CompTIA Security+ SY0-701

Malware

A malicious software

Virus

malicious code that runs without user's knowledge. Viruses require a user action in order to reproduce and spread

Boot Sector Virus

A virus stored in the first sector of a hard drive and loaded into memory upon boot up. It is hard to detect

Macros Virus

Virus embedded in a document and executed when the document is opened .

Program Virus

virus that infect an executable or an application

Multipartite Virus

A virus that combines both boot sector and program viruses together by attaching itself to the boot sector and system files

Encrypted Virus

A virus that uses a cipher to encrypt the content itself to avoid detection by any antivirus software .

Polymorphic Virus

An advanced version of an encrypted virus that changes itself everytime its executed by trying to morph the way the code looks so the sign-based antivirus cant defect it

Metamorphic Virus

A virus that is able to rewrite itself entirely before it attempts to infect a file

Stealth Virus

a category of a virus protecting itself techniques viruses

Armored-

layer of protection to confuse a program or person analyzing it

Easter Egg

not a virus , trick user to infect themselves

Worms

A malware like a virus but it's able to replicate itself without user interaction that cause disruptions to network traffic, computer activities, and cause a system to crash or slow down

Trojans

A malware disguised as a piece of harmless software to preform desired and malicious functions to infect a system.

Remote Access Trojan (RAT)

A malware that allows an attacker to remotely control an infected computer

Ransomware

A malware that restricts access by encrypting a victims file or computer until ransom payment is recieved

Spyware

A malware that secretly gathers information about you without your consent by using a keylogger that captures keystrokes and take screenshots.

Adware

Displays advertisments based upon its spying

Grayware

mane a computer system to behave improperly

Rootkit

A software aimed to gain administrative level control on a system without detection. The attacker uses a technique called DLL Injection to maintain their persistent control

DLL Injection

A malicious code inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at running time.

Driver manipulation

An attack that relies on compromising the Kernel-mode device drivers that operate at a private or system level. A shim is placed between two components to intercept calls and redirect them

What makes up a rootkit?

DDL Injection and Driver Manipulation

Spam

A malicious activity that abuses electronic messaging systems such as emails. Attackers often exploit a company's open mail relay to send their messages.

Threat Vector

A method to access a victims machine

Attack Vector- fix this

same as threat but in order to infect it w / malware

Water Holes - fix this

A malware placed on a website potential will access websites that are mispelled that you know your type squatting

Botnets

A collection of compromised computers under the control of a master node. It can be used for illegal activities or conclucting a DDoS attacks

Active Interception

Occurs when a computer is placed between the sender and the receiver to capture or modify the traffic between them

Backdoors

Used to bypass normal security and authentication functions

Logic Bomb

A malicious code that has been inserted inside a program and will execute only when certain conditions have been met.

Easter Egg-

non malicious code hidden message

Exploit Technique

A technique that describes the specific method by which malware code infects a target host .

Fileless Technique

A technique to avoid detection by signature-based security softwares by using a malware that is executed directly as a script or a small piece of shellcode

Dropper

Designed to install or run other types of malware embedded in a payload on an infected host

Downloader

A piece of code that connects to the internet to retrieve additional tools

Shellcode

A light weight code designed to run an exploit

Code Injection

Runs malicious code with the identification number of legit process such as Masquerading DLL Injection, DLL Sideloading , and Process hollowing

Living off the Land

An exploit technique that uses standard system to exploit packages to perform intrusions → Powershell

Software Firewalls

Software application that protects a single computer from unwanted internet traffic

Host-based Firewalls

Uses rules and policies to filter incoming and outgoing traffic on a single computer.

Windows = Basic and Advanced

OSX = PF and IPFW

Linux = iptables

Intrusion Detection System

A device or software that monitors a system or network and analyzes the data passing through it to identify an incident or attack. Only alert and log but doesnt protect it.

Host-based IDS

installed on a computer or server and logs suspicious activity

Network-based IDS

Hardware installed on a network switch, copies traffic, andlogs suspicious activity

Signature-based

Specific string of bytes triggers that an alert for known specific key.

