CompTIA Security+ Summary Document

CompTIA Security+ Summary Document

This document is a summary of the CompTIA Security+ content, prepared by CertMaster Group. It is designed to help you organize and review the knowledge needed for the CompTIA Security+ course, ensuring you are well-prepared for the exam.
For the best results, you can self-study CompTIA Security+ using CertMaster Learn SY0-701 and practice with CertMaster Labs SY0-701 (it is recommended to purchase the integrated Learn + Labs package for cost savings).
Additionally, CertMaster Practice SY0-701 is an excellent study resource, along with the Practice Test SY0-701 edited by CertMaster Group, making this a comprehensive set of high-quality study materials for exam preparation.

CompTIA Security+ (Study Notes)

• Overview of Security
o Information Security
- Act of protecting data and information from unauthorized access, unlawful modification, disruption, disclosure, corruption, and destruction
o Information Systems Security
- Act of protecting the systems that hold and process critical data
o Fundamentals of the CIA Triad:
- Confidentiality - information has not been disclosed to unauthorized people
- Integrity - information has not been modified or altered without proper authorization
- Availability - information is able to be stored, accessed, or protected at all times

• AAA of Security
o Authentication - establishing a person's identity with proof
- Something you know
- Something you are
- Something you have
- Something you do
- Somewhere you are
o Authorization - granting access to data or areas based on authentication
o Accounting - tracking data, computer usage, and network resources
- Non-repudiation: proof that actions were taken

• Common Security Threats
o Malware - malicious software
o Unauthorized Access - accessing resources without consent
o System Failure - crashes or application failures
o Social Engineering - manipulating users to reveal confidential information or take detrimental actions

• Mitigating Threats
o Physical Controls - alarms, locks, cameras, ID cards, guards
o Technical Controls - smart cards, encryption, ACLs, IDS, network authentication
o Administrative Controls - policies, procedures, awareness training, contingency planning
- User training is the most cost-effective security control

• Types of Hackers
o White Hats - ethical hackers who test security with permission
o Black Hats - malicious hackers who break in without authorization
o Gray Hats - unaffiliated hackers who may violate the law
o Blue Hats - outsiders who hack with company permission
o Elite - hackers who find and exploit vulnerabilities before anyone else (1 in 10,000)
o Script Kiddies - unskilled hackers who only run others' exploits and tools

• Threat Actors
o Script Kiddies - little skill, only use tools written by others
o Hacktivists - driven by causes like social change, politics, terrorism
o Organized Crime - well-funded, sophisticated crime groups
o Advanced Persistent Threats - highly skilled groups (often nation-state) with extensive intelligence capabilities

Threat Intelligence and Sources
• Properties of Intelligence Sources
o Timeliness - up-to-date information
o Relevancy - matches intended use cases
o Accuracy - produces effective results
o Confidence Levels - qualified statements about reliability

• Types of Threat Intelligence
o Proprietary - provided commercially via paid subscription
o Closed-Source - provider's own research and customer data
o Open-Source - available freely without subscription
- US-CERT, UK's NCSC, AT&T Security, MISP, VirusTotal, Spamhaus
o Open-Source Intelligence (OSINT) - information gathered from public sources

Threat Hunting
• Techniques
o Establishes hypothesis based on likely events
o Profiles threat actors and activities
o Relies on security monitoring and incident response tools
- Analyze network traffic, processes, infected hosts
- Identify execution methods
• Benefits
o Improves detection
o Integrates intelligence
o Reduces attack surface
o Blocks attack vectors
o Identifies critical assets
• Resource intensive but yields substantial benefits

Attack Frameworks
• Cyber Kill Chain
o Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, Actions on Objectives
o Analyze the kill chain to identify defensive courses of action
o Knowledge base of adversary tactics, techniques, procedures
o Pre-ATT&CK aligns to early kill chain phases
• Diamond Model
o Analyzes incidents based on four features: adversary, capability, infrastructure, victim
o Explores the relationships between the features

• Types of Malicious Software
o Viruses - infect computer when executed, require user action to spread
- Boot sector, macro, program, multipartite, encrypted, polymorphic, metamorphic, stealth, armored
o Worms - self-replicate and spread without user consent or action
o Trojans - disguised as legitimate software but performs malicious functions
- Remote Access Trojans (RATs) provide remote control to attackers
o Ransomware - restricts access until ransom is paid
- Can encrypt files
o Spyware - secretly gathers user information without consent
- Adware displays ads based on spying
- Grayware behaves improperly but without serious consequences
o Rootkits - gain admin control without detection
- Use DLL injection to maintain control
- Activate before OS boot, difficult to detect
o Spam - abuses electronic messaging, commonly through email
- CAN-SPAM Act regulates commercial email

