Comptia Section 1

General security concepts

Technical Controls

controls that are implemented using a technical system

Technical Control Examples

operation system controls, firewalls, antivirus

Managerial Controls

administrative control associated with security design

operational controls

Controls implemented by people instead of systems

Operational control examples

security guards, awareness programs

Physical controls

controls that restrict unauthorized individuals from gaining access to a company's computer facilities

physical control examples

guard shack, fences, locks, badge readers

Control Types

Preventive, Deterrent, Detective, Corrective, Compensating, Directive

Preventive control type

block access to a resource

Preventive control type examples

Firewalls, security guards, door locks

Corrective Controls

Controls that identify and correct problems.

What do corrective controls help recover from?

The resulting errors from identified problems.

Deterrent control

A type of security control that discourages intrusion attempts.

Detective control

Identify and log an intrusion attempt

Compensating Controls

control using other means, prevent exploitation of a weakness

Direct Control

Direct a subject towards security compliance "do this please"

Confidentiality

prevent disclosure of information to unauthorized individuals or systems

The CIA Triad

Fundamental principles: Confidentiality, Integrity, Availability.

integrity

cant be modified without detection, Data is stored and transferred as intended

Availability

systems and networks must be running, always at your fingertips

Confidentiality examples

encryption, Access control, two-factor authentication

Integrity examples

hashing, digital signatures, certificates, and non-repudiation

Hashing

transforming plaintext of any length into a short code called a hash, If data changes then hash also changes, One way trip

Digital signatures

Mathematical scheme to verify the integrity of data, prove that the data was not changed

Non-repudiation

provide proof of integrity can be asserted to be genuine ( digital signatures

Fault Tolerance

The ability of a system to continue operation even if a component fails.

redundancy

build service that will always be available

what does non- repudiation add

Proof of integrity and proof of origin

Proof of integrity

Verify data does not change, The data remains accurate and consistent

Proof of origin

Prove the message was not changed, prove the source of the message

AAA Framework

Authentication, Authorization, and Accounting

Authentication

prove who you say you are

Authorization

Based on your identification and authentication, what access do you have?

Acounting

resources used ( login time, data sent and received, logout time)

How can you truly authenticate a device?

Put a digitally signed certificate on the device

Authorization models

adds an abstraction, reduces complexity and creates a clear relationship between the user and the resource.

Gap Analysis

Where you are compared with where you want to be.

gap analysis report

Formal document outlining current state and recommendations.

Zero Trust

A holistic approach to network security that covers every device every person and every process

Planes of operation

-Split the network into functional planes

-Applies to physical, virtual, and cloud components

Data planes

processes the frames, packets and network data

Control planes

manages the actions of the data plane, defines policies and rules, determines how packets should be forwarded

Adaptive Identity

use adaptive identities that rely on real time validation that takes into account the users behavior, device, location, and more

Threat Scope Reduction

Decrease the number of possible entry points

Policy enforcement point (PEP)

the gatekeeper, allow monitor and terminate connections

Policy Decision Point (PDP)

Process for making an authentication decision.

policy engine

evaluates each access decision based on policy and info sources

• grant, deny, revoke

Policy Administrator

• Communicates with the Policy Enforcement Point

• Generates access tokens or credentials

• Tells the PEP to allow or disallow access address, etc.

Make the authentication stronger, if needed

Implicit trust zones (Data Plane)

These are areas within the network that have a predefined level of trust.

Physical Security

tangible protection

Bollards

Short vertical posts that act as a barricade. Bollards block vehicles but not people.

access control vestibule

A secure entry system with two gateways, only one of which is open at any one time.

fencing

Build a perimeter

• Usually very obvious

• May not be what you're looking for

Transparent or opaque

• See through the fence (or not)

• Robust

• Difficult to cut the fence

Prevent climbing

• Razor wire

• Build it high

Video surveillance

Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area.

security guard

Physical protection

Validates identification of existing employees

Provides guest access

Sensors

infrared, pressure, microwaves, ultrasonic

Honeypot

Attract attackers and trap them there, they make virtual world

Honeynet

An entire dummy network used to lure attackers. made up of multiple honeypots

Honeyfiles

A file pretending to be legitimate, in order to detect malicious activity. bait for the honeynet

Honeytoken

Piece of data or a resource that has no legitimate value or use but is monitored for access or use,

Change Management

Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.

Change approval process

formal process for managing change to avoid downtime, confusion and mistakes.

ownership

owning the process, and manages the process

Stakeholder

people impacted by a change

Impact analysis

Determine a risk value. risks can be minor or far reaching

risks of not making a change

security vulnerability

application unavailability

unexpected downtime to other services

sandbox

A testing environment that isolates untested code changes and outright experimentation from the production environment or repository, in the context of software development including Web development and revision control

backup plan

scheme ready to be used in place of or to help another

Maintenance window

The time period in which a change is expected to be implemented.

Standard Operating Procedures (SOPs)

specific sets of written instructions about how to perform a certain aspect of a task

Technical Change Management

Put the change management process into action.

• Execute the plan

• There's no such thing as a simple upgrade

• Can have many moving parts

• Separate events may be required

• Change management is often concerned with "what"

needs to change

• The technical team is concerned with "how" to change it

Allow list

nothing runs unless allowed, very restrictive

Deny List

• Nothing on the "bad list" can be executed