CompTIA Security+ Exam?

CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career.

CompTIA Security+ is the first security certification IT professionals should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Successful candidates will have the following skills:

1. Detect various types of compromise and understand penetration testing and vulnerability scanning concepts
2. Install, configure, and deploy network components while assessing and troubleshooting issues to support organizational security
3. Implement secure network architecture concepts and systems design
4. Install and configure identity and access services, as well as management controls
5. Implement and summarize risk management best practices and the business impact
6. Install and configure wireless security settings and implement public key infrastructure The CompTIA Security+ exam focuses on today’s best practices for risk management and risk mitigation, including more emphasis on the practical and hands-on ability to both identify and address security threats, attacks and vulnerabilities.~ comptia.org/faq/security/what-is-on-the-com..

About the Instructor; Mike Chapple, Ph.D.

Mike holds the CISSP, CySA+, CISM, PenTest+ and Security+ certifications and has helped thousands of students earn their own certifications through his books, courses and practice tests. On the CISSP front, Mike is author of the Official (ISC)2 CISSP Study Guide, the Official (ISC)2 CISSP Practice Tests and LinkedIn’s CISSP video training series. In the Security+ space, Mike developed the LinkedIn Learning Security+ training series. Mike also authored the CySA+ Study Guide from Sybex and is the author of the CySA+ Practice Tests book and the LinkedIn CySA+ video training series.

Mike has 20 years of experience as an educator, author and hands-on practitioner in cybersecurity across the public and private sectors. He began his career as an information security research scientist with the U.S. National Security Agency. Mike then went into private industry as the Chief Information Officer of the Brand Institute. He currently serves as a faculty member at the University of Notre Dame, specializing in cybersecurity and business analytics. ~udemy.com/user/mike-chapple-2

Introduction

The need for cybersecurity was briefly discussed, while mentioning threats, attacks and vulnerability. The course is one of the resource guide for COMPTIA Security+ exam. The instructor, Mike Chapple also recommended three other resources in addition to what this course have to offer in other to help students passes. He also outlined success and demonstrated strong confidence in these resources. Now, I will walk you through the eight chapters of the course while including vita information and lessons learned.

The learning proper

Malware

Every piece of malware in the new encounter will have two components, propagation mechanism and payload.

• The instructor went on to compare viruses, worms and Trojans, giving their meanings and examples.
• A payload delivers malicious contents to a system. It is the malicio0us action that the malware performs. The four types of malicious payloads discussed: adware, spyware, ransomeware & cryptomalware. Three ways of preventing malware was outlined.
• Unlike adware, spyware, ransomeware, cryptoware, some other malwares aren’t written as an individual code, some are embedded in other programs like backdoors & logic bombs.
• Attackers with the intension to escape detection has resolved to using sophisticated techniques and malwares like rootkit and fileless viruses.
• Rootkit deliver payloads like backdoors, botnet agents, adware/ spyware, antitheft mechanisms.
• Botnets steal computing power, network bandwidth & storage capacity. Uses of botnets was also discussed here.
• A script is a sequence of instructions written in a programming language to automate our work. The three category of script writing discussed was shell scripts, application scripts & programming language.
• Bash is a scripting language used on Linux and Mac systems. PowerShell provides scripting capabilities for windows system. Visual basic for application is a macro scripting language used with Microsoft office.
• Macro scripts are3 scripts that run within an application, allowing automation of tasks within that application.
• Python is a general purpose programming language used to create a diverse set of scripts.

Finally took the chapter quiz which compromises of six questions

Understanding Attackers

• Attackers can be differentiated in five categories;

1. Internal vs external attackers
2. Level of sophistication
3. Access to resources
4. Motivation
5. Intent

• Attackers can be categorised into white, black and gray hat hackers.
• Attacks aren’t always carried out by external attacker, but could also be carried out by employees, past employees and other insider who have access & privileges to organisation data & technologies, privileges rightfully given to them by the organisation. Privilege escalation can be a tool to carry out an attack. HR practices as a way to control insider threats, was elaborated in this module.
• Attack vectors provide an attack path. Some of the attack vectors discussed are, Emails (phising mail), Social media ( used to spread malware or socially engineer targets), Removable media (eg: flash drives), USB cables, Card skimmers (for card cloning attacks), cloud services, direct access to user device, IT supply chain. Knowledge about these attack vectors will help us protect our organisation against attacks.
• Zero day vulnerability is vulnerability in a product that has been discovered by at least one researcher but has not yet been patched by the vendor.
• Window of vulnerability is the time between ™he discovery of a zero-day vulnerability and the release of a security update/ patch.
• Advanced persistent threats (APT) attackers are known to leverage on zero-day vulnerability. APTs attackers are advanced, well-funded, highly skilled persistent attackers, targeting organisations or countries of interest to obtain critical credentials or data. Though its difficult to prevernt APTs attack but a few the ways of mitigating it was outlined.

Finally took the chapter quiz which compromises of four questions

Threat Intelligence

• Threat intelligence is the set of activities that an organisation undertakes to educate itself about changes in the cyber security threat landscape and adapt security controls based upon information. Open source intelligence (OSINT) is publicly available information on the internet, gotten from;

1. Security websites
2. Vulnerability database
3. News media
4. Social media
5. Dark web
6. Information sharing centres
7. Security researchers

• Ways to evaluate how well the OSINT source fits into your organisation’s programme;

1. Timeliness: How promptly is the threat intelligence delivered?
2. Accuracy: Is the data correct?
3. Reliability: Is the provider consistent?

• Threat indicators are properties that describe a threat like, IP addresses, malicious file signatures, communication patterns, etc.
• Frameworks used to share security information discussed are;

1. Cyber Observable Expression (CYbOX) provides a standardized scheme for categorizing security observations.
2. Structured Threat Information Expression (STIX) is a standardized language used to communicate security information between systems and organisation. STIX takes the properties from the CybOX framework and gives us the language we’ll used to describe those properties in a structured manner.
3. Trusted Automated Exchange of Indicators Information (TAXII) is a setup services that share security information between systems and organisations. It provides a technical framework for exchanging messages that are written in the STIX language.

The above is facilitated by the US Homeland Security.

• Open IOC is another framework for describing and sharing security information.
• Information sharing is essential for collaborating of security teams within an organisation. Information Sharing and Analysis Centres (ISACs) allows information sharing within the security community.
• Threat research uses threat intelligence to get inside the minds of adversaries. Two core techniques used to identify potential threats;

1. Reputational Threat Research identify potentially malicious actions based upon their use of IP address, email address, domains etc, that were previously used in attacks.
2. Behavioral Threat Research identify potentially malicious actors based upon the similarity of their behaviors to past attacks.

• Some research sources are; vendor websites, vulnerability feeds, cybersecurity conferences, academic journals, RFC documents, local industry groups, social media, threat feeds, adversary tactics techniques & procedures (TTP).
• Threat modelling identifies and prioritizes threats.
• Ways organizations could use Structured approach to threat management;

1. Asset focus: use the asset inventory as the basis for the analysis
2. Threat focus: Identify how specific threats may affect each information system, relating to your organization.
3. Service focus: Identify the impact of the various threats on a specific service.

• Security Orchestration, Automation & Response (SOAR) platforms enhance SIEM capabilities.
• Machine learning allows the automated creation of malware signatures.
• Threat hunting is an organized, systematic approach to seeking out indicators of compromise on your network using expertise and analytic techniques. Steps to conducting threat hunting are;

1. Establish an hypothesis
2. Seek indicators of compromise (IOC)
3. Submission to incidence responders for further action.

Finally took the chapter quiz which compromises of seven questions

Social Engineering Attacks

• Social engineering is manipulating people into divulging information or performing an action that undermines security. Some of the reasons discussed why social engineering works are: Authority, Intimidation, Consensus\social proof, Scarcity, Urgency and Familiarity.
• Impersonation attacks are carried out through spams, phising, spear phising, whaling, pharming, vishing, smishing & SPIM, spoofing.
• How a Watering Hole Attack works;

1. Identify and compromise a highly targeted website
2. Choose a client exploit and bundle in a botnet
3. Place the malware on the compromised website
4. Sit back and wait for the infected systems to phone home.