Malware Infections
• Threat Vector - method used by attacker to access victim machine
• Attack Vector - method to infect machine with malware
• Common Delivery
o Software, messaging, media
o Watering Holes - malware placed on sites victims will access
• Botnets and Zombies
o Botnet - group of compromised computers controlled by a master node
- Can be used for processor intensive activities
• Active Interception
o Intercepting and modifying traffic between sender and receiver
• Privilege Escalation
o Exploiting flaw or bug to gain unauthorized access to resources
• Backdoors and Logic Bombs
o Backdoors bypass normal security to maintain access
- RAT placed by attacker for persistence
o Logic Bomb - malicious code executing when conditions are met
o Easter Egg - non-malicious insider code (jokes, messages, features)
- Should not be used in secure coding
• Infection Symptoms
o Access issues, strange noises, errors, display problems, print issues
o Suspicious new/changed/missing files and folders
o System Restore not functioning
• Malware Removal
1. Identify symptoms
2. Quarantine infected systems
3. Disable System Restore
4. Remediate the system
5. Schedule updates and scans
6. Enable System Restore, create restore point
7. Provide end user security training
8. For boot sector viruses, scan from external drive
• Preventing Malware
o Update anti-malware automatically and scan regularly
o Update OS and apps frequently
o Educate users on safe practices
- Verify email servers block open relays
- Remove email addresses from websites
- Use whitelists and blacklists

Malware Exploitation
• Exploit Techniques
o Allow malware to infect targets while avoiding detection
o Used by APTs in a multi-stage process:
1. Dropper or downloader
2. Maintain access
3. Strengthen access
4. Actions on objectives
5. Concealment
• Dropper - installs/runs other malware types
• Downloader - retrieves more tools after initial infection
• Shellcode - lightweight exploit code in any language
• Code Injection - runs malicious code under a legitimate process ID
o Masquerading, DLL injection, DLL sideloading, process hollowing
o Anti-forensics used to prevent detection and analysis
• Living Off the Land - uses standard system tools for intrusions
o Harder to detect when executing within standard tools and processes

Security Applications and Devices
• Software Firewalls
o Personal firewalls protect a single computer from unwanted traffic
- Host-based
- Built into OS (Windows Firewall, PF, IPFW, iptables)
o Often part of anti-malware suites
• Intrusion Detection Systems (IDS)
o Monitor system/network, analyze data to identify incidents
- Host-based (HIDS), network-based (NIDS)
o Detection methods:
- Signature-based - specific byte strings trigger alert
- Policy-based - relies on defined security policy
- Anomaly-based - deviations from baseline trigger alert
o Types of alerts:
- True positive - malicious activity correctly identified
- False positive - legitimate activity identified as attack
- True negative - legitimate traffic correctly identified
- False negative - malicious activity identified as legitimate
o IPS can stop malicious activity, IDS only alerts and logs
o HIDS logs recreate attack details
• Pop-up Blockers
o Browser feature to block JavaScript pop-ups
o May need to allow for site functionality
o Attackers could abuse pop-ups in malicious ads
o Content filters block external JavaScript, images, pages
o Keep browser and extensions updated
• Data Loss Prevention (DLP)
o Monitors data at rest, in transit, in use
o Detects data theft attempts
o Software or hardware solutions
- Endpoint DLP - client software, can stop file transfers or alert admin
- Network DLP - perimeter solution to detect data in transit
- Storage DLP - server software inspects data at rest
• Securing BIOS/UEFI
o Firmware providing boot instructions
o Unified Extensible Firmware Interface (UEFI)
o Secure the BIOS/UEFI:
1. Update the firmware
2. Set a password
3. Configure boot order
4. Disable external ports
5. Enable secure boot
• Securing Storage Devices
o Encrypt removable media
o Apply removable media controls:
- Technical limitations on USB and removable devices
- Administrative policies
o Network Attached Storage (NAS) - network storage devices
- Often use RAID for high availability
o Storage Area Network (SAN) - dedicated storage network
1. Encrypt data
2. Use proper authentication
3. Log access
• Disk Encryption
o Scrambles data into unreadable state
o Self-Encrypting Drives (SED) use embedded hardware
o Software encryption is common
- FileVault, BitLocker
o Trusted Platform Module (TPM) - motherboard chip holding encryption key
- USB drive can be backup key
o Advanced Encryption Standard - 128/256-bit symmetric key encryption
o Encryption adds security but reduces performance
o Hardware Security Modules (HSM) - devices acting as secure cryptoprocessor
• Endpoint Analysis
o Anti-virus (AV) - detects and removes malware
o Host IDS/IPS - monitors endpoint for behavior changes
o Endpoint Protection Platform (EPP) - agent performing multiple security tasks
- AV, HIDS/HIPS, firewall, DLP, encryption
o Endpoint Detection and Response (EDR) - agent collecting data for monitoring
o User Entity Behavior Analytics (UEBA) - uses AI/ML to identify suspicious activity
- EPP, EDR, UEBA combos are marketed as ATP, AEP, NGAV
Mobile Device Security
• Securing Wireless Devices
o Use WPA2 for strongest wireless security
- AES encryption
o Bluetooth pairing creates an encrypted link
o Wired is usually more secure than wireless
• Mobile Malware
o Keep mobile OS and apps updated
o Only install from official app stores
o Don't jailbreak/root the device
o Don't use custom firmware/ROM
• Defending Against:
o SIM Cloning - allows access to device data
- Use SIM v2 cards, be careful sharing number
o Bluetooth Attacks
- Bluejacking (sending unsolicited messages)
- Bluesnarfing (stealing data over Bluetooth)
• Theft
o Ensure regular backups
o Don't try to recover alone if stolen
o Remote lock and wipe features
• Securing Mobile Apps
o Only install from official stores
o Use SSL/TLS for secure connections
o Turn off location services for privacy
o Geotagging tags location, consider in policies
• BYOD Concerns
o Introduce many security issues
o Storage segmentation separates work and personal data
o Use MDM to configure, manage, secure
o CYOD as an alternative
• Hardening Mobile Devices
1. Update to latest OS version
2. Install anti-virus
3. Train users on proper usage
4. Only install official apps
5. Don't root or jailbreak
6. Use v2 SIM cards
7. Disable unnecessary features
8. Enable voice and data encryption
9. Use strong passwords/biometrics
10. Avoid or control BYOD

• Hardening - securely configuring an OS by:
o Updating
o Creating rules and policies
o Removing unnecessary apps and services
o Minimizes risk by reducing vulnerabilities
• Removing Unnecessary Applications
o Least Functionality - only provide essential apps and services
o PCs accumulate unneeded programs over time
o Use a secure baseline image for new systems
o System Center Configuration Manager (SCCM) helps manage
• Restricting Applications
o Whitelisting - only allow approved apps to run
o Blacklisting - block specific apps from running
o Can be centrally managed
• Disabling Unnecessary Services
o Disable any non-essential OS services
• Trusted Operating Systems
o Meet government security requirements, use multilevel security
- Windows 7+, OS X 10.6+, FreeBSD, RHEL
o Identify version and build before updating
• Updates and Patches
o Patch - fixes a specific problem
o Hotfix - single fix (terms often used interchangeably)
o Update categories:
- Security - fixes specific vulnerability
- Critical - addresses non-security bug
- Service Pack - cumulative fixes and updates
- General - adds minor fixes or features
- Driver - updates hardware support
o Windows 10 uses Windows Update (wuapp.exe)
• Patch Management Process
1. Plan
2. Test
3. Implement
4. Audit
o Test before deploying
o Deploy manually or automatically
o Use a central update server
o Audit client status after deployment
o Linux and macOS also have built-in patching
• Using Group Policy
o Group Policy - rules applied to users or computers
o Open gpedit to access Group Policy Editor
o Useful for: password complexity, account lockout, software restrictions
o Domain controllers have advanced Group Policy management
o Security templates simplify deployment
o GPOs aid in OS hardening
o Baselining measures changes to establish normal behavior
• File Systems and Hard Drives
o Security affected by file system
- NTFS, FAT32, ext4, HFS+, APFS
o Windows primarily uses NTFS or FAT32
- NTFS is more secure (logging, encryption, large partition support)
o Linux should use ext4, macOS APFS
o Hard drives eventually fail, so:
1. Remove temp files (Disk Cleanup)
2. Check system files periodically
3. Defragment drives
4. Back up data
5. Practice restoration techniques

Supply Chain Assessment
• Mitigating supply chain risks is key to security in unsecured environments
• Ensuring trusted, tamper-resistant hardware and software is critical
o Due Diligence - using best practices and reasonable care
- Properly resourced cybersecurity program
- Risk management processes
- Product lifecycle support
- Security controls for confidential data
- Incident response assistance
- Company background info
o Trusted Foundry - validated secure microprocessor manufacturer (often government)
o Hardware Source Authenticity - procuring hardware from trustworthy suppliers
- Risk of counterfeits from aftermarket sources
• Root of Trust
o Hardware Root of Trust - secure crypto module for trusted/attested boot
o Trusted Platform Module (TPM) - hardware key storage
o Hardware Security Module (HSM) - tamper-resistant crypto key appliance
o Anti-tamper mechanisms:
• Trusted Firmware
o Vulnerabilities enable attacker to run high-privilege code
o Protections:
- UEFI - updated, more secure firmware interface
- Secure Boot - prevents unwanted code at boot
- Measured Boot - gathers secure metrics
- Attestation - signed validation of boot process
- eFUSE - software/firmware controlled chip fusing
- Trusted/signed firmware updates
- Self-encrypting drives
• Secure Processing
o CPU security extensions enable:
- Trusted execution ensuring secure OS/VM
- Encrypted memory enclaves for sensitive data
- Atomic execution of single operations
- Bus encryption for trusted devices
o Intel - TXT, SGX

• Virtualization - creating a virtual version of a resource
o VMs emulate a full computer running an OS
• VM Types
o System VM - replaces physical computer, runs full OS
o Process VM - runs a single app or process
• Hypervisors
o Manages allocation of host resources


Here is the continuation of the rewritten CompTIA Security+ study notes in English:

o Types of Hypervisors:
- Type I (Bare Metal) - runs directly on hardware, more efficient
- Type II (Hosted) - runs as a software layer on an operating system
o Containerization
- Shares kernel across VMs but provides separate user spaces
- Enables rapid, efficient deployment of distributed apps
- Ex: Docker, Parallels Virtuozzo, OpenVZ
• VM Threats
o VMs isolated by default but still vulnerable:
- VM Escape - breaks out of VM to interact with hypervisor
o Elasticity enables scaling to meet demand
o Data Remnants - deleted VM data remaining on cloud servers
o Privilege Elevation - user granting themselves higher privileges
o Live Migration - moving a running VM to another server
• Securing VMs
o Similar security measures as physical servers:
- Limit VM-host connectivity
- Remove unnecessary virtual hardware
- Use proper patch management
o Virtualization Sprawl - uncontrolled VM creation and deployment

Application Security
• Web Browser Security
o Keep updated but don't adopt new versions immediately
o No single "most secure" option
o General practices:
1. Implement policies (admin or technical)
2. Train users
3. Use proxy and content filter
4. Prevent malicious code (disable ActiveX, Java, Flash)
o Additional concerns:
- Cookies and Flash cookies (LSOs) track user data
- Add-ons extend functionality but introduce risk
- Advanced options for SSL/TLS, cache, history
• Securing Applications
o Password-protect sensitive documents
o Email security via digital signatures and certificates
o User Account Control prevents accidental changes

Secure Software Development
• Software Development Lifecycle (SDLC)
o Phases: Planning, Analysis, Design, Development, Testing, Integration, Maintenance
o Methodologies:
- Waterfall, Agile, DevOps
• SDLC Security Principles
o Confidentiality, Integrity, Availability (CIA)
o Threat modeling prioritizes patching
o Least privilege access
o Defense in depth
o Never trust user input
o Minimize attack surface
o Secure defaults and configurations
o Code signing for authenticity and integrity
o Secure error handling
o Timely vulnerability fixing
o Use trusted SDKs
• Testing Methods
o Black-box - tester has no system knowledge
o White-box - full details provided to tester
o Structured exception handling for runtime errors
o Input validation to sanitize user data
• Software Vulnerabilities
o Backdoors - bypass normal authentication
o Directory traversal - access unauthorized directories
o Arbitrary/remote code execution
o Zero-day - unknown to vendor
• Buffer Overflows
o Occur when data exceeds allocated memory
o Can enable code injection
o Prevented by:
- Bounds checking
- Input validation
- Address space layout randomization
• Injection Attacks
o Insert additional code via user input
- Cross-site scripting (XSS), SQL injection, LDAP injection
o Prevented by input validation and sanitization
• Race Conditions
o Timing flaws that can be exploited
o Difficult to detect and mitigate
o Affect multi-threaded processing, file systems, databases
o Time-of-check to time-of-use (TOCTTOU) attacks
o Prevention:
- Avoid sequential processing
- Use locking to ensure exclusive access
• Other Vulnerabilities
o Insecure components, insufficient logging, weak configs
o Mitigate via:
- Inventorying components
- Analyzing log requirements
- Hardening
- Least privilege
- File/directory permissions
- Secure configs and baselines

