COMPTIA SECURITY + 701 Section 4.0

Secure Baselines

(4.1 Apply Common Security Techniques to computing resources) Organizations use this to provide known starting points for systems. Improve the overall security posture of systems.

Three steps of baselines

(4.1 Apply Common Security Techniques to computing resources) Establish an initial baseline configuration - Deploy the baseline - Maintain the baseline

Mobile Devices

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Workstations

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Switches

(4.1 Apply Common Security Techniques to computing resources) Chapter 3

Routers

(4.1 Apply Common Security Techniques to computing resources) Chapter 3

Cloud Infrastructure

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Servers

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

ICS (Industrial Control System)

(4.1 Apply Common Security Techniques to computing resources) Systems within large facilities such as power plants or water treatment facilities.

SCADA (Supervisory Control and data acquisition)

(4.1 Apply Common Security Techniques to computing resources) Controls an ICS by monitoring it and sending it commands.

Embedded Systems

(4.1 Apply Common Security Techniques to computing resources) Any device that has a dedicated function and uses a computer system to perform the function.

RTOS (Real Time Operation System)

(4.1 Apply Common Security Techniques to computing resources) A specialized operating system designed for embedded systems that require precise timing and deterministic behavior.

IoT (Internet of Things) devices

(4.1 Apply Common Security Techniques to computing resources) A wide assortment of technologies that interact with the physical world. Commonly have embedded systems and typically connect to a central device or app and communicate via the internet, Bluetooth, or other wireless technologies.

Wireless Devices

(4.1 Apply Common Security Techniques to computing resources) Chapter 4

Installation considerations

(4.1 Apply Common Security Techniques to computing resources) Chapter 4

Site Surveys

(4.1 Apply Common Security Techniques to computing resources) Examines the wireless environment to identify potential issues, such as areas with noise or other devices operating on the same frequency bands.

Heat Maps

(4.1 Apply Common Security Techniques to computing resources) Give color-coded representation of wireless signals.

Mobile Device Management (MDM)

(4.1 Apply Common Security Techniques to computing resources) Includes the technologies to manage mobile devices. Goal is to ensure these devices have security controls in place to keep them secure.

Deployment Models

(4.1 Apply Common Security Techniques to computing resources) Chapter 5

Bring your own device (BYOD)

(4.1 Apply Common Security Techniques to computing resources) Allows employees to connect their personal devices to the corporate network.

Corporate-owned, personally enabled (COPE)

(4.1 Apply Common Security Techniques to computing resources) Devices are owned by the organization, but employees can use them for personal reasons.

Choose your own device (CYOD)

(4.1 Apply Common Security Techniques to computing resources) Includes a list of approved devices that employees can purchase and connect to the network.

Connection Methods

(4.1 Apply Common Security Techniques to computing resources) Cellular, Wi-Fi, Bluetooth

Wi-Fi Protected Access Chapter 3 (WPA3)

(4.1 Apply Common Security Techniques to computing resources) Devices are now widely available on many enterprise wireless networks.

AAA/Remote Authentication Dial-In User Service (RADIUS)

(4.1 Apply Common Security Techniques to computing resources) Only encrypts the password by default but can be used with EAP to encrypt entire sessions.

Application Security

(4.1 Apply Common Security Techniques to computing resources) Chapter 7

Input Validation

(4.1 Apply Common Security Techniques to computing resources) Practice of checking data for validity before using it. Prevents an attacker from sending malicious code that an application will use by either sanitizing the input to remove malicious code or rejecting the input.

Secure Cookies

(4.1 Apply Common Security Techniques to computing resources) Cookie that has the secure attribute set. Secure attribute ensures that the cookie is only transmitted over secure, encrypted channels, such as HTTPS.

Static Code Analysis

(4.1 Apply Common Security Techniques to computing resources) Examines the code without executing it. Developer goes through the code line by line to discover vulnerabilities.

Code Signing

(4.1 Apply Common Security Techniques to computing resources) 1. The certificate identifies the author. 2. The hash verifies the code has not been modified. If malware changes the code, the hash no longer matches, alerting the user that the code has been modified.

Sandboxing

(4.1 Apply Common Security Techniques to computing resources) Used to test applications within an isolated area specifically created for testing.

Monitoring

(4.1 Apply Common Security Techniques to computing resources) Chapter 7 (362)

Acquisition/Procurement Process

(4.2 Security implications of proper hardware, software, and data asset management) Provides consistent procedures for identifying the need for new assets, evaluating the possible options for security, financial, and business requirements, and effectively onboarding and managing new vendors.

