 Control catgeory

o Technical controls = for safety

 Control implemented using system
 Operating system controls
 Firewalls, antivirus

o Managerial Controls = policies to manage your security enivromente

 Administrivite controls associated with security design and implemenatiton
 Security policies , standard operating system
o Operational controls
 Controls implemtned by people instead system
 Security guards and awarness
o Physical control
 Limit physical acess to area
 Guard shack
 Badge reader
 Fences and locks

 Preventive control type

o Preventive
 Block access to resource
 You shall not pass
o Prvent access
 Fire wall rules
 Follow security policy
 Guard checks all identification
 Enable door locks
 control type
o Deterrant
 Discourage an intrusion atempt
 Does not dierctly prvent access
o Make attacker think twice
 Apllication splash screens
 Threat of demotion
 Front reciption desk
 Posted warning sign

 Detective control type

o Detective
 identify and log an intrustion attempt
 may not prevent access
o Find the issue
 Collect and review system logs
 Review login report
 Regulary patrol the property
 Enable motion dectors

 

 Corrective control type

o Corrective
 Apply a control after an event has been detected
 Reverse the impact of an event
 Continue operating with with minimal downtime
o Correct the problem
 Restroing from backup can mitigate a ransomware infection
 Create policies for reporting security issues
 contact law enforcment to manage criminal activiy
 Use a fire extinguisher
 Compensating control type
o Compensating
 Control using other means
 Exisiting controls are not sufficent
 May be temproary
o Prevent the exploittation of a weakness
 Firewall blocks a speciic app instead of patching the app
 Implement a separation of duties
 Require simulatneous guard duties
 Generator used after power outage

 Directive control type

o Directive
 Direct a subect towards ecurity compliance
 A relatively weak security control
o DO this please
 Store all sensitve files in a proteceted folder
 Create a compliance policies and procedures
 Train users on a proper security policy
  Post a sign of authrized perosnnel only

The CIA Triad - CompTIA Security+ SY0-701 - 1.2

 We have 3 factors for security objective which is confidentiality , integrity and

availability
 Confidentiality : is to make data available to right people and prevent any
unaorthirezed people to look on it and set limits on someone may have some
access to some information

 Confidentiality : is to make data available to right people and prevent any
unaorthirezed people to look on it and set limits on someone may have some
access to some information
 Integrity : is to ensure data is transferred correct in my network by use hashing to
hash the data from sender to receiver and if it’s the same hash so ther reciver
recived the right data , also by digital signature , certifcates

 Avalibilty : is to ensure information is accessible to authorized people always and

to ensure it is stable and cannont be exploit and that it will run even if fault
 occurred

Non-repudiation - CompTIA Security+ SY0-701 - 1.2

 Non-repudiation: Focused on providing undeniable proof in the world of digital
transactions. Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity of
their actions.
o Digital Signatures: Considered to be unique to each user who is operating within
the digital domain. Created by first hashing a particular message or
communication that you want to digitally sign, and then it encrypts that hash
digest with the user’s private key using asymmetric encryption.
 Non-repudiation is important for three main reasons: to confirm the authenticity of
digital transactions, to ensure the integrity of critical communications, and to provide
accountability in digital processes.
Hash is good in ensuring the data is corrct or if it was changed but does not tell who
changes it
Digital signatrure
1 hash created for plain text
2 to ensure it came from alice encrption private key is created
3 send encrypted hashin with the plain text
1 bob recieves the ,essage
2 use the public key of alice to examine the digital signature and decrypt it with the public key
3 now he can see the hash and he willif the hash of the digitial signarture matches the hash of
what he recived
4 bob will run hahsing algortihm on the plain text to see if it matches

you don’t see this proccess it happens with one click

Authentication, Authorization, and Accounting - CompTIA Security+ SY0-701 - 1.2
Will now let a user send username and password to the vpn concentrator or fire wall

Concentrator does not have any info about username or passwords or authenticator
factors , this is stored in AAA server or central server

How AAA received the request to see if it matches or not

once it is matched it sends approve back

then it will accept it to go to internal file server

How can you ensure that a device or system is a one you want since the device itself
can’t type a password and it could be anywhere in the world ? the answer is down below
You have a server that provides certificates in order to give a device a specific certificate for it
and you can that CA signed the certificate of the device when you compare them
in non authorizting you will need to give access to every user one by one to the resoruces they
need or should use and this is not flexible if we have hunder of users or resources
 Here we have users added to group called shipping and receiving group and once they are added
they have access to the following resources ( 3 of them )

