compTIA Security+ 701 chapter 1 study

3rd party CA

A 3rd party CA, or third-party Certificate Authority, is an external organization trusted to issue digital certificates that authenticate the identity of entities in online transactions. These entities can include websites, servers, email senders, and more. Third-party CAs are recognized and relied upon by users and systems across various domains because they adhere to industry standards, undergo security audits, and are supported by major web browsers and operating systems. Their certificates help establish trust and security in digital communications and transactions by verifying the authenticity of the entities involved.

wildcard certificate

A certificate that can be used for multiple domains with the same root domain. It starts with an asterisk. A wildcard certificate is a type of digital certificate that allows secure connections to be established for multiple subdomains under a single domain using a single certificate. The wildcard character (*) is used in the Common Name (CN) or Subject Alternative Name (SAN) field of the certificate to represent all possible subdomains.

Blockchain

A digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly

Standard operating process

A documented set of step-by-step instructions that outline how specific tasks or processes should be carried out within an organization. In the context of cybersecurity, SOPs are essential for ensuring consistency, efficiency, and compliance with security policies and best practices.

Change approval access

A formal process to manage change *maintain uptime and vulgarity of our system -Avoid downtime, confusion, mistakes approval process -complete request forms -purpose of change -Identify scope of change -schedule date and time -determine affected systems and impact -what are risks associated with change -get approval

Deny list

A list of applications that a system denies or blocks. Users are unable to install or run any applications on the list. Also called block list. Compare with allow list.

Certificate revocation

A list of certificate serial numbers that have been revoked

Backout Plan

A plan for returning affected systems and hardware to their original state if a new implementation fails.

Version Control

A process to keep track of what changes were made to what files so that a specific version can be referred to and improvements in multiple versions can be merged together.

Access control vestibule

A room you must pass through before you get access to the rest of the building

Legacy application

A software application or system that is outdated, often unsupported, and may not be compatible with modern technology standards or requirements. These applications are typically older, have been in use for an extended period, and may no longer receive updates or support from the original vendor.

Update policies and procedures

Adding new systems may require new procedures

Salting

Adding random data to a password when hashing every salt is unique salt prevents rainbow table from guess passwords

Managerial controls

Administration controls associated with security design and implementation tells people the best way to manage their computers their data or other systems example: security policies, standard operating procedures

Policy enforcement point or PEP

Any subjects & systems that are communicating through this network will be subject to evaluation by the PEP subject - system -untrusted - PEP - trusted - enterprise resources PEP is a gatekeeper, all traffic passes through to allow or not allow traffic policy decision point, gathers all info about traffic & provides that to a PDP -PDP is designed for examining the authentication & making a decision on wheatear that should be allowed on the network

corrective

Apply a corrective control after an event has been detected reverse the impact of an event

Preventive

Blocks access to a resource Example: Firewall rules, tangible like guard shack that checks ID's

implicitly trusted

Implicitly trusted cybersecurity refers to a scenario where certain entities or components within a system are automatically granted trust without undergoing explicit verification or authentication processes. Imagine you have a security system that automatically trusts any device connected to it without verifying its identity or checking for potential security risks. To mitigate these risks, cybersecurity practices typically emphasize the principle of least privilege, which means granting only the minimum level of access or permissions necessary for entities to perform their intended tasks.

Allow list

It allows only approved applications to run on system

Secure enclave

It is a security processor that is built into the systems of mobile phones, laptop and desktops its job is to secure the privacy of your data has extensive security features and has its own RAM

Authentication, Authorization, Accounting or AAA

It is the login process Identification is the first step, usually a username Authentication -The check between your username and password -Proves who you say you are Authorization -Based on your identification and authorization, what access do you have Accounting -Know the time, data sent and received, and logout time

Policy engine

It looks at all the requests that are coming through, it examines the requests & compares it to a set of predefined security policies and makes a decision on whether that is granted or revoked

Hashing

It represents data as a short string of text -also called a fingerprint or message digest one way trip -impossible to recover the original message from the digest -used to store passwords & confidential information also used to verify that the document that was downloaded is unchanged from the original can be a digital signature -authentication, non repudiation integrity

The CIA Triad

It stands for confidentiality, Integrity and availability

Key lengths

Key length in cybersecurity refers to the size, measured in bits, of the cryptographic key used in encryption algorithms. The key length directly affects the security of encrypted data, with longer keys generally providing stronger protection against cryptographic attacks.

