Please enable JavaScript.
Coggle requires JavaScript to display documents.
Mobile and Operating Systems, Remote, Security principles, Testing system…
-
Remote
-
IEEE 802.11 standards
The IEEE project standards 802.11 focus on the implementation of wireless local area networks (WLANs) and have evolved to incorporate technological improvements.
802.11a
54Mbps
5GHz
Requires expensive equipment to implement and range is limited compared to 802.11b.
802.11b
Data transfer rate: 11Mbps
Frequency: 2.4GHz
More susceptible to interference from devices such as mobile phones than the 5GHz frequency range. Is not compatible with 802.11a devices.
802.11g
54Mbps
2.4GHz
It is compatible with 11b and 11n devices, however if operating with 11n devices, the data transfer will be limited to that of the slowest device.
802.11n
600Mbps
2.4GHz
Multiple input, multiple output (MIMO) technology optimises data transfer rates. This technology uses multiple antennas at the source and destination.
802.11ac
1300Mbps
5GHz
This standard utilises MIMO and multi-user MIMO (MUMIMO) which allows multiple transmitters to send separate signals and multiple receivers to receive signals.
Wireless networks
Wireless networks commonly use electromagnetic waves to transfer data between devices. The data being transmitted is superimposed onto a radio carrier signal, the data is extracted from the carrier signal by the receiving device.
To enable wireless network devices to connect to the physical network a device such as a wireless access point or router is required.
There are three main types of antenna used by wireless access points and routers:
Omni-directional antennas transmit the signal in all directions and are used to provide cover over a wide area.
Semi-directional antennas transmit the signal in a single direction providing a strong long-range signal in a specified direction.
Highly directional antennas transmit a narrow-focused signal in a single direction and are used in point-to-point systems.
-
Policies
To ensure that data and network security remain secure they should have a number of policies in place. These could include:
Acceptable usage policies which provide a framework for the behaviour of employees using the organisation’s network and could include areas such as:
acceptable business use and activities that directly or indirectly support the business
the use of company resources for personal communication or recreation, such as game playing
blocked websites
use of personal devices on the network.
Remote and data access policies which provide details of how and when data can be accessed.
Disaster recovery policies which contain details of the steps required to ensure availability of data and resources in the event of a disaster. Items such as how data should be backed up and stored are covered in this policy.
BYOD policies document an organisation's and employees' responsibilities and are specifically aimed at:
preventing any unauthorised devices from accessing sensitive business or personal information
ensuring that authorised devices are only able to access the data and services you are willing to share with BYOD employees.
Remote access
Microsoft operating systems have two built-in utilities that can be used to access systems remotely.
Remote Assistant allows users to send an invite to an individual so that they can access their device remotely. Once the connection has been established the individual accessing the device remotely must provide a password that has been provided in the invitation, and the user must manually accept the connection. During individual access, there is only limited control over the device.
Remote Desktop allows administration of a device remotely as it allows full control over the system. To log on to the remote device, the administrator must enter the correct log-on details for an account associated with the device being accessed. To allow this type of connection, the device must be configured to accept remote connections.
Windows remote desktop: requires port 3389 open
IEEE 802.15 standards
The IEEE 802.15 standards are focused on the development and implementation of wireless personal area networks (PAN).
Class 1
Transmitted power: 100mW
Range: 100 meters
Class 2
2.5mW
10 meters
Class 3
1mW
Less than 10 meters (commonly stated as 1 meter)
Bring your own device (BYOD)
Many organisations allow their employees to attach their own mobile devices, such as smartphones and tablets, to their networks. This practice is commonly referred to as BYOD.
Mobile broadband
The term 'mobile broadband' is used to describe the provision of wireless access to the Internet through mobile phone networks using a portable modem, USB wireless dongle, tablets or smartphones.
Worldwide Interoperability for Microwave Access (WiMAX) is a set of standards for long-range wireless networks based on IEEE 802.16 standard and provides data speeds of up to 1Gbps.
