CompTIA CertMaster Practice
The last resource I used was CompTIA CertMaster Practice. Let me just say, I thought I was ready for the exam until I started taking these practice exams. The questions were tough, and the way the platform is set up, you can't complete a section until you answer all the questions.
I found this tool to be extremely helpful for exam preparation and in reiterating what I had learned. My suggestion is to go through each section and make note cards of the questions you miss. I honestly created more than 300 note cards for this exam.
Now that I have covered what’s on the exam and the resources that I used to prepare, your next question might be ... Did I pass?
The first time I took this exam I did not pass, but the second time I did! So thankfully I am now CompTIA Linux+ certified.
So how do you know what network zones your organization needs? Think about the different types of users and data you have and who needs access to what. Here are some examples of the types of network zones you may want to establish:
Users: Users are a network in and of themselves. Make sure you have correct access privileges on your users in your active directory. Privilege levels should be based on the user’s role in switching administration. How many admins have full access rights? Make sure you have less than a handful.
The Demilitarized Zone (DMZ): This includes the subnetworks that expose externally facing systems – where the handshakes take place on your network. For example, it may include public-facing websites or other resources accessible via the internet. You want to separate things that the public can access from your local area network (LAN) and internal data that needs to be protected.
Guest Network: Guest Wi-Fi should be separate from the corporate Wi-Fi. This may seem like a no brainer, but I find a lot of smaller businesses never bother to set it up. Even residential routers include this feature – you can easily set up a guest Wi-Fi in your home!
IT Workstations: This is the dev network zone for IT. It’s where your IT staff does non-administrative work, and it should be segmented for testing. I would also recommend giving IT a dedicated internet circuit for testing. This can be a best effort, cheaper connection. Don’t let anyone else in the company have access to it aside from IT.
Servers by Department: Do department servers need to talk to one another? Create a public drive and a private drive, and then segment access on the private drives to those within each team or department. This can limit the crawl of malware.
VoIP/Communications: Placing communications systems on their own network zone boosts performance and enhances quality. But in terms of network segmentation security, as communications move toward more APIs unique to your most used software as a service (SaaS) platforms, this network will become a more common attack plane.
Traditional Physical Security: Cameras, ID card scanners, etc., should be in their own network zone. This is not to be taken lightly, as the risk of a physical breach can be more harmful than a digital one. There are a number of real-world examples of this, including in 2017, the closed-circuit camera network in Washington, D.C., was hacked, leaving police cameras unable to function for three days.
Industrial Control Systems: HVAC, for example, like the non-segmented network compromised in the Target breach, should have two-factor authentication and be segmented.
More Info: jobs with a+ certification
The last resource I used was CompTIA CertMaster Practice. Let me just say, I thought I was ready for the exam until I started taking these practice exams. The questions were tough, and the way the platform is set up, you can't complete a section until you answer all the questions.
I found this tool to be extremely helpful for exam preparation and in reiterating what I had learned. My suggestion is to go through each section and make note cards of the questions you miss. I honestly created more than 300 note cards for this exam.
Now that I have covered what’s on the exam and the resources that I used to prepare, your next question might be ... Did I pass?
The first time I took this exam I did not pass, but the second time I did! So thankfully I am now CompTIA Linux+ certified.
So how do you know what network zones your organization needs? Think about the different types of users and data you have and who needs access to what. Here are some examples of the types of network zones you may want to establish:
Users: Users are a network in and of themselves. Make sure you have correct access privileges on your users in your active directory. Privilege levels should be based on the user’s role in switching administration. How many admins have full access rights? Make sure you have less than a handful.
The Demilitarized Zone (DMZ): This includes the subnetworks that expose externally facing systems – where the handshakes take place on your network. For example, it may include public-facing websites or other resources accessible via the internet. You want to separate things that the public can access from your local area network (LAN) and internal data that needs to be protected.
Guest Network: Guest Wi-Fi should be separate from the corporate Wi-Fi. This may seem like a no brainer, but I find a lot of smaller businesses never bother to set it up. Even residential routers include this feature – you can easily set up a guest Wi-Fi in your home!
IT Workstations: This is the dev network zone for IT. It’s where your IT staff does non-administrative work, and it should be segmented for testing. I would also recommend giving IT a dedicated internet circuit for testing. This can be a best effort, cheaper connection. Don’t let anyone else in the company have access to it aside from IT.
Servers by Department: Do department servers need to talk to one another? Create a public drive and a private drive, and then segment access on the private drives to those within each team or department. This can limit the crawl of malware.
VoIP/Communications: Placing communications systems on their own network zone boosts performance and enhances quality. But in terms of network segmentation security, as communications move toward more APIs unique to your most used software as a service (SaaS) platforms, this network will become a more common attack plane.
Traditional Physical Security: Cameras, ID card scanners, etc., should be in their own network zone. This is not to be taken lightly, as the risk of a physical breach can be more harmful than a digital one. There are a number of real-world examples of this, including in 2017, the closed-circuit camera network in Washington, D.C., was hacked, leaving police cameras unable to function for three days.
Industrial Control Systems: HVAC, for example, like the non-segmented network compromised in the Target breach, should have two-factor authentication and be segmented.
More Info: jobs with a+ certification
No comments:
Post a Comment