CompTIA Security+ Summary Document

Here is the continuation of the rewritten CompTIA Security+ study notes in English:

o Types of Hypervisors:
- Type I (Bare Metal) - runs directly on hardware, more efficient
- Type II (Hosted) - runs as a software layer on an operating system
o Containerization
- Shares kernel across VMs but provides separate user spaces
- Enables rapid, efficient deployment of distributed apps
- Ex: Docker, Parallels Virtuozzo, OpenVZ
• VM Threats
o VMs isolated by default but still vulnerable:
- VM Escape - breaks out of VM to interact with hypervisor
o Elasticity enables scaling to meet demand
o Data Remnants - deleted VM data remaining on cloud servers
o Privilege Elevation - user granting themselves higher privileges
o Live Migration - moving a running VM to another server
• Securing VMs
o Similar security measures as physical servers:
- Limit VM-host connectivity
- Remove unnecessary virtual hardware
- Use proper patch management
o Virtualization Sprawl - uncontrolled VM creation and deployment

Application Security
• Web Browser Security
o Keep updated but don't adopt new versions immediately
o No single "most secure" option
o General practices:
1. Implement policies (admin or technical)
2. Train users
3. Use proxy and content filter
4. Prevent malicious code (disable ActiveX, Java, Flash)
o Additional concerns:
- Cookies and Flash cookies (LSOs) track user data
- Add-ons extend functionality but introduce risk
- Advanced options for SSL/TLS, cache, history
• Securing Applications
o Password-protect sensitive documents
o Email security via digital signatures and certificates
o User Account Control prevents accidental changes

Secure Software Development
• Software Development Lifecycle (SDLC)
o Phases: Planning, Analysis, Design, Development, Testing, Integration, Maintenance
o Methodologies:
- Waterfall, Agile, DevOps
• SDLC Security Principles
o Confidentiality, Integrity, Availability (CIA)
o Threat modeling prioritizes patching
o Least privilege access
o Defense in depth
o Never trust user input
o Minimize attack surface
o Secure defaults and configurations
o Code signing for authenticity and integrity
o Secure error handling
o Timely vulnerability fixing
o Use trusted SDKs
• Testing Methods
o Black-box - tester has no system knowledge
o White-box - full details provided to tester
o Structured exception handling for runtime errors
o Input validation to sanitize user data
• Software Vulnerabilities
o Backdoors - bypass normal authentication
o Directory traversal - access unauthorized directories
o Arbitrary/remote code execution
o Zero-day - unknown to vendor
• Buffer Overflows
o Occur when data exceeds allocated memory
o Can enable code injection
o Prevented by:
- Bounds checking
- Input validation
- Address space layout randomization
• Injection Attacks
o Insert additional code via user input
- Cross-site scripting (XSS), SQL injection, LDAP injection
o Prevented by input validation and sanitization
• Race Conditions
o Timing flaws that can be exploited
o Difficult to detect and mitigate
o Affect multi-threaded processing, file systems, databases
o Time-of-check to time-of-use (TOCTTOU) attacks
o Prevention:
- Avoid sequential processing
- Use locking to ensure exclusive access
• Other Vulnerabilities
o Insecure components, insufficient logging, weak configs
o Mitigate via:
- Inventorying components
- Analyzing log requirements
- Hardening
- Least privilege
- File/directory permissions
- Secure configs and baselines

Network Design
• OSI Model Review
o Please, Do Not Throw Sausage Pizza Away
o Layers: Physical, Data Link, Network, Transport, Session, Presentation, Application
• Switches
o Evolved from hubs and bridges
o Vulnerable to:
- MAC flooding (CAM table overflow)
- MAC spoofing
- Physical tampering
o Mitigations: port security, ARP inspection, MAC address filtering
• Routers
o Connect networks at Layer 3 (IP)
o Use access control lists (ACLs) to permit or deny traffic
o Vulnerable to IP spoofing
• Network Segmentation
o Firewalls, DMZs, extranets, intranets, VLANs
o Jumpbox - hardened access point for DMZ management
• Network Access Control (NAC)
o Pre-admission checks prior to network connection
o Agent-based or agentless
o Hardware or software
o 802.1X for port-based access control
• VLANs
o Benefits: segmentation, reduced collisions, improved organization and performance
o Switch spoofing and double-tagging attacks
o Prevent by moving ports and using private VLANs
• Subnetting
o Divides networks for efficiency and security
o Broadcast domain reduction
o Subnet policies aid security monitoring
• Network Address Translation (NAT)
o Hides internal IPs behind one external IP
o Port Address Translation (PAT) maps ports
o Uses private IP ranges
• Telephony
o Legacy PBX and modern VoIP
o Eavesdropping and toll fraud risks
o Encrypt VoIP with TLS

