CompTIA Security+ 501 Summary Part 6

This is a summary of my notes on Chapter 6 of the CompTIA Security+ Get Certified Get Ahead by Darril Gibson, 5th Edition

Things to keep in mind:

• CompTIA is releasing an updated version of the Security+ Exam in November 2020 so this edition will soon be outdated. 90% of the book will remain the same in accordance with the updated exam. New threats and cloud-computing technology will probably make up the majority of that new 10% of content.
• Synthesizing paragraphs with a huge list of facts sometimes results in dreadful sentences. It also results in some streams of thought that end abruptly. Some notes cannot be digested any further and remain identical in this summary. In any case, these are just notes and not an essay.
• Some things are repeated but this is simply to reinforce.


• Hackers are referred to as actors

Script kiddies have little experience in hacking and they are forced to use already created scripts or software to launch attacks. They lack sophistication and presumably, funding. Hacktivists, script kiddies or more advanced, launch attacks for a political goal. Insiders are employees of organizations that use their legitimate access to resources as a way to secretly steal information. Advanced Persistent Threats, or APTs, are state-sponsored hacking groups who launch sophisticated, well funded, and targeted attacks that aim to disrupt international enemies.

Denial of Service is the disruption of a service by a single source system. A Distributed-Denial of Service is the disruption of a service by multiple source systems. DdoS uses hundreds to millions of systems to sustain a powerful attack against a network.

Malware is simply malicious code and can take the form of viruses, worms, trojans, ransomware, and rootkits etc.. Viruses are embedded into applications and run when the application runs. Worms, on the other hand, don’t use applications to run and are self-replicating; spreading across a network using ports. Logic bombs are simply programs that execute in response to an event, such as the arrival of a certain date in time. Backdoors are simply secretive access to a system. Trojans appear to be a useful program but in reality are malicious and install backdoors on the victim’s system. For example, you may download a pirated movie and it ends up being a trojan. A specific type of trojan is a Remote-Access Trojan, or RAT, and it allows actors to take control of a system remotely. A watering hole attack is simply infecting a popular website that targets usually visit so that they can be infected with malware. Since the users trust the website, they do not suspect any malicious activity.

Ransomware is malware that commodores a system’s data and encrypts it. The actor may then offers the decryption key for sale. A keylogger captures user’s keystrokes and saves them to a file that is then sent to the actor. Keyloggers are a type of spyware because they monitor a user’s computer activity. Adware was first primarily used to learn about a user’s habits for the purpose of targeted advertising but now the term largely applies to software that is free but includes advertisements. Bots are software robots and botnets are a larges number of computers that act as bots, usually termed zombies, and function together in a network in order to launch coordinated attacks. Rootkits have system-level or kernel access and can modify system files and access. They are incredibly hard to detect due to active measures including hiding in active memory and thwarting any scanning by anti-malware software.

Social engineering is the use of social tactics to gain secret information. This includes calling a company and faking your identity to gain access to a system or simply looking over somebodies shoulder to see what they’re typing(shoulder surfing). They can also go dumpster diving in order to get any intact documents that a company didn’t properly shred.

Spam is unwanted email and phishing is the act of sending malicious spam. Targeted phishing is called spear phishing and targeting high-level executives is called whaling. Phishing over the phone or through VoIP is calling vishing. You probably get Vishing robot calls daily.


2. Some Defenses

Spam filters on mail-gateways detect and filter spam before it ever gets to a user’s computer. Anti-malware software can be installed on mail-gateways in order to scan any files attached to incoming emails and strips those that come back as potentially malicious. Antivirus software used signature-based or heuristic-based detection. Signature is literally the known-signatures of files. Heuristic is the comparison between a baseline and an alteration.

Data Execution Prevention, DEP, prevents code from executing in memory regions marked as nonexecutable. DEP is enforced in both hardware and software. AMD implements DEP using no-execute page-protection, or NX, while Intel uses Execute Disable Bit, XD. Cisco’s Advanced Malware Protection, AMP, combines various technologies to protect a network before, during, and after an attack.

Educating users on phishing should be a main priority. Run simulations where users are sent fake phishing emails and see whether they click on the links or report the email. When new phishing campaigns are launched, provides the users with an overview on the new technique and what to look out for.