CompTIA Security+ SY0-701 Objective 1.2: Summarize Fundamental Security Concepts

Confidentiality Controls:

• Encryption: Protect data at rest and in transit
• Access Controls: Restrict who can access information
• Data Classification: Label information based on sensitivity
• Secure Communication: Use encrypted channels for data transmission
• Privacy Controls: Implement data protection measures
• Need-to-Know Principle: Limit access to minimum necessary information

Integrity Controls:

• Hash Functions: Verify data integrity through checksums
• Digital Signatures: Authenticate and verify data origin
• Version Control: Track changes to documents and systems
• Backup and Recovery: Maintain data copies for restoration
• Change Management: Control and document system modifications
• Audit Trails: Record all data access and modifications

Availability Controls:

• Redundancy: Duplicate systems and components
• Backup Systems: Alternative systems for failover
• Disaster Recovery: Plans for system restoration
• Load Balancing: Distribute traffic across multiple servers
• Monitoring: Continuous system health surveillance
• Maintenance Windows: Scheduled downtime for updates

Non-repudiation Mechanisms:

• Digital Signatures: Cryptographic proof of document origin
• Public Key Infrastructure (PKI): Certificate-based authentication
• Timestamping: Proof of when actions occurred
• Audit Logs: Detailed records of all activities
• Receipt Confirmation: Proof of message delivery
• Biometric Authentication: Unique biological proof of identity

Authentication Factors:

• Something You Know: Passwords, PINs, security questions
• Something You Have: Smart cards, tokens, mobile devices
• Something You Are: Biometrics (fingerprint, retina, voice)
• Somewhere You Are: Location-based authentication
• Something You Do: Behavioral patterns, typing rhythm

Multi-Factor Authentication (MFA):

• Two-Factor Authentication (2FA): Combines two different factors
• Three-Factor Authentication: Uses three different factors
• Adaptive Authentication: Risk-based factor selection
• Single Sign-On (SSO): One authentication for multiple systems
• Federated Identity: Cross-domain authentication

System Authentication Methods:

• Certificate-Based Authentication: PKI certificates for system identity
• API Keys: Unique identifiers for system-to-system communication
• Service Accounts: Dedicated accounts for system processes
• Machine Certificates: Hardware-based system identification
• Mutual TLS (mTLS): Bidirectional certificate authentication
• OAuth 2.0: Authorization framework for system access

Discretionary Access Control (DAC):

• Resource owners control access permissions
• Flexible but potentially insecure
• Common in personal and small business systems
• Examples: File permissions, folder sharing

Mandatory Access Control (MAC):

• Centralized policy enforcement
• Highly secure but inflexible
• Used in government and military systems
• Examples: Security clearance levels, data classification

Role-Based Access Control (RBAC):

• Access based on job functions and responsibilities
• Balances security and usability
• Common in enterprise environments
• Examples: Admin, User, Guest roles

Attribute-Based Access Control (ABAC):

• Access based on multiple attributes and conditions
• Highly flexible and context-aware
• Used in complex enterprise environments
• Examples: Time-based access, location restrictions

Accounting Components:

• Logging: Record all system activities and events
• Monitoring: Real-time surveillance of system activities
• Reporting: Generate summaries and analysis of activities
• Alerting: Notify administrators of suspicious activities
• Forensics: Investigate security incidents and breaches
• Compliance: Meet regulatory and audit requirements

Gap Analysis Process:

1. Define Current State: Assess existing security controls and capabilities
2. Define Target State: Establish desired security objectives and requirements
3. Identify Gaps: Compare current and target states to find deficiencies
4. Prioritize Gaps: Rank gaps by risk and business impact
5. Develop Remediation Plan: Create roadmap to address identified gaps
6. Implement Solutions: Execute the remediation plan
7. Monitor Progress: Track improvement and reassess regularly

Core Zero Trust Principles:

• Verify Explicitly: Always authenticate and authorize based on all available data points
• Use Least Privilege Access: Limit user access with just-in-time and just-enough-access
• Assume Breach: Minimize blast radius and segment access
• Continuous Monitoring: Monitor and validate all activities
• Dynamic Policy Enforcement: Adapt policies based on risk assessment

Adaptive Identity:

• Dynamic risk assessment based on user behavior
• Context-aware authentication decisions
• Continuous identity verification
• Behavioral analytics and anomaly detection
• Risk scoring and adaptive responses

Threat Scope Reduction:

