CompTIA Security+ 501 Summary Part 5

Feb. 27, 2023, 5:28 a.m.

This is a summary of my notes on Chapter 5 of the CompTIA Security+ Get Certified Get Ahead by Darril Gibson, 5th Edition

Things to keep in mind:

CompTIA is releasing an updated version of the Security+ Exam in November 2020 so this edition will soon be outdated. 90% of the book will remain the same in accordance with the updated exam. New threats and cloud-computing technology will probably make up the majority of that new 10% of content.

Synthesizing paragraphs with a huge list of facts sometimes results in dreadful sentences. It also results in some streams of thought that end abruptly. Some notes cannot be digested any further and remain identical in this summary. In any case, these are just notes and not an essay.

Some things are repeated but this is simply to reinforce.

AP’s are Access Points.

1. Different Systems & Processes

The principle of least functionality is that systems should be deployed with the least amount of applications, services, and protocols. My now bricked Samsung A51 proved that Samsung does not follow this core security principle after having to wait over half-an-hour to use my new device because over a dozen game applications were being forcibly downloaded onto the fresh phone.

Kiosks are small structures in open areas used to sell something, provide information, or display advertisements and they usually run off of a linux operating system. An example of a Kiosk would be a bank ATM.

Trusted Operating Systems meet specific security criteria and use the Mandatory Access Control model. A master image is a secure starting point for systems. Integrity measurements are used to discover when a system deviates from the master image baseline. An application whitelist prevents users from installing unlisted or blacklisted software. When securing a system, Electromagnetic Interference, EMI, and Electromagnetic Pulse, EMP, need to be considered. EMI is generated by things like powerlines and motors.

Patch Management protects systems from known vulnerabilities by ensuring that operating systems and applications are up to date. Change Management is used to safely fulfill Patch Management by staging the update process in order to avoid breaking systems. Updates are first tested in sandbox environments before they are deployed to active systems. Sandboxing is the use of isolated virtual machines for testing. Four important steps to proper Change Management are: Development, testing, staging, and production.

Trusted Platform Modules, TPM, are hardware chips included on laptops and mobile devices that help in providing Full Disk Encryption, FDE, and support Secure Boot and Remote Attestation. The TPM has a unique RSA asymmetric key burned into the chip that provides a hardware root of trust.
VeraCrypt is one example vendor that provides FDE. Self-Encrypting Drives, SEDs, include all the hardware and software to encrypt data on the drive itself and can securely store encryption keys. Hardware Security Modules, HSM, are removable or external devices that can generate, store, and manage RSA keys used in asymmetric encryption. They are different from TPMs because they are external.

Basic Input/Output System, BIOS, is firmware that provides a computer with basic instructions on how to start. The BIOS runs basic checks, including locating and running the operating system on the drive. You can see the BIOS chip, the hardware with specific software running on it, on your motherboard. Unified Extensible Firmware Interface, UEFI, has replaced the old BIOS in newer systems. It is an improvement on BIOS and is designed to be CPU-independent. You can FLASH your BIOS or UEFI to overwite the software within the chip with newer software.

Software as a service, SaaS, Platform as a service, PaaS, Infrastructure as a service, IaaS, Ransomware as a service, RaaS, and so on are all examples of cloud-based technologies. Cloud Access Security Brokers, CASBs, are pieces of software deployed between an organization’s network and the cloud provider to enable access to the cloud service. It provides Security as a service, not to be confused with the official SaaS, by monitoring traffic and enforcing security policies. There are private and public clouds that organizations can make use of. Public clouds provides hardware that is shared by multiple users. An example of one would be Microsoft Azure. Unless you buy into a dedicated server, you are utilizing a public IaaS.

2. Mobile Devices & Controls
COPE devices, or Corporate-owned-Personally-enabled devices, would be your work laptop that was provided to you during the onboarding process in your new company. There can be a BYOD, bring your own device, or CYOD, choose your own device, policy at an organization. CYOD is simply you abiding by a list of approved devices.

A Virtual Desktop Infrastructure, VDI, is the process of virtualizing a desktop. A server provides the hardware to run the desktop and a user accesses the desktop virtually. Mobile Device Management, MDM, tools help enforce security policies on mobile devices. Examples of MDM would include FDE, storage segmentation, and enforcing authentication methods. Geofencing can be used as an MDM feature. It creates a virtual fence around a geographic boundary and can be used to detect when a device is within an organization’s property. Geotagging adds geographical data to files. For example, you can see at what location a picture was taken at.

Context-Aware authentication uses multiple elements to authenticate a user on a mobile device. Jailbreaking removes all software restrictions from Apple devices and Rooting gives users root-access to Android devices. Also in Android, you can sideload or install software from a source outside of the Google Play Store. Because you can use tethering to share a mobile device’s Internet connection with other devices, MDM tools should block access to devices using it. The same goes for Wi-Fi Direct which allows for two devices to connect without using an AP.

3. Embedded Devices
IoT devices such as wearable technology are all considered embedded systems because they are devices with dedicated functionality that use computer systems to perform that functionality. Your computer is a general-purpose full system that does NOT strictly have dedicated functionality but rather a wide-range of functionality. More examples of embedded systems include medical monitoring equipment, smart thermostats, and Unmanned Aerial Vehicles. Some embedded systems use a system on a chip, SoC, like a BIOS chip.

Industrial Control Systems, ICS, are systems within places like power plants and are isolated from the public internet through use of VLANs, Virtual LANs. ICSs are controlled by a Supervisory Control And Data Acquisition, SCADA, system which is an embedded system. SCADA monitors important data, records events, and provides direct interaction with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software.

4. Data Protection & Permissions

Database column encryptions protects individual fields within a database. Microsoft Systems support New Technology File System, NTFS, which utilizes the Encrypting File System, EFS. Linux Systems support GNU Privacy Guard, GPG, which is a command-line tool for encrypting and decrypting files with a password. In Linux, the owner owns a file or directory and is granted all permissions. A group is a way of spreading permissions for accessing files or directories to multiple users at once; they are added to a group. Linux uses the Read(r), Write(w), and Execute(x) permission system. A dash represents a permission that is not assigned. For example:

rw-

means read-write allowed and execute-denied. You can use the chmod(remember that Linux is case-sensitive) to change permissions.

DLP stands for Data Loss Prevention. Data exfiltration is the unauthorized transfer of data out of a network. Certain DLP techniques can block the use of USB devices to prevent data exfiltration.