Post

Mind Map of Security+ | Study Guide

Posted Updated
By
1 min read
Mind Map of Security+ | Study Guide

Security+ Study Guide Mind Map

Cybersecurity Fundamentals

CIA Triad

  1. Confidentiality
  2. Integrity
  3. Availability

DAD Triad

  1. Disclosure
  2. Alteration
  3. Denial

Key Concepts

  • Non-repudiation

Threat Actors

  1. Black-hat Hackers
  2. Grey-hat Hackers
  3. White-hat Hackers
  4. Script Kiddies
  5. Hacktivists
  6. Organized Crime
  7. Nation-State Attackers
  8. Insider Threats
  9. Competitors

Attack Dynamics

  • Attack Motivations
  • Attack Surface

Vulnerabilities & Mitigations

Malware

  • Spyware
  • Ransomware
    • IOCs (Indicators of Compromise)
  • Trojans
  • Worms
    • Stuxnet
    • Raspberry Robin
  • Rootkits
  • Bots/Botnets
  • Bloatware

Password Attacks

  1. Brute Force
  2. Spraying
  3. Dictionary
  4. Rainbow Table
    • Salting

Cryptographic Attacks

  1. Brute Force
  2. Dictionary
  3. Birthday
  4. Collision
  5. Downgrade
  6. Chosen Plaintext
  7. Related Key
  8. Frequency Analysis

Application Vulnerabilities

  • Injection
    • SQL
    • Command
    • Code
    • XML
  • Cross-Site Scripting (XSS)
    • Reflected
    • Stored
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Insecure Direct Object Reference
  • Race Condition

Physical Attacks

  1. Brute Force
  2. RFID Cloning
  3. Environmental

Mobile Device Vulnerabilities

  1. Side Loading
  2. Jailbreaking

Cryptography

Goals

  1. Confidentiality
  2. Integrity
  3. Authentication
  4. Nonrepudiation

Ciphers & Algorithms

  • Stream Ciphers
    • Caesar
    • ROT13
    • One-Time Pad
  • Block Ciphers
    • Transposition
    • Rijndael (AES)
  • Substitution Ciphers
    • Polyalphabetic
    • Vigenère

Symmetric Key Cryptography

  • Algorithms
    1. DES
    2. 3DES
    3. AES (Rijndael)
  • Key Exchange
  • Limitations

Asymmetric Key Cryptography

  • Algorithms
    1. RSA
    2. Elliptic Curve Cryptography (ECC)
  • Public & Private Keys
  • Digital Signatures
  • Key Exchange
  • Key Management

Hashing

  • Algorithms
    • MD5
    • SHA
      1. SHA-1
      2. SHA-2
      3. SHA-3
    • HMAC
  • Salting
  • Key Stretching

Digital Certificates

  • Formats
  • Certificate Authorities (CAs)
  • Certificate Revocation List (CRLs)
  • Online Certification Status Protocol (OCSP)
  • Certificate Signing Request (CSR)

Advanced Topics

  • Blockchain
  • Steganography

Access Control

Schemes

  1. Discretionary Access Control (DAC)
  2. Mandatory Access Control (MAC)
    • SELinux
    • AppArmor
  3. Role-Based Access Control (RBAC)
  4. Attribute-Based Access Control (ABAC)
  5. Rule-Based Access Control (RnBAC)

User Accounts

  1. Provisioning
  2. Deprovisioning
  3. Privileged Access management (PAM)
  4. Generic Accounts
  5. Guest Accounts
  6. Service Accounts
  7. Shared Accounts

Authentication

  1. Biometrics
  2. Passwords
  3. Multi-Factor Authentications (MFA)
  4. One-Time Passwords (OTP)
  5. Password less Authentication
  6. Kerberos
  7. RADIUS
  8. TACACS+
  9. SAML
  10. OAuth

Filesystem Permissions

  1. Linux
  2. Windows

💡 Join the discussion:
For questions or collaboration opportunities, visit our ZeroDayMindset Discussion Board

Information, Security +
reading certification
This post is licensed under CC BY 4.0 by the author.