Perimeter Security
• Firewalls - filter traffic between networks
o Stateless - packet filtering
o Stateful - tracks connections
o Deep packet inspection for application awareness
o Web Application Firewalls protect servers
• Proxy Servers
o Intermediaries between clients and servers
o Caching for efficiency
o Content filtering and malware scanning
o Web Security Gateways (secure web proxies)
• Honeypots and Honeynets
o Decoy systems to attract and trap attackers
o Honeypot - single system
o Honeynet - full network
• Data Loss Prevention (DLP)
o Monitors data to prevent exfiltration
o Endpoint, network, and cloud-based
• Network IPS
o Prevents attacks inline (vs IDS detection)
o Should fail closed
o Can also provide protocol analysis
• Unified Threat Management (UTM) / Next-Gen Firewall
o Consolidates firewall, IPS, content filter, anti-malware, DLP, VPN

Cloud Security
• Service Models:
o IaaS - provider manages virtualization, servers, storage, networking
o PaaS - also includes OS, middleware, runtime
o SaaS - provider manages everything, client uses app
• Deployment Models:
o Public - hosted by provider, multi-tenant
o Private - single org, on-prem or hosted
o Community - shared by orgs with common need
o Hybrid - mix of above
• Threats:
o Insecure APIs, improper key management, insufficient logging, unprotected storage
o Addressed by authentication, encryption, monitoring, permissions
• Virtualization security - same as physical
• Cloud Access Security Broker (CASB)
o Visibility and control for cloud services
o Deployment options:
- Agent on device
- Reverse proxy
- API integration
• Microservices and Serverless
o Microservices - small, single-purpose components
o Serverless - provider dynamically manages code execution
- No patching or administration
- Depends on robust orchestration
• Securing Servers
o File servers, email, web, FTP, domain controllers
o DMZ for web and FTP
o Harden all servers
o DLP can help prevent insider threats

Workflow & Orchestration
• Orchestration
o Automation of deployments
o Resource, workload, and service orchestration
o Third-party tools (Chef, Puppet, Ansible, etc.) prevent lock-in
• CI/CD Pipeline
o Continuous Integration - frequent code commits and automated builds
o Continuous Delivery - automates release to production
o Continuous Deployment - fully automates deployment to production
• DevSecOps
o Integrates security into DevOps process
o Shift left approach:
- Early security integration
- Automated testing and compliance
• Infrastructure as Code (IaC)
o Managing infrastructure via definition files
o Enables automation and orchestration
o Use templates to ensure secure, consistent configs
• Machine Learning
o Artificial Intelligence - machines that can learn and adapt
o Machine Learning - learning from data to accomplish a task
o Deep Learning - complex, layered algorithms
o Common uses: adaptive authentication, threat hunting

Network Attacks
• Ports and Protocols
o 1024 well-known ports
o 49152 ephemeral ports
o Memorize key ports for the exam
• Denial of Service (DoS)
o Disrupt availability and access
o Flood, Ping of Death, teardrop, fork bomb
o Smurf and fraggle amplification attacks
o SYN floods exploit TCP handshake
o Permanent DoS can damage firmware
• Distributed DoS (DDoS)
o Many sources target a single victim
o Botnets common in DDoS
o DNS and NTP amplification tactics
o Mitigation: IPS, special scrubbing services
• Hijacking and Spoofing Attacks
o Hijacking - taking over an active connection
- Session theft, clickjacking, man-in-the-middle
o Spoofing - masquerading as a legitimate user/system
o Always use strong authentication
• Transitive Attacks
o No direct attack, but security sacrificed for efficiency
• DNS Attacks
o Cache poisoning, unauthorized zone transfers, HOSTS file changes
o Pharming and domain name kiting/sniping
• ARP Poisoning
o Exploits IP to MAC mapping to steal data
o Mitigated by VLANs and DHCP snooping

