Security + Exam 701

Risk Management

The process of identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unfortunate events.

Confidentiality

Refers to the protection of information from unauthorized access and disclosure

AAA

Stands for Authentication, Authorization, and Accounting, which are critical processes for ensuring secure access to resources.

CIANA

Confidentiality, Integrity, Availability, Non-repudiation, and Authentication, which are key principles in information security.

Encryption

is the process of converting information into a coded format to prevent unauthorized access, ensuring confidentiality and data protection.

Access Controls

Ensure only authorized personnel can access certain types of data

Data masking

is a data protection technique that obscures specific data within a database to protect sensitive information while retaining its usability for testing or analysis.

Physical security measures

are strategies and tools used to protect physical assets and facilities from unauthorized access, damage, or theft.

Hashing

Process of converting data into a fixed size value

Digital signature

Use encryption to ensure integrity and authenticity

Checksums

are values generated from data to verify its integrity by detecting errors or alterations.

Regular audits

are systematic evaluations of an organization's processes, controls, and compliance with regulations to ensure security and efficiency.

Availability

refers to the assurance that information and resources are accessible to authorized users when needed, ensuring continuous operation.

Redundancy

is the practice of duplicating critical components or functions of a system to increase reliability and availability in case of failure.

Server Redundancy

involves having multiple servers that can take over in case one fails, ensuring continuous service availability and minimizing downtime.

Data redundancy

is the practice of storing duplicate copies of data in multiple locations to prevent data loss and ensure availability in case of system failure.

Network redundancy

is the practice of having multiple network paths or devices to ensure connectivity and maintain service availability in case of a failure.

Power redundancy

is the practice of having multiple power sources or systems to ensure continuous power supply to critical systems and prevent downtime during power failures.

non-repudiation

is a security principle that ensures that a party in a transaction cannot deny the authenticity of their signature or the sending of a message, providing proof of the origin and integrity of the data.

Digital Signature (non-repudiation)

Created by first hashing a particular message or communication to be digital signed and encryption the hash digest with he user’s private key using asymmetric encryption

Authentication

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

5 common verification methods

Something you know

Something you have

Something you are

Something you do

Somewhere you are

Something you know

Relies on information that a user can recall

Something you have (possession factor)

Relies on the user presenting a physical item to authenticate themselves

Something you are (inherence factor)

Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be

Something you do (action factor)

Relied on the user conducting a unique action to prove who they are

Somewhere you are (location factor)

Relies on the user being in a certain geographical location before access is granted

Authorization

permissions and privileges granted to users or entities after they have been authenticated while also being a set of rules and policies that are used to dictate what actions users can perform once verified

Accounting

Security measure that ensures all user activities are properly tracked and recorded

Regulatory compliance

Maintains a comprehensive record of all the users activities

Forensic analysis

refers to a detailed investigation for detecting and documenting the course, reasons, culprits, and consequences of a security incident.

Syslog servers

a network device that collects, stores, and forwards log messages from other devices

network analyzer

the process of examining network traffic and related data to identify potential security threats and vulnerabilities by analyzing patterns and anomalies within the network activity

SIEM

Security information and event management

Provides real time analyses of security alerts generated by various hardware and software infrastructure in an organization

Technical control

Technologies, hardware , and software that are implemented to manager and reduce risks

EX. Firewalls, encryption processes, and IDSs

Managerial controls (administrative controls)

Involve the strategic planning and governance of security

EX.Risk assessment

Operational controls

the management of a business's day-to-day operations. It involves monitoring and adjusting processes, resources, and procedures to ensure that a business is efficient and effective and governed by internal processes and human actions.

EX. Password change every 90 days

Physical controls

tangible, real world measures taken to protect assets

EX. Security guards

Preventative controls

Proactive measures implemented to thwart potential security threats or breaches

Ex.Firewall

Detterent controls

Aim to discourage potential attackers by making the effort seem less appealing or more challenging

Ex. Sign OutFront that displays sign of home alarm system

Detective controls

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

Ex. Security cameras

Corrective controls

Mitigate any potential damage and restore the systems to their normal state

Compensating controls

Alternative measures that are implemented when primary security controls are not feasible or effective

Directive controls

Often rooted in policy or documentation and set the standards for behavior within an organization