Lighting

More light more security

Integrity

No data is modified while in transit to the intended recipient Example: Hashing, digital signatures, certificates, non repudiation, proof of integrity

Certificates signing request or CSR

Once the CA receives the CSR, it verifies the information provided, performs identity validation checks, and issues a digital certificate if the request meets the CA's requirements. The certificate, signed by the CA, contains the applicant's public key and identity information, allowing them to establish secure connections, authenticate themselves, and encrypt communications. Create a public key pair then sends the public key to the CA to be signed CA validates the request -Confirms DNS, emails, website ownership CA digitally sighs the certificate -returns to the request

Security Guards

Physical person guarding a a facility

Video surveillance

CCTV cameras

Confedentiality

Certain info should only be known to certain people prevent unauthorized info disclosure Example: Encryption -encodes messages so only certain people can read it Access controls -Selectively restrict access to a resource 2 factor authentication -Additional confirmation before info is disclosed

Honeynet

Combine many honeypots into much larger infrastructure large deception network with more than one honeypot

Control plane

The brain The control plane is responsible for managing and controlling the operation of network devices, including the configuration, maintenance, and dissemination of routing information. It operates at a higher level of abstraction than the data plane and is typically implemented in software, running on networking devices or centralized controllers. The control plane exchanges routing information and makes routing decisions based on network topology, traffic conditions, and administrative policies. Its primary function is to establish and update the forwarding tables used by the data plane to make forwarding decisions.

Stakeholders

The individuals or departments that would be impacted by the change you're purposing when you make change to the system, it the people it will effect

ownership

The owner of the app and data wanting to make a change -they do not own the change process

Steganography

The practice of concealing secret information within non-secret data, such as images, audio files, text, or video, in a way that the existence of the hidden information is not readily apparent to observers. Unlike encryption, which focuses on making data unintelligible to unauthorized parties, steganography aims to hide the presence of the information itself.

Data Plane

The processing of the frames, packets and network data from source to destination It operates at the network's edge or within networking devices, such as routers, switches, or firewalls.

Maintenance window

The time period in which a change is expected to be implemented.

Non Repudiation

When someone sends data to a 3rd party, that 3rd party is able to verify that the information really came from the sender Example: Sign a contract, Proof of Integrity, Proof of orign

Zero trust

You have to authenticate or prove yourself to get access to a particular source -every device, every process, every person Once inside network, everything is open on inside Everything most be verified -Multi factor authentication, encryption, system permission, additional firewalls.

Authenticating systems

You have to manage many devices, sometimes you may never physically see you authenticate a device without a certificate -put a digitally signed certificate on device, certificate or authorization organizations have a CA or certificate authority -it manages all certificates in environment it creates a certificate just for that laptop -Certificates is signed by the CA -Certificates on laptop is now an authorized factor

Tokenization

a data security technique used to protect sensitive information by replacing it with a unique identifier or token. This token is typically a randomly generated string of characters that has no intrinsic meaning and is unrelated to the original data. Tokenization is commonly used to safeguard payment card data, personally identifiable information (PII), and other sensitive data in various industries. replace sensitive information with a non-sensitive placeholder

Hardware security model or HSM

a dedicated hardware device designed to provide cryptographic functions and secure key management. HSMs are used to safeguard and manage digital keys for encryption, decryption, authentication, and digital signing operations.

