CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Monday, October 14, 2024

SED (Self Encrypting Drive)

 SED (Self Encrypting Drive)

A self-encrypting drive (SED) is a type of hard disk drive (HDD) or solid-state drive (SSD) that automatically encrypts and decrypts data without requiring user intervention or additional software. Here are the key features and benefits of SEDs:

Automatic Encryption: SEDs use hardware-based encryption to secure all data written to the drive. This process is seamless and does not require any action from the user.

  • Security: The encryption keys are stored within the drive, making it difficult for unauthorized users to access the data. If the drive is removed from the system, the data remains encrypted and inaccessible.
  • Performance: Since the encryption is handled by the drive’s hardware, there is minimal impact on system performance compared to software-based encryption solutions3.
  • Ease of Use: SEDs are designed to be user-friendly, with encryption and decryption processes occurring transparently in the background.
  • Data Protection: If a drive is lost or stolen, the data remains protected due to the encryption, reducing the risk of data breaches.
  • Disposal: Issuing the erase command is issued, the MEK is erased, rendering the data unrecoverable

SEDs are widely used in environments where data security is critical, such as in corporate, government, and healthcare settings.

The Diamond Model of Intrusion Analysis

 The Diamond Model of Intrusion Analysis

The Diamond Model of Intrusion Analysis is a cybersecurity framework that helps analysts understand and analyze cyber threats and attacks. It uses four components to visualize the relationship between the attacker, victim, and infrastructure during a cyber-attack:

  • Adversary: The actor who uses a capability against the victim
  • Capability: The tools, techniques, and procedures used by the adversary to attack the victim
  • Infrastructure: The underlying infrastructure
  • Victim: The target of the attack

The Diamond Model uses mathematical and cognitive reasoning to trace and authenticate cyber threats. It's a simple, yet powerful model that helps analysts create a comprehensive view of cyber attacks.

Here are some ways the Diamond Model is used:

  • Documenting, analyzing, and correlating intrusions: The Diamond Model can be used to document, analyze, and correlate intrusions into an organization's digital, network, and physical environments.
  • Describing threat actor behaviors: The Diamond Model can be used to describe the behaviors of threat actors.
  • Ordering events: The Diamond Model can help order events because threat actors don't take actions in isolation.
  • Creating activity threads: Activity threads can be constructed as adversary-victim pairs.
  • Creating pivots: The logical deductions derived from traversing the Diamond are called pivots. 

SLO (Service Level Objective)

 SLO (Service Level Objective)

A service level objective (SLO) is a measurable goal for a service's performance over a set period. SLOs are part of a service level agreement (SLA), which is a formal contract between a customer and a service provider. SLOs set customer expectations and help align the goals of both parties.

Here are some examples of SLOs:

Availability

A web application might have an SLO of 99.9% availability over a given period.

Response time

A help desk might have an SLO of responding to 90% of requests in less than three minutes.

SLOs are measured using service level indicators (SLIs), which are quantitative metrics of a service's performance. SLOs should be realistic and achievable, while still reflecting the desired level of service quality. They should also be regularly monitored and reviewed to identify areas for improvement.

Adversary Emulation

 Adversary Emulation

Adversary emulation, also known as adversary simulation, is a cybersecurity practice that involves security experts imitating the actions of cyber threat actors to attack an organization's systems. The goal is to improve people, processes, and technology through ethical hacking engagements.

Adversary emulation involves:

  • Penetration testing: This includes network mapping, vulnerability scanning, phishing assessments, and web application testing.
  • Tactics, techniques, and procedures (TTPs): Security experts use the same TTPs that real-world adversaries use to target organizations.
  • Training: The goal is to train and improve people, processes, and technology.

Adversary emulation plans (AEPs) include an overview of the plan, the adversary group, the emulation phases, and a biography of sources

Bug Bounty

 Bug Bounty

A bug bounty is a program that rewards people for finding and reporting security flaws in software:

Purpose

Bug bounties are a crowdsourcing initiative that helps organizations identify and fix security issues in their software.

How it works

Organizations offer monetary rewards, or bounties, to ethical hackers who responsibly report security flaws.

Types of programs

Bug bounty programs can be public or private. Private programs are invitation-only, while public programs are open to the general public.

Incentives

In addition to monetary rewards, some programs may offer other incentives, such as access to a paid online service or professional recognition.

Benefits

Bug bounty programs can help organizations reduce cybersecurity risks, improve their software testing systems, and test application security throughout the software development lifecycle.

NAT vs PAT

 NAT vs PAT

Network Address Translation (NAT) and Port Address Translation (PAT) are both methods used to map private IP addresses to public IP addresses, but they operate differently:

 NAT (Network Address Translation)

Function: NAT translates private IP addresses to public IP addresses. This can be done in a one-to-one or many-to-one relationship.

Types: There are two main types of NAT:

Static NAT: Maps a single private IP address to a single public IP address.

Dynamic NAT: Maps a private IP address to a public IP address from a pool of public addresses.

Use Case: NAT is typically used to allow devices within a private network to access the internet by translating their private IP addresses to public ones.

PAT (Port Address Translation)

Function: PAT, also known as NAT overload, extends NAT by mapping multiple private IP addresses to a single public IP address using different port numbers.

Mechanism: PAT uses the transport layer port numbers to distinguish between multiple private IP addresses sharing a single public IP address.

Use Case: PAT is commonly used in home and small office networks to allow multiple devices to share a single public IP address for internet access.

Key Differences

Translation Basis:

  • NAT: Translates IP addresses only.
  • PAT: Translates both IP addresses and port numbers.

Address Mapping:

  • NAT: Can be one-to-one or many-to-one.
  • PAT: Always many-to-one, using port numbers to differentiate traffic.

Usage:

  • NAT: Suitable for scenarios where a direct mapping of IP addresses is needed.
  • PAT: Ideal for conserving public IP addresses by allowing multiple devices to share a single public IP address.

RFC 1918 Addresses

 RFC 1918 Addresses

RFC 1918 addresses are IP addresses reserved for private use within internal networks. These addresses are not routable on the public internet, meaning they are used exclusively within private networks. The primary purpose of these addresses is to alleviate the shortage of IPv4 addresses and to enhance network security by isolating internal network traffic from the public internet.
 
RFC 1918 specifies three ranges of IPv4 addresses for private use:
 
Class A Private:
10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
Class B Private:
172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
Class C Private
192.168.0.0 to 192.168.255.255 (192.168.0.0/16)

These address ranges are commonly used in home, office, and enterprise networks. Devices within these networks can communicate with each other using these private IP addresses, but require a Network Address Translation (NAT) device to communicate with external networks or the internet.