EX. AUP - acceptable use policy

Control plane

the central management system within a Zero Trust security architecture that governs access control, policy enforcement, and user/device verification

Adaptive identity

real time validation that takes into account the users behavior, device location, and more

Threat scope reduction

Limit the user’s access to only what they need for their work tasks because this drastically reduces the network potential attack surface

Policy driven access control

Entails developing, managing and enforcing user access policies based on their roles and responsibilities

Secured zones

Isolated environments within a network that are designed to house sensitive data

False Flag attack

Attack that is orchestrated in a way that it appears to originate from a different source or group

Threat vector

Pathway an attacker takes to gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action

Attack surface

Gathers all the various points where the unauthorized user can try to enter data to or extract data from an environment

Evil Twin

refers to a fraudulent Wi-Fi access point that appears legitimate but is set up by a hacker to intercept user data by tricking them into connecting to it instead of the real network

Bluesmack

Bluetooth attack that knock our some Bluetooth enabled devices and is a DOS type attack

TTP (Note port related)

Tactics, techniques, and procedures

Honeypot

Decoy system or network set up to attract potential hackers

Honeynet

A network of honeypots created in a more complex manner that is designed to mimic an entire network of systems, including servers, routers, and switches

Honeyfile

Decoy file placed within a systems to lure in potential hackers

Honeytoken

Piece of data or a resource that has no legitimate value or use but is monitored for access or use

Ex A fake password that seems real

Dynamic page generation

Used in websites to present ever changing content to web crawlers to confused and slow down threat actor

Port triggering

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

Fake Telemetry

System can respond to attackers network scan attempt by sending out fake telemetry or network data

4 Area of Surveillance

Video surveillance

Security Guards

Lighting

Sensors

Infrared Sensors

Detect changes in infrared radiation that is emitted by warm bodies

Pressure sensors

Detected when a specified amount of weight is detected on the platform

Microwave sensors

Detect movement in an area by emitting microwave pulses and measuring their reflection off moving objects

Ultrasonic sensors

Measure the reflection of ultrasonic sound waves off moving objects

EMI

Electromagnetic interference

Jamming the signals that surveillance systems rely on to monitor the environment

FAR

False acceptance rate

FRR

False rejection rate

EER

Equal error rate

commonly known as the CER Crossover error rate, which uses a measure of the effectiveness of a given biometric system to achieve a balance

RFID

Radio frequency identifcation

NFC

Near field communication

BEC

Business email compromise

Business email compromise

advanced attack that uses internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker

Identity fraud

Attacker takes the victims credit card number and makes changes

Identity theft

Attacker tries to fully assume the identity of their victim

Misinformation

Inaccurate information shared unintentionally

Disinformation

Intentional spread of false information to deceive or mislead

DNS Spoofing attack

an attack involving manipulating DNS records to redirect users toward a fraudulent, malicious website that may resemble the user's intended destination.

Malware

Software designed to infiltrate a computers systems and possibly damage without the users consent

Threat vector

How the attacker breaks into the system

Attack vector

How the attacker breaks in and infects the system

Virus

Malicious software that attaches to clean files and spread into a computer system

Macro Virus

Form of code embedded inside a document that when opened by the user the virus us then executed

Program Virus

Tries to find executables or applications files to infect with their malicious code

Multipartite Virus

A combination of boot sector virus and a program virus where it loads itself upon booting and then installs itself in a program and can be run every time the computer starts up

Encrypted Virus

Hides itself from being detected by encrypting it’s malicious code to avoid detection

Polymorphic Virus

Advanced version of encrypted because it changes the virus code each time it is executed by altering the decryption module to evade detection

Metamorphic Virus

Able to rewrite itself entirely to infect a given file

Worm

Malicious software, like a virus, but is able to replicate itself without user interaction

Botnet

A network of compromised computers being controlled by a masternode

Zombies

A compromised computer or device that is part of a botnet being controlled remotely to maliciously perform tasks

Rootkit

Software that is designed to gain administrative level control over a given computer system without being detected

Kernel mode (ring zero)

Allows a systems to control access to things like device drivers, sound card, and monitor

DLL

Dynamic link library

Dynamic link library

Technique used to run code within the address space of another process by forcing it to load a dynamic link library

What is a DLL or Dynamic link library?

a file that contains code and data that can be used by multiple programs

Shim

Software code that is placed between two components