This chapter covers the second objective in Domain 1.0, General Security Concepts of the CompTIA Security+ exam. In this chapter, we will summarize fundamental security concepts for an understanding of the core principles and technologies that safeguard data and systems. From the principles of Confidentiality, Integrity, and Availability (CIA) to cutting-edge concepts such as zero trust and deception technology, this chapter will provide you with the knowledge you need to protect yourself and your digital assets.

As you go through this chapter, you will review non-repudiation and Authentication, Authorization, and Accounting (AAA), and explore how these concepts apply to both individuals and systems. We’ll also venture into the realm of physical security, where technologies such as bollards, video surveillance, and access control vestibules stand as the sentinels guarding our physical spaces.

This chapter will provide you with an overview of why companies...

In the realm of digital security, the CIA Triad represents a bedrock of protection in which three vital principles join forces to fortify our digital landscapes. These principles are as follows:

• Confidentiality: Confidentiality ensures that sensitive information remains shielded from prying eyes and that access is granted solely to those with the appropriate authorization. Confidentiality safeguards trade secrets, personal data, and any confidential information that requires a digital lock and key.
• Integrity: Integrity ensures that your data remains unaltered and trustworthy. It prevents unauthorized changes or manipulations to your information, maintaining its accuracy and reliability. Hashing algorithms such as SHA1 or MD5 provide data integrity.
• Availability: This principle guarantees that your digital assets and services are accessible when needed. Availability ensures that your systems are up and running, that your data...

In the world of digital security, there’s a crucial player known as the AAA server. Think of it as a guard responsible for three important tasks: authentication, authorization, and accounting. Let’s explore what AAA servers do and how they help keep our digital interactions safe and reliable:

• Authenticating people: Authentication stands as the foundational barrier against unauthorized access within network systems. This pivotal process revolves around the meticulous verification of the identities of individuals endeavoring to gain entry into a network or system. Through this authentication procedure, the assurance that solely authorized users are endowed with access privileges is solidified, effectively neutralizing the prospect of potential security breaches. This process is often facilitated by an AAA server, which collaborates with various authentication methods, including contacting a domain controller in the context...

Gap analysis is a strategic process that evaluates an organization’s security practices against established security standards, regulations, and industry best practices. This assessment identifies discrepancies or “gaps” between the current security posture and the desired state of security. The process of gap analysis involves several key tasks:

• Assessment: A thorough assessment is conducted to understand the organization’s current security measures, policies, procedures, and technologies.
• Benchmarking: This involves comparing the existing security practices against established industry standards, frameworks, and compliance regulations.
• Identification: Gaps are pinpointed by identifying areas where security measures fall short of the desired or required level.
• Prioritization: Not all gaps are equal in terms of risk. Prioritization involves ranking the identified gaps based on their potential impact and likelihood of exploitation...

The concept of zero-trust cybersecurity aligns with the importance of the data and control planes in networking. Just as zero trust challenges the assumption of inherent trust within a network, the separation of data and control planes challenges the traditional assumption that data movement and network management should be tightly coupled. In a zero-trust model, the principle of “never trust, always verify” reflects the need to continually validate the legitimacy of users and devices accessing resources, regardless of their location.

Similarly, the separation of data and control planes recognizes that efficient and secure networking demands distinct roles. The data plane ensures the efficient movement of information, while the control plane manages the intelligence behind data routing, network health, and device coordination. Just as zero trust enhances cybersecurity by verifying access at every step, the division of data and control planes enhances network...

Physical security is of paramount importance because it encompasses a range of measures designed to deter, detect, and respond to potential risks. From robust barriers to cutting-edge surveillance, each element contributes to the creation of a security framework that safeguards people, assets, and critical information. When combined, these elements can create a formidable physical security defense:

• Bollards: One of the frontlines in physical security is the use of bollards. These sturdy posts, often seen in urban settings, serve as a formidable barrier against vehicular threats. Whether placed around high-profile buildings, public spaces, or critical infrastructure, bollards are engineered to resist impact, preventing unauthorized vehicles from breaching secure zones.
• Access control vestibule: Access control vestibules establish a controlled environment that enhances security. An example of this can be found in door entry systems. Someone entering a building...

In the dynamic landscape of cybersecurity, where adversaries continually evolve their tactics, embracing new paradigms becomes essential. Enter deception and disruption technology, a cutting-edge approach that challenges traditional defensive measures. This strategic shift empowers organizations to not only defend but also actively deceive and disrupt potential threats. At its core lies some intriguing components: honeypot, honeynet, honeyfile, honeytoken, and fake information. These elements function as digital decoys, transforming vulnerability into a strategic advantage. Let us look at each of these in turn:

• Honeypot: When security teams are trying to find out the attack methods that hackers are using, they set up a website similar to a legitimate website with lower security, known as a honeypot. When the attack commences, the security team monitors the attack methods so that they can prevent future attacks. Another reason a honeypot is...

This chapter is a comprehensive look at the core principles that underpin the protection of digital landscapes. We learned that the foundation of security is the CIA Triad: confidentiality, integrity, and availability. These three principles work in harmony to create a robust shield against cyber threats. We learned how the concept of non-repudiation upholds trust and accountability through mechanisms such as authentication, digital signatures, and audit trails and introduced the AAA framework: authentication, authorization, and accounting. We also explored the concept of gap analysis, which is a strategic process for assessing an organization’s security practices against industry standards and best practices.

In this chapter we also looked at zero trust and how the control plane works as a command center for cybersecurity. We saw how the data plane is split into security zones to help organizations make essential judgments about trust over networks, and discussed...

Summarize fundamental security concepts.

• Confidentiality, Integrity, and Availability (CIA): Safeguards data confidentiality, integrity, and accessibility
• Non-repudiation: Prevents denial of one’s actions, ensuring accountability
• Authentication, Authorization, and Accounting (AAA):
  • Authenticating people: Verifies a person’s identity
  • Authenticating systems: Using 802.1x devices are authenticated
  • Authorization models: Controls access permissions
• Gap analysis: Helps you achieve the desired state security
• Zero trust: Principle of “never trust, always verify”
• Control plane: Manages and configures network devices and resources:
  • Adaptive identity: Flexible approach to identity management
  • Threat scope reduction: Reducing the attack surface
  • Policy engine: Enforces rules and policies
  • Policy administrator: Executes the policy engine’s decisions
  • Policy-driven access control: Automating the enforcement of directives
...

The following questions are designed to check that you have understood the information in the chapter. For a realistic practice exam, please check the practice resources in our exclusive online study tools (refer to Chapter 29, Accessing the online practice resources for instructions to unlock them). The answers and explanations to these questions can be found via this link.

1. An IT administrator has been tasked by the CEO to investigate the latest attack methods being used by a bad actor. Which of the following would be the BEST resource to use?
   1. MITRE ATT&CK
   2. A honeyfile
   3. A honeypot
   4. A CVE list
2. What type of system is able to track users’ access if the authentication method uses 802.1x?
   1. Federation Services
   2. Kerberos
   3. OAuth
   4. RADIUS
3. Which of the following can be used to provide non-repudiation?
   1. Asymmetric encryption
   2. Symmetric encryption
   3. A public key
   4. A SAML token
4. An international bank encountered an insider attack where they suffered the theft of $100...