Comptia Security+ 601 Chapter 2 Summary

CompTIA Security+ Study Guide: Exam SY0-601 8th Edition, by Mike Chapple & David Seidl


Chapter 2 summary of my notes.


1. Threat Actors


Threat actors differ in several key attributes. We can classify threat actors using four major criteria:



  1. Internal to the organization or they may come from external sources

  2. Differ in their level of sophistication and capability

  3. Differ in their available resources and funding

  4. Different motivations and levels of intent


Threat actors may be very simplistic in their techniques(2), such as script kiddies using exploit code written by others, or quite sophisticated(2), such as the advanced persistent threat posed by nation-state actors, well funded(3), and criminal syndicates.


Hacktivists(4) may seek to carry out political agendas, whereas competitors may seek financial gain.


We can group hackers based on their motivation and authorization:



  1. white-hat

  2. gray-hat

  3. black-hat


Attackers exploit different vectors to gain initial access to an organization:



  1. They may attempt to gain initial access to an organization remotely over the Internet, through a wireless connection

  2. Attempting direct physical access.

  3. They may also approach employees over email or social media.

  4. They may seek to use removable media to trick employees into unintentionally compromising their networks

  5. They may seek to spread exploits through cloud services. Sophisticated attackers may attempt to interfere with an organization's supply chain.          


 


2. Threat Intelligence


Threat intelligence provides organizations with valuable insight into the threat landscape. The teams behind threat intelligence often supplement open source and closed-source intelligence that they obtain externally with their own research.


Security teams may leverage threat intelligence from public and private sources to learn about current threats and vulnerabilities. They may seek out detailed indicators of compromise and perform predictive analytics on their own data. They must monitor for supply chain risks. Security professionals should pay particular attention to risks posed by outsourced code development, cloud data storage, and integration between external and internal systems.


Modern enterprises depend on hardware, software, and cloud service vendors to deliver IT services to their internal and external customers. Vendor management techniques protect the supply chain against attackers seeking to compromise these external links into an organization's network.