This course covers the Security objectives, domain 4.0, for the CompTIA Server+ exam. We will compare and contrast physical security methods and concepts, the learner will apply server hardening techniques, learn basic network security systems and protocols, and will implement logical access control methods on company policy, implement data security methods, and secure storage disposal, and implement proper environmental controls and techniques.
Jason Helmick is an author for Pluralsight. His IT career spans more than 25 years or enterprise consulting on a variety of technologies, with a focus on strategic IT business planning. He’s a highly successful IT author, columnist, lecturer, and instructor, specializing in automation practices for the IT pro.
Implement Logical Access Control Methods on Company Policy Part of the security on your network is the ability to be able to create accounts for users to use to gain access to the system. Now if you think about this, it doesn't matter what server OS you're working with, whether it be Linux or Windows, they all do it in a similar fashion. Although the utilities might look different. It's the main concepts that are most important. Now throughout this course we've been looking at things like authentication mechanisms. Something you know, something you have, something you are. So you can create an account and they all supply a password or maybe you're going to use multifactor authentication. What we haven't really talked about is, well, the actual account creation process. Some of the best practices for that and some guidelines that will help you out and also we need to get those users some authorization. In other words, what are they allowed to do once they get signed in? We want to be able to control that. We don't want them just to be able to go to any file folder and read/write/delete we want to be able to assign permissions. And that's part of our process. And so that's what we're going to do here. Let's take a look at what we're going to do in this module. We're going to start off with an access control list and I want to, I'll show you some examples, but the idea is, is that, we want to be able to create accounts and then put them on an access control list where we can control what they're allowed to do. And we'll control them with permissions. So let's get started, right off the bat, with the concepts of what we're doing to get somebody authenticated and then authorized. And then we'll dive into access control lists.
Implement Proper Environmental Controls and Techniques Getting a job in IT OPS is not something that you usually considered to be risky. In other words, you don't consider it to be dangerous, it's not a dangerous job. Being a Fireman, being a Policeman, those are very dangerous jobs, IT not so much. In actuality it can be dangerous though, and part of security is safety. Safety of both the equipment that the company has put a vast investment into and the safety of you. Great example is, I don't know if you've been inside of a data center, but do you want one of those giant server rakes falling over on top of you when you're working on those servers? It has happened, and so that can be very, very detrimental. So we want to look at safety, both for you and for the equipment as we look at proper environmental controls and techniques. And here's what we're going to do. We're going to start off with some power concepts and best practices for power concepts. The idea here being is that the commercial power that you're getting in well it's not clean, it can be very dirty, which can be harmful to all the machines that you're plugging into it. And also sometimes you may need a lot of power, a lot of commercial power, and you need to step it down or break it down with different systems. We're also going to look at safety, primarily safety wrapped around you. There's a lot of sharp pinchy edges when you're working with servers and server racks. And so we want to take a look at some of the safety precautions to take. And also in taking care of equipment and for the people that work in a datacenter, we have heating, ventilation, and air conditioning that we need to think about as well. So let's get started with some power concepts.