Revision Topics

Revision Topics

So here’s what happening, I doubt that I will pass the exam (CompTIA Security+). There are so many topics, I am getting confused. I will pickup some topics I think I am weak at and study them from different sources.

The chapter “Risk Management & Privacy” have something called “ different data roles “. These roles helps to clarify responsibilities for managing & protecting data within an organization.

Different data roles outlined

1. Data Owners : These are senior executives who are designated responsibility for different data types. E.G. VP of HR might be the data owner of employment and payroll data. Data owners understands the impact of there decisions about there data on there business. They delegate responsibilities and rely of advice from subject matter experts.
2. Data Subjects : These are individuals whose data is being processed. This includes customers, employee and partners. Data subjects often have rights to there data like right to access, correct & request deletion.
3. Data Controllers : These are individuals who defines the reason from processing personal information and direct the method of processing the data. They serves as the substitute of Data Owners to avoid the presumption of ownership.
4. Data Stewards : There are induvial who carry out the intent of “Data Controller” and are delegated responsibility from the controller.
5. Data Custodian : These are individuals or teams responsible for the secure safekeeping of the information but do not have controller or stewardship responsibility.
6. Data Processors : These are service providers that process personal information on behalf of a data controller. E.G. A credit card processing service for a retailer. The retailer remains a data controller while the service acts as a data processor.
7. Data Protection Officer (DPO) : A specific individual who bears the overall responsible for an organization’s data privacy efforts. The chief privacy officer often holds this role.

---

From Security Governance and Compliance, different agreement types

1. Service-Level Agreements (SLA) : Written contracts that specify the conditions of service that will be provided by the vendor and the remedies available to the customer if the vendor fails to meet the SLA. Covered issues such as system availability, data durability, and response time.
2. Memorandum of agreement (MOA) : This is a letter written to document aspects of a relationship. In simple term this is like a pre-contract where everyone involved agrees on certain terms, responsibilities, and rules before working together.
3. Master Service Agreement (MSA) : This provides an umbrella contract for the work the vender does with an organization over an extended period of time. This agreement typically includes detailed security and privacy requirements
4. Work Order (WO) / Statement of work (SOW) : When an organization have a MSA with a vendor, they may create a WO or SOW for new project. The SOW outlines the specific services to be provided by the vendor, along with associated timelines and costs.
5. Non-Disclosure Agreement (NDA) : This is an agreement used to protect sensitive information. NDA are crucial when sharing confidential data with the vendors and should be included in the vender agreements.
6. Business Partner Agreement (BPA) : It is an agreement outlining the terms of a partnership between two or more business entities.

---

Categories of modern encryption algorithms

• Symmetric Key Algorithms : These algorithms use single, shared secret key from encryption & decryption. All communicating parties possess a copy of this secret key.
  1. Data Encryption Standard (DES) : Published in 1977, it was once a standard but is no longer considered secure due to flaws in the algorithm and short key length . It has been superseded by AES
  2. Triple DES (3DES): An improvement over DES, but still considered less secure and efficient than AES
  3. Advanced Encryption Standard (AES) : This is a strong symmetric encryption algorithm and the successor to DES7 …. It is widely used in various applications, including wireless network security (WPA3), TLS, and file/disk encryption

Key management, including secure creation, distribution, storage, destruction, recovery and Escrow of secret keys , is crucial for symmetric cryptography . Key exchange is a significant challenge, with methods including offline distribution, public key encryption, and the Diffie-Hellman key exchange algorithm Symmetric encryption is generally fast and efficient for bulk encryption. However, it does not provide Non-Repudiation

• Asymmetric Key Algorithms : Also known as public key algorithms, these systems use two mathematically related keys for each user: a public key, which can be shared with anyone, and a private key, which is kept secret by the owner.

Asymmetric cryptography solves the key exchange problem of symmetric cryptography as public keys can be freely shared. It also provides Authentication and Non-Repudiation through the use of digital signatures.

Importance of Choosing Appropriate Cryptographic Solutions

• Meeting Security Goals
• Strength of the Algorithm
• Key Length
• Key Management Practices
• Resistance to Attacks
• Performance Requirements
• Compliance and Standards

---

Mitigation Techniques for Endpoints

1. Patching

   • Ensure operating systems and software are up to date to remove known vulnerabilities.
   • Timely patching reduces the window of opportunity for exploits.
   • Implement patch management processes to control and streamline updates.