Securing Network Devices
• Switches, routers, firewalls, etc.
o Change default passwords
o Use strong password policies
o Watch for privilege escalation and backdoors
o Keep firmware updated
o Use IPS, firewalls, segmentation
• Secure Network Media
o Copper, fiber, coax
o Electromagnetic interference (EMI) - use shielded cables
o Radio frequency interference (RFI) - impacts wireless
o Crosstalk - signal interference between wires
o Data emanation - use shielding and Faraday cages
• Securing Wi-Fi
o Change default SSIDs and passwords
o Disable SSID broadcast
o Patch APs and clients
o Use strong encryption (WPA2/WPA3)
o Dangers - rogue APs, evil twins
• Wi-Fi Attacks
o Wardriving/warwalking - searching for open APs
o IV attacks - breaking WEP
o Deauthentication attacks - disrupting connections
o Brute force cracking of pre-shared keys
• WPA3 Improvements
o Longer keys, forward secrecy, simultaneous authentication
• Bluetooth Attacks
o Bluejacking - sending unsolicited messages
o Bluesnarfing - stealing data over bluetooth
• NFC and RFID
o Short range wireless communication
o NFC 4cm, RFID 10cm - 200m

Physical Security Controls
• Surveillance
o CCTV cameras
o Pan-tilt-zoom and thermal imaging
• Locks and Barriers
o Traditional locks to keyless entry and mantraps
• Biometrics
o Fingerprint, iris, facial, etc.
o False acceptance/rejection rates
o Crossover error rate measures system accuracy
• Lighting, Signs, Guards, Alarms
• Faraday Cages and TEMPEST shielding

Facilities Security
• Fire Suppression
o Handheld - ABCDK extinguishers
o Sprinklers - wet pipe, dry pipe, pre-action
o Clean agents and CO2
• HVAC
o Humidity and temperature control
o Positive pressure
o Particulate filtering
o Dedicated systems
o May connect to ICS/SCADA networks
• Shielding
o Foil wallpaper, films, window mesh
o Faraday cages block all EMI
o TEMPEST - government shielding standard
• Protected Cabling
o Cable trays and conduit
o Clearly labelled
o Hardened carrier services (MPLS and DWDM)
• Vehicular Vulnerabilities
o Controller Area Network (CAN bus)
o Onboard Diagnostics (OBD-II) port
o Attacks:
- Direct access
- Cellular network exploit
- Malicious updates
• Drones and Robots
o Aerial drones for surveillance and payload delivery
o Robot weaknesses:
- No inherent security
- Exposed ports and connectors
- Easily physically accessed
- Unencrypted communications
• Internet of Things (IoT)
o Embedded Linux/Android OSes
o Smart devices must be secured and updated
o Specialized IoT security solutions
• Embedded Systems
o Perform specific dedicated functions
o Difficult to update and secure
o Variations:
- PLCs, SoCs, RTOS, FPGAs
• Industrial Control Systems (ICS)
o Manage automation and physical processes
o Use Fieldbus protocol and PLCs
o Include HMI for configuration
o Components - data historian, I/O server
• SCADA
o Remote monitoring and control
o Combines software and PLCs
o Protocols - Modbus, DNP3
o Stuxnet attacked SCADA via USB
• Mitigating ICS/SCADA Vulnerabilities
o Robust change management
o Network segmentation
o Strong authentication
o Patch management
o Security audits
• Building Automation
o HVAC, lighting, safety, security
o Managed by BAS software
o Remote access risks
o Vulnerable devices and protocols
o Unpatched and misconfigured
• Physical Access Control
o Electronic door locks and logging
o Visitor management
o May integrate with BAS and CCTV
o Managed by PACS software
o Social engineering risks

User Authentication
• Something You Know
o Passwords and PINs
o Security questions
• Something You Have
o Smart cards and tokens
o Digital certificates
o OTPs and mobile apps
• Something You Are
o Fingerprints, iris, voice, face
• Somewhere You Are
o Geolocation and geofencing
• Something You Do
o Signature and typing analysis
o Gestures
• Multi-factor Authentication
o Combines 2 or more factors
o Greatly increases security
o May be required for compliance
• Authentication Protocols
o LDAP - directory services
o Kerberos - ticket-based system
o RADIUS - centralized management
o TACACS+ - separates authentication, authorization, accounting
o 802.1X - port-based access control
• Federated Identities
o Authentication by a third party Identity Provider
o SAML and OAuth standards
o Reduced user management for service providers
o Risks - reliance on IdP security
• Cloud vs On-premises
o Cloud - scalable but requires trust in provider
o On-prem - full control but higher cost and complexity
o Consider data localization and vendor lock-in
• Remote Access
o VPN for encrypted remote connection
- IPSec, SSL, PPTP, L2TP
o RDP for graphical remote control
- Network Level Auth increases security
o SSH for secure command line access