Network Design
• OSI Model Review
o Please, Do Not Throw Sausage Pizza Away
o Layers: Physical, Data Link, Network, Transport, Session, Presentation, Application
• Switches
o Evolved from hubs and bridges
o Vulnerable to:
- MAC flooding (CAM table overflow)
- MAC spoofing
- Physical tampering
o Mitigations: port security, ARP inspection, MAC address filtering
• Routers
o Connect networks at Layer 3 (IP)
o Use access control lists (ACLs) to permit or deny traffic
o Vulnerable to IP spoofing
• Network Segmentation
o Firewalls, DMZs, extranets, intranets, VLANs
o Jumpbox - hardened access point for DMZ management
• Network Access Control (NAC)
o Pre-admission checks prior to network connection
o Agent-based or agentless
o Hardware or software
o 802.1X for port-based access control
o Benefits: segmentation, reduced collisions, improved organization and performance
o Switch spoofing and double-tagging attacks
o Prevent by moving ports and using private VLANs
• Subnetting
o Divides networks for efficiency and security
o Broadcast domain reduction
o Subnet policies aid security monitoring
• Network Address Translation (NAT)
o Hides internal IPs behind one external IP
o Port Address Translation (PAT) maps ports
o Uses private IP ranges
• Telephony
o Legacy PBX and modern VoIP
o Eavesdropping and toll fraud risks
o Encrypt VoIP with TLS

Perimeter Security
• Firewalls - filter traffic between networks
o Stateless - packet filtering
o Stateful - tracks connections
o Deep packet inspection for application awareness
o Web Application Firewalls protect servers
• Proxy Servers
o Intermediaries between clients and servers
o Caching for efficiency
o Content filtering and malware scanning
o Web Security Gateways (secure web proxies)
• Honeypots and Honeynets
o Decoy systems to attract and trap attackers
o Honeypot - single system
o Honeynet - full network
• Data Loss Prevention (DLP)
o Monitors data to prevent exfiltration
o Endpoint, network, and cloud-based
• Network IPS
o Prevents attacks inline (vs IDS detection)
o Should fail closed
o Can also provide protocol analysis
• Unified Threat Management (UTM) / Next-Gen Firewall
o Consolidates firewall, IPS, content filter, anti-malware, DLP, VPN

Cloud Security
• Service Models:
o IaaS - provider manages virtualization, servers, storage, networking
o PaaS - also includes OS, middleware, runtime
o SaaS - provider manages everything, client uses app
• Deployment Models:
o Public - hosted by provider, multi-tenant
o Private - single org, on-prem or hosted
o Community - shared by orgs with common need
o Hybrid - mix of above
• Threats:
o Insecure APIs, improper key management, insufficient logging, unprotected storage
o Addressed by authentication, encryption, monitoring, permissions
• Virtualization security - same as physical
• Cloud Access Security Broker (CASB)
o Visibility and control for cloud services
o Deployment options:
- Agent on device
- Reverse proxy
- API integration
• Microservices and Serverless
o Microservices - small, single-purpose components
o Serverless - provider dynamically manages code execution
- No patching or administration
- Depends on robust orchestration
• Securing Servers
o File servers, email, web, FTP, domain controllers
o DMZ for web and FTP
o Harden all servers
o DLP can help prevent insider threats

Workflow & Orchestration
• Orchestration
o Automation of deployments
o Resource, workload, and service orchestration
o Third-party tools (Chef, Puppet, Ansible, etc.) prevent lock-in
• CI/CD Pipeline
o Continuous Integration - frequent code commits and automated builds
o Continuous Delivery - automates release to production
o Continuous Deployment - fully automates deployment to production
• DevSecOps
o Integrates security into DevOps process
o Shift left approach:
- Early security integration
- Automated testing and compliance
• Infrastructure as Code (IaC)
o Managing infrastructure via definition files
o Enables automation and orchestration
o Use templates to ensure secure, consistent configs
• Machine Learning
o Artificial Intelligence - machines that can learn and adapt
o Machine Learning - learning from data to accomplish a task
o Deep Learning - complex, layered algorithms
o Common uses: adaptive authentication, threat hunting