• Three physical social engineering attacks are; shoulder surfing, dumpster diving & Tailgating.

Finally took the chapter quiz which compromises of five questions

Common Attacks

• Password attacks undermine system and information security. Hash is a mathematical function that converts a variable length input into a fixed length output.
• The Birthday problem is when collisions become common with large samples, in hashing.
• Four types of password attacks are Brute force, Dictionary, Hybrid and Rainbow Table attacks.
• Password spraying is when the attacker takes the list of commonly used password and uses it to try attacking many different accounts.
• Credential stuffing are made possible when users use the same passwords for multiple accounts.
• Artificial intelligence is a collection of techniques, including machine learning, that are designed to mimic human thought processes in computer.

Finally took the chapter quiz which compromises of three questions

Understanding Vulnerability Types

• Vulnerabilities impact the confidentiality, integrity and availability of information (CIA triad).
• Disclosure attacks seek to undermine confidentiality.
• Data breaches are violation of confidentiality.
• Data exfiltration removes sensitive information from an organization's control.
• Risks faced in an organization are Financial, Reputational, Strategic, Operational and Compliance Risk.
• How vendors find support for products are End-of-sale, End-of-Support and End-of-life
• Configuration Vulnerabilities arise as a result of use of default configuration, misconfiguration, cryptographic vulnerabilities, patch management & account management.
• Architectural vulnerabilities arise when a system is improperly designed.
• System sprawl occur when devices are often connected to the network regularly, but not managed using a full system lifecycle.

Finally took the chapter quiz which compromises of three questions

Vulnerability Scanning

• One of the processes for managing vulnerability is vulnerability patching.
• Three types of vulnerability test are;

1. Network vulnerability scans
2. Application scans
3. Web application scans

• It is essential to have a vulnerability management program in place. Use vulnerability scanner like Nessus, to generate system inventories/ list of hosts on a network.
• Firewall settings, IDS/IPS rules and network segmentation all impact scan results.
• Types of scanning are Server based, Agent based and Credentialed scanning
• SCAP (Security Content Automation Protocol) was created by National Institute for Standard and Technology to provide consistent language and format for discussing security issues.
• SCAP components are;

1. Common Vulnerability Scanning System (CVSS)
2. Common Configuration Enumeration (CCE)
3. Common Platform Enumeration (CPE)
4. Common Vulnerabilities and Exposures (CVE)
5. Extensible Configuration Checklist Description Formal (XCCDF)
6. Open Vulnerability and Assessment Language (OVAL)

• CVSS scores vulnerabilities on a 10-point scale.
• Metrics for Evaluating Vulnerability;

1. Attack Vector (AV)
2. Attack Complexity (AC)
3. Privileges Required (PR)
4. User Interaction (UI). [The AV, AC, PR and UI metrics combine to describe the exploitability of vulnerability].
5. Confidentiality (C)
6. Integrity (I)
7. Availability (A). [The C,I and A metrics combine to describe the impact of a vulnerability].
8. Scope (S)

• While analyzing scan reports consider the following;

1. Prioritization factors; Vulnerability severity, System criticality, Information sensitivity, Remediation difficulty & System exposure.
2. Vulnerability validation

Finally took the chapter quiz which compromises of eight questions

Penetration Testing and Exercises

• Penetration testing places security professionals in the roles of attackers. It is essential to document the rules of engagement before beginning a penetration test.
• Bug bounty is an open security testing program.

Finally took the chapter quiz which compromises of three questions

Conclusion

This 2hours 35 minutes LinkedIn course which poses as a detailed preparation course for Comptia Security+ exam is a good read and recommendable to beginners in cybersecurity. The tutor, Mike Chapple, diligently walked us through the eight modules in this course with the intention of providing better preparation platforms for the exam. This platform also has a section for questions & answers, contribution and rating section, to enhance the services provided. It is to note that everything thought in this course is for educational purpose only.