Security Plus Exam Cram Series 2024 Edition: Domain 1

Jul 13, 2024

Security Plus Exam Cram Series 2024 Edition: Domain 1 – General Security Concepts

Overview

  • Focus: General security concepts
  • Key Areas: Security controls, change management, cryptography
  • Materials: PDF of presentation, links to study guides and practice resources

Security Controls

Categories

  1. Technical Controls: Hardware/software mechanisms (e.g., encryption, firewalls, IDS)
  2. Physical Controls: Protection of facilities and objects (e.g., guards, locks, cameras)
  3. Managerial Controls: Policies/procedures defined by management (e.g., training, risk assessments)
  4. Operational Controls: Day-to-day activities ensuring compliance (e.g., awareness training, backup supervision)

Types

  1. Preventive Controls: Stop unwanted activity (e.g., firewalls, locks)
  2. Deterrent Controls: Discourage policy violations (e.g., cameras, guards)
  3. Detective Controls: Discover unwanted activity (e.g., IDS, audit logs)
  4. Compensating Controls: Support other controls (e.g., policies, procedures)
  5. Corrective Controls: Restore systems post-incident (e.g., backups, patch management)
  6. Directive Controls: Enforce compliance (e.g., policies, training)

Key Points

  • Examples: Technical (encryption, firewalls); Physical (locks, cameras); Managerial (policies, training); Operational (backups)
  • Overlaps: Single controls can map to multiple types
  • Keywords for Exam: Deterrent (warning), Preventive (firewall), Directive (policy)

Fundamental Security Concepts (Section 1.2)

CIA Triad

  1. Confidentiality: Ensuring only authorized access to data
  2. Integrity: Ensuring data is not altered without authorization
  3. Availability: Ensuring data is accessible when needed
  4. Non-repudiation: Ensuring actions/transactions cannot be denied

AAA Model

  1. Authentication: Proving identity (username/password)
  2. Authorization: Granting access based on identity
  3. Accounting: Tracking user activity

Authorization Models

  1. Non-Discretionary: System-wide rules (e.g., Role-Based Access Control)
  2. Discretionary: Owners grant access (e.g., NTFS file system)
  3. Role-Based: Based on roles/groups
  4. Rule-Based: Applies rules globally (e.g., firewalls)
  5. Mandatory: Based on labels (e.g., military security)
  6. Attribute-Based: Based on account attributes (e.g., department)

Gap Analysis & Zero Trust

  • Gap Analysis: Comparing current state vs. standards (e.g., ISO 27001)
  • Zero Trust: No implicit trust, verify every access
    • Key Principles: Assume breach, verify explicitly, least privilege access
    • Policy Enforcement & Decision Points: Enforce policies, make access decisions
    • Control & Data Plane: Adaptive identity, Threat scope reduction, Policy enforcement

Physical Security

  1. Bollard: Barrier against vehicle attacks
  2. Access Control Vestibule: Controls access one person at a time
  3. Fences: Security perimeter (varying efficacy based on height/composition)
  4. Video Surveillance: Cameras, motion detection
  5. Security Guards: Prevent unauthorized access
  6. Lighting: Deterrent, efficiency measures
  7. Sensors: Infrared, Pressure, Microwave, Ultrasonic

Deception & Disruption

  • Honeypot: Lures attackers, isolates them
  • Honeynet: Group of honeypots
  • Honeyfile: Decoy file to attract attackers
  • Honeytoken: Fake database record

Change Management (Section 1.3)

  1. Approval: Management reviews/approves changes
  2. Ownership: Assign responsible owner
  3. Stakeholder Analysis: Identify impacted individuals/groups
  4. Impact Analysis: Review potential side effects
  5. Testing: Validate in test environment
  6. Back-out Plan: Steps to revert change if issues arise
  7. Maintenance Windows: Schedule changes to minimize business impact

Technical Implications

  • Firewall Updates: Allow/Deny lists
  • Downtime Considerations: Plan for service interruptions
  • Application Restarts: Manage security posture
  • Legacy Applications: Compatibility concerns
  • Dependency Tracking: Assess impact on other systems

Documentation & Version Control

  • Continuous Update: Ensure accurate record of system state
  • Critical for Security: Inaccurate documentation may leave vulnerabilities
  • Version Control: Track current versions, common system is Git

Cryptographic Solutions (Section 1.4)

PKI Basics

  1. Key Management: Generation, storage, exchange, replacement
  2. Certificate Authorities: Issue/manage certificates
  3. Certificate Revocation List: Published list of revoked certificates
  4. OCSP: Real-time certificate status protocol

Certificate Types

  1. User Certificate: Represents user's digital identity
  2. Root Certificate: Trust anchor in PKI
  3. Domain Validation: Proves ownership of domain
  4. Extended Validation: High trust for entity authenticity
  5. SAN Certificate: Support multiple domains/IPs
  6. Wildcard Certificate: Multiple subdomains
  7. Code Signing: Ensure code origin
  8. Self-signed: Not recommended for production

Encryption Levels

  1. File: Individual file level
  2. Volume: Specific partition/volume
  3. Disk: Entire disk
  4. Cloud Storage Encryption: Managed by CSP
  5. Transparent Data Encryption: Real-time database encryption

Symmetric vs. Asymmetric

  • Symmetric: Single shared key, fast, not scalable
    • Algorithms: AES, Triple DES, Twofish
  • Asymmetric: Public/private key pairs, scalable, non-repudiation
    • Algorithms: RSA, ECC, Diffie-Hellman

Hashing & Salting

  • Hashing: One-way function, integrity checks (SHA, MD5)
  • Salting: Adds random data to hashes to prevent rainbow table attacks

Digital Signatures

  • Provides: Authentication, non-repudiation, integrity
  • Standard: Digital Signature Standard (DSS)

Key Stretching

  • Enhances: Weak keys by making them longer, more random

Blockchain & Open Public Ledger

  • Blockchain: Decentralized, immutable, and transparent
  • Open Public Ledger: Centralized, mutable, relies on authority

Encryption Tools

Hardware-Based Tools

  1. TPM: Trusted Platform Module, key management, secure boot
  2. HSM: Hardware Security Module, key management/performance
  3. Hardware Root of Trust: Verifies keys match for secure boot
  4. KMS: Centralized storage for keys (e.g., Azure Key Vault)
  5. Secure Enclave: Isolated environment for sensitive processing

Obfuscation Techniques

  • Steganography: Conceal data within other files
  • Tokenization: Replace data with tokens
  • Pseudonymization: Use artificial identifiers
  • Anonymization: Remove identifiable data
  • Data Minimization: Only collect necessary data
  • Data Masking: Partially hide sensitive data (e.g., credit card numbers)