Assignment/Accounting

(4.2 Security implications of proper hardware, software, and data asset management) Assigns each asset to a named owner who bears responsibility for the asset and a classification system that identifies the sensitivity and criticality of each asset to the organization.

Monitoring/asset tracking

(4.2 Security implications of proper hardware, software, and data asset management) Maintains an inventory of all of the assets owned by the organization and their current location. It also benefits from periodic enumeration of assets, where auditors review the assets owned by the organization and update the inventory.

Disposal/decommissioning

(4.2 Security implications of proper hardware, software, and data asset management) Retiring software that is no longer in use. It involves wiping all data from the device, including temporary files and backups, and removing all access credentials and software licenses associated with the device. Hardware must be physically destroyed or securely disposed of to prevent it from being reused or repurposed without proper clearance.

Sanitization

(4.2 Security implications of proper hardware, software, and data asset management) Ensure that data is removed or destroyed from any devices before disposing of the devices.

Destruction

(4.2 Security implications of proper hardware, software, and data asset management) Chapter 11

Certification

(4.2 Security implications of proper hardware, software, and data asset management) Certificate of Destruction (COD) that the destruction was properly carried out.

Data Retention

(4.2 Security implications of proper hardware, software, and data asset management) Identifies how long data is retained, and sometimes specifies where it is stored.

Vulnerability Scan

(4.3 Various activities associated with vulnerability Management) Chapter 8

Application Security

4.3 Various activities associated with vulnerability Management) Chapter 7

Static Analysis

4.3 Various activities associated with vulnerability Management) Examines the code without executing it.

Dynamic Analysis

4.3 Various activities associated with vulnerability Management) Checks the code as it is running.

Package Monitoring

4.3 Various activities associated with vulnerability Management) Chapter 11

Open-Source Intelligence (OSINT)

(4.3 Various activities associated with vulnerability Management) Includes any information that is available to the general public, such as via websites and social media.

Proprietary/Third-party

(4.3 Various activities associated with vulnerability Management) Trade Secrets such as intellectual property

Penetration Testing

4.3 Various activities associated with vulnerability Management) Actively assesses deployed security controls within a system or network.

Responsible Disclosure (RD) Program

(4.3 Various activities associated with Vulnerability Management) The goal is to address security issues before they are exploited by attackers, improving overall security for everyone. Involve a coordinated process for reporting vulnerabilities to the appropriate parties, such as vendors, developers, or security teams. Includes guidelines for reporting vulnerabilities, a point of contact for reporting, and expectations for the timeline of the response and resolution. When vulnerabilities are reported, the organization receiving the report is expected to investigate and, if necessary, take appropriate steps to address the issue.

Bug Bounty Program

(4.3 Various activities associated with vulnerability Management) Type of responsible disclosure program that incentivizes individuals or organizations to report vulnerabilities by offering monetary or other rewards for valid submissions. Can be run by organizations to encourage external researchers or open to the public, while others are by invitation only.

System/Process Audit

(4.3 Various activities associated with vulnerability Management) Chapter 8 (Page 412)

Analysis

(4.3 Various activities associated with vulnerability Management) Chapter 8

Confirmation

(4.3 Various activities associated with vulnerability Management) Chapter 8

False Positive

(4.3 Various activities associated with vulnerability Management) A vulnerability scanner incorrectly reports that a vulnerability exists, but the vulnerability does not exist on the scanned system.

False Negative

(4.3 Various activities associated with vulnerability Management) A vulnerability exists, but the scanner doesn’t detect it and doesn’t report the vulnerability.

Common Vulnerability Scoring System (CVSS)

(4.3 Various activities associated with Vulnerability Management) Assesses vulnerabilities and assigns severity scores from 0 to 10, with 10 being the most severe. Helps security professionals prioritize their work in mitigating known vulnerabilities.

Common Vulnerability Enumeration (CVE)

(4.3 Various activities associated with vulnerability Management) A dictionary of publicly known security vulnerabilities and exposures.

Exposure Factor

(4.3 Various activities associated with vulnerability Management) Chapter 8

Risk Tolerance

(4.3 Various activities associated with vulnerability Management) The organization’s ability to withstand risk.

Vulnerability Response and Remediation

(4.3 Various activities associated with vulnerability Management) Chapter 8

Patching

(4.3 Various activities associated with vulnerability Management) Updating the correct vulnerabilities and other flaws in the applicaiton.

