Security
Reader small image

You're reading from  CompTIA Security+ SY0-701 Certification Guide - Third Edition

Product typeBook
Published inJan 2024
PublisherPackt
ISBN-139781835461532
Edition3rd Edition
Concepts
Cybersecurity
Right arrow
Author (1)
Ian Neil
Ian Neil
author image
Ian Neil

Ian Neil is one of the world's top trainers of Security+. He is able to break down information into manageable chunks so that people with no background knowledge can gain the skills required to become certified. He has recently worked for the US Army in Europe and designed a Security+ course that catered to people from all backgrounds (not just IT professionals), with an extremely successful pass rate. He is an MCT, MCSE, A+, Network+, Security+, CASP, and RESILIA practitioner that has worked with high-end training providers over the past 23 years and was one of the first technical trainers to train Microsoft internal staff when they opened their Bucharest Office in 2006.
Read more about Ian Neil

Right arrow

Introduction

This chapter covers the fifth objective of Domain 2.0, Threats, Vulnerabilities, and Mitigations, of the CompTIA Security+ exam.

In this chapter, we will consider the purpose of several mitigation techniques used to secure the enterprise, including segmentation, monitoring, and encryption. The final sections will review the decommissioning of systems and the hardening techniques we can employ to prevent vulnerabilities.

This chapter will give you an overview of why companies rely on these processes to keep their environments safe and ensure you are prepared to successfully answer all exam questions related to these concepts for your certification.

Note

A full breakdown of Exam Objective 2.5 will be provided at the end of the chapter.

Segmentation

Segmentation is used within an enterprise’s network infrastructure. Its purpose is to compartmentalize the network, creating isolated segments that restrict the lateral movement of potential attackers. By doing so, segmentation limits the impact of a breach, preventing cyber intruders from traversing freely across the network. It ensures that even if one layer is breached, the intruder is contained within a confined area, unable to access critical assets or move deeper into the network. The following list defines each of the major types of segmentation:

  • Physical segmentation: This method separates a network into smaller segments using routers, switches, and firewalls. It’s like building different rooms within a fortress, each with a unique access control. Physical segmentation is ideal for large organizations with diverse network requirements, allowing for the isolation of sensitive data and critical systems.
  • Virtual Local Area Networks (VLANs...

Access Control

Access control refers to the process of allowing or restricting access of different parties to the organization’s data, applications, network, or the cloud based on the organization’s policies. There are two factors that are used to complete this task: the Access Control List (ACL) and permissions.

ACLs are lists used by routers and firewall devices to grant or deny network traffic based on a set of rules. There are two different kinds of ACLs, one for files and folders and another for incoming network traffic.

The first is implemented in a file and data access environment to control who gets access to the different types of data and also restrict what level of access they get. For example, say there are two members of the sales team (Bill, the sales manager, and Ben, the sales administrator) and two folders on the file server, one for sales data and the other for marketing data. Since Bill and Ben both work in sales, they will both be given access...

Application Allow List

The application allow list has a clear purpose, which is to specify a roster of approved applications that are permitted to execute while blocking unauthorized or potentially malicious software from gaining a foothold. This can be done by creating a whitelist, which is a list of approved applications that will deny access to any application not on the list.

Let’s say, for example, we have two problems with our network: a user called Bob who keeps installing games on his corporate computer, and a ransomware attack that installed malware and encrypted sensitive data. To prevent this from happening again, we need to create an allow list (also called a whitelist), which is a list of allowed applications. With an active allow list, your network knows to disallow all applications that are not explicitly permitted, meaning that any other applications or malware Bob or any other user attempts to install will be instantly blocked.

Application Block List

An application block list, often referred to as a deny list, helps organizations enhance their network and data security by preventing specific applications from running. One tool for creating and managing such block lists is Microsoft’s AppLocker. This software enables administrators to establish policies that restrict the execution of certain applications, adding an extra layer of protection against potential security threats.