Policy-based

Relies on a specific sequrity policy and flags any violations

Anomaly-based

Compares current traffic patterns with basline and alerts on deviations

True Positive

When a threat is detected and flagged

False Positive

When a normal activity is identified as an attack

True Negative

When a normal activity is not flagged

False Negative

When an actual threat is not flagged

HIDS

A detection system used to recreate the events after an attack has occurred.

Content Filters

Blocking of external files containing Javascript, images, or web pages from loading in a browser

Data Loss Prevention

A hardware or software designed to monitor the data of a system while in use, in transit, or at rest to detect attemps to steal the data.

Enpoint DLP Systems

Software-based client system that monitors data in use and stop a file transfer or alert an administrator of the occurance

Network DLP Systems

A software or hardware based solution installed on the perimeter of the network detect data in transit, going in or out with a focus on outgoing data .

Information Security

Act protects data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.

Information Systems Security

Act of protecting the systems that hold processes that are critical data.

What are the three pillars of security?

Confidentiality, Integrity, and Availablity

Integrity

Information/data accuracy. Data cannot be modified by unauthorized users.

Availability

information/data being available when needed at all times.

Confidentiality

information/data privacy. Information is not made available to unauthorized users.

Non-repudiation

guarantees that a specific action or event has taken place and cannot be denied by the parties involved.

Authentication

verifying the identity of the person or device attempting to access the system

3 multiple choice options

Authorization

defines what actions or resources a user can access

3 multiple choice options

Accounting

Act of tracking user activities and resource usage

Security Controls

Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity and availability of the system and its information

Zero Trust

A security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network.

Control Plane

Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points

Vulnerbility

Weakness

Threat + No Vulnerability =

No Risk

No Threat + Vulnerability =

No Risk

Risk Management

using strategies to reduce the amount of risk (the degree of likelihood that a person will become ill upon exposure to a toxin or pathogen).

Encryption

Process of converting data into code to prevent unauthorized access.

Access Control

A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it.

Data Masking

Permitting parts of a sensitive value to be visible while leaving the remainder of the value shielded from view

Physical Security Measures

To ensure confidentiality for physical types of data and for digital information contained on servers and workstations.

- lock file cabinets, install biometric security locks on the server room door.

Training and Awareness

Conducting regular training on the security awareness best procestice that employees can use to protect the organization's sensitive data

Importance of Confidentiality

Protect personal privacy, Maintain a business advantage,

and Achieve regulatory compliance

5 Basic Methods to Ensure Confidentiality

Encryption, Access Controls, Data Masking, Physical Security Measures, and Training and Awareness

3 Main reasons why Integrity is crucial?

Data accuracy, Maintaining trust, an Ensuring system operability.

Data accuracy

ensures that decisions are made based on correct information and with the expected outcomes

Hashing

Process of converting data into a fixed-size value

Hash Digest

Digital Fingerprint

Digital Signature

Use encryption to ensure both integrity and authenticity. File is first hashed and then the resulting hash digest is encrypted using the user's private key.

Checksums

Used to verify data integrity during transmission. Sender and receiver compare checksum values to detect any unintended changes in the data.

Regular Audits

Involve reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed.

5 Basic Methods to Maintain Data Integrity

Hashing, Digital Signatures, Checksums, Access Controls, and Regular Audits

5 Nines of Availability

System guarantees a downtime of no more than 5.26 minutes in a year.

Achieving the 5 Nines of Availability

Requires a robust infrastructure, proactive monitoring, redundancy measures, and swift disaster recovery mechanisms.

Redundancy

Duplicating critical components or functions of a system to enhance reliability and ensure uninterrupted service. Having backup options in place in case of system failure.

Server Redundancy

Using multiple servers in a load balance or failover configuration to support users when one server is overloaded or fails.

Data Redundancy

The duplication of data, or the storage of the same data in multiple places

Network Redundancy

Ensures that data can still travel through another route if one network path fails.

Power Redundancy

Involves using backup power sources, such as generators and uninterrupted power supply systems, to keep organizational systems operational during power disruptions or outages.

Non-repudiation

Digital Signatures

Availability

Redundancy

Integrity

Hashing

Confidentiality

Encryption

Knowledge Factor

something you know