Network Attacks
• Ports and Protocols
o 1024 well-known ports
o 49152 ephemeral ports
o Memorize key ports for the exam
• Denial of Service (DoS)
o Disrupt availability and access
o Flood, Ping of Death, teardrop, fork bomb
o Smurf and fraggle amplification attacks
o SYN floods exploit TCP handshake
o Permanent DoS can damage firmware
• Distributed DoS (DDoS)
o Many sources target a single victim
o Botnets common in DDoS
o DNS and NTP amplification tactics
o Mitigation: IPS, special scrubbing services
• Hijacking and Spoofing Attacks
o Hijacking - taking over an active connection
- Session theft, clickjacking, man-in-the-middle
o Spoofing - masquerading as a legitimate user/system
o Always use strong authentication
• Transitive Attacks
o No direct attack, but security sacrificed for efficiency
• DNS Attacks
o Cache poisoning, unauthorized zone transfers, HOSTS file changes
o Pharming and domain name kiting/sniping
• ARP Poisoning
o Exploits IP to MAC mapping to steal data
o Mitigated by VLANs and DHCP snooping

Securing Network Devices
• Switches, routers, firewalls, etc.
o Change default passwords
o Use strong password policies
o Watch for privilege escalation and backdoors
o Keep firmware updated
o Use IPS, firewalls, segmentation
• Secure Network Media
o Copper, fiber, coax
o Electromagnetic interference (EMI) - use shielded cables
o Radio frequency interference (RFI) - impacts wireless
o Crosstalk - signal interference between wires
o Data emanation - use shielding and Faraday cages
• Securing Wi-Fi
o Change default SSIDs and passwords
o Disable SSID broadcast
o Patch APs and clients
o Use strong encryption (WPA2/WPA3)
o Dangers - rogue APs, evil twins
• Wi-Fi Attacks
o Wardriving/warwalking - searching for open APs
o IV attacks - breaking WEP
o Deauthentication attacks - disrupting connections
o Brute force cracking of pre-shared keys
• WPA3 Improvements
o Longer keys, forward secrecy, simultaneous authentication
• Bluetooth Attacks
o Bluejacking - sending unsolicited messages
o Bluesnarfing - stealing data over bluetooth
• NFC and RFID
o Short range wireless communication
o NFC 4cm, RFID 10cm - 200m

Physical Security Controls
• Surveillance
o CCTV cameras
o Pan-tilt-zoom and thermal imaging
• Locks and Barriers
o Traditional locks to keyless entry and mantraps
• Biometrics
o Fingerprint, iris, facial, etc.
o False acceptance/rejection rates
o Crossover error rate measures system accuracy
• Lighting, Signs, Guards, Alarms
• Faraday Cages and TEMPEST shielding

Facilities Security
• Fire Suppression
o Handheld - ABCDK extinguishers
o Sprinklers - wet pipe, dry pipe, pre-action
o Clean agents and CO2
o Humidity and temperature control
o Positive pressure
o Particulate filtering
o Dedicated systems
o May connect to ICS/SCADA networks
• Shielding
o Foil wallpaper, films, window mesh
o Faraday cages block all EMI
o TEMPEST - government shielding standard
• Protected Cabling
o Cable trays and conduit
o Clearly labelled
o Hardened carrier services (MPLS and DWDM)
• Vehicular Vulnerabilities
o Controller Area Network (CAN bus)
o Onboard Diagnostics (OBD-II) port
o Attacks:
- Direct access
- Cellular network exploit
- Malicious updates
• Drones and Robots
o Aerial drones for surveillance and payload delivery
o Robot weaknesses:
- No inherent security
- Exposed ports and connectors
- Easily physically accessed
- Unencrypted communications
• Internet of Things (IoT)
o Embedded Linux/Android OSes
o Smart devices must be secured and updated
o Specialized IoT security solutions
• Embedded Systems
o Perform specific dedicated functions
o Difficult to update and secure
o Variations:
• Industrial Control Systems (ICS)
o Manage automation and physical processes
o Use Fieldbus protocol and PLCs
o Include HMI for configuration
o Components - data historian, I/O server
o Remote monitoring and control
o Combines software and PLCs
o Protocols - Modbus, DNP3
o Stuxnet attacked SCADA via USB
• Mitigating ICS/SCADA Vulnerabilities
o Robust change management
o Network segmentation
o Strong authentication
o Patch management
o Security audits
• Building Automation
o HVAC, lighting, safety, security
o Managed by BAS software
o Remote access risks
o Vulnerable devices and protocols
o Unpatched and misconfigured
• Physical Access Control
o Electronic door locks and logging
o Visitor management
o May integrate with BAS and CCTV
o Managed by PACS software
o Social engineering risks