There are a few reasons for implementing an application block. Firstly, it helps mitigate security risks by explicitly preventing known vulnerable or malicious applications from running on systems. This reduces the chances of cyberattacks and malware infections. Application block lists can also be used to enforce compliance and productivity policies. For instance, you can use them to prevent unauthorized software installations or to restrict the usage of non-business-critical applications during work hours.

Application block...

Isolation

Isolation is the practice of creating secure, self-contained environments within an enterprise’s network. Its purpose is to confine critical systems or sensitive data. When isolating critical assets, organizations ensure that even if the outer defenses are breached, the critical assets are still protected. Isolation can also be used to control a malware attack by isolating any affected devices.

Patching

The primary purpose of patching lies in fortifying systems and applications against security threats by applying regular updates and fixes, increasing their resilience to emerging vulnerabilities. By keeping software up to date, organizations minimize the risk of exploitation, ensuring that their digital assets remain secure and protected in the face of evolving cyber threats. Patching is not optional; it is mandatory so that systems can be protected against vulnerabilities.

Encryption

The purpose of encryption is to transform sensitive data into an unreadable code to protect it from interception by malicious actors. Encryption ensures the confidentiality and integrity of data during transmission and storage. Whether it’s safeguarding financial transactions, protecting personal messages, or securing sensitive corporate data, encryption is the invisible armor that ensures that information remains impervious to prying eyes.

Monitoring

The purpose of monitoring is to keep a watchful eye on network and system activities and scan constantly for any anomalies or suspicious behavior. Monitoring ensures that any deviations from the norm are swiftly detected and addressed. Monitoring logs, traffic patterns, and system behavior not only aids in threat detection but also alerts the security operations center. This section will take a look at two real-time monitoring systems (SIEM and SOAR), defined as follows:

  • Security Information and Event Management (SIEM): SIEM systems operate in real time, centralizing and correlating logs from servers and network devices and capturing network traffic. Once these systems correlate the logs, they provide reports of threats to the security operations center, which can then take action to eradicate the attack.
  • Security Orchestration, Automation, and Response (SOAR): SOAR works in real time to tackle threats. These systems use Artificial Intelligence (AI) and Machine...

Least Privilege

The principle of least privilege emerges as a crucial strategy to bolster security. Its purpose lies in limiting user and system accounts to the minimum access permissions necessary to perform their functions. This practice reduces the potential for misuse or exploitation by malicious actors who may gain unauthorized access. By implementing the principle of least privilege, organizations reduce their vulnerability to attacks and effectively lower the chances of insider threats causing harm. It’s a security strategy that recognizes that not all users or systems need full access to digital assets, and in doing so, it elevates the overall security posture of the enterprise, safeguarding against potential breaches.

Configuration Enforcement

In cybersecurity, configuration enforcement involves the implementation and maintenance of strict rules and policies to ensure that digital systems and assets adhere to secure and predefined configurations and minimize the risk of vulnerabilities and potential breaches.

Methods for configuration enforcement within an organization include the following:

  • Standardization: CIS Benchmarks are the foundation for a standard baseline, and these baselines are used to establish a consistent set of security configurations across an organization’s devices, software, and systems. This standardization minimizes variations and simplifies security management.
  • Vulnerability mitigation: By enforcing configurations aligned with best practices and security standards, an enterprise can proactively address known vulnerabilities. This proactive stance significantly reduces the risk of exploitation and data breaches.
  • Compliance adherence: Various industries...

Decommissioning

Decommissioning is the process of retiring assets that are no longer needed within an organization’s infrastructure. These assets might be legacy devices running obsolete operating systems or outdated hardware. Some legacy devices may have been used to store sensitive data and it is vital that this data has been sanitized properly.