Fencing

a fence to keep unwanted people out

Root of trust

a foundational element in computer security that serves as the ultimate anchor of trust within a system. It is typically a hardware component, firmware, or cryptographic key that is inherently trusted by the system and forms the basis for establishing trust in other components, processes, and interactions.

Public Key infrastructure or PKI

a framework of policies, procedures, hardware, software, and roles designed to manage the creation, distribution, storage, and revocation of digital certificates and public-private key pairs. PKI is a fundamental technology in modern cybersecurity, providing a secure foundation for various cryptographic operations, authentication mechanisms, and secure communication protocols. Used to associate a certificate with a person or a device Trust if a user or device is who they say they are encrypt with public key and decrypt with private key securing communication between the sender and the reciever uses a CA for extra trust

Trusted platform model or TPM

a specialized hardware component designed to enhance the security of computing platforms, particularly in the areas of authentication, encryption, and integrity measurement. TPMs are typically integrated into modern computer systems, including laptops, desktops, servers, and IoT devices, and provide a secure environment for storing cryptographic keys, performing cryptographic operations, and verifying the integrity of system components.

Online Certificate Status Protocol (OCSP)

The Online Certificate Status Protocol (OCSP) is a protocol used to check the revocation status of digital certificates in real-time. It provides a way for relying parties, such as web browsers, email clients, and other software applications, to verify whether a digital certificate issued by a Certificate Authority (CA) is still valid or has been revoked.

Honeypot

Used to attract attackers keeps them in your system so you can see what techniques they are trying to use against you

Proof of Integrity

Verify that the data does not change In cryptography, we use hash, message digest, a finger print If data changes, the hash will change

Updating diagrams

Visual representations accurately reflect changes made to the network infrastructure.

Key exchange

the process of securely sharing cryptographic keys between parties to establish a secure communication channel. Key exchange protocols enable two or more parties to agree on a shared secret key without revealing it to eavesdroppers or attackers. Secure key exchange is essential for ensuring the confidentiality, integrity, and authenticity of data transmitted over insecure networks.

Honeytokens

traceable data that you add to your honeynet so that info is copied and distributed you know where it came from has API credentials -does not provide access, alert is scent when used

Threat scope reduction

Decreases the number of possible entry points

Infrared

Detects IR in dark & light areas motion detection

Pressure

Detects change in force floor and window sensors

Microwave

Detects movement over larger areass

Directive

Direct a subject towards security compliance a relatively weak security control

Deterrent

Discourage an intrusion attempt Makes attacker thick twice Does not directly prevent access Example: Application splash screen, threat demotion, front desk reception who greets folks, posted warning signs

Test results

Do a lot of testing before implementing change use sand box to perform test see how test will perform on your system

Asymmetric encryption

Encrypt and decrypt with 2 different keys private key, you do not share and its the only key that can decrypt data with public key public key,, anyone can have this key

Symmetric encryption

Encrypt with a key and decrypt with the same key

Encryption algorithm

Encryption algorithms are mathematical formulas and procedures used to transform plaintext data into ciphertext, making it unreadable to unauthorized parties. There are various encryption algorithms, each with its own strengths, weaknesses, and applications. to successful encrypt/decrypt both sides must be using the same encryption algorithm

Impact analysis

Every change has an impact that can potentially affect the organization determine what the risks are Example: you can break something else, high medium or low risk, the fix does not fix anything, something may fail, risk for making the change

Policy driven access controls

Examination of all of these individual data points, puts them all together then decides what type of authentication process should be used to truly understand the person trying to identify themselves is really that person

Adaptive Identity

Examine the identification of an individual and applying security control based on not just user is telling us but other information that were gathering about this authentication process looks at source requests -mark risk indicators, relationship to the organization, physical location types of connection, IP address -System can make stronger authentication if needed

Authorization model

Gives users and services access to data in applications using an authorization model -sometimes called a abstraction -creates a clear relationship between the user and resources review physical notes for figure

Data masking

Hiding parts of the original number and only showing you a portion of the number on the recite

Detective

ID, warn & log when an intrusion attempt may not prevent access

Availability

Information is accessible to authorized users Redundancy -Build services that will always be available Fault Tolerance -System will continue to run even when a failure occurs Patching -Close security holes stability

Self signed certificates

Internal certificate that isn't signed by a CA, if you have a lot of devices ensure that all trust this certificate.

