CompTIA Security+

SY0-701

Attention Attendees:
Remember to type your messages to all panellists and attendees
Course Structure

Week / Module 1
Introduction & Security Fundamentals

Week / Module 2
Compliance & Operational Security

Week / Module 3
Threats & Vulnerabilities

Week / Module 4
Application, Data & Host Security

Attention Attendees:
Remember to type your messages to all panellists and attendees
Application, Data & Host Security
Cryptographic Algorithms
Symmetric Encryption
Encryption uses a reversible process (algorithm) based on
a key that is only known by authorized persons
Substitution and transposition
Process should be too complex to unravel without the
key
Symmetric algorithms
Same secret key is used for encryption and decryption
Fast—suitable for bulk encryption of large amounts of
data
Problem storing and distributing key securely
Confidentiality only— sender and recipient know the
same key

Attention Attendees:
Remember to type your messages to all panellists and attendees
Key Length
Key ensures ciphertext remains protected even when the operation of the algorithm is known
Range of key values is the keyspace
Longer key bit length means a larger keyspace
Protects against brute force cryptanalysis
Advanced Encryption Standard (AES/AES256)
256-bit key is exponentially stronger than 128-bit key
Larger keys use more CPU/memory/power resources

Attention Attendees:
Remember to type your messages to all panellists and attendees
Asymmetric Encryption
Public/private key pair
If the public key encrypts, only the private key can
decrypt
Private key cannot be derived from the public key
Private key must be kept secret
Public key is easy to distribute (anyone can have it)
Used for small amounts of authentication data
Different ciphers have different recommended key lengths
Rivest, Shamir, Adelman (RSA) cipher (2,048-bit or
better)
Elliptic Curve Cryptography (ECC) cipher (256-bit or
better)

Attention Attendees:
Remember to type your messages to all panellists and attendees
Hashing
Fixed length digest from variable string
with cryptographic properties
One-way (plaintext cannot be recovered from the
digest)
Anti-collision (no two plaintexts are likely
to produce the same digest)
Used for password storage and checksums (integrity)
Secure Hash Algorithm (SHA)
256-bit or better
Message Digest Algorithm (MD5)
128-bit only

Attention Attendees:
Remember to type your messages to all panellists and attendees
Digital Signatures
Using public key cryptography with hashing
Digital signatures provide integrity, authentication,
non-repudiation

Attention Attendees:
Remember to type your messages to all panellists and attendees
Application, Data & Host Security
Endpoint Security
Endpoint Hardening
• Operating System Security
• Workstations
• Servers
• Baseline Configuration
• Interfaces
• Services
• Ports
• Storage
• Many others

Using Security Compliance Manager to compare settings in a production GPO with

Microsoft's template policy settings. (Screenshot used with permission from Microsoft.)

Attention Attendees:
Remember to type your messages to all panellists and attendees
Endpoint Protection
• Principle of Least Privilege
• Access Control Lists
• File System Permissions
• Application Allow Lists and Block Lists
• Monitoring
• Configuration Enforcement
• Group Policy
• SELinux

Attention Attendees:
Remember to type your messages to all panellists and attendees
Endpoint Configuration
• Principle of Least Privilege
• Access Control Lists
• File System Permissions
• Application Allow Lists and Block Lists
• Monitoring
• Configuration Enforcement
• Group Policy
• SELinux

Attention Attendees:
Remember to type your messages to all panellists and attendees
Hardening Techniques
• Protecting Physical Ports
• Encryption
• Full Disk Encryption (FDE)
• Removable Media Encryption
• Virtual Private Networks (VPNs)
• Email Encryption
• Host-Based Firewalls and IPS
• Endpoint Protection
• Changing Defaults
• Removing Unnecessary Software

Attention Attendees:
Remember to type your messages to all panellists and attendees
Application, Data & Host Security
Mobile Device Security
Mobile Device Hardening

