- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 12: Authentication and Authorization
Authentication Methods
Here’s a PM video that looks at this topic from the 601 objectives, in this case objective 2.4:
Windows Authentication
LM – MS DOS and Windows for Workgroups; very weak hashing
NTLM – Windows NT domains, which are NOT directories and which preceded directories; better hashing
NTLMv2 <– This is the best protocol to use if you’re not using AD, because of much stronger hashing
Kerberos – AD’s Single Sign-on protocol, used in directory services. Here’s a PM video from the Security+ 501 that explains Kerberos as a separate topic. The 601 merges this topic into the general Authentication topic (see below).
Directory Services
LDAP (X.500)
X.500 is the formal name for Directory Access Protocol, or DAP. This was developed my the DoD and shared with the open-source community via a Freedom of Information Act request, becoming LDAP, or Lightweight DAP. And LDAP consists of:
Key Distribution Center
Authentication Service
Ticket Granting Service
Notice that Certificates are part of this protocol, and are defined as X.509 documents.
Federation
This concept has to do with users. Two or more organizations can consolidate authentication, with lots of tough choices as to how much trust to give.
When you “Sign on with Facebook” or any other social media service, that’s a form of federation.
Attestation
This concept has to do with devices. Are they part of your organization, are they trusted, and how much?
Technologies
TOTP – Time-based one-
time password
HOTP – HMAC-based one-time
password
SMS: Short message service
Token key
Static codes
Authentication applications
Push notifications
Phone call
Smart card authentication
Biometrics
Fingerprint
Retina
Iris
Facial
Voice
Vein
Gait analysis
Efficacy rates
False acceptance
False rejection
Crossover error rate
MFA: Multifactor Authentication Factors and Attributes
Factors
Something you know
Something you have
Something you are
Attributes
Somewhere you are
Something you can do
Something you exhibit
Someone you know
Identity and Access Control: AAA: Authentication, Authorization, and Accounting
PAP
CHAP
MSCHAPv2
RADIUS – Microsoft’s favorite protocol for remote access and authentication. It runs on a server.
TACACS+ – Terminal Access Controller / Access Control System Plus is a Cisco protocol similar to RADIUS. It’s a remote-access protocol that gives you pass-through to an internal authentication server, like AD.
Cloud vs. on-premises requirements
Cloud Authentication
https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html