Virtualization Resource Requirements
Microsoft, VMware, and other vendors produce virtualization environments. This list of require-ments is based on the requirements for Microsoft’s Windows Virtual PC product.
A PC suitable for virtualization should have the following minimum hardware requirements:
1GHz or faster processor 32-bit or 64-bit
2GB or more RAM
15GB hard disk space for each Windows VM Windows 7 Home Premium or higher
In addition to these base requirements, the following hardware features will help improve the per-formance of the host and guest operating systems:
Hardware-assisted virtualization features in the processor (must also be enabled in the sys-tem BIOS)
2GB of RAM or more per each VM
132 CompTIA A+ Quick Reference
Emulator Requirements and Features
Microsoft offers two different virtualization environments for client PCs: Virtual PC 2007 and Windows Virtual PC. Their differences are summarized in Table 6-16.
Table 6-16 Virtual PC 2007 and Windows Virtual PC Requirements and Features
| Virtual PC 2007 | Windows Virtual PC | |
| Supported host operating systems | Windows XP Pro, | Windows 7 Home |
| Tablet; Windows Vista | Premium and higher | |
| Business, Ultimate | ||
| Processor | 400MHz Pentium-class | 1GHz |
| Disk Space | 35MB + space per each | 15GB space for each |
| VM | VM | |
| Hardware-assisted virtualization sup- | Yes | Yes |
| port | ||
| USB support | No | Yes |
| Windows XP mode (see Figure 6-14) | No | Yes |
| Application publishing and launch- | No | Yes |
| ing (direct launching of Windows XP | ||
| Mode apps from Windows 7 desktop) | ||
| Multiple VM threads | No | Yes |
| Clipboard sharing | No | Yes |
| Printer sharing | No | Yes |
| Smart card redirection | No | Yes |
| Drive sharing | No | Yes |
| Integration with Windows Explorer | No | Yes |
| Known folder integration between | No | Yes |
| host and guest | ||
| Maximum VM screen resolution | 1600Ч1200 | 2048Ч1920 |
Security Requirements
Virtualized environments need to be secured at both physical hardware and VM levels. Industry recommendations include the following:
Practice the same security features for VMs as for desktops (antivirus, physical security, firewalls, security patches for the operating system and applications)
Maintain administrator-only access to the VM host software Disable unneeded services and virtual hardware in the VM
Chapter 6: Operating Systems 133
Figure 6-14 A Windows XP mode VM running in Windows Virtual PC.
Network Requirements
To enable a VM to connect to network resources (NIC, Internet, and so on) available on the host machine, the VM needs to be connected to those resources. With Microsoft virtualization pro-grams, you need to install integration components supplied as part of the virtualization program. Once these components are integrated, you can use the host PC’s network connections to connect to the network and access the Internet.
Understanding Hypervisors
Desktop virtualization programs such as Virtual PC 2007 and Windows Virtual PC are examples of hosted virtualization. These programs are connected to the host operating system via a virtual machine monitor program (VMM) and all connections to hardware are virtualized.
A bare-metal virtualization program such as Microsoft Hyper-Z does not pass through a host operating system. Instead, its VMM, or hypervisor, connects directly to shared hardware, and VM connections to hardware can be passed via the hypervisor or directly between the VM and the hardware. Hypervisor virtualization is commonly used on server hardware.
This page intentionally left blank
Chapter 7
Security
The 220-802 2.0 Security domain covers physical and digital security, common security threats, security best practices, data destruction and disposal methods, and securing small office/home office (SOHO) wireless and wired networks. This section accounts for 22% of the CompTIA A+ 220-802 exam.
Common Prevention Methods
The best way to deal with security threats is to prevent them. Prevention has two aspects: physical and digital. The following sections review what you need to know about these methods for the 220-802 exam.
Physical Security
Physical security is a blanket term for preventing physical access to confidential information. These methods include securing of the premises where information is stored, securing of documents, and preventing unauthorized personnel from gaining access to that information.
Door Locks and Access Methods
To prevent physical access to confidential information in a building, the first line of defense is a locked door. To permit access, the following methods can be used:
Physical key—Low cost, but allows access to anyone who has the key. Records should be keptof who has what keys and locks should be changed periodically.
Key pad—More expensive, but easier to change if unauthorized personnel discover the code.Change codes periodically for security.
Key fobs and RFID badges—Easy to carry, but also easy to lose. These use short-range radiosignals. Can be disabled if lost.
Security portals—Revolving doors or “mantraps” can be used to prevent tailgating.
Identifying the User: Smart Cards and Biometrics
A more thorough method of access control involves the use of smart cards. Smart cards identify the owner, provide access to specified areas of a building and computers, and can be used to digitally sign, encrypt, and email files using RSA encryption. They can be incorporated into a USB thumb drive, a key fob, or a card that resembles a credit card in size.
A typical smart card generates an authentication code at short intervals (typically 60 seconds), and the code must be entered and validated before access is granted. Some installations also require the use
136 CompTIA A+ Quick Reference
of a personal identification number (PIN). Some smart card products can also be embedded into smartphones and USB thumb drives.
Biometrics uses a reader or a scanner to evaluate a potential user’s physical characteristics before allowing entry or use. Biometrics systems compare a fingerprint or thumbprint (common on many laptop and portable devices) or a retinal scan (used in high-security buildings such as banks or prisons) to the store information for authorized users.
Physical Data Protection
To prevent unauthorized access to physical documents, follow these precautions:
Keep documents locked up and out of sight when not in use Shred documents when no longer needed
To prevent unauthorized access to digital files, follow these precautions:
Keep passwords out of sight; no sticky notes, please Use privacy filters to block side views of screens
Digital Security
Documents stored on a computer can be accessed by unauthorized users at the keyboard or remotely if they are not secure. Use the security practices in this section to keep digital informa-tion safe.
Figure 7-1 shows a layered defensive strategy that is designed to protect the user and data. Notice that the first line of defense is network based, the second line is on the local PC (host), and the third line of defense is the user.
Hackers
Port
Scanners
Virus
Infected
Files
| Network Defense | Host Defense | ||||||||||||||||
| UAaOSpdatespplicationnd | EUducationser | ||||||||||||||||
| Antivirus | |||||||||||||||||
| FLirewallocal | |||||||||||||||||
| irewalletworkFN | |||||||||||||||||
| Router | |||||||||||||||||
| IPS | |||||||||||||||||
Credit Card
Numbers
Passwords
Sensitive
Data
Figure 7-1 Layered defense.
Chapter 7: Security 137
Antivirus
The first step in antivirus (AV) is to detect a suspicious file or program. AV employs a scanning engine that uses one or both of the following techniques:
Heuristics analyze the behavior and activity of a file or program. If it is replicating, scan-ning other files, or connecting to other computers, it is flagged as a virus. Unfortunately, this hypervigilance tends to cause many false positives because many legit programs do exactly those behaviors. Search tools and programs that verify software keys often set off a heuristic scanning engine.
The other method of detecting viruses is by comparing files to the signatures (often called definitions) of known viruses. Much like fingerprint analysis, the AV software receives updates from a database maintained by the software manufacturer. The drawback of this method lies in its inability to quickly identify new and emerging threats. A proper AV uses a combination of both techniques.
Scan early and scan often. Scanning takes considerable system resources, so perform scheduled updates and scans during off-peak hours.
Both the signatures and the engine need to be as updated as possible. This is best done by setting it to commence automatically during down times, such as at night and on holidays.
After a file or program is found to be a match either by its activity (heuristics) or via update of known virus signatures, one of three things happens to the file. If it can be cleaned (removed from the host file), it will be; if not, the file is quarantined. In other words, nothing can be written to or read from that place on the hard disk drive (HDD).
As a technician, to prevent reinfection, you need to determine how the computer became infected. The most common ways of catching a virus is not using AV, using an obsolete AV, and not using up-to-date virus definitions and scan engines. The following is a list of common remediation:
Install AV software Update definitions
Update patches and service packs for OS and applications Use virus removal features of the AV
Identify the source of infection
Firewalls
A good security plan uses layered defenses, including hardware and software firewalls. Firewalls work in three ways:
Packet filtering—The most common and straightforward. Firewalls that use packet filteringeither block or allow packets by using basic criteria, source or destination IP address, ports, or protocols. The disadvantage of packet filtering is that it is not subtle. It is a reliable but
138 CompTIA A+ Quick Reference
inflexible gate guard. Sometimes, legitimate packets get filtered because they are different. Packet filtering can be implemented in hardware or software.
Proxy filters—Inbound and outbound traffic pass through the proxy filter, which imitatesdirect connections between the computer and the Internet, but blocks harmful traffic. A proxy filter is usually implanted in a gateway server or an Internet appliance.
Stateful packet inspection (stateful protocol filter)—Looks for unfamiliar packets andblocks them. After a rogue packet enters the target network, a hacker never hears from it again. Stateful packet inspection can be implemented in hardware or software.
Figure 7-2 illustrates the stateful protocol filter and other advanced settings used by the Norton Internet Security Smart Firewall.
Figure 7-2A firewall program with stateful protocol filter and other advanced settings (NortonInternet Security).
Hardware firewalls don’t impact the individual PC’s performance and can support an entire net-work.
Viruses, Worms, and Trojan Horses
Viruses are the oldest and best known form of malware. The name comes from their ability to spread from system to system through means such as email and infection of portable drives.
The most common type of virus today is a Trojan horse (Trojan). This type of program can mas-querade as an update to a video player, a free antivirus application, an unsolicited PDF attachment, or an ActiveX, Java, or 8-78263.php">⇐ Назад