• Many similarities between hardening mobile devices or traditional computers

• Mobile devices are more prone to physical loss or theft
• Deployment Models
• Bring your own device (BYOD
• Corporate owned, business only (COBO)
• Corporate owned, personally enabled (COPE)
• Choose your own device (CYOD)
• Mobile Device Management
• Full Device and External Media Encryption

Attention Attendees:
Remember to type your messages to all panellists and attendees
Full Device Encryption and External Media

• In iOS, there are various levels of encryption

• All user data on the device is always encrypted
• Email data and any apps using the “Data Protection” option are subject to
a second round of encryption
• In iOS, Data Protection encryption is enabled automatically when
you configure a password lock on the device
• A mobile device contains a solid state (flash memory) drive for
persistent storage of apps and data

Attention Attendees:
Remember to type your messages to all panellists and attendees
Location Services

• Global Positioning System (GPS)

• Indoor Positioning System (IPS)
• Geofencing
• GPS Tagging (ex. EXIF Data)
• Primary concern of location
services is privacy
Restricting device permissions such as camera and screen capture using Intune. (Screenshot used with
permission from Microsoft.)

Attention Attendees:
Remember to type your messages to all panellists and attendees
Wi-Fi and Tethering Connection Methods

• Mobile devices usually default to using a Wi-Fi connection

• Home/Public vs Enterprise Network
• Rogue/Evil Twin networks
• Personal Area Networks (PANs)
• Peripherals
• Other devices/computers
• Ad Hoc Wi-Fi and Wi-Fi Direct
• Tethering and Hotspots

Attention Attendees:
Remember to type your messages to all panellists and attendees
Application, Data & Host Security
Network Security
Hardening Switches and Routers

• Examples of changes designed to improve security:

• Change Default Credentials
• Disable Unnecessary
• Use Secure Management Protocols
• Implement Access Control Lists (ACLs)
• Enable Logging and Monitoring
• Configure Port Security
• Strong Password
• Physically Secure Equipment

Attention Attendees:
Remember to type your messages to all panellists and attendees
Wireless Network Considerations

• Wireless Access Point (WAP) Placement

• Site Surveys and Heat Maps

Attention Attendees:
Remember to type your messages to all panellists and attendees
Wireless Encryption

• Open
• WEP
• WPS
• WPA & WPA2
• WPA3
• Device Provisioning Protocol (DPP) a.k.a. “Easy Connect” to replace WPS
• Simultaneous Authentication of Equals (SAE)
• Enhanced Open

Attention Attendees:
Remember to type your messages to all panellists and attendees
Wi-Fi Authentication

• WPA2 Pre-Shared Key Authentication

• WPA3 Personal Authentication
• WPA2/WPA3-Enterprise
• RADIUS
• EAP

Attention Attendees:
Remember to type your messages to all panellists and attendees
Network Access Control

• Authenticates users/devices before allowing them access to the

network
• Agent versus agentless

Attention Attendees:
Remember to type your messages to all panellists and attendees
Intrusion Detection and Prevention Systems

• Host-based
• Network-based
• Both look for suspicious patterns or
activities that could indicate a network or
system intrusion
• They differ in their responses to
perceived threats
• Snort
• Suricata
• OSSEC
Attention Attendees:
Remember to type your messages to all panellists and attendees
IPS & IDS Detection Methods

• Signature-Based Detection
• Anomaly-based detection
• Trend Analysis
• Behavioral-based detection
• Network Behavior and Anomaly Detection (NBAD)
• User and Entity Behavior Analytics (UEBA)

Attention Attendees:
Remember to type your messages to all panellists and attendees
Web Filtering

• Block users from accessing malicious or inappropriate websites

• Enforce compliance with acceptable use
• Block malware
• Protection from phishing attacks
• Agent-Based Filtering
• Centralized Web Filtering
• URL Scanning
• Content Categorization
• Block Rules
• Reputation-Based Filtering
• Decrypting and inspecting HTTPS traffic

