Part 1 Threats, Attacks, and Vulnerabilities

Part 2 Technologies and Tools

For the Security+ exam, remember that a system connected to

an untrusted network such as a hotel network or any wireless
network should be protected by a host-based firewall.

Although it is not really a firewall feature, TCP wrappers is another

great access control feature available in Linux. TCP wrappers allows you to
control access to different services running on the Linux system such as
Telnet, SSH, or FTP. The TCP wrappers feature is easy to implement
because you need to configure only two files:
/etc/hosts.allow This file lists the different services you wish to
allow clients to access, and you specify which clients can access
those services.
/etc/hosts.deny This file lists the different services you wish to deny
access to clients, and allows you to specify which clients are denied
access to the different services

Remember when using TCP wrappers that the first rule that
matches the client request is followed. If the client is listed in the
allow file and the deny file, then the client is allowed access
because the allow file is read first.

INSIDE THE EXAMMonitoring Encrypted Traffic

For the certification exam, remember that one of the limitations of a
network-based IDS is that if you are encrypting network traffic, the
NIDS is unable to analyze that traffic against what it considers
suspicious because the NIDS cannot decipher the information.
A HIDS is software installed on the system, and as a result, it can
monitor activity that involves encrypted communication to or from
that
system. The system running the HIDS software decrypts the
encrypted
communication and then logs the activity; the HIDS simply looks at
the unencrypted logs on the system in order to identify suspicious
activity

Antivirus software can be installed on systems automatically

through software deployment features such as group policies.

A number of tools are provided for free from Microsoft that deal
with protecting the system from malicious software. Microsoft has
free malware protection software known as Windows Defender
and also has the Malicious Software Removal Tool, which is used
to clean up an infected system.

For the Security+ exam, be aware of the mobile device

management features listed previously. Be sure to know the
purpose of features such as lockout, screen lock, storage
segmentation, full device encryption, and remote wiping

BYOD The “bring your own device” model encourages users to

connect to the corporate network with their personal mobile devices
for work purposes. While the benefit is that the organization can
avoid the cost of purchasing the mobile devices, you will need to be
clear on the policy and if the organization will push settings down to
the devices. To learn more about the security concerns of BYOD,
check out the section titled “BYOD Security Concerns,” later in this
chapter

COPE A “corporate-owned, personally enabled” (COPE) model can

work better from a security standpoint than a BYOD model because
it is hard for companies to control a device when they do not own the
device. With COPE, the company supplies the device to the user, so
it is managed by the IT department, but the company allows and
promotes personal usage of the device as well

CYOD A “choose your own device” model involves the

organization providing users with a list of approved devices and
allowing each user to choose which device they would like to use.
Corporate-owned With a “corporate-owned device” model, the
company fully manages the devices and employees must follow
company policy when using the devices.
VDI Virtual desktop infrastructure is a model where the user uses a
thin client to connect to their desktop environment running in a data
center. With VDI you can introduce the mobile device as the thin
client so that the user can access their desktop environment from
anywhere. The benefit is that the resources are not on the mobile
device—it simply connects to a virtual desktop within the company

For the Security+ exam, know the different deployment models

for mobile devices, such as BYOD, COPE, and CYOD.

Exam tip
When administering a new IT system or IoT device, you need to change
the default administrator account and password.

Part 3 Architecture and Design

Part 4 Identity and Access Management

For the Security+ certification exam, remember role-based

access control involves placing users into containers (known as
roles) and those roles are assigned privileges to perform certain
tasks. When a user is placed in the role, they inherit any capabilities
that the role has been assigned.

Attribute-Based Access Control

Attribute-based access control (ABAC) is an access control model that
involves assigning attributes, or properties, to users and resources and then
using those attributes in rules to define which users get access to which
resources. For example, you could configure a rule that specifies if the user
has a Department attribute of Accounting and a City attribute of Boston,
then they can access the file. This is different than RBAC or GBAC in the
sense that those models only check whether the user is in the role or group.

daeertttuii

Part 5 Risk Management

For the Security+ exam, remember how to calculate single loss

expectancy: SLE = value of asset × exposure factor.

For the certification exam, remember that annual loss

expectancy is calculated by the SLE × annual rate of occurrence.

For the Security+ certification exam, be sure to be familiar with

BIA and the fact that it is the term for the risk assessment
performed during the creation of the BCP
Part 6 Cryptography and PKI

For the Security+ exam, know that you should collect data first
from volatile areas and then move to the nonvolatile areas. This is
known as the order of volatility—you should collect data in the
order of volatility. The order of volatility is memory (RAM), swap
file, hard disk, and then finally CD/DVD-ROM.