User Authentication
• Something You Know
o Passwords and PINs
o Security questions
• Something You Have
o Smart cards and tokens
o Digital certificates
o OTPs and mobile apps
• Something You Are
o Fingerprints, iris, voice, face
• Somewhere You Are
o Geolocation and geofencing
• Something You Do
o Signature and typing analysis
o Gestures
• Multi-factor Authentication
o Combines 2 or more factors
o Greatly increases security
o May be required for compliance
• Authentication Protocols
o LDAP - directory services
o Kerberos - ticket-based system
o RADIUS - centralized management
o TACACS+ - separates authentication, authorization, accounting
o 802.1X - port-based access control
• Federated Identities
o Authentication by a third party Identity Provider
o SAML and OAuth standards
o Reduced user management for service providers
o Risks - reliance on IdP security
• Cloud vs On-premises
o Cloud - scalable but requires trust in provider
o On-prem - full control but higher cost and complexity
o Consider data localization and vendor lock-in
• Remote Access
o VPN for encrypted remote connection
o RDP for graphical remote control
- Network Level Auth increases security
o SSH for secure command line access

Access Control
• Identification, Authentication, Authorization, Accountability
• Authorization Concepts
o Least privilege
o Separation of duties
o Mandatory vacation
o Job rotation
o Privilege creep
o Time of day restrictions
• Access Control Models
o Discretionary Access Control (DAC) - owner determines permissions
o Mandatory Access Control (MAC) - system determines access based on classification
o Role Based Access Control (RBAC) - permissions based on job function
o Rule-based Access Control - dynamic rules and parameters
o Attribute-based Access Control (ABAC) - Boolean logic for authorization
• Best Practices
o Disable default accounts
o Disable root logins
o Disable guest accounts
o Use strong passwords
o Rename administrator accounts
o Restrict user permissions
• User Account Management
o Provision, review, deprovision
o Leaves, transfers, terminations
o Periodic recertification of permissions
• Continuous Monitoring
o Observe and respond to threats in real-time
o Supplements periodic assessments
o Automated testing and alerting
• Logging and Auditing
o Record events and analyze for anomalies
o Investigate incidents
o Meet regulatory requirements
• Controlling Access to Files
o NTFS permissions (Windows)
o `chmod` (Unix/Linux)
o Principle of least privilege
o Separation of duties

Risk Assessment
• Assets, Vulnerabilities, Threats
o Asset - what needs protecting
o Vulnerability - weakness
o Threat - potential danger
• Risk Calculation

Incident Response and Forensics
• Incident Response Process
o Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
o Goal is to minimize damage and prevent future incidents
• Building an Incident Response Team
o Incident Response Manager
o Security, Network, Systems Analysts
o Threat Researcher
o Forensic Analyst
o Legal, HR, PR
• Evidence Handling
o Identify, Collect, Analyze, Report
o Chain of custody
o Data integrity
o Retention policies
• Forensic Investigation
o System, Network, Software, Storage
o Tools - dd, FTK, Memdump, Autopsy
• Attack Frameworks
o Cyber Kill Chain
o Diamond Model

Disaster Recovery Planning
• Business Impact Analysis
o Identify critical systems and processes
o Determine Recovery Time Objective (RTO)
o Determine Recovery Point Objective (RPO)
• Disaster Recovery Plan
o Emergency response procedures
o Backup strategies
o Alternative processing sites
o Post-incident review
• Backup Methods
o Full, incremental, differential, snapshot
o Backup rotation schemes
o Offsite storage
o Replication to hot/warm/cold sites
• Disaster Recovery Testing
o Paper tests, walkthrough, simulation
o Parallel and cutover testing
• Continuity of Operations
o Succession planning
o Alternate personnel
o Telework

• Symmetric Encryption
o One key for encryption and decryption
o Fast but difficult key exchange
o Algorithms: AES, 3DES, Blowfish
• Asymmetric Encryption
o Public and private key pair
o Slow but easier key exchange
o Algorithms: RSA, ECC
o Key lengths from 1024 to 4096 bits
• Hashing
o One-way function
o Verifies integrity
o Algorithms: MD5, SHA-1, SHA-2, SHA-3
• Digital Signatures
o Encryption with sender's private key
o Proves authenticity and non-repudiation
o Requires PKI and digital certificates
• Key Management
o Generation, exchange, storage, destruction
o Recovery and escrow
• Steganography
o Hiding messages in other data
o Used for obfuscation not encryption
• Quantum Computing Impact
o Shor's algorithm breaks RSA and ECC
o Larger key sizes are only a temporary fix
o Post-quantum cryptography research

