CompTIA Security+ Get Certified Get Ahead

1. Security is a Balancing Act: Confidentiality, Integrity, and Availability

Confidentiality prevents the unauthorized disclosure of data.

The CIA Triad. Security isn't just about locking things down; it's about finding the right balance between three core goals: confidentiality, integrity, and availability. Confidentiality ensures that only authorized users can access sensitive information. Integrity ensures that data remains accurate and untampered. Availability ensures that systems and data are accessible when needed.

Real-world examples. Consider a hospital:

• Confidentiality: Patient records must be kept private.
• Integrity: Medical data must be accurate and reliable.
• Availability: Doctors and nurses must have access to patient data when needed.

Balancing act. Achieving all three goals simultaneously can be challenging. For example, strong encryption can enhance confidentiality but may impact availability if it slows down system performance. Security professionals must constantly make trade-offs to find the right balance.

2. Controls are Your Shield: Technical, Administrative, and Physical

Technical controls use technology to reduce vulnerabilities.

Three lines of defense. Security controls are the actions and tools used to mitigate risks. They fall into three main categories: technical, administrative, and physical. Technical controls use technology, such as firewalls and encryption. Administrative controls use policies and procedures, such as risk assessments and training. Physical controls are tangible measures, such as locks and security guards.

Examples of controls:

• Technical: Encryption, antivirus software, intrusion detection systems (IDSs), firewalls
• Administrative: Risk assessments, security policies, training programs
• Physical: Security guards, fences, locks, cameras

Layered approach. Effective security relies on a combination of all three types of controls. For example, a strong password policy (administrative) is more effective when combined with password complexity requirements (technical) and physical security measures to prevent shoulder surfing (physical).

3. Virtualization: A Powerful Tool, But Not Without Risks

Virtualization provides increased availability because it is much easier to rebuild a virtual server than a physical server after a failure.

Flexibility and efficiency. Virtualization allows you to run multiple operating systems on a single physical machine, providing flexibility and reducing costs. It also makes it easier to test new security controls and recover from failures. However, it introduces new security risks.

Types of virtualization:

• Type I hypervisors run directly on the hardware (bare-metal).
• Type II hypervisors run within an operating system.
• Container virtualization runs applications in isolated cells.

Risks of virtualization:

• VM escape: Attackers can gain access to the host system from a virtual machine.
• VM sprawl: Unmanaged virtual machines can consume resources and create vulnerabilities.
• Data leakage: Virtual machines are just files and can be easily copied.

4. Command Line: Your Secret Weapon for Network Insight

You can use tracert to track packet flow through a network and if an extra router has been added to your network, tracert will identify it.

Essential tools. Command-line tools provide valuable insights into network behavior and system configurations. They are essential for troubleshooting and security assessments.

Key command-line tools:

• ping: Tests connectivity and name resolution.
• tracert: Traces the path of network packets.
• ipconfig/ifconfig/ip: Displays network configuration information.
• netstat: Shows active network connections and listening ports.
• arp: Displays the Address Resolution Protocol (ARP) cache.

Practical applications:

• Use ping to check if a server is reachable.
• Use tracert to identify unauthorized routers.
• Use netstat to detect suspicious connections.
• Use ipconfig to verify network settings.

5. Authentication: More Than Just a Password

Authentication should be increased, such as by forcing users to use stronger passwords.

Beyond usernames. Authentication is the process of verifying a user's identity. It goes beyond just usernames and passwords. It includes multiple factors, such as something you know, something you have, something you are, somewhere you are, and something you do.

Authentication factors:

• Something you know: Passwords, PINs
• Something you have: Smart cards, tokens
• Something you are: Biometrics (fingerprints, retina scans)
• Somewhere you are: Geolocation
• Something you do: Gestures, keystroke dynamics

Strong authentication. Multifactor authentication (MFA) combines two or more factors for increased security. For example, using a password and a code from a mobile app.

Authentication services:

• Kerberos: Used in Windows domains.
• LDAP: Used for directory services.
• RADIUS: Used for remote access.

