Scribd Logo
Upload

Welcome to Scribd!

  • 1.1 Mastering Security Basics

    Uploaded by

    ngoufor atemafac
    3 views24 pages

    Original Title

    1.1 Mastering Security Basics (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views24 pages

    1.1 Mastering Security Basics

    Uploaded by

    ngoufor atemafac

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Mastering Security Basics

    CompTIA Security+
    Get Certified Get Ahead
    By Darril Gibson

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Introduction
    • Understanding core security goals
    • Introducing basic risk concepts
    • Understanding control types
    • Implementing virtualization
    • Using command-line tools

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Understanding Core Security Goals
    • Use Case
    – Describes a goal an organization wants to achieve
    • Elements

    • Actors • Postcondition
    • Precondition • Normal flow
    • Trigger • Alternate flow

    Place order

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Understanding Core Security Goals
    • Confidentiality
    plaintext

    – Encryption ciphertext

    – Access controls
    – Steganography and
    Obfuscation I can pass

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Understanding Core Security Goals
    • Integrity

    – Hashing
    – Digital signatures
    – Certificates
    – Non-repudiation

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Understanding Core Security Goals
    • Availability

    – Redundancy
    – Fault tolerance
    – Patching

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Introducing Basic Risk Concepts
    • Threats Threat

    • Vulnerabilities Exploits
    – Any weakness Vulnerability
    Resulting in
    • Risk is
    Loss
    – The likelihood that a threat will
    exploit a vulnerability
    • Risk mitigation
    – Reduces the chances that a threat will exploit a
    vulnerability by implementing controls
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Understanding Control Types
    • Technical controls
    – Use technology to reduce vulnerabilities

    • Examples
    – Encryption
    – Antivirus software
    – IDSs
    – Firewalls
    – Least privilege

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Understanding Control Types
    • Administrative controls
    – Use administrative or management methods

    • Examples – Awareness and training


    – Risk assessments – Configuration and change
    – Vulnerability management
    assessments – Contingency planning
    – Penetration tests – Media protection
    – Physical and environmental
    protection
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Physical Security Controls
    • Any controls that you can physically touch

    • Examples
    – Lighting
    – Signs
    – Fences
    – Security guards

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Control Goals
    • Preventive controls
    – Attempt to prevent an incident from occurring
    – Hardening, training, guards, change management,
    disabling accounts
    • Detective controls
    – Attempt to detect incidents after they have
    occurred
    – Log monitoring, trend analysis, security audit,
    video surveillance, motion detection
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Comparing Detection & Prevention
    • Detection controls
    – Cannot predict when an incident will occur
    – Cannot prevent an incident
    – Used after an incident

    • Prevention controls
    – Stop the incident before it occurs

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Control Goals
    • Corrective controls
    – Attempt to reverse the impact of an incident
    – Active IDS, backups, system recovery

    • Compensating
    – Alternative controls used when a primary control is
    not feasible
    – TOTP (Time-based One-Time Password) instead of
    smart card
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Control Goals
    • Deterrent
    • Attempt to discourage individuals from causing an incident
    • Cable locks, hardware locks

    • Compare to prevention
    • Deterrent encourages people to
    decide not to take an undesirable action
    • Prevention stops them from
    taking an undesirable action
    • Security guard can be both
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Implementing Virtualization
    • Terminology
    – Hypervisor
    One host
    – Host Five guests
    – Guest
    – Host elasticity
    – Host scalability
    Appears as five
    systems on a network

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Comparing Hypervisors
    • Type I (bare-metal)
    – Runs directly on hardware
    – No host operating system required

    • Type II
    – Runs as software
    within an
    operating system

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Application Cell Virtualization
    • Runs services or applications within isolated
    application cells (or containers)
    • Also called container virtualization

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Using Virtualization
    • Snapshots
    – Copy of a VM at a moment in time
    – Can revert to a snapshot if necessary

    • VDI/VDE
    – A user’s desktop
    – Persistent VDE – keeps user changes
    – Non-persistent VDE – doesn’t keep user changes
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Risks Associated with Virtualization
    • VMs are files
    – Can be copied
    • VM escape
    – Allows attacker to access host from guest
    • VM sprawl
    – Uncontrolled VM creation (not managed)
    • Loss of confidentiality

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Kali Linux
    • Free Linux distribution
    – Often used for penetration testing and security
    auditing
    – Can be installed on Windows system (that supports
    Hyper-V)
    – Can be used to run Linux commands on a Windows
    system
    – Free online labs
    • Gcgapremium.com/501labs/
    • May need to register on site to access labs
    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Command- Line Tools
    • Windows

    – Launch Command Prompt

    – Launch Command Prompt (Admin)

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Command- Line Tools
    • Linux

    – Launch terminal
    in Kali

    GetCertifiedGetAhead.com © 2017 YCDA, LLC


    Understanding Switches & Case
    • Windows switches typically use slash /
    – ipconfig /?

    • Linux systems typically use dash –


    – ifconfig -?

    • Windows commands rarely case sensitive

    • Linux commands are case sensitive


    GetCertifiedGetAhead.com © 2017 YCDA, LLC
    Chapter Summary
    • Understanding core security goals
    • Introducing basic risk concepts
    • Understanding control types
    • Implementing virtualization
    • Using command-line tools

    • Labs http://gcgapremium.com/501labs/
    GetCertifiedGetAhead.com © 2017 YCDA, LLC

    You might also like