Attention Attendees:
Remember to type your messages to all panellists and attendees
Application, Data & Host Security
Application Security
Secure Protocols

• Many of the protocols used today were

developed many decades ago
• Functionality was primary focus
• Trustworthiness was assumed Insecu Secure
• Cybersecurity was less of an issue than it is re Alternative
today
Telnet SSH
• Insecure Protocols
HTTP HTTPS
• Transmit data in clear text format
• Generally, cannot be secured FTP FTPS/SFTP
• Must be avoided
• Secure Protocols
• Same functionality and secure
• More complex to configure
Attention Attendees:
Remember to type your messages to all panellists and attendees
Transport Layer Security

• Most Common Uses

• Secure HTTP communications
• Virtual Private Networking (VPN)
• SSL/TLS Versions
• SSL 2.0, 3.0
• TLS 1.0, 1.1, 1.2, 1.3
• Only use TLS version 1.2 or newer
• Disable all others
• Downgrade attack

Attention Attendees:
Remember to type your messages to all panellists and attendees
File Transfer Services

• File Transfer Protocol

• Cleartext
• Used to host and share files
• SSH
• Primarily used to access a shell remotely
• Very versatile protocol
• Can be used as a tunnel for other protocols
• FTP (SFTP) and FTP Over SSL (FTPS)
• SFTP is FTP tunneled through SSH
• FTPS is FTP secured using TLS

Attention Attendees:
Remember to type your messages to all panellists and attendees
Email Services

• SMTP
• Cleartext by default
• Transmit email between systems
• SMTPS is secure configuration
• Open Relay
• Improperly configured SMTP server
• Used to send SPAM
• POP & IMAP
• Used to access mailboxes
• Cleartext by default
• POPS & IMAPS are secure

Attention Attendees:
Remember to type your messages to all panellists and attendees
Email Security

• Sender Policy Framework (SPF)

• Email validation method that helps
detect and prevent sender address
forgery
• Uses data saved in DNS TXT
Records
• Can use to identify “authorized
senders”
• Hosted email
• Marketing campaigns, etc.

Attention Attendees:
Remember to type your messages to all panellists and attendees
Email Security (cont’d)

• DomainKeys Identified Mail (DKIM)

• Sender signs emails using a digital signature
• Receiver uses a DKIM record in the sender's
DNS to verify the signature
• Domain-based Message Authentication,
Reporting & Conformance (DMARC)
• Uses the results of SPF and DKIM checks to
define rules for handling messages
• Provides reporting capabilities
• Email activity
• Identify systems sending emails
• Identify unauthorized activity

Attention Attendees:
Remember to type your messages to all panellists and attendees
Email Security (cont’d)

• Email Gateway
• Control point for all incoming and outgoing email
• Anti-spam filters and antivirus scanners
• Sophisticated threat detection algorithms
• Identify phishing attempts, Business Email Compromise (BEC) Attack
• Harmful attachments and malicious URLs
• URL Sanitization/Link Anonymization/Safe Linking/Web Link Transformation
• Secure/Multipurpose Internet Mail Extensions (S/MIME)
• Encrypts emails to provide the confidentiality and integrity protections
• Requires Public Key Infrastructure (PKI)

Attention Attendees:
Remember to type your messages to all panellists and attendees
Email DLP

• Email is one of the most frequently used communication channels within

organizations
• Conduit for sensitive data
• Encourages careless handling of sensitive data (ease of use) and prone to human error
• Common channel for data loss
• GDPR, HIPAA, and PCI DSS, (and others) have requirements for protecting data
• DLP scans emails and attachments for certain types of sensitive information
• Prevents unauthorized sharing of sensitive information
• Create organization-wide DLP policies
• Actions are based on predefined rules, such as
• Blocking the email, alerting the sender, automatically encrypting it

Attention Attendees:
Remember to type your messages to all panellists and attendees
Questions

Attention Attendees:
Remember to type your messages to all panellists and attendees