4.1 - CompTIA Security+

Mobile device hardening

Implementing security measures on mobile devices, including configuring strong passwords, enabling encryption, ensuring regular software updates, and installing MDM software.

Workstation hardening

Implementing security measures on workstations, such as configuring firewalls, using antivirus software, managing user access controls, and applying security patches regularly.

Switch/router/server hardening

Implementing security measures on network switches, including changing default credentials and ensuring regular firmware updates.

Cloud infrastructure hardening

Ensuring security in cloud environments by utilizing strong access controls, encrypting sensitive data, logging user activity, and regularly auditing configurations and compliance with security standards.

ICS/SCADA hardening

Isolating control systems from the rest of the network, and the internet (air-gapped systems).

RTOS hardening

Implementing secure coding practices, minimizing the attack surface by disabling unused features, and applying timely updates and patches to mitigate vulnerabilities.

IoT Devices hardening

Ensuring strong authentication protocols, encrypting data in transit and at rest, regularly updating firmware, and employing network segmentation to limit exposure to threats.

Mobile device manager (MDM)

Software used for managing devices owned by a company or that contain corporate data.

Bring your own device (BYOD)

A policy that allows employees to use their personal devices for work purposes, enabling greater flexibility and potentially increasing employee satisfaction.

Corporate-owned, personally enabled (COPE)

A model where the organization provides devices to employees, but allows them to personalize and customize those devices.

Choose your own device (CYOD)

A model that allows employees to select a device from a predefined organization list where the device is corporate-owned.

Wi-Fi security

Ensure all network connections are encrypted and utilize strong passwords to prevent unauthorized access.

Bluetooth security

Ensure all devices use a formal pairing process to establish secure connections and avoid pairing to unverified devices.

Wi-Fi Protected Access 3 (WPA3)

Wi-Fi standard/protocol designed to enhance security compared to WPA2, including improved encryption methods and protections against brute-force attacks.

AAA/RADIUS

A networking protocol that enables centralized authentication, authorization, and accounting for users who connect to a network.

Cryptographic protocols

Protocols that provide secure communication through encryption, ensuring data integrity and confidentiality during transmission.

Authentication protocols

Protocols that verify the identity of users or systems before granting access or privileges.

Input validation

Analysis of user input to ensure it matches expected criteria, preventing injection vulnerabilities.

Secure cookies

Utilizing HTTPOnly and Secure attributes to protect cookies from being accessed by client-side scripts.

Static code analysis

A method to examine source code for security vulnerabilities and coding errors without executing the program.

Code signing

A developer digitally signs software with a cryptographic key to verify the authenticity and integrity of the code.

Sandboxing

A security mechanism to run untested or untrusted code in a restricted environment.

Monitoring

Building surveillance systems to track unauthorized activity in applications, networks, and user behavior.