Security+ Chapter 1

Availability

Ensures that data is always available. Examples Redundant Array of Independent Disks (RAID), which allows one or two disks to fail while still keeping the data available. Heating Ventilation Air Conditioning (HVAC) that regulates the temperature for critical servers.

Examples of Technical Controls

Firewall Rules: Firewalls prevent unauthorized access to the network by IP address,application, or protocol. • Antivirus/Antimalware: This is the most common threat to a business, and we must ensure that all servers and desktops are protected and up to date. • Screen Savers: These log computers off when they are idle, preventing access. • Screen Filters: These prevent people that are walking past from reading the data on your screen. • Intrusion Prevention System (IPS)/Intrusion Detection System (IDS): An IDS monitors the network for any changes and an IPS stops the attacks. If you do not have an IDS, the IPS can also fulfill the role of the IDS.

What are the three Access Control

Identification Authentication Authorization

What are the two types of encryption?

symmetric and asymmetric

Three examples of Operational Controls

Annual Security Awareness Training Change Management Business Continuity Plan

Defense in Depth

A defense that uses multiple types of security devices to protect a network. Also called layered security.

Corrective Controls

Actions you take to recover from an incident. You may lose a hard drive that contained data; in that case, you would replace the data from a backup you had previously taken. Fire Suppression Systems- There may have been a fire in your data center that destroyed many servers, therefore, when you purchase replacement servers

Compensating Controls

Also be called Alternative or Secondary Controls. Like a backup when something fails.

Two examples of Managerial Controls

Annual Risk Assessment Penetration Testing/Vulnerability Scanning

ABAC

Attribute-Based Access Control-access is restricted based on an attribute in the account.

CIA Triad Concept

Confidentiality, Integrity, Availability(three key principles that should be used to guarantee you have a secure system)

Preventive Controls

Controls that deter problems before they arise. EX:Disable User Accounts; Operating System Hardening

Mandatory Access Control (MAC)

Is based on the classification level of the data. Top secret: Highest level, exceptionally grave damage • Secret: Causes serious damage • Confidential: Causes damage • Restricted: Undesirable effects Examples of MAC based on the classification level of data are as follows: • Top secret: Nuclear energy project • Secret: Research and development • Confidential: Ongoing legal issues

Linux File Permissions

Linux file permissions come in a numerical format; the first number represents the owner, the second number represents the group, and the third number represents all other users:

Three Main Control

Managerial, Operational, and Technical.

Operational Control

Monitoring performance to ensure that operational plans - day-to-day goals - are being implemented and taking corrective action as needed.

Physical Security Controls

Physical security controls are put in place to stop unauthorized access to the company or accessing the data. Physical security controls are easily identifiable as you can touch them.

Defense in Depth Model

Picture

Least Privilege

Providing only the minimum amount of privileges necessary to perform a job or function; this is known as a need-to know basis.

RBAC

Rule-Based Access Control- Rules that applies to whole department.

What are the different types of perimeter security systems:

Signage Gates/Fences Access Control Access Control Vestibules Visitor Logs Badges Lighting Cameras Robot Sentries Industrial Camouflaage

Hashing

Takes the data and converts it into a numerical value called a hash or message digest. When you suspect changes have taken place, you would check the hash value against the original. If the hash value has changed, then the data has been tampered with.

Integrity

This means that you know that data has not been altered or tampered with.

Technical Controls

Those implemented by the IT team to reduce the risk to the business.

Group-Based Access Control

To control access to data, people may be put into groups to simplify access.

Symmetric Encryption

Uses one key, known as the secret key.

Asymmetric Encryption

Uses two keys, known as the private key and the public key.

WORM

Write Once Read Many

Managerial Control

Written by managers to create organizational policies and procedures to reduce risk within companies.

Detective Controls

are used to investigate an incident that has happened and needs to be investigated; these could include the following: • CCTV records events as they happen and from that, you can see who has entered a particular room or has climbed through a window at the rear of a building. CCTV can capture motion and provide non-repudiation. • Log Files are text files that record events and the times that they occurred; they can log trends and patterns over a period of time. For example, servers, desktops, and firewalls all have event logs that detail actions that happen. Once you know the time and date of an event, you can gather information from various log files. These can be stored in Write-Once Read-Many (WORM) drives so that they can be read but not tampered with.