CompTIA Security+: Security Fundamentals

CompTIA Security+ logo

Module 1:

Security is a critical aspect of modern computing and information technology. It’s the foundation on which all other cybersecurity concepts are built. As a CompTIA Security+ professional, understanding security fundamentals is essential. In this post, we will explore the core principles of security, which serve as the building blocks for a secure digital environment.

Information Security Goals

Prevention:

  • Various types of information need protection.
  • Doing so can lesson data loss during a security breach.
  • Preventing unauthorized access to information is top priority.

Detection:

  • Discovering attempts to access unauthorized data, or that information has been lost.
  • Investigate individuals or scan data and network for traces of the intruder.

Recovery:

  • Disasters or intrusions can cause compromised or damaged data.
  • You need a process to recover data from crashed systems or devices.
  • You can also recover lost or stolen physical resources.

IT Risks

A concept that indicates exposure to the chance of damage or loss and signifies the likelihood of a hazard or dangerous threat.

  • IT risk is associated with system, power, network, and physical losses.
  • Can also affect people, practices or processes.

Data in all forms must be protected.

Organizations must take risk into account when Information security is designed and implemented.

Other risks to take into account:

  • Disgruntled former employees
  • Threat of improper access

Vulnerabilities

A vulnerability is any condition that leaves a device open to harm.

  • Improperly configured installed hardware or software.
  • Delays in applying and testing software and firmware patches.
  • Untested software or firmware patches.
  • Bugs in software or operating systems.
  • Misusing software or communication protocols.
  • Poorly designed networks.
  • Poor physical security.
  • Insecure passwords.
  • Unchecked user input.

Threats

A threat is any event or action that could potentially cause damage to an asset.

  • Changes to information.
  • Interruption of Services.
  • Damage to Hardware.
  • Damage to Facilities.

Attacks

An attack is any technique used to exploit a vulnerability in an application or physical computer system without the authorization to do so.

  • Physical Security Attack.
  • Software Based Attack.
  • Social Engineering Attacks.
  • Web Application based Attacks.
  • Network Based Attacks.

Controls

Controls are countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats and attacks.

  • Solutions and activities for meeting information security objectives.
  • Safeguards and countermeasures, Physical or logical.

Types of Controls

  • Prevention control
  • Detection control
  • Correction control

Prevention Controls: Help prevent a threat or attack from exposing a vulnerability.

Detection Controls: Help to discover if a threat or vulnerability has entered a computer system.

Connection Controls: Help to mitigate the consequences of a threat or attack from adversely affecting a computer system.

Security Management Process

  • Identification
  • Implementation
  • Monitoring

Identify Security Controls

Detect problems and determine how best to protect the system.

Implement Security Controls

Install control mechanisms to prevent problems in a system.

Monitor Security Controls

Detecting and solve any security issues that arise after security controls are implemented.

The CIA Triad

The CIA Triad is the three principles of security control and management.

  • Confidentiality
  • Integrity
  • Availability

Confidentiality

Keeping information and communications private and protected from unauthorized access.

  • Includes trade or military secrets, personal health and tax records.
  • Controlled by encryption, access control and steganography.

Integrity

Keeping organizational information accurate, free of errors and free from unauthorized access.

  • Includes modification of test scores, medical notes etc basically any data stored on a server.
  • Controlled by hashing, digital signatures, certificates and change control.

Availability

Ensuring that computer systems operate continuously and that authorized personnel can access data when needed.

  • Includes ensuring data like radar images are both captured and distributed to airports.
  • Controlled by redundancy, fault tolerance and patching.

Non-Repudiation

Non-Repudiation: Ensure that the party that sent a transmission or created data remains associated with the data and cannot deny creating or sending the data.

Accountability: Determine who or what is accountable for a particular activity or event.

Identification

The process where a claim is made about the nature of a particular entity.

  • Organizations tend to invest more in identification systems when they need a high degree of security or protection.
  • Identification typically associates resources (like email addresses or usernames) with passwords and can include additional identifying information.

Authentication

A method for validating a particular entity or individual’s unique credentials.

  • Does the user have the correct credentials to access system.
  • Keep credentials secret to prevent unauthorized access to confidential information.

Authentication Factors

Something You Are:

  • Fingerprints, handprints and retinal patterns.

Something You Have:

  • Key or ID-card.

Something You Know:

  • Password or pin.

Somewhere You Are or Are Not:

  • IP address or Geo-location.

Something You Do:

  • Keystroke patterns or tracing picture passwords.

Authorization

The process of determining what rights and privileges a certain entity has.

After identification and authentication are successful, a system can determine what resources the entity is authorized to access.

Access Control

The process of determining and assigning privileges to resources, objects and data.

Accounting and Auditing

Accounting: The process of tracking and recording system activities and resource access.

Auditing: The portion of accounting that entails security professionals examining logs of what was recorded.

The Principle of Least Privilege

The principle that establishes that users and software should have the minimal level of access that is necessary for them to perform the duties required of them.

  • Limits on access to facilities, Information, computer hardware and software.
  • Assign only the level of access required to perform the necessary tasks.

Privilege Management

Privilege Management: The use of authentication and authorization mechanisms to provide centralized or decentralized administration of user and group access control.

SSO: An aspect of privilege management that provides users with one-time authentication to multiple resources, servers or sites.

Passwords

  • User name and password combinations are the most used authentication scheme used.
  • Credentials are compared to those stored in a database.
  • There is no guarantee the correct user is supplying the credentials.
  • When credentials are not encrypted for transmission, they are susceptible to an attacker.

Tokens

Physical or virtual objects that store authentication information. Common examples include smart cards, id badges and data packets.

  • Can store Pins, user information, passwords.
  • Token values can be generated to respond to authentication server challenges.

Biometrics

Authentication schemes based on the identification of individuals by their physical characteristics.

  • Fingerprint scanner
  • Retinal scanner
  • Hand scanner
  • Voice recognition
  • Facial recognition

Geo-location

The process of identifying the geographic location of an object.

Association of addresses with:

  • IP address
  • Wi-Fi position system
  • GPS coordinates Authenticate requests from approved locations

Authentication requests from approved locations are granted.

Keystroke Authentication

An authentication type that relies on detailed information describing exactly when a key is pressed and released as someone type’s information into a computer or other electronic device.

  • Uses your personal typing tendencies.
  • Records and stores your typing for comparison purposes.
  • Keystroke logger and other metrics are collected to derive a keystroke pattern that is unique to a user.

Multi-Factor Authentication

An authentication scheme that requires validation of two or more distinct authentication factors.

  • A Bank card and Pin used to be 2fa but now we can swipe these bank cards in shops without a pin.
  • Authenticator apps are great two factor authentication techniques.
  • You key in a validation code from a text message or email as part of the logging in process.
  • The multi-factors must be different.

Mutual Authentication

A security mechanism that requires that each party in a communication verifies the identity of every other party in the communication.

  • The service or resource verifies the clients credentials, while the client verifies the credentials of the service or resource.
  • Prevents clients from sending confidential information to non-secure servers.
  • Helps to avoid man-in-the-middle attacks.

Cryptography, Encryption and Steganography

Cryptography: The science of hiding information, most commonly by encoding and decoding a secret code used to send messages.

  • Based on mathematics and computer science.
  • Protects stored data.
  • Protects data in transit across the internet.

Encryption and Decryption

Encryption is security technique that converts data from plain text form into coded form so that only authorized parties with the necessary decryption information can decode and read the data.

Plaintext: Unencrypted data that is meant to be encrypted before transmission, or the result of decrypting encrypted data.

Ciphertext: Encoded unreadable data.

Decryption: A cryptographic technique that converts ciphertext to plaintext.

Cleartext: Unencrypted, readable data that is not meant to be encrypted.

  • Only authorized parties with decryption information can read encrypted files.
  • One-way encryption is not meant to be decrypted.
  • Two-way encryption is meant to be decrypted.

Encryption and Security Goals

  • Confidentiality
  • Integrity
  • Non-repudiation
  • Authentication
  • Access control

Ciphers

Cipher: An algorithm used to encrypt or decrypt data.

Enciphering: The process of translating plaintext to ciphertext.

Deciphering: The process of translating ciphertext to plaintext.

  • Ciphers alter individual letters or bits to scramble a message.
  • Codes words or phrases or resemble a secret language.

The science of breaking codes and ciphers is called cryptanalysis.

A Key

A key is a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.

  • Different keys produce different ciphertext.
  • For each algorithm, longer keys provide stronger encryption.
  • Static or ephemeral keys.

Symmetric Encryption

A two-way encryption scheme in which encryption and decryption are both performed by the same key (shared key encryption).

  • Hardware keys and software keys.
  • Before encrypted communications begin, the key must be securely shared.
  • Fast but vulnerable if the key is lost or compromised.

Common alternate names:

  • Secret key
  • Shared key
  • Private key

Asymmetric Encryption

Asymmetric Encryption: A two-way encryption scheme that uses paired public and private keys.

Private Key: The component of Asymmetric encryption that is kept secret by one party during two-way encryption.

Public Key: The component of asymmetric encryption that can be accessed by anyone.

Key Generation: The process of producing a public and private key pair by using a specific application.

Hashing

Hashing is the process or function that transforms plaintext to ciphertext that cannot be directly decrypted. Hash, hash value or message digest is the result from a hashing encryption.

Used in:

  • Several password authentication schemes.
  • Digital signatures.
  • Verifying file integrity.

Steganography

An alternative encryption technique that hides a secret message by enclosing it in an ordinary message.

  • Hides content and its existence.
  • Information is embedded in text or images.

Conclusion

Security fundamentals form the basis of a strong cybersecurity posture. Whether you’re aiming to pass the CompTIA Security+ exam or simply enhance your knowledge of security, these core principles are essential. In upcoming posts, we will delve deeper into each of these topics, providing you with a comprehensive understanding of CompTIA Security+ exam objectives.

You can find all of our CompTIA Sec+ guides here: CompTIA Sec+

We also have guides for the CompTIA A+ here: CompTIA A+

Recommendation:

Basic Security Testing with Kali Linux: https://amzn.to/3S0t7Vq

Luke Barber

Hello, fellow tech enthusiasts! I'm Luke, a passionate learner and explorer in the vast realms of technology. Welcome to my digital space where I share the insights and adventures gained from my journey into the fascinating worlds of Arduino, Python, Linux, Ethical Hacking, and beyond. Armed with qualifications including CompTIA A+, Sec+, Cisco CCNA, Unix/Linux and Bash Shell Scripting, JavaScript Application Programming, Python Programming and Ethical Hacking, I thrive in the ever-evolving landscape of coding, computers, and networks. As a tech enthusiast, I'm on a mission to simplify the complexities of technology through my blogs, offering a glimpse into the marvels of Arduino, Python, Linux, and Ethical Hacking techniques. Whether you're a fellow coder or a curious mind, I invite you to join me on this journey of continuous learning and discovery.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights