CompTIA Security+ 701 Study Guide Ch. 11 Notes

CompTIA Security+ 701 Ch. 11

What are a few ways that operating systems can be vulnerable to attacks?

1. Operating system itself is exposed

2. Defaults such as default passwords

3. Insecure settings

4. Configuration issues

5. Misconfiguration issues

Firmware

Embedded software that allows devices to function.

End of Sales

Last date at which a specific model or device will be sold

End of Life

When the equipment or device is no longer sold

End of Support

The last date on which the vendor will provide support and/or updates

Legacy

Typically is used to describe hardware, software, or devices that are unsupported.

Unified Extensible Firmware Interface (UEFI) firmware can leverage two different techniques to ensure the system is secure upon boot. What are they?

1. Secure Boot

2. Measured Boot

Secure Boot

Ensures that the system boots using only firmware that the original equipment manufacturer (OEM) trusts. To perform this, the system must have a signature database listing the secure signatures of trusted software and firmware for the boot process.

Measured Boot

These boot processes measure each component, starting with the firmware and ending with the boot start drivers. Does not validate against a known good list of signatures before booting; instead, it relies on the UEFI firmware to has the firmware, boot loader, driver, and anything else that is part of the boot process.

Trusted Platform Module (TPM)

A hardware component that provides secure storage for cryptographic keys and secure generation of random numbers, enabling features like Secure Boot and Measured Boot in UEFI firmware.

Hardware Security Modules (HSMs)

Typically external devices or plug-in cards used to create, store, and manage digital keys for cryptographic functions and authentication, as well as to offload cryptographic processing. 

Cryptographic key management systems

Are used to store keys and certificates as well as to manage them centrally.

One of the most common security tools is

Antivirus and antimalware software.

What are the most common methods:

1. Signature-based detection

2. Heuristic, or behavior based detection

3. Artificial Intelligence (AI)

4. Sandboxing

Signature-based Detection

Uses a hash or pattern-base signature detection method to identify files or components of the malware that have been previously observed. 

Heuristic (Behavior Based Detection)

Looks at what actions the malicious software takes and matches them to profiles of unwanted activities.

Artificial Intelligence or Machine Learning

Leverage large amounts of data to find ways to identify malware that may include heuristic, signature, and other detection capabilities.

Sandboxing

A security mechanism used to isolate and analyze potentially harmful applications in a controlled environment, preventing them from affecting the host system.

Allow Lists Tools

Allow you to build a list of software, applications, and other system components that are allowed to exist and run on the system.

Block Lists

List of software or applications that cannot be installed or run, rather than a list of what is allowed.

Endpoint Detection and Response (EDR)

Combine monitoring capabilities on endpoint devices and systems using a client or software agent with network monitoring and log analysis capabilities to collect, correlate, and analyze events.

Extended Detection and Response (XDR)

An advanced security response framework that integrates data from multiple security products to provide improved visibility, detection, and automated response across endpoint, network, and server environments.

Host-based firewalls

security solutions installed on endpoint devices that monitor and control incoming and outgoing network traffic based on predetermined security rules.

Host-based intrusion prevention system

A security solution that monitors and analyzes internal traffic on endpoint devices to prevent attacks by blocking or stopping malicious activities in real-time.

Hardening a system or application

invol