Security+ Chapter 1
Availability
Ensures that data is always available. Examples Redundant Array of Independent Disks (RAID), which allows one or two disks to fail while still keeping the data available. Heating Ventilation Air Conditioning (HVAC) that regulates the temperature for critical servers.
Examples of Technical Controls
Firewall Rules: Firewalls prevent unauthorized access to the network by IP address,application, or protocol. • Antivirus/Antimalware: This is the most common threat to a business, and we must ensure that all servers and desktops are protected and up to date. • Screen Savers: These log computers off when they are idle, preventing access. • Screen Filters: These prevent people that are walking past from reading the data on your screen. • Intrusion Prevention System (IPS)/Intrusion Detection System (IDS): An IDS monitors the network for any changes and an IPS stops the attacks. If you do not have an IDS, the IPS can also fulfill the role of the IDS.
What are the three Access Control
Identification Authentication Authorization
What are the two types of encryption?
symmetric and asymmetric
Three examples of Operational Controls
Annual Security Awareness Training Change Management Business Continuity Plan
Defense in Depth
A defense that uses multiple types of security devices to protect a network. Also called layered security.
Corrective Controls
Actions you take to recover from an incident. You may lose a hard drive that contained data; in that case, you would replace the data from a backup you had previously taken. Fire Suppression Systems- There may have been a fire in your data center that destroyed many servers, therefore, when you purchase replacement servers
Compensating Controls
Also be called Alternative or Secondary Controls. Like a backup when something fails.
Two examples of Managerial Controls
Annual Risk Assessment Penetration Testing/Vulnerability Scanning
ABAC
Attribute-Based Access Control-access is restricted based on an attribute in the account.
CIA Triad Concept
Confidentiality, Integrity, Availability(three key principles that should be used to guarantee you have a secure system)
Preventive Controls
Controls that deter problems before they arise. EX:Disable User Accounts; Operating System Hardening
Mandatory Access Control (MAC)
Is based on the classification level of the data. Top secret: Highest level, exceptionally grave damage • Secret: Causes serious damage • Confidential: Causes damage • Restricted: Undesirable effects Examples of MAC based on the classification level of data are as follows: • Top secret: Nuclear energy project • Secret: Research and development • Confidential: Ongoing legal issues
Linux File Permissions
Linux file permissions come in a numerical format; the first number represents the owner, the second number represents the group, and the third number represents all other users:
Three Main Control
Managerial, Operational, and Technical.
Operational Control
Monitoring performance to ensure that operational plans - day-to-day goals - are being implemented and taking corrective action as needed.
Physical Security Controls
Physical security controls are put in place to stop unauthorized access to the company or accessing the data. Physical security controls are easily identifiable as you can touch them.
Defense in Depth Model
Picture
Least Privilege
Providing only the minimum amount of privileges necessary to perform a job or function; this is known as a need-to know basis.
RBAC
Rule-Based Access Control- Rules that applies to whole department.
What are the different types of perimeter security systems:
Signage Gates/Fences Access Control Access Control Vestibules Visitor Logs Badges Lighting Cameras Robot Sentries Industrial Camouflaage
Hashing
Takes the data and converts it into a numerical value called a hash or message digest. When you suspect changes have taken place, you would check the hash value against the original. If the hash value has changed, then the data has been tampered with.
Integrity
This means that you know that data has not been altered or tampered with.
Technical Controls
Those implemented by the IT team to reduce the risk to the business.
Group-Based Access Control
To control access to data, people may be put into groups to simplify access.
Symmetric Encryption
Uses one key, known as the secret key.
Asymmetric Encryption
Uses two keys, known as the private key and the public key.
WORM
Write Once Read Many
Managerial Control
Written by managers to create organizational policies and procedures to reduce risk within companies.
Detective Controls
are used to investigate an incident that has happened and needs to be investigated; these could include the following: • CCTV records events as they happen and from that, you can see who has entered a particular room or has climbed through a window at the rear of a building. CCTV can capture motion and provide non-repudiation. • Log Files are text files that record events and the times that they occurred; they can log trends and patterns over a period of time. For example, servers, desktops, and firewalls all have event logs that detail actions that happen. Once you know the time and date of an event, you can gather information from various log files. These can be stored in Write-Once Read-Many (WORM) drives so that they can be read but not tampered with.