2. Encryption

   • Encrypt data on endpoints (full disk or specific files) to prevent unauthorized access.
   • Use tools like Trusted Platform Modules (TPM) and Hardware Security Modules (HSM) to manage encryption keys securely.

3. Configuration Enforcement

   • Maintain secure baselines and enforce configurations to reduce vulnerabilities.
   • Leverage tools like Group Policy (Windows) and SELinux (Linux) for policy enforcement.

4. Decommissioning

   • Sanitize or destroy data on retired systems.
   • Securely handle hardware to prevent exposure of sensitive data.

Hardening Techniques

Harden systems by reducing attack surfaces and enhancing security settings:

• Encryption: (Already covered above, but also part of hardening).
• Installation of endpoint protection: Deploy antivirus, antimalware, EDR, and XDR tools to detect, prevent, and remediate threats.
• Host-based firewall: Enable firewalls on endpoints to filter traffic by applications, ports, protocols, and services.
• Host-based intrusion prevention system (HIPS): Monitor and block malicious endpoint activities.
• Disabling ports/protocols: Close unnecessary ports and protocols; limit interactions to essential services.
• Default password changes: Replace vendor defaults with strong, unique passwords.
• Removal of unnecessary software: Uninstall unused applications/services to minimize vulnerabilities.

---

Security controls

Categories

1. Technical Controls
2. Managerial Controls
3. Operational Controls
4. Physical Controls

Security Control Types

1. Preventive controls
2. Deterrent controls
3. Detective controls
4. Corrective controls
5. Compensating controls
6. Directive controls

---

Difference between stateful and stateless firewalls

Stateless Firewall

A stateless firewall filters packets based only on predefined rules like IP address, port, or protocol without keeping track of connection state.

Key Characteristics:

• Examines each packet individually
• Doesn’t remember past traffic
• Faster, but less secure
• Commonly used for simple packet filtering

Example Rule:
Allow TCP traffic from IP 192.168.1.5 on port 80.

Stateful Firewall

A stateful firewall tracks the state of active connections and makes decisions based on the context of traffic (e.g., whether a packet is part of an existing connection).

Key Characteristics:

• Maintains a state table (connection tracking)
• Smarter, more secure
• Can detect and block unauthorized or suspicious traffic
• Used in modern firewalls and enterprise setups

Example Behavior:
Allows a response packet only if it matches a previously initiated and allowed connection.

Feature	Stateless Firewall	Stateful Firewall
Tracks connections	❌ No	✅ Yes
Performance	⚡ Faster	🛡️ More resource-intensive
Security	🚧 Basic filtering only	🔒 Context-aware filtering
Use Case	Simple, low-risk networks	Enterprise, complex networks

---

Podcast of Security Controls & Security Operations (AI Generated)

