More on this book
Community
Kindle Notes & Highlights
Read between
July 9 - July 27, 2019
Confidentiality prevents the unauthorized disclosure of data.
Encryption scrambles data to make it unreadable by unauthorized personnel.
Identification. Users claim an identity with a unique username.
Authentication. Users prove their identity with authentication, such as with a password.
Authorization. Next, you can grant or restrict access to resources using an authorization method, such as permissions.
Obfuscation methods attempt to make something unclear or difficult to understand.
Confidentiality ensures that data is only viewable by authorized users. The best way to protect the confidentiality of data is by encrypting it. This includes any type of data, such as PII, data in databases, and data on mobile devices. Access controls help protect confidentiality by restricting access. Steganography helps provide confidentiality by hiding data, such as hiding text files within an image file.
Integrity provides assurances that data has not changed.
a hash is simply a number created by executing a hashing algorithm against data, such as a file or message. If the data never changes, the resulting hash will always be the same. By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed.
Integrity provides assurances that data has not been modified, tampered with, or corrupted.
Hashing verifies integrity.
Integrity verifies that data has not been modified. Loss of integrity can occur through unauthorized or unintended changes. Hashing algorithms, such as MD5, SHA-1, and HMAC, calculate hashes to verify integrity. A hash is simply a number created by applying the algorithm to a file or message at different times. By comparing the hashes, you can verify integrity has been maintained.
Digital signatures also provide non-repudiation.
Digital signatures require the use of certificates and a Public Key Infrastructure (PKI). Certificates include keys used for encryption and the PKI provides the means to create, manage, and distribute certificates.
Digital signatures can verify the integrity of emails and files and they also provide authentication and non-repudiation. Digital signatures require certificates.
Availability indicates that data and services are available when needed.
Availability ensures that systems are up and operational when needed and often addresses single points of failure. You can increase availability by adding fault tolerance and redundancies, such as RAID, failover clusters, backups, and generators. HVAC systems also increase availability.
Risk is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss. A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. A vulnerability is a weakness. It can be a weakness in the hardware, the software, the configuration, or even the users operating the system.
Risk mitigation reduces the chances that a threat will exploit a vulnerability.
Risk is the likelihood that a threat will exploit a vulnerability. Risk mitigation reduces the chances that a threat will exploit a vulnerability, or reduces the impact of the risk, by implementing security controls.
Most security controls can be classified as technical (implemented with technology), administrative (implemented using administrative or management methods), or physical (items you can touch).
Technical controls use technology to reduce vulnerabilities. Some examples include encryption, antivirus software, IDSs, IPSs, firewalls, and the principle of least privilege. Technical physical security and environmental controls include motion detectors and fire suppression systems.
Hardening. Hardening is the practice of making a system or application more secure than its default configuration. This uses a defense-in-depth strategy with layered security.
Change management. Change management ensures that changes don’t result in unintended outages.
Preventive controls attempt to prevent security incidents. Hardening systems increases their basic configuration to prevent incidents. Security guards can prevent unauthorized personnel from entering a secure area. Change management processes help prevent outages from configuration changes. An account disablement policy ensures that accounts are disabled when a user leaves the organization.
Detective controls attempt to detect when vulnerabilities have been exploited, resulting in a security incident. An important point is that detective controls discover the event after it’s occurred.
Detective controls attempt to detect when vulnerabilities have been exploited. Some examples include log monitoring, trend analysis, security audits, and CCTV systems.
Corrective controls attempt to reverse the impact of an incident or problem after it has occurred.
Deterrent controls attempt to discourage a threat. Some deterrent controls attempt to discourage potential attackers from attacking, and others attempt to discourage employees from violating a security policy.
Type I hypervisors run directly on bare-metal systems without an operating system. Type II hypervisors are software that run within an operating system. Container virtualization runs within isolated cells or containers and does not have its own kernel.
Virtualization allows multiple virtual servers to operate on a single physical server. It provides increased availability with lower operating costs. Additionally, virtualization provides a high level of flexibility when testing security controls, updates, and patches because they can easily be reverted using snapshots.
VM escape is an attack that allows an attacker to access the host system from within the virtual system.
VM sprawl occurs when an organization has many VMs that aren’t managed properly.
Administrators use ping to check connectivity of remote systems and verify name resolution is working. They also use ping to check the security posture of systems and networks by verifying that routers, firewalls, and IPSs block ICMP traffic when configured to do so.
Windows systems use ipconfig to view network interfaces. Linux systems use ifconfig, and ifconfig can also manipulate the settings on the network interfaces. You can enable promiscuous mode on a NIC with ifconfig. The ip command is similar to ifconfig and can be used to view and manipulate NIC settings.
Authentication, authorization, and accounting (AAA) work together with identification to provide a comprehensive access management system.
Effective access control starts with strong authentication mechanisms, such as the use of robust passwords, smart cards, or biometrics. If users can bypass the authentication process, the authorization and accounting processes are ineffective.
Identification occurs when a user claims an identity such as with a username or email address. Authentication occurs when the user proves the claimed identity (such as with a password) and the credentials are verified. Access control systems provide authorization by granting access to resources based on permissions granted to the proven identity. Logging provides accounting.
Complex passwords use a mix of character types. Strong passwords use a mix of character types and have a minimum password length of at least 14 characters.
Kerberos is a network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm. It uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
LDAP is based on an earlier version of X.500. Windows Active Directory domains and Unix realms use LDAP to identify objects in query strings with codes such as CN=Users and DC=GetCertifiedGetAhead. LDAPS encrypts transmissions with TLS.
SAML is an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications.
Shibboleth is one of the federated identity solutions mentioned specifically in the CompTIA Security+ exam objectives. It is open source and freely available, making it a more affordable solution than some of the commercially available federated identity solutions. It also includes Open SAML libraries written in C++ and Java, making it easier for developers to expand its usefulness.
OAuth is an open standard for authorization many companies use to provide secure access to protected resources.
OpenID Connect works with OAuth 2.0 and it allows clients to verify the identity of end users without managing their credentials.
Least privilege specifies that individuals and processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more.
Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions.
Secure Shell (SSH) encrypts traffic over TCP port 22. Transport Layer Security (TLS) is a replacement for SSL and is used to encrypt many different protocols. Secure FTP (SFTP) uses SSH to encrypt traffic. FTP Secure (FTPS) uses TLS to encrypt traffic.
SMTP sends email on TCP port 25, POP3 receives email on port 110, and IMAP4 uses port 143. STARTTLS allows an encrypted version of the protocol to use the same port as the unencrypted version. HTTP and HTTPS use ports 80 and 443 and transmit data over the Internet in unencrypted and encrypted formats, respectively.
DNS zones include records such as A records for IPv4 addresses and AAAA records for IPv6 addresses. DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries. Most Internet-based DNS servers run BIND software on Unix or Linux servers, and it’s common to configure DNS servers to only use secure zone transfers. DNSSEC helps prevent DNS poisoning attacks. Nslookup and dig are two command-line tools used to test DNS. Microsoft systems include nslookup; Linux systems include dig.