Insurance

(4.3 Various activities associated with vulnerability Management) Chapter 8

Segmentation

(4.3 Various activities associated with vulnerability Management) Places the system on an isolated network. Reduces the ability of outsiders to reach the system, minimizing the risk of a compromise.

Compensating Controls

(4.3 Various activities associated with vulnerability Management) Secondary security control that prevents the vulnerability from being exploited.

Audit

(4.3 Various activities associated with vulnerability Management) A formal evaluation of an organization’s policies, procedures, and operations.

Verification

(4.3 Various activities associated with vulnerability Management) Chapter 8

Reporting

(4.3 Various activities associated with vulnerability Management) Chapter 8

Activities

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Log Aggregation

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Alerting

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Scanning

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Reporting

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Archiving

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Alert Response and remediation/validation

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 4

Quarantine

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 4

Alert Tuning

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 1

Security Content Automation Protocol (SCAP)

(4.4 Alerting and Monitoring Concepts and Tools) Designed to help facilitate communication between vulnerability scanners and other security and management tools.

Benchmarks

(4.4 Alerting and Monitoring Concepts and Tools) Chapter 8

Agent NAC

(4.4 Alerting and Monitoring Concepts and Tools) Can be either permanent or dissolvable. A permanent is installed on the client and stays on the client. NAC uses the agent when the client attempts to log on remotely. A dissolvable is downloaded and runs on the client when the client logs on remotely. It collects the information it needs, identifies the client as healthy or not healthy, and reports the status back to the NAC System.

Agentless NAC

(4.4 Alerting and Monitoring Concepts and Tools) Scans a client remotely without installing code on the client, either permanently or temporarily.

Security Information and event management (SIEM)

(4.4 Alerting and Monitoring Concepts and Tools) Provides a centralized solution for collecting, analyzing, and managing data from systems, applications, and infrastructure devices.

Antivirus Software

(4.4 Alerting and Monitoring Concepts and Tools) Scans endpoints for the presence of viruses, worms, Trojan horses, and other malicious code.

Data Loss Prevention (DLP)

(4.4 Alerting and Monitoring Concepts and Tools) Can block the use of USB devices to prevent data loss and monitor outgoing network traffic for unauthorized data transfers.

Simple Network Management Protocol (SNMP)

(4.4 Alerting and Monitoring Concepts and Tools) Monitors and manages network devices, such as routers or switches. Includes modifying the devices’ configuration or having network devices report status back to the central network management system.

NetFlow

(4.4 Alerting and Monitoring Concepts and Tools) A feature available on many routers and switches that can collect IP traffic statistics and send them to a (Blank) collector. Receives the data and stores it, and analysis software on the (Black) collector allows administrators to view and analyze the network activity.

Vulnerability Scanners

(4.4 Alerting and Monitoring Concepts and Tools) Can identify vulnerabilities, misconfigured systems, and the lack of security controls such as up-to-date patches.

Firewall

(4.5 Modify Enterprise Capabilities to enhance security) Filters incoming and outgoing traffic for a single host or between networks. In other words, a firewall can ensure only specific types of traffic are allowed into a network or host, and only specific types of traffic are allowed out of a network or host.

Rules

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3

Access Lists

(4.5 Modify Enterprise Capabilities to enhance security) Rules implemented on routers (and on Firewalls) to identify what traffic is allowed and what traffic is denied.

Ports/Protocols

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3

Screened Subnets

(4.5 Modify Enterprise Capabilities to enhance security) Also known as a demilitarized zone (DMZ), is a security zone between a private network and the internet.

IPS

(4.5 Modify Enterprise Capabilities to enhance security) A preventive control. It is placed in-line with traffic. Can actively monitor data streams, detect malicious content, and stop attacks in progress.

Trend-Based IDSs

(4.5 Modify Enterprise Capabilities to enhance security) (sometimes called anomaly detection) Can detect unusual activity. Start with a performance baseline of normal behavior and then compare network traffic against the baseline.

Signature-based IDSs

(4.5 Modify Enterprise Capabilities to enhance security) (sometimes called definition-based) Identifies issues based on known attacks or vulnerabilities. Can detect known attack types.

Web Filters

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3

Agent-based

(4.5 Modify Enterprise Capabilities to enhance security) Where the filter resides on each user’s computer.

Centralized Proxy

(4.5 Modify Enterprise Capabilities to enhance security) Sit on the network in a strategic location where they can intercept and analyze user requests.

Universal Resource Locator (URL) Scanning

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3

Content Categorization

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3

Block Rules

(4.5 Modify Enterprise Capabilities to enhance security) Chapter 3