- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 9: Enterprise Security Architecture
Configuration Management
ThisĀ topic is covered in depth by ITIL:
https://en.wikipedia.org/wiki/Configuration_Management_(ITSM)
Document Everything
Diagrams
Network diagrams
https://www.addictivetips.com/net-admin/it-inventory-management-tools/
Rack diagrams
Specifications
Baseline Configuration
Establish one
Perform regular Integrity Measurements Checks
Standard Naming Conventions
Includes Asset Tagging (TIA 606)
IP Address Schema
Data Sovereignty
Note the importance of venue: which country’s laws apply?
Data Protection
DLP: Data Loss Prevention
Masking
Look at your card number on a cash register receipt:
**** **** **** 4321
Hashing
Encryption
Data At Rest
-
-
-
-
-
- Bitlocker
- PGP disk encryption
-
-
-
-
Data In Transit / In Motion
-
-
-
-
-
- SSH
- SSL
- TLS
- IPsec
-
-
-
-
Data In Processing / In Use:
-
-
-
-
-
- Cluster tip wiping wipes sold data in unused file system slack. See the Microscope tool.
- Data field encryption eg. SSN field
-
-
-
-
Tokenization
Consider the transaction code for a credit card sale, which does not contain the card number or other data. A random value replaces confidential data.
Rights Management
DRM: Digital Rights Management
Geographical Considerations
How far from your main site should your backups be stored?
How far should your alternate business sites be?
Are your backups or recovery sites out of the USA?
Whose regulations apply?
Response and Recovery Controls
Incident Response
Document Beginning to End!
Identify the attack
Contain the attack
Prevent data exfiltration
Prevent access to sensitive data
DR: Disaster recovery
BC: Business continuity
SSL / TLS Inspection
This actually functions mostly the same as a forward proxy: a device serves as a go-between for the client and server, and the client is actually trusting that proxy’s certificate, not the end server’s certificate.
The big difference is that the proxy actually looks at the data being exchanged – unencrypted.
DLP: Data Loss Prevention
That’s right, a master encryption key, right on an edge device on your network. A very attractive target….
Hashing
Eg. Store passwords hashed, not encrypted.
API Considerations
Flaws in APIs are public, discoverable, and apply to all users.
https://resources.infosecinstitute.com/topic/api-security/
Site Resiliency
Hot Sites
Warm Sites
Cold Sites
Deception and Disruption
Honeypots
Honeyfiles
Honeynets
Fake Telemetry: synthetic network traffic
DNS Sinkhole:
This hack is the fix for WannaCry. DNS returns false results, blocking access to a C2 server. It can be defensive or offensive.
More Study
Professor Messer’s lesson on this topic is excellent.