What is public cloud?
web based service hosted outside your org and accessible at anytime anywhere
Eg - Azure, OneDrive, Office365
What does an Admin account account allow you to do?
Admin allows access to services and programs without additional overhead of maintenance and software upgrades
What is onedrive?
file hosting online, create files and folders and share them with other users and groups. Offers 5gb of free space
What is onenote?
multiple users access to shared set of notes at the same time
Outlook Web Access on web browser
What is office 365?
subscription based service. Offers office, exchange, SharePoint, skype and office web apps
What is azure?
Cost is based on amount of data and requests made
Storage spaces combine multiple disks into a single logical volume
Drivers combined are placed into a storage pool
What are file systems?
Method of storing and organizing files for easy access
What are some of the file systems available?
Windows 10 supports FAT16, FAT32, NTFS and ReFS
WHat is NTFS?
Preferred as supports larger hard disks and higher reliability
permissions and encryption
control to which users and groups can gain access to files and folders on an NTFS volume
Affect local users and network users
Explicit permissions - directly to a file or folder
Inherited permissions - directly to a folder that flows into subfolders
What is basic file sharing?
share file/folder with a specific user and restrict to read or read/write
What is advanced sharing?
offers greatest control by allowing you to: share files/files/entire drives, chose users or groups to share with, limit number of users to the file/folder, set permissions on shared files
For offline view go to advanced settings
What is home group?
Group of computers on a home network that can share files and printers
Quite limited as you can only share the contents of the libraries in the users profile
What is symmetric data encryption?
single key to encrypt and decrypt
What is asymmetric encryption?
public key - two related keys
What is hash?
one way encryption
What are digital certificates?
Component that stores public key for asymmetric
Identify a person or organization
Ensure something cannot be modified
X.509 version 3
AD CS allows you to issue and manage certificates
PKI public key infrastructure - system consisting of hardware, software, policies and procedures to mange certificates
Certificate Authority CA binds a public key with user identities and issues digital certificates containing public key
Enterprise CA requires AD and used to issue certificates to users, computers, devices and servers for an organization
What is bitlocker to go?
USB removable devices
TPM chip is not required - not using removable drive as a boot device
What is a vpn?
Remote access server RAS - enables users to connect remotely to a network using protocols and connection types
VPN - private network using a public network
VPN tunneling - establish and maintain a logical network connection - PPTP, L2TP/IpSec, SSTP and IKEv2
What is VPN authentication?
Password Authentication Protocol PAP - uses plain text (unencrypted passwords. Least secure and is not recommended
Challenge Handshake Authentication Protocol CHAP - challenge response authentication that uses standard md5 hashing to encrypt response.
CHAP v2 - two way authentication. Stronger security than CHAP.
Extensible Authentication Protocol EAP-MS-CHAPv2 - universal authentication framework that allows thirs party vendors to develop custom schemes eg retinal scans, voice activation, fingerprint scan, smart cards, Kerberos and digital certificates.
What is non-repudiation?
Prevents one party from denying the actions it has carried out. If you have established proper authentication, authorization, and accounting, appropriate mechanisms of nonrepudiation should be in place and no user should be able to deny the actions he has carried out while in your organization’s system.
When should you use DAC (dynamic access control)?
You should use DAC when you need different access permissions based on the type of device used to access network resources. You can configure DAC access permissions through rules based on factors such as data sensitivity.