Physical controls

Limit physical access Example: Guard shack, fences, locks, badge readers

Authenticating people

Login at firewall, server, either approves authentic user, if approved, than is granted access

Restricted activity

Making changes to a system without proper authorization is strictly prohibited. This includes modifying configurations, installing software, or altering settings without following established change management procedures.

compensating

Security event has occurred and you do not have the resources or means to reverse what the particular event has caused control using other means existing controls are not sufficient may be temporarily

Ultra sonic

Sends some signals so you're looking for a reflection in sound waves detect motion, collision etc.

Downtime

Services will be temporarily be unavailable

Gap analysis

Study of where we are and where we want to be in cyber security its performed to see what security is needed in the future -this can take time to map out "choosing the framework" -May be a internal set of goals -work towards a baseline "evaluated and process" -get baseline employees -experience, current training, knowledge "security policies and procedures" -examine current processes -research IT systems -evaluate existing security policies "compare & contrast -compare -evaluate system Identify weaknesses -Along with most effective process a detailed analysis -examine broad security categories -Break into small segments the analysis report -the final comparison, detailed baseline objectives, where we are and like to be -need a path to where you want security to be form current security -finally made the gap analysis report

Obfuscation

Taking something easy to understand and make it hard to understand hide information but in plane site refers to the practice of intentionally obscuring or complicating code, data, or communication to make it more difficult for unauthorized parties to understand, reverse-engineer, or exploit.

Dependencies

To complete A, you must complete B or service will not start without the other

Security Zone

refer to segmented areas within a network that have distinct levels of security controls and access permissions. By segmenting the network into these security zones, organizations can better manage and mitigate cybersecurity risks. They can apply appropriate security controls to each zone based on the sensitivity of the data and the level of access required, thus reducing the likelihood of unauthorized access or compromise.

Key management systems

comprehensive solutions designed to securely generate, store, distribute, rotate, and manage cryptographic keys used for encryption, decryption, authentication, and digital signing operations. KMSs provide centralized control and oversight of cryptographic keys across an organization's IT infrastructure, ensuring the confidentiality, integrity, and availability of sensitive data. keeps key separate from the data you're securing

Operational controls

controls implemented by people instead of systems Example: security guards, awareness programs

Digital signatures

cryptographic mechanisms used to verify the authenticity, integrity, and non-repudiation of digital documents, messages, or transactions. Similar to handwritten signatures, digital signatures provide assurance that the signer is who they claim to be and that the contents of the document have not been altered since the signature was applied.

Honeyflies

fake files with fake information an alert is scent if files are accessed meant to attract attackers

Technical controls

implemented using technical system set up policies and procedures within the OS that would allow or prevent different FXN's from occurring -example: firewalls and anti virus

Certificate Authority or CA

is a trusted entity responsible for issuing digital certificates that verify the identity of individuals, organizations, or devices in electronic transactions and communications. CAs play a crucial role in establishing trust on the internet by providing digital certificates that authenticate the identity of websites, servers, email senders, and other entities. When a CA issues a digital certificate, it attests to the authenticity of the certificate holder's identity and binds their public key to their identity information. This allows recipients to verify the integrity and authenticity of digital communications and transactions, thereby ensuring secure and reliable interactions in the digital domain.

Policy Administrator

its jobs is to take that decision and provide the PEP there may be access tokens or credentials that are created as a result of the policy decision & all of those credentials are then sent to PEP subject-system-untrusted-PEP-policy engine/policy admin-PDP-back to PEP-trusted - access to resources

Barracudas/bollards

prevents people from accessing certain areas of a physical area used to channel people through an access point used to allow people and prevents cars from entering similar to a pillar