Exploits and Attacks
• Malware
o Viruses, worms, trojans, ransomware
o Spyware, adware, rootkits, keyloggers
• Password Attacks
o Brute force, dictionary, rainbow tables
o Password spraying, credential stuffing
• Web Application Attacks
o Injection - SQL, XSS, LDAP
o Broken authentication and session management
o Sensitive data exposure
o XXE and insecure deserialization
• Wireless Attacks
o War driving
o Rogue access points
o WPS and WPA2 vulnerabilities
• Mobile Attacks
o Malicious apps
o Jailbreaking and rooting
o SMS phishing
o Signal interception and tracking
• Cryptographic Attacks
o Birthday attack
o Collision attacks
o Downgrade attacks
o Sweet32
• Social Engineering
o Phishing, vishing, smishing
o Impersonation
o Dumpster diving
o Shoulder surfing
o Tailgating and piggybacking
• Supply Chain Attacks
o Compromised hardware or software
o Counterfeit products
o Malicious insiders at vendors

Threat Intelligence
• Data Sources
o Open source
- OSINT, social media
o Closed source
- Conferences, dark web
o Technical
- Sandboxes, honeypots, packet capture
o Human
- SMEs, trusted groups
• Automated Indicator Sharing
o STIX and TAXII standards
o MISP and OpenCTI platforms
• Intelligence Cycle
o Direction, Collection, Processing, Analysis, Dissemination
o Feedback for continuous improvement
• Threat Actors
o Cybercriminals, APTs, insider threats
o Hacktivists and cyberterrorists
o Script kiddies

Penetration Testing
• Planning and Scoping
o Rules of engagement
o Objective-based, compliance-based
o White box, gray box, black box
• Reconnaissance
o Passive - OSINT, social media
o Active - port scanning, vuln scanning
• Execution
o Initial access, lateral movement
o Privilege escalation
o Data exfiltration and destruction
• Reporting
o Findings and remediation
o Strategic recommendations
• Red Team Operations
o Objective-based, multi-layered attack simulation
o Blue and Purple teaming
o Conducted by highly skilled specialists

Legal and Compliance
• Types of Laws
o Criminal, civil, administrative
o Jurisdiction and extradition
• Intellectual Property
o Patents, copyrights, trademarks
o Trade secrets
o Digital Rights Management (DRM)
• Licensing
o Commercial
o Open source
o End User License Agreement (EULA)
• Privacy
o Personally Identifiable Information (PII)
o Protected Health Information (PHI)
o Data sovereignty and localization
• Compliance Frameworks
o NIST CSF and 800-53
o ISO 27001 and 27002
• Investigations
o Administrative, criminal, civil
o Search warrants
o Due process and chain of custody

• (ISC)2 Code of Ethics
o Protect society, the common good, necessary public trust and confidence, and the infrastructure.
o Act honorably, honestly, justly, responsibly, and legally.
o Provide diligent and competent service to principals.
o Advance and protect the profession.
• Organizational Ethics
o Codes of conduct
o Acceptable use policies
o Mandatory reporting
o Whistleblowing
• Technology Misuse
o Hacking, doxxing, swatting
o Hacktivism and cyber terrorism
o Intellectual property theft
o Invasion of privacy
• Professional Development
o Staying current in the field
o Getting involved in the community
o Mentorship and knowledge sharing

Dear friends,

Wishing you all the best in your studies and exam preparation for the CompTIA Security+ certification. This is an important and valuable certification in the field of cybersecurity, and passing the exam will open up many exciting career opportunities for you.

To ensure you are well-prepared, we encourage you to take advantage of the high-quality learning products from CertMaster, including:

- CertMaster Learn: An interactive online course that helps you master the theoretical knowledge necessary for the exam.

- CertMaster Labs: An online practice environment with real-world cybersecurity scenarios, allowing you to hone your practical skills.

- CertMaster Practice: A rich question bank with hundreds of practice questions and simulated tests.

- CertMaster Exam-Sims: A practice exam that accurately simulates the structure and difficulty of the actual exam, helping you familiarize yourself and gain confidence.

By utilizing these quality products, not only will you receive maximum support in your learning journey, but you will also be supporting our efforts in developing training programs and nurturing cybersecurity talent.

Once again, we wish you effective learning, the confidence to conquer the exam, and the swift attainment of the CompTIA Security+ certification you desire. Believe in yourself and persevere until the end!

Thank you sincerely for your attention and support. We wish you success!
CompTIA Security+ Certification – Gateway to High-Paying Cybersecurity Careers


Zurück zum Blog

Hinterlasse einen Kommentar

Bitte beachte, dass Kommentare vor der Veröffentlichung freigegeben werden müssen.