Access Control
• Identification, Authentication, Authorization, Accountability
• Authorization Concepts
o Least privilege
o Separation of duties
o Mandatory vacation
o Job rotation
o Privilege creep
o Time of day restrictions
• Access Control Models
o Discretionary Access Control (DAC) - owner determines permissions
o Mandatory Access Control (MAC) - system determines access based on classification
o Role Based Access Control (RBAC) - permissions based on job function
o Rule-based Access Control - dynamic rules and parameters
o Attribute-based Access Control (ABAC) - Boolean logic for authorization
• Best Practices
o Disable default accounts
o Disable root logins
o Disable guest accounts
o Use strong passwords
o Rename administrator accounts
o Restrict user permissions
• User Account Management
o Provision, review, deprovision
o Leaves, transfers, terminations
o Periodic recertification of permissions
• Continuous Monitoring
o Observe and respond to threats in real-time
o Supplements periodic assessments
o Automated testing and alerting
• Logging and Auditing
o Record events and analyze for anomalies
o Investigate incidents
o Meet regulatory requirements
• Controlling Access to Files
o NTFS permissions (Windows)
o `chmod` (Unix/Linux)
o Principle of least privilege
o Separation of duties

Risk Assessment
• Assets, Vulnerabilities, Threats
o Asset - what needs protecting
o Vulnerability - weakness
o Threat - potential danger
• Risk Calculation

Incident Response and Forensics
• Incident Response Process
o Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
o Goal is to minimize damage and prevent future incidents
• Building an Incident Response Team
o Incident Response Manager
o Security, Network, Systems Analysts
o Threat Researcher
o Forensic Analyst
o Legal, HR, PR
• Evidence Handling
o Identify, Collect, Analyze, Report
o Chain of custody
o Data integrity
o Retention policies
• Forensic Investigation
o System, Network, Software, Storage
o Tools - dd, FTK, Memdump, Autopsy
• Attack Frameworks
o Cyber Kill Chain
o Diamond Model
o MITRE ATT&CK

Disaster Recovery Planning
• Business Impact Analysis
o Identify critical systems and processes
o Determine Recovery Time Objective (RTO)
o Determine Recovery Point Objective (RPO)
• Disaster Recovery Plan
o Emergency response procedures
o Backup strategies
o Alternative processing sites
o Post-incident review
• Backup Methods
o Full, incremental, differential, snapshot
o Backup rotation schemes
o Offsite storage
o Replication to hot/warm/cold sites
• Disaster Recovery Testing
o Paper tests, walkthrough, simulation
o Parallel and cutover testing
• Continuity of Operations
o Succession planning
o Alternate personnel
o Telework

Cryptography
• Symmetric Encryption
o One key for encryption and decryption
o Fast but difficult key exchange
o Algorithms: AES, 3DES, Blowfish
• Asymmetric Encryption
o Public and private key pair
o Slow but easier key exchange
o Algorithms: RSA, ECC
o Key lengths from 1024 to 4096 bits
• Hashing
o One-way function
o Verifies integrity
o Algorithms: MD5, SHA-1, SHA-2, SHA-3
• Digital Signatures
o Encryption with sender's private key
o Proves authenticity and non-repudiation
o Requires PKI and digital certificates
• Key Management
o Generation, exchange, storage, destruction
o Recovery and escrow
• Steganography
o Hiding messages in other data
o Used for obfuscation not encryption
• Quantum Computing Impact
o Shor's algorithm breaks RSA and ECC
o Larger key sizes are only a temporary fix
o Post-quantum cryptography research

