SSL (Secure Sockets Layer) and TLS (Transport Level Security) both use public key and symmetric free Microsoft exams
key encryption for TCP-based communications. They provide session
encryption and integrity, and server authentication. This prevents
eavesdropping, tempering, and message forging. Both SSL and TLS require
digital certificates! SSL and TLS can be used to secure web, email,
news, and FTP traffic.
PPTP over TCP/IP can be used to(mcts exam)secure upper layer protocol
traffic between clients and servers for such things as VPNs. It uses
either PAP (Password Authentication Protocol) or MS-CHAP (Microsoft
Challenge Handshake Authentication Protocol) for the exchange process of
credentials. PPTP traffic can pass through all NAT servers, but PPTP
does not provide for data integrity.
SMB (Server Message Block) signing can be used to secure
client-to-server file sharing traffic on a Windows network. SMB signing
can be enabled using GPOs and uses a method of digital signing and a
keyed hash to protect the integrity of each SMB packet.
WEP (Wired Equivalent Privacy) is used to secure wireless data traffic
between wireless clients and access points connected to a wired network.
Remote client traffic can be secured using various methods and
protocols. PPTP and IPSec/L2TP to create a VPN connection are becoming
the most widely used.
EAP-TLS (for Extensible Authentication Protocol-Transport Level
Security) is the most secure remote access method and protocol. Because
of its support fortwo-factor authentication with the use of smart cards
or USB keys, and certificates, it meets all the requirements of message
and data CIA (Confidentiality Integrity Authentication).
Tip: If the network includes smart cards and free comptia security+ exam services is present to issue both user and computer certificates, use EAP-TLS for the most security.
For the exam you’ll also need to be familiar with CMAK (Connection
Manager Administration Kit), a tool for managing remote connections and
remote access policies. CMAK allows administrators to pre-configure
remote access clients, add custom behavior and appearance and provide an
updateable phonebook that users can turn to and find the most
convenient dial-up access numbers. When gaining that all-important
hands-on experience for this exam, be sure to load up CMAK and create a
profile or two.
Familiarity with Microsoft’s Internet Security and Acceleration server
is also a must for this exam. ISA server provides perimeter firewall
services, proxy caching services, policy-based access control, secure
web publishing, and intrusion detection services.
Tip: Client computers may need to install the ISA server firewall client to access the internal or external network.
Planning, Configuring, and Troubleshooting Authentication, Authorization, and PKI
This objective includes topics such as authentication, authorization,
security groups, and certificate services. Know your group types,
distribution and security, scopes; universal, domain local, global,
local, and the recommended group strategy; A-G-DL-P Accounts get placed
into Global groups which get placed into Domain Local groups which are
assigned Permissions.
Tip: Group nesting is supported when a domain is at functional level Windows 2000 native or higher.
The special group type, Self, represents the permissions assigned to free CompTIA practice tests of a user, group, or computer and is a placeholder for that security principal.