---

Practices

• Regulatory audit : A systematic examination of an organization’s compliance with regulations
• Sender Policy Framework (SPF) : A framework to prevent e-mail spoofing
• Network Access Control (NAC) : A security solution that enforces policies on device accessing the network
• Domain Based Message Authentication (DMARC) : Referring to email authentication techniques that verify if an email was genuinely sent from a domain it claims to come from
• Domain Key Identified Main (DKIM) : It is an email authentication method that allows the receiver of an email to verify that it was sent by an authorized mail server and was not altered in transit
• E-Discovery : The process of identifying, collecting and producing electronically stored information
• Supervisory Control and Data Acquisition (SCADA) : It is a control system architecture used to monitor and manage industrial processes. It combines hardware and software to collect real-time data from sensors and devices, process and analyze it, and provide operators with a graphical interface to supervise and control operations.
• Deauthentication : Commonly associated with wireless network. This attack mostly cause loss of connectivity.
• Federation : Allows members of an organization to authenticate using credentials from another organization
• Mean Time Before Failures (MTBF) : Prediction on how often a repairable system will fail
• Recovery Time Objectives (RTO) : Objectives required to restore a particular service level
• Mean Time To Restore (MTTR) : The amount of time requires to restore a component
• Segmenting : Segmenting the servers to their own protected network would allow for additional security controls while still maintaining the uptime and availability of the systems.
• Journaling : Writes data to a temporary journal before writing the information to the database. If power is lost, the system can recover the last transaction from the journal when power is restored.
• Mobile Device Management (MDM) : A centralized management system for mobile device.
• Corporately Owned and Personally Enabled (COPE) : Is commonly purchased by the corporation and allows the use of the mobile device for both business and personal use.
• Escalation : Automation can recognize a security event and security related ticket to the incident response team without any additional human interaction.
• Guard Rails : They are set by application developers to provide a set of automated validations to user input and behavior.
• 802.1X : A centralized authentication server, and this allows all users to use their corporate credentials during the login process.
• Pre-Shared Key (PSK) : A wireless authentication configuration that allows each user on the network to connect using same key / password
• Configuration enforcement : A posture assessment evaluates the configuration of a system to ensure all configurations and applications are up to date and secure as possible.
• Discretionary Access Model : This models allows the owner of the resource to control who has access.
• Mandatory Access Control : Allows access to the resource based on the security level assigned to an object. Only users with object’s assigned security clearance or above can access.
• Supervisor Control and Data Acquisition (SCADA) : Is a data Hardning process for industrial system might include network segmentation, additional firewall and access control list.
• Configuration enforcement : Many organizations will perform a posture assessment during the login process to verify the proper security controls are in place. If the device does not pass the assessment, the system can be quarantined and any missing security updates can then be installed.
• Account lockout : In this example, there were no errors or notifications regarding the account or authentication status.
• Decommissioning : The decommissioning process is often used to permanently remove devices from the network. In this example, the laptop mitigation would allow the device to return to the network once the updates were complete.
• Sideloading : Sideloading describes the installation of software on a mobile device through the use of third-party operating systems or websites.
• Compensating Security Control : This control does not prevent an attack but does restore from attack using other means
• Responsibility matrix : A cloud responsibility matrix is usually published by the provider to document the responsibilities for all cloud-based services.
• Playbook : A playbook provides conditional steps to follow when managing an organization’s processes and procedures. Well from time to time, you can see my thoughts pouring here or just raw opinions. Well its my dam blog, I can write what ever tf I want but I do make sure the information I write here are accurate because I am also studying from them for this dam exam …
• Instant messaging : Instant messaging is commonly used as an attack vector, and one way to help protect against malicious links delivered by instant messaging is a host-based firewall.
• Web Application Firewall (WAF) : Protects against web application attacks like XSS, SQL Injection
• Content Delivery Network (CDN) : Helps to distribute and absorb large volume of traffic (DDOS attack), mitigating its impact and keeping web server available to legitimate users.
• Diffie-Hellman key exchange : Key exchange is a cryptographic protocol that allows two parties to securely exchange cryptographic keys over an unsecured communication channel
• Cross-site request forgery (CSRF) : Exploits the trust that a web application has in the user’s browser. It tricks the user into submitting a request, such as clicking a link or loading a page, that performs an action on a site where the user is authenticated.
• Enable remote wipe : Allows the data on a mobile device to be erased remotely in case the device is lost or stolen, thus preventing unauthorized access to sensitive information.
• Secure/Multipurpose Internet Mail Extensions (S/MIME) :  Provides end-to-end encryption for email messages.
• Kerberos protocol : Kerberos is a network authentication protocol designed to provide strong authentication for user access to network services, often implemented as a single sign-on (SSO) system. It uses secret-key cryptography to authenticate users and services.
• File Integrity Monitoring (FIM) : Detects and reports unauthorized changes to critical files.
• Public Key Infrastructure (PKI) : Provides a framework for managing digital certificates and encryption keys, ensuring secure communications.
• Hardware tokens generate OTPs that do not rely on an internet connection, providing a reliable MFA method for remote employees with unreliable internet access.
• Trusted Platform Module (TPM) : Is a hardware component that provides secure generation and storage of cryptographic keys. It ensures that keys are stored securely and can only be accessed by authorized software.
• Steganography : Hiding messages within other non-secret text or data to avoid detection.
• Obfuscation : Makes data difficult to understand but does not hide it.
• Deprovisioning : It is the process of removing or deactivating users access rights when there are no longer needed.

So much is there, the thing is its not tough just that so much information … I do love this subject and all the information … But since I am changing my career at so late age, i believe that getting this cert might confirm my entry into cyber security field. Maybe its just a false hope, maybe it’s the right step … Time will answer the questions !!!

---

💡 Join the discussion:
For questions or collaboration opportunities, visit our ZeroDayMindset Discussion Board