6. Network Security: Layers Upon Layers

A demilitarized zone (DMZ) is a logical buffer zone for servers accessed from public networks such as the Internet, and it provides a layer of security for servers in the DMZ.

Zones and boundaries. Network security involves creating zones and boundaries to protect sensitive resources. A demilitarized zone (DMZ) is a buffer zone for servers accessed from public networks. Virtual local area networks (VLANs) segment traffic within a network.

Key network devices:

• Firewalls: Control traffic based on rules.
• Intrusion detection systems (IDSs): Monitor for suspicious activity.
• Intrusion prevention systems (IPSs): Block attacks in progress.
• Switches: Connect devices within a network.
• Routers: Connect different networks.
• Proxies: Filter and cache web traffic.

Wireless security. Wireless networks require strong encryption protocols, such as WPA2 with CCMP. 802.1x servers provide port-based authentication.

7. Cryptography: The Art of Secrets and Trust

Encryption scrambles data to make it unreadable by unauthorized personnel.

Protecting data. Cryptography is the art of protecting information using mathematical algorithms. It includes hashing, encryption, and digital signatures. Hashing provides integrity. Encryption provides confidentiality. Digital signatures provide authentication, non-repudiation, and integrity.

Symmetric vs. asymmetric encryption:

• Symmetric: Uses the same key for encryption and decryption (e.g., AES, DES).
• Asymmetric: Uses a public key for encryption and a private key for decryption (e.g., RSA, Diffie-Hellman).

Key cryptographic concepts:

• Hashing: Creates a fixed-size string of bits from data.
• Encryption: Scrambles data to make it unreadable.
• Digital signatures: Provide authentication and integrity.
• Key stretching: Makes passwords more difficult to crack.
• Steganography: Hides data within other data.

8. Policies: The Foundation of a Secure Organization

A tried-and-true method of repeating key information is to take notes when you’re first studying the material and then rewrite the notes later.

Guiding principles. Security policies are written documents that define an organization's security goals and expectations. They provide a framework for implementing security controls and managing risks.

Key policy areas:

• Acceptable use policy (AUP): Defines proper system usage.
• Mandatory vacations: Help detect fraud.
• Separation of duties: Prevents any single person from controlling a critical process.
• Job rotation: Ensures employees are cross-trained.
• Clean desk policy: Protects sensitive data.
• Data retention policies: Define how long data is retained.

Personnel management. Policies also address personnel management, including background checks, non-disclosure agreements (NDAs), and exit interviews.

9. Incident Response: Plan, Prepare, and React

The incident response process includes preparation, identification, containment, eradication, recovery, and lessons learned.

Structured approach. Incident response is a structured process for handling security incidents. It includes preparation, identification, containment, eradication, recovery, and lessons learned.

Key elements of incident response:

• Incident response plan (IRP): Defines roles, responsibilities, and procedures.
• Cyber-incident response team: A group of trained personnel.
• Order of volatility: Collect evidence from most volatile to least volatile.
• Chain of custody: Documents the handling of evidence.
• Legal hold: Preserves data for legal purposes.

Forensic procedures:

• Capture system images.
• Collect network traffic and logs.
• Take hashes of files.
• Interview witnesses.

10. Data Protection: From Cradle to Grave

Protecting Confidentiality with Encryption

Data lifecycle. Data protection involves securing data throughout its lifecycle, from creation to destruction. This includes data-at-rest, data-in-transit, and data-in-use.

Data protection methods:

• Encryption: Protects confidentiality.
• Data loss prevention (DLP): Prevents data exfiltration.
• Access controls: Restrict access to authorized users.
• Data sanitization: Removes data from storage media.
• Data retention policies: Define how long data is retained.

Data roles:

• Data owner: Has overall responsibility for the data.
• Data steward/custodian: Handles routine tasks to protect data.
• Privacy officer: Ensures compliance with privacy laws.

Last updated: January 22, 2025