Tethering
Tethering is used to connect a laptop or any other Wi-Fi-enabled device to a smartphone to allow it to access the Internet via the smartphone’s mobile network connection.
When the Wi-Fi-enabled device is tethered, the smartphone essentially becomes a portable Wi-Fi hotspot. 'Personal hotspot' is the term often used to describe this type of connection within the settings of the smartphone.
Near-field communication (NFC)
NFC allows mobile devices to communicate when they are brought within 4cm of each other. To enable the exchange of data, the mobile devices establish a peer-to-peer network.
Security principles
Access controls
Discretionary access control (DAC)
DAC allows the owner of an object to determine the access control that is applied. This type of policy means that the owner decides who can have access and at what level, this information is stored in an Access Control List (ACL).
Mandatory access control (MAC)
MAC policies are pre-determined and are applied by a computer system rather than users or owners of objects. These policies apply a sensitivity label to users and objects (files, folders, printers and other hardware devices).
A user’s label describes the level of trust that has been assigned to individual users. Object labels dictate the trust level that users must have to access the object
Role-based access control (RBAC)
As with MAC, the access is controlled by the system however, RBAC uses sets of permissions rather than individual permissions. These sets of permissions are used to define roles such as users and administrators. When users are assigned to roles, they gain the permissions assigned to that role that allow access to specified objects.
Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is a security mechanism which uses more than one security or validation process to authenticate individuals. MFA uses a combination of physical, logical and biometric validation techniques to secure a facility, product or service.
Passwords
As passwords are potentially open to brute force and dictionary attacks, they should be changed on a regular basis and meet the complexity requirements set by the organisation
Confidentiality
Maintaining confidentiality involves ensuring that the information is available to only those that are authorised to access it. The principle of ‘least privilege’ is used to ensure that access to data is on a need-to-know basis.
To help maintain confidentiality, systems authentication and authorisation are applied by using the access and privacy controls built into operating systems. While data encryption is commonly used to ensure confidentiality of information during transmission.
Secure websites use HTTPS to encrypt data between the server and the client.
The data is encrypted using a key based on a mathematical algorithm
Symmetric encryption: This type of encryption is reciprocal, meaning that the same key is used to encrypt and decrypt data. This is great for large batches of data but has issues in terms of key distribution and management.
Asymmetric encryption: This type of encryption uses two separate keys for encryption and decryption — a public key and a private key.
Availability
Availability is based on making sure that the services and information required by an organisation are available when needed. The availability can be threatened by malicious activities such as a distributed denial of service (DDoS) attack or through natural disasters such as flooding.
Fault tolerance can be achieved through redundant systems/drives, an example of this is redundant array of inexpensive disks (RAID).
RAID is commonly used to protect the server and other critical systems against downtime from disk failure. By holding redundant data across an array of disks, it is possible for some RAID systems to continue to function even though one disk has failed. The failed disk can be replaced and regenerated while the system continues to function.
Alternate sites can be classified as hot, warm or cold.
Hot sites are commonly off-site locations that are fully equipped with resources to allow an organisation to resume its business with minimal delay. The information being used by the organisation in its day-to-day activities will be replicated on the servers located at the hot site so that minimal disruption to services will occur in the case of a disaster.
Warm sites may have minimal equipment, such as servers and network infrastructure, in place.
Cold sites can be office space that has the facilities such as network and power infrastructure available but need to be equipped with resources such as servers and workstations before the commencement of operations.
Integrity
Integrity is based on ensuring that information is not tampered with while it is being transmitted or stored.
Two methods are commonly used to ensure the integrity of information, these are hashing and digital signatures/certificates.
Hashing involves applying a hashing algorithm to data to produce a numerical value. This process can then be repeated at a later date. If no changes have occurred the value will be the same, if changes have been made the value will change.
Digital signatures are unique to each individual. To ensure this, public key infrastructure (PKI) uses an algorithm to generate two numbers, called keys. One key is public and one key is private.
-
-
-