• Network segmentation and micro-segmentation
• Application isolation and containerization
• Data classification and protection
• Endpoint security and device management
• Attack surface minimization

Policy-Driven Access Control:

• Centralized policy management
• Dynamic policy enforcement
• Context-based access decisions
• Real-time policy updates
• Compliance and governance integration

Policy Administrator:

• Manages and maintains security policies
• Defines access rules and conditions
• Updates policies based on risk assessment
• Ensures policy compliance and governance
• Coordinates with business stakeholders

Policy Engine:

• Evaluates access requests against policies
• Makes real-time access decisions
• Integrates with identity and device management
• Provides audit trails and logging
• Supports machine learning and analytics

Implicit Trust Zones:

• Network segments with similar security requirements
• Reduced security controls within trusted zones
• Enhanced monitoring at zone boundaries
• Dynamic zone assignment based on risk
• Micro-segmentation within zones

Subject/System:

• Users, devices, and applications requesting access
• Continuous identity and device verification
• Risk assessment and scoring
• Behavioral analysis and anomaly detection
• Compliance and health status monitoring

Policy Enforcement Point (PEP):

• Network gateways and firewalls
• Application proxies and API gateways
• Endpoint agents and software
• Cloud access security brokers (CASB)
• Identity and access management systems

Bollards:

• Vertical posts that prevent vehicle access
• Protect buildings from vehicle-based attacks
• Can be fixed or retractable
• Common around government buildings and critical infrastructure
• Provide perimeter security and access control

Access Control Vestibule:

• Enclosed space with two sets of doors
• Prevents tailgating and unauthorized entry
• Requires authentication to pass through
• Can include biometric or card readers
• Provides controlled entry and exit points

Fencing:

• Physical barrier around facility perimeter
• Deters unauthorized access and intrusion
• Can include barbed wire or razor wire
• May incorporate sensors and alarms
• Provides clear boundary definition

Video Surveillance:

• Closed-circuit television (CCTV) systems
• Real-time monitoring and recording
• Deterrent effect and forensic evidence
• Can include motion detection and analytics
• Remote monitoring capabilities

Security Guard:

• Human presence for security monitoring
• Access control and visitor management
• Incident response and emergency handling
• Can provide 24/7 coverage
• Flexible and adaptable security presence

Access Badge:

• Physical or electronic identification cards
• Proximity cards, smart cards, or RFID tags
• Can store biometric or other authentication data
• Track access and generate audit trails
• Can be deactivated remotely if lost or stolen

Lighting:

• Illuminates areas to deter criminal activity
• Improves visibility for surveillance systems
• Can include motion-activated lighting
• Emergency lighting for power outages
• Cost-effective security measure

Infrared Sensors:

• Detect heat signatures and body temperature
• Passive infrared (PIR) motion detectors
• Thermal imaging for perimeter security
• Can distinguish between humans and animals
• Effective in low-light conditions

Pressure Sensors:

• Detect weight or pressure changes
• Floor mats and pressure-sensitive pads
• Can detect footsteps or vehicle movement
• Often used in conjunction with other sensors
• Can be hidden or disguised

Microwave Sensors:

• Use microwave radiation to detect movement
• Can penetrate walls and other barriers
• Effective over long distances
• Can be affected by weather conditions
• Often used for perimeter security

Ultrasonic Sensors:

• Use high-frequency sound waves
• Detect movement through sound reflection
• Effective in enclosed spaces
• Can be affected by air currents
• Often used for indoor security

Honeypot Types:

• Low-Interaction Honeypots: Simulate limited services and responses
• High-Interaction Honeypots: Full operating systems with real services
• Production Honeypots: Integrated into production networks
• Research Honeypots: Used for threat intelligence gathering
• Client Honeypots: Act as clients to detect malicious servers

Honeynet Components:

• Multiple Honeypots: Various systems and services
• Network Infrastructure: Routers, switches, and firewalls
• Data Control: Limit outbound connections
• Data Capture: Monitor all network traffic
• Data Analysis: Analyze captured attack data

Honeyfile Characteristics:

• Appear to contain sensitive or valuable data
• Placed in locations likely to be accessed by attackers
• Monitored for access attempts and modifications
• Can trigger alerts when accessed
• Used to detect insider threats and data breaches

Honeytoken Types:

• Database Records: Fake entries in databases
• API Keys: Decoy authentication tokens
• Email Addresses: Monitored email accounts
• Credit Card Numbers: Fake financial data
• URLs: Links that trigger alerts when accessed