Add to collection(s) Add to saved
  1. No category
Uploaded by Justin Ng

Chapter 1 - Mastering Security Basics

advertisement 
Chapter 1 - Mastering Security
Basics
Course
Security+ SY0-601
Confidence
Not Confident
Last Edited
@September 28, 2023 1:19 PM
Security Goals
CIA - Confidentiality, integrity, and availability
Use case - a goal that an organization wants to achieve
A use case can have different parts including:
1. Actors - the parties involved
2. Precondition - must occur before the process can start
3. Trigger - starts the use case
4. Postcondition - occurs after the actor triggers the process
5. Normal Flow - lists each of the steps in a specific order
6. Alternate Flow - all flow wont be the same
Confidentiality
Confidentiality - prevents the unauthorized disclosure of data (authorized personnel =
good, unauthorized personnel = cannot access)
Several different types of method of confidentiality:
Encryption - scrambles data to make it unreadable by unauthorized personnel
Access Controls:
Identification - claim an identity with a unique username
Chapter 1 - Mastering Security Basics
1
Authentication - users prove their identity with authentication
Authorization - grant or restrict access to resources using an authorization
method
💡
Confidentiality ensures that data is only viewable by authorized users. Best
way to protect confidentiality of data is by encrypting it. Access controls help
protect confidentiality by restricting access.
Integrity
Integrity - assurances that data has not been changed
Hash - a number created by executing a hashing algorithm against data.
A variation in the hashes doesn’t tell you what modified the message. It only tells you
that the message has been modified.
💡
Integrity verifies that data has not been modified. Loss of integrity can occur
through unauthorized or unintended changes. Hashing algorithms, such as
SHA, calculate hashes to verify integrity. A hash is simply a number created
by applying the algorithm to a file or message at different times. By comparing
the hashes, you can verify integrity has been maintained.
Availability
Availability - data and services are available when needed
Organizations typically implement redundancy and fault-tolerance methods to
ensure high levels of availability for key systems.
Chapter 1 - Mastering Security Basics
2
💡
Availability ensures that systems are up and operation when needed and
often address single points of failure. You can increase availability by adding
fault tolerance and redundancies, such as RAID, failover clusters, backups,
and generators.
Redundancy adds duplication to critical systems and provides fault tolerance. If a critical
component has a fault, the redundancy’s duplication allows the service to continue
without interruption.
Types of redundancies:
Disk redundancy - RAID 1, 5, 10 allow a system to continue to operate even
if a disk fails.
Server redundancy - failover clusters
Network redundancy - load balancing
Power redundancy - uninterruptible power supplies (UPSs) and power
generators
💡
Redundancy and fault tolerance methods increase the availability of systems
and data. Scalability refers to manually adding or removing resources to a
system to scale it up or out. Elasticity refers to dynamically adding or
removing resources to a system to scale it.
Scalability - systems ability to handle increased workload either by scaling up or scaling
out. (Manual)
Elasticity - ability of a system to handle an increased workload by dynamically scaling
up or out as the need arises.
Resiliency - help systems heal themselves or recover from faults with minimal
downtime.
Risk vs Threat
Risk is the possibility or likelihood of a threat exploiting a vulnerability resulting in a
loss. A threat is a circumstance or event that has the potential to compromise
Chapter 1 - Mastering Security Basics
3
confidentiality, integrity, or availability.
Risk mitigation reduces the chances that a threat will exploit a vulnerability or
reduces the risk’s impact by implementing security controls.
Security controls
Managerial control - administrative that focuses on managing risk
Risk assessment - help orgs quantify and qualify risks within an org so that they
can focus on serious risks
Vulnerability assessment - attempts to discover current vulnerabilities
Operational control - ensure day to day operations complying with security policies
Technical controls - use tech (hardware, software, firmware) to reduce
vulnerabilities
Preventative controls - prevent an incident from happening
Hardening - making a system more secure than default (disabling unnecessary
ports and services, implementing secure protocols, patching system, strong
passwords)
Training, security guards, change management, account disablement policy,
intrusion prevention system
Detective controls - detect incidents after they happen
Log monitoring, security information and event management systems (SIEM),
security audit, video surveillance, motion detection, intrusion detection system
(IDS)
Corrective controls - reverse the impact of an incident
Backups, system recovery
Incident handling process - define steps to take in response to security
incidents
Deterrent controls - attempt to discourage individuals from causing an incident
Compensating controls - alt controls used when primary control is not feasible
Physical controls - controls you can physically touch
Chapter 1 - Mastering Security Basics
4
Commands
Ping
A basic command used to test connectivity for remote systems.
Hping - similar to ping command, but can send pings using TCP, UDP, and ICMP
Ipconfig - internet protocol configuration shows the TCP/IP config info for a windows
system
Ifconfig - same protocol but for linux
ifconfig eth0 - shows the config of the first ethernet interface (same for wlan0)
ifconfig eth0 promisc - enables promiscuous mode. Allows a NIC to process all
traffic it receives
ifconfig eth0 allmulti - enables multicast mode on the NIC
The ip command is more encouraged than the ifconfig because it is no longer
maintained by developers
ip link show - shows interfaces along with details
ip link set eth0 up - enables network interface
ip -s link - shows stats on the network interface
Netstat
Allows you to view stats for TCP/IP protocols on a system
netstat - displays all open TCP connections
netstat -a - displays all TCP and UDP ports
netstat -r - displays routing table
Chapter 1 - Mastering Security Basics
5
netstat -e - displays details on network stats
netstat -s - displays stats of packets sent or received for specific protocols
netstat -n - displays addresses and port numbers in numerical order
netstat -p protocol - shows stats on a specific protocol such as TCP and UDP
Tracert & Traceroute
Commands all routers between two systems. Used to identify faulty routers on the
network and identify modified paths.
Pathping
Combines the functions of ping and tracert
ARP
arp the command and ARP the protocol aren’t the same thing
arp - without a switch, shows help on Windows
arp -a - shows the ARP cache on Windows
LAMP
Linux, Apache, MySQL, and PHP/Perl/Python
sudo
Allows you to run the command with root, or elevated privileges, assuming you have
the permissions
cat
Used to display contents of the files
grep
Used to search for a specific string or pattern of text within a file
Chapter 1 - Mastering Security Basics
6
ex. sudo cat /var/log/auth.log | grep “authentication failure”
head
Shows the first 10 lines of a file
tail
Displays the last 10 lines of a log file by default
ex. sudo tail -n 15 /var/log/messages
logger
Adds entries in the /var/log/syslog file
Admins use this command before performing an operation (like backing up)
journalctl
Queries the Linux system logging utility and displays log entries from several
sources
ex. journalctl — since “1 hour ago”
ex. journalctl — since “1 hour ago” > myjournal.txt
chmod
Used to modify permissions on Linux systems files and folders
Read - someone can open the file and view its content
Write - a user can modify the contents
Executes - a user can launch the file and is used with exe files
First set of permissions applies to the owner of the file
Second set applies to the owner group
Third set applies to everyone else
Can use octal nums from (0-7)
Chapter 1 - Mastering Security Basics
7
ex. chmod 760 filename
Also possible to assign permission using the text method
u - file owner
g - owner group
o - all others
ex. chmod g=r filename or chmod o-x filename
SIEM System
Security information and event management system provides a centralized solution
for collection and analyzing and managing data from multiple sources.
Capabilities
Log collectors - collects and stores log data in a searchable database
Data inputs - log entries come from various sources such as firewalls, routers,
network intrusion detection and prevention systems
Log aggregation - refers to combining several dissimilar items into a single
similar format. SIEM system collects data from multiple systems and
aggregates the data and stores it so that its easy to analyze and search
Correlation engine - software component used to collect and analyze event log
data from various systems within the network. Aggregates data looking for
common attributes like patterns
Reports - most systems include built-in reports. Typically groups in different
categories such as network traffic event monitoring, device events, threat
events, and more.
Packet capture - protocol analyzers/sniffers capture network traffic allowing
admins to view and analyze individual packets
User behavior analysis - focuses on what users are doing, such as what
applications they are launching and network activity.
Sentiment analysis - analyzing text to detect an opinion or emotion
Chapter 1 - Mastering Security Basics
8
Security monitoring - alerts which can provide continuous monitoring of systems
and provide notifications of suspicious events
Automated triggers - cause an action in response to a predefined number of
repeated events
Time sync - all servers sending data to the SIEM should be synced with the
same time
Events deduplication - process of removing duplicate entries
Logs/WORM - SIEM typically includes methods to prevent anyone from
modifying log entries
Syslog
Specifies a general log entry format and the details on how to transport log entries.
Syslog-ng - allows a system to collect logs form any source. Includes correlation
and routing abilities to route log entries to any log analysis tool.
Rsyslog - improvement over syslog-ng. Significant change is the ability to send log
entries directly into database engines.
NXLog
log management tool and is similar to rsyslog and syslog-ng. Supports log formats
for windows
Chapter 1 - Mastering Security Basics
9
Related documents
key questions doodle
key questions doodle
The Effective Method for Teaching and Learning English
The Effective Method for Teaching and Learning English
- Everyday Leadership
- Everyday Leadership
If you need 1st Time Access for Mastering Biology... 1. Steps for
If you need 1st Time Access for Mastering Biology... 1. Steps for
PHYSICS 6B COURSE INFORMATION WINTER 2011
PHYSICS 6B COURSE INFORMATION WINTER 2011
Download
advertisement