CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [255]
A mutual authentication is where both the client and the server must adequately prove their identity to each other before a logon session is started. You need to actively seek out mutual authentication solutions whenever possible. Within your company’s private network, mutual authentication may not be necessary. But for any communication occurring outside of your company-controlled LAN, mutual authentication should be considered a requirement.
Another form of authentication is server authentication—when a server proves its identity to the client but does not require the client to return the favor. Many Internet sites and even some ISPs (broadband and wireless) use server authentication.
The best recommendation is to employ mutual authentication whenever it is available. This provides protection for both partners in a communication and will help reduce identity theft, impersonation, masquerading, and phishing attacks.
Authentication Protection
When it comes to authentication, consider the protection of the logon credentials as they travel from the client to the authentication server. This notion is called authentication protection or authentication encryption. It is simply a mechanism that serves as a transport and as a security barrier for the identification and authentication factors.
There are many forms of authentication protection. Some, such as PAP and CHAP, are used mainly on remote access connections. Others, like Kerberos or NTLM, are used on private network connections. Still others, such as certificates, are suited for larger or more distributed environments.
In every case, authentication systems and clients are designed to negotiate the highest level of common authentication security between them. However, some forms of network attacks can subvert this process, causing the systems to use a lower security mechanism that can be easily broken by an eavesdropper. Whenever possible, disable all of the lower forms of authentication protection on a system that are not used or required. Obviously, you’ll need to test such changes thoroughly. Many legacy applications or systems might still exist on large networks that are unable to use more modern and secure methods of authentication.
Backup Management
If there is something you can take from real estate success and apply to security success, it is this: location, location, location. Now, you might want to change that to backup, backup, backup, but even keeping the original still stresses an important point. Backups are your only insurance against data loss. Without a backup, it is impossible to restore data. However, even the best backups are worthless if you do not protect them against damage or loss in the event of an intrusion, incident, or disaster. Thus, offsite storage of backups is essential. A backup site should be far enough away from the main site that it is not affected by the same disaster. You need to understand your organization’s backup strategy and do your best to support it; ensure that every bit of data that is important to the company is ultimately stored on a server that is included in the regular backup system of the network. It is not enough to make your own local backup; you need to let the company backup system protect the company data. If you make local backups for personal data or in-progress projects, that should be seen as a supplement protection, not as a primary protection.
Baselining Security
Using security baselines is an administrative tool to ensure that all systems within your environment have the same basic security elements. Think of security baselines as the absolute minimum security that a system must be in compliance with in order to connect to and communicate with the LAN. Any system falling below the baseline threshold should be removed