Protecting Against Advanced Attacks
CompTIA Security+ objectives covered in this chapter:
1.1 Compare and contrast different types of social engineering techniques.
• Pharming 1.2 Given a scenario, analyze potential indicators to determine the type of attack.
• Adversarial artificial intelligence (AI) (Tainted training data for machine learning (ML), Security of machine learning algorithms)
1.3 Given a scenario, analyze potential indicators associated with application attacks.
• Cross-site scripting, Injections (Structured query language (SQL), Dynamic link library (DLL), Lightweight directory access protocol (LDAP), Extensible markup language (XML))
• Pointer/object dereference, Directory traversal, Buffer overflows, Race conditions
• (Time of check/time of use), Error handling, Improper input handling, Replay attack (Session replays), Integer overflow, Request forgeries (Server-side, Client-side), Resource exhaustion, Memory leak, Secure sockets layer (SSL) stripping, Driver manipulation (Shimming, Refactoring) 1.4 Given a scenario, analyze potential indicators associated with network attacks.
• On-path attack (previously known as man in the middle attack/man in the browser attack)
• Layer 2 attacks (Address resolution protocol (ARP) poisoning, Media access control (MAC) flooding, MAC cloning)
• Domain name system (DNS) (Domain hijacking, DNS poisoning, Universal resource locator (URL) redirection, Domain reputation) • Distributed denial of service (DDoS) (Network, Application, Operational technology (OT))
• Malicious code or script execution (PowerShell, Python, Bash, Macros, Visual Basic for Applications (VBA)) 1.6 Explain the security concerns associated with various types of vulnerabilities.
• Zero-day, Third-party risks (Outsourced code development)
2.1 Explain the importance of security concepts in an enterprise environment.
• DNS sinkhole 2.3 Summarize secure application development, deployment, and automation concepts.
• Environment (Development, Test, Staging, Production, Quality assurance (QA))
• Provisioning and deprovisioning, Integrity measurement
• Secure coding techniques (Normalization, Stored procedures, Obfuscation/camouflage, Code reuse/dead code, Server-side vs. client-side execution and validation, Memory management, Use of third-party libraries and software development kits (SDKs))
• Open Web Application Security Project (OWASP), Software diversity (Compiler, Binary)
• Automation/scripting (Automated courses of action, Continuous monitoring, Continuous validation, Continuous integration, Continuous delivery, Continuous deployment)
• Version control 3.2 Given a scenario, implement host or application security solutions.
• Application security (Input validations, Secure cookies, Hypertext Transfer Protocol (HTTP) headers, Code signing, Secure coding practices) • Static code analysis, Manual code review, Dynamic code analysis, Fuzzing
• Sandboxing 4.1 Given a scenario, use the appropriate tool to assess organizational security.
• Shell and script environments (SSH, PowerShell, Python, OpenSSL)
4.2 Summarize the importance of policies, processes, and procedures for incident response.
• Attack frameworks (MITRE ATT&CK, The Diamond Model of Intrusion Analysis, Cyber Kill Chain)
4.3 Given an incident, utilize appropriate data sources to support an investigation.
• Log files (Web, DNS)
** If there’s one thing that’s abundant in the IT world, it is attacks and attackers. Attackers lurk almost everywhere. If you have computer systems, you can’t escape them. However, you can be proactive in identifying the different types of attacks and take steps to prevent them or at least prevent their effectiveness. This chapter covers some popular attack frameworks, along with a wide assortment of attacks from different sources. Understanding popular attacks and attack frameworks provides some insight into how many attacks can be prevented
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 637-639). YCDA, LLC. Kindle Edition.