Chapter 5 Study Guide

Securing Hosts and Data

CompTIA Security+ objectives covered in this chapter:

1.2 ​Given a scenario, analyze potential indicators to determine the type of attack. • Cloud-based vs. on-premises attacks

1.3 ​Given a scenario, analyze potential indicators associated with application attacks. • Application programming interface (API) attacks

1.5 ​Explain different threat actors, vectors, and intelligence sources. • Vectors (Removable media, Cloud) 1.6 ​Explain the security concerns associated with various types of vulnerabilities. • Cloud-based vs. on-premises vulnerabilities, Third-party risks (Data storage) • Improper or weak patch management (Firmware, Operating system (OS), Applications) • Impacts (Data loss, Financial, Reputation, Availability loss)

2.1 ​Explain the importance of security concepts in an enterprise environment. • Configuration management (Diagrams, Baseline configuration, Standard naming conventions, Internet protocol (IP) schema) • Data protection (Data loss prevention (DLP), Rights management) • API considerations

2.2 ​Summarize virtualization and cloud computing concepts. •       Cloud models (Infrastructure as a service (IaaS), Platform as a service (PaaS), Software as a service (SaaS), Anything as a service (XaaS), Public, Community, Private, Hybrid) •       Cloud service providers, Managed service provider (MSP)/managed security service provider (MSSP), On-premises vs. off-premises • Fog computing, Edge computing, Microservices/API • Infrastructure as code (Software-defined networking (SDN), Software-defined visibility (SDV)) • Serverless architecture, Services integration, Resource policies, Transit gateway

2.3 ​Summarize secure application development, deployment, and automation concepts • Secure coding techniques (Data exposure)

2.4 ​Summarize authentication and authorization design concepts. • Authentication methods (Attestation) • Cloud vs. on-premises requirements 2.5​Given a scenario, implement cybersecurity resilience. •       Replication (VM), On-premises vs. cloud, Non-persistence(Revert to known state, Last known good configuration, Live boot media)

2.6 ​Explain the security implications of embedded and specialized systems. • Embedded systems (Raspberry Pi, Field programmable gate array (FPGA), Arduino) •       Supervisory control and data acquisition (SCADA)/industrial control system (ICS) (Facilities, Industrial, Manufacturing, Energy, Logistics) •       Internet of Things (IoT) (Sensors, Smart devices, Wearables, Facility automation, Weak defaults), Specialized (Medical systems, Vehicles, Aircraft, Smart meters) • Voice over IP (VoIP), Heating, ventilation, air conditioning (HVAC) •       Multifunction printer (MFP), Real-time operating system (RTOS), Surveillance systems, System on chip (SoC), Communication considerations (5G, Narrow-band, Baseband radio, Subscriber identity module (SIM) cards, Zigbee) • Constraints (Power, Compute, Network, Crypto, Inability to patch, Authentication, Range, Cost, Implied trust) 2.7 ​Explain the importance of physical security controls. • USB data blocker

3.2 ​Given a scenario, implement host or application security solutions. • Endpoint protection (Endpoint detection and response (EDR), DLP) • Boot integrity (Boot security/Unified Extensible Firmware Interface (UEFI), Measured boot, Boot attestation) • Database (Tokenization, Salting, Hashing) • Application security (Allow list, Block list/deny list) •       Hardening (Open ports and services, Registry, Disk encryption, OS, Patch management (Third-party updates, Auto-update)) • Self-encrypting drive (SED)/full disk encryption (FDE) (Opal) • Hardware root of trust, Trusted Platform Module (TPM)

3.3 ​Given a scenario, implement secure network designs. • Network appliances (HSM)

3.5 ​Given a scenario, implement secure mobile solutions. •       Connection methods and receivers (Cellular, WiFi, Bluetooth, NFC, Infrared, USB, Point to point, Point to multipoint, Global Positioning System (GPS), RFID) •       Mobile device management (MDM) (Application management, Content management, Remote wipe, Geofencing, Geolocation, Screen locks, Push notifications, Passwords and PINs, Biometrics, Context-

Mobile devices (MicroSD hardware security module (HSM), MDM/Unified Endpoint Management (UEM), Mobile application management (MAM), SEAndroid) •       Enforcement and monitoring of: (Third-party application stores, Rooting/jailbreaking, Sideloading, Custom firmware, Carrier unlocking, Firmware over-the-air (OTA) updates, Camera use, SMS/Multimedia Messaging Service (MMS)/Rich Communication Services (RCS), External media, USB On-the-Go (USB OTG), Recording microphone, GPS tagging, WiFi direct/ad hoc, Tethering, Hotspot, Payment methods) •       Deployment models (Bring your own device (BYOD), Corporate-owned personally enabled (COPE), Choose your own device (CYOD), Corporate-owned, Virtual desktop infrastructure (VDI))

3.6 ​Given a scenario, apply cybersecurity solutions to the cloud. •       Compute (Security groups, Dynamic resource allocation, Instance awareness, Virtual private cloud (VPC) endpoint, Container security) • Solutions (CASB, Application security, Next-generation secure web gateway (SWG)) •       Firewall considerations in a cloud environment (Cost, Need for segmentation, Open Systems Interconnection (OSI) layers) • Cloud native controls vs. third-party solutions

3.7 ​Given a scenario, implement identity and account management controls. • Account policies (Geofencing, Geotagging)

3.8 ​Given a scenario, implement authentication and authorization solutions. • Authentication management (TPM, HSM)

4.4 ​Given an incident, apply mitigation techniques or controls to secure an environment. • Reconfigure endpoint security solutions (Application approved list, Application blocklist/deny list, Quarantine) • Configuration changes (Firewall rules, MDM, DLP, Content filter/URL filter)

5.2 ​Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture. • Key frameworks (Cloud security alliance, Cloud control matrix) 5.3 ​Explain the importance of policies to organizational security. • Organizational policies (Change management)

In this chapter, you’ll learn about different methods used to implement systems securely. This includes hardening endpoints when deploying them and using change management policies to keep them secure. More and more organizations are using cloud resources, and this chapter summarizes the important cloud concepts. Additionally, the use of mobile devices has exploded in the last few years, with more and more organizations allowing employees to connect mobile devices to the network. This results in many challenges for an organization, but mobile device management tools help administrators handle these challenges. This chapter also covers the security implications of embedded systems and Internet of Things (IoT) devices.