- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 25: Public Key Infrastructure
Public Key Infrastructure (PKI)
Components
RA
CA
Third-party trust model
Certificate Authority
Intermediate CA
Revocation
CRL
OCSP: Online certificate status protocol
Suspension
CSR
https://www.globalsign.com/en/blog/what-is-a-certificate-signing-request-csr
X.509: the Certificate Standard
Parts of a certificate
Version Number (usually 1)
Subject (the certificate owner)
Public Key (the whole point)
Issuer (the CA, like Verisign)
Serial Number
Validity: To and From Dates
Certificate Usage (signing, email, encryption)
Signature Algorithms (of the hashing and digital signature algos)
Extension (custom data)
Public Key
Private Key
OID
Online and Offline CAs
Stapling
https://en.wikipedia.org/wiki/OCSP_stapling
This refers to “stapling” two documents together, like both a website’s certificate and a signed current OCSP report verifying that certificate.
Pinning (obsolete)
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
This refers to making a fixed reference of one certificate to one entity (website) – even if that entity (website) moves from one physical host to another.
Trust Models
Heirarchical
Peer to peer
Hybrid
Key Escrow
See p. 474 of our text. Note that you might (should) have different keys (certificates) for different purposes (eg. signing vs. encrypting). Encryption keys SHOULD be held in escrow (in enterprise situations; Signing keys should NEVER be held in escrow. (No one has any legal reason to use my keys to “sign” an object – after I am dead.)
Certificate Chaining
https://docs.microsoft.com/en-us/windows/win32/seccrypto/certificate-chains
Types of Certs
End-entity certs
CA certs
Cross-certification certs
Policy certs
Wildcard certs
Code-signing certs
Self-signed certs
Machine / Computer
User
Root
Domain validation
Extended validation
Certificate Formats
.der
.pem
.cer / .crt
.key
.pfx
.p12
.p7b
***
Certificate Issues
Broken Chain of Trust