The following steps must be carried out to effectively decommission legacy devices:

  • Documentation: An asset register is a comprehensive inventory of all assets within the organization. This includes hardware, software, and other digital resources. When assets are decommissioned, the asset register should be updated so that all assets can be accounted for. The team carrying out the decommissioning needs detailed records of the decommissioning process, including dates, reasons, and responsible parties. This documentation is essential for compliance and auditing purposes.
  • Data sanitization: The most important aspect of...

Hardening Techniques

The constant threat of cyberattacks necessitates a robust approach to safeguarding sensitive information. Hardening is the process of transforming a vulnerable system or network into a fortified and resilient fortress, reducing security risks, and minimizing potential attack surfaces to effectively safeguard against cyber threats. Techniques for this include encryption, the installation of endpoint protection, the disabling of ports and protocols, changing default passwords, and the removal of unnecessary software.

Encryption is a cornerstone of data security that involves the conversion of data from plaintext into an unreadable format (ciphertext) that can only be deciphered with the appropriate decryption key. By implementing encryption, enterprises ensure that even if data is intercepted, it will still remain indecipherable to unauthorized parties, thus safeguarding the confidentiality and integrity of sensitive information.

Though encryption can protect...

Summary

This chapter discussed the purpose of mitigation techniques used to secure the enterprise. This discussion involved an exploration of several such methods, such as segmentation (used to reduce the attack surface), the ACL, through which we can control access to our systems, the decommissioning of legacy systems, and hardening techniques to protect our environment.

The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 2.5 in your CompTIA Security+ certification exam.

The next chapter is Chapter 10, Compare and contrast security implications of different architecture models.

Exam Objectives 2.5

Explain the purpose of mitigation techniques used to secure the enterprise.

  • Segmentation: Dividing networks into smaller segments
  • Access control: Regulatomg user access to sensitive resources:
    • Access control list (ACL): Digital gatekeeper with a guest list, filtering authorized access
    • Permissions: Digital keys, granting entry or locking users from resources
  • Application allow list: Allow trusted software, blocks untrusted applications
  • Isolation: Separates and protects critical assets
  • Patching: Regular updates to fix software vulnerabilities
  • Encryption: Secures data by making it unreadable to unauthorized parties
  • Monitoring: Dynamically identifies and addresses security threats
  • Least privilege: Users and processes get only essential permissions
  • Configuration enforcement: Maintains systems per security standards
  • Decommissioning: Identifies and retires unneeded assets
  • Hardening techniques: Strengthen host security against...

Chapter Review Questions

The following questions are designed to check that you have understood the information in the chapter. For a realistic practice exam, please check the practice resources in our exclusive online study tools (refer to Chapter 29, Accessing the online practice resources for instructions to unlock them). The answers and explanations to these questions can be found via this link.

  1. In a large enterprise network, the human resources department and the IT department each require isolation from the rest of the company’s network. Which of the following is the MOST appropriate security technique to achieve this isolation while still allowing these departments to communicate internally?
    1. Creating a VLAN for each department
    2. Physical segmentation
    3. An ACL
    4. A NAT
  2. In an enterprise environment, a user wants to install a game on their workstation, which is against company policy. What is the most effective mitigation technique to prevent the user from installing the...
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 12 of 38
Next Chapter
You have been reading a chapter from
CompTIA Security+ SY0-701 Certification Guide - Third Edition
Published in: Jan 2024Publisher: PacktISBN-13: 9781835461532
© 2024 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Ian Neil

Ian Neil is one of the world's top trainers of Security+. He is able to break down information into manageable chunks so that people with no background knowledge can gain the skills required to become certified. He has recently worked for the US Army in Europe and designed a Security+ course that catered to people from all backgrounds (not just IT professionals), with an extremely successful pass rate. He is an MCT, MCSE, A+, Network+, Security+, CASP, and RESILIA practitioner that has worked with high-end training providers over the past 23 years and was one of the first technical trainers to train Microsoft internal staff when they opened their Bucharest Office in 2006.
Read more about Ian Neil

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages