System Security (212)
This topic has a total weight of 14 points and contains the following objectives:
Objective 212.1; Configuring a router (3 points)
Candidates should be able to configure a system to perform network address translation (NAT, IP masquerading) and state its significance in protecting a network. This objective includes configuring port redirection, managing filter rules and averting attacks.
Objective 212.2; Securing FTP servers (2 points)
Candidates should be able to configure an FTP server for anonymous downloads and uploads. This objective includes precautions to be taken if anonymous uploads are permitted and configuring user access.
Objective 212.3; Secure shell (SSH) (4 points)
Candidates should be able to configure and secure an SSH daemon. This objective includes managing keys and configuring SSH for users. Candidates should also be able to forward an application protocol over SSH and manage the SSH login.
Objective 212.4; Security tasks (3 points)
Candidates should be able to receive security alerts from various sources, install, configure and run intrusion detection systems and apply security patches and bugfixes.
Objective 212.5; OpenVPN (2 points)
Candidates should be able to configure a VPN (Virtual Private Network) and create secure point-to-point or site-to-site connections.