. ➢ However, that data will still live on the hard drive ➢ In short, the reset can give you a false sense of security. 22 Employee Training • Security awareness • Incident reporting • Site security • Data and credential handling • Social engineering, malware, and other threat awareness • Role-based training 23 Review Activity: Physical Security Methods • Badges and Site Secure Entry Systems • Physical Security for Server Systems • Detection-Based Devices • Alarms and Tamper Detection • Asset Disposal • Employee Training 24 Lesson 17 Topic 17C Compare and Contrast Internet of Things Devices Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 25 Internet of Things • The global network of personal devices, home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity • Consumer-grade smart devices • Hub versus device functions • Physical access control systems and smart buildings • A network of monitored locks, intruder alarms, and video surveillance cameras. • Smart building for offices and datacenters can include PACS, but also network-based configuration and monitoring of heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators and escalators, etc. 26 ICS/SCADA • Industrial control systems (ICS) provides mechanisms for workflow and process automation • Workflow and process automation systems • Power suppliers, water suppliers, health services, telecommunications, and national security services • Devices have a Programmable logic controller (PLC) • Mechanical devices and sensors • Human-machine interface (HMI) • Supervisory Control and Data Acquisition (SCADA) • ICS distributed over large areas • Control software running on PCs • Cellular communications to link the SCADA server to field devices. 27 IoT Networks • • Operational Technology (OT) networks • Serial data or industrial Ethernet • Require deterministic, low-latency delivery over bandwidth Cellular networks • Specialized, low-latency versions of 4G/5G • Narrowband-IoT (NB-IoT)—this refers to a low-power version of the Long Term Evolution (LTE) or 4G cellular standard. • Narrowband also has greater penetrating power, making it more suitable for use in inaccessible locations, such as tunnels or deep within buildings, where ordinary cellular connectivity would be impossible. • LTE Machine Type Communication (LTE-M)—this is another low-power system but supports higher bandwidth (up to about 1 Mbps). • Z-Wave and Zigbee • Wireless mesh for home automation devices 28 Placement and Security • Consumer-grade smart devices • Vendor assessment • Consumer-grade smart devices and home automation products can be poorly documented and patch management/security response processes of vendors can be inadequate. • Risks from shadow IT where employees deploy a network-enabled device without going through a change and configuration management process • Smart buildings • Isolate management traffic from data networks • Include in configuration management/assessments • ICS/SCADA • While an ICS or SCADA is typically implemented as a dedicated OT or wireless WAN network, there may be points where these networks are inked to a corporate data network. 29 Review Activity: Internet of Things Devices • Internet of Things • ICS/SCADA • IoT Networks • Placement and Security 30 CompTIA Network+ Exam N10-008 Lesson 17 Summary Copyright © 2023 CompTIA, Inc. All Rights Reserved. | CompTIA.org 31