Exploits and Attacks
• Malware
o Viruses, worms, trojans, ransomware
o Spyware, adware, rootkits, keyloggers
• Password Attacks
o Brute force, dictionary, rainbow tables
o Password spraying, credential stuffing
• Web Application Attacks
o Injection - SQL, XSS, LDAP
o Broken authentication and session management
o Sensitive data exposure
o XXE and insecure deserialization
• Wireless Attacks
o War driving
o Rogue access points
o WPS and WPA2 vulnerabilities
• Mobile Attacks
o Malicious apps
o Jailbreaking and rooting
o SMS phishing
o Signal interception and tracking
• Cryptographic Attacks
o Birthday attack
o Collision attacks
o Downgrade attacks
o Sweet32
• Social Engineering
o Phishing, vishing, smishing
o Impersonation
o Dumpster diving
o Shoulder surfing
o Tailgating and piggybacking
• Supply Chain Attacks
o Compromised hardware or software
o Counterfeit products
o Malicious insiders at vendors

Threat Intelligence
• Data Sources
o Open source
- OSINT, social media
o Closed source
- Conferences, dark web
o Technical
- Sandboxes, honeypots, packet capture
o Human
- SMEs, trusted groups
• Automated Indicator Sharing
o STIX and TAXII standards
o MISP and OpenCTI platforms
• Intelligence Cycle
o Direction, Collection, Processing, Analysis, Dissemination
o Feedback for continuous improvement
• Threat Actors
o Cybercriminals, APTs, insider threats
o Hacktivists and cyberterrorists
o Script kiddies

Penetration Testing
• Planning and Scoping
o Rules of engagement
o Objective-based, compliance-based
o White box, gray box, black box
• Reconnaissance
o Passive - OSINT, social media
o Active - port scanning, vuln scanning
• Execution
o Initial access, lateral movement
o Privilege escalation
o Data exfiltration and destruction
• Reporting
o Findings and remediation
o Strategic recommendations
• Red Team Operations
o Objective-based, multi-layered attack simulation
o Blue and Purple teaming
o Conducted by highly skilled specialists

Legal and Compliance
• Types of Laws
o Criminal, civil, administrative
o Jurisdiction and extradition
• Intellectual Property
o Patents, copyrights, trademarks
o Trade secrets
o Digital Rights Management (DRM)
• Licensing
o Commercial
o Open source
o End User License Agreement (EULA)
• Privacy
o Personally Identifiable Information (PII)
o Protected Health Information (PHI)
o Data sovereignty and localization
• Compliance Frameworks
o GDPR, HIPAA, PCI-DSS, SOX, GLBA
o NIST CSF and 800-53
o ISO 27001 and 27002
o COBIT and ITIL
• Investigations
o Administrative, criminal, civil
o Search warrants
o Due process and chain of custody

Ethics
• (ISC)2 Code of Ethics
o Protect society, the common good, necessary public trust and confidence, and the infrastructure.
o Act honorably, honestly, justly, responsibly, and legally.
o Provide diligent and competent service to principals.
o Advance and protect the profession.
• Organizational Ethics
o Codes of conduct
o Acceptable use policies
o Mandatory reporting
o Whistleblowing
• Technology Misuse
o Hacking, doxxing, swatting
o Hacktivism and cyber terrorism
o Intellectual property theft
o Invasion of privacy
• Professional Development
o Staying current in the field
o Getting involved in the community
o Mentorship and knowledge sharing

Dear friends,

Wishing you all the best in your studies and exam preparation for the CompTIA Security+ certification. This is an important and valuable certification in the field of cybersecurity, and passing the exam will open up many exciting career opportunities for you.

To ensure you are well-prepared, we encourage you to take advantage of the high-quality learning products from CertMaster, including:

- CertMaster Learn: An interactive online course that helps you master the theoretical knowledge necessary for the exam.

- CertMaster Labs: An online practice environment with real-world cybersecurity scenarios, allowing you to hone your practical skills.

- CertMaster Practice: A rich question bank with hundreds of practice questions and simulated tests.

- CertMaster Exam-Sims: A practice exam that accurately simulates the structure and difficulty of the actual exam, helping you familiarize yourself and gain confidence.

By utilizing these quality products, not only will you receive maximum support in your learning journey, but you will also be supporting our efforts in developing training programs and nurturing cybersecurity talent.

Once again, we wish you effective learning, the confidence to conquer the exam, and the swift attainment of the CompTIA Security+ certification you desire. Believe in yourself and persevere until the end!

Thank you sincerely for your attention and support. We wish you success!
CompTIA Security+ Certification – Gateway to High-Paying Cybersecurity Careers