 Authorization: Pertains to the permissions and privileges granted to users or entities after they
have been authenticated. Authorization mechanisms are important to help us with protecting
sensitive data, maintain system integrity in our organizations, and create a more streamlined
user experience.
 Accounting: Security measure that ensures all user activities during a
communication or transaction are properly tracked and recorded. Your
organization should use a robust accounting system so that you can
 create an audit trail, maintain regulatory compliance, conduct forensic
analysis, perform resource optimization, and achieve user
accountability.
o To perform accounting, we usually use different technologies like
the following:
 Syslog Servers: Used to aggregate logs from various
network devices and systems so that system
administrators can analyze them to detect patterns or
anomalies in the organization’s systems.
 Network Analysis Tools: Used to capture and analyze
network traffic so that network administrators can gain
detailed insights into all the data moving within a network.
 Security Information and Event Management (SIEM)
Systems: Provides us with real-time analysis of security
alerts generated by various hardware and software
infrastructure in an organization.

Gap Analysis - CompTIA Security+ SY0-701 - 1.2


 Gap Analysis: Process of evaluating the differences between an organization's current
performance and its desired performance. Conducting a gap analysis can be a valuable tool for
organizations looking to improve their operations, processes, performance, or overall security
posture. There are several steps involved in conducting a gap analysis: Define the scope of the
analysis, Gather data on the current state of the organization, Analyze the data to identify any
areas where the organization's current performance falls short of its desired performance,
Develop a plan to bridge the gap.
 2 Basic Types of Gap Analysis:
i. Technical Gap Analysis: Involves evaluating an organization's current technical
infrastructure, identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions.
ii. Business Gap Analysis: Involves evaluating an organization's current business processes,
identifying any areas where they fall short of the capabilities required to fully utilize
cloud-based solutions.
 Plan of Action and Milestones (POA&M):
o Outlines the specific measures to address each vulnerability.
o Allocate resources.
o Set up timelines for each remediation task that is needed.

Zero Trust - CompTIA Security+ SY0-701 - 1.2


Zero Trust: Demands verification for every device, user, and transaction within the network,
regardless of its origin. To create a zero trust architecture, we need to use two different planes:
i. Control Plane: Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and system access
within an organization. It typically encompasses several key elements: Adaptive Identity
(Relies on real-time validation that takes into account the user's behavior, device,
location, and more).
ii. Data Plane:
  Threat Scope Reduction: Limits the users’ access to only what they need for
their work tasks because this reduces the network’s potential attack surface.
Focused on minimizing the "blast radius" that could occur in the event of a
breach.
 Policy-Driven Access Control: Entails developing, managing, and enforcing user
access policies based on their roles and responsibilities.
 Secured Zones: Isolated environments within a network that are designed to
house sensitive data. Ensures the policies are properly executed.
o Data plane consists of the following:
 Subject/System: Refers to the individual or entity attempting to gain access.
 Policy Engine: Cross-references the access request with its predefined policies.
 Policy Administrator: Used to establish and manage the access policies.
 Policy Enforcement Point: Where the decision to grant or deny access is actually
executed.

Physical Security - CompTIA SY0-701 Security+ - 1.2

python /home/kali/Hacx-GPT/main.py

Deception and Disruption - CompTIA Security+SY0-701 - 1.2


Deceptive and Disruption Technologies: Technologies designed to mislead, confuse, and divert
attackers from critical assets while simultaneously detecting and neutralizing threats
o Honeypots: Decoy system or network set up to attract potential hackers
o Honeynets: Network of honeypots to create a more complex system that is designed to
mimic an entire network of systems, including servers, routers, and switches
o Honeyfiles: Decoy file placed within a system to lure in potential attackers
o Honeytokens: Piece of data or a resource that has no legitimate value or use but is
monitored for access or use

 Honeypots: Decoy systems to attract and deceive attackers
 Honeynets: Network of decoy systems for observing complex attacks
 Honeyfiles: Decoy files to detect unauthorized access or data
breaches
 Honeytokens: Fake data to alert administrators when accessed or
used

Change Management - CompTIA Security+ SY0-701 - 1.3

Technical Change Management - CompTIA Security+ SY0-701 - 1.3
--------------------------------------------------------------------------------------------------------------------------------
Public Key Infrastructure - CompTIA Security+ Sy0-701 - 1.4
the plain text is encrypted with alice public key and it get us the ciphertext. now if a
hacker has the public key and the ciphertext he cant decrypt it unless he has alice
private key
 Public Key Infrastructure (PKI)
o Framework managing digital keys and certificates for secure data transfer
Cryptographic Solutions
 Cryptography
o Practice and study of writing and solving codes
 Encryption to hide information's true meaning
o Encryption
 Converts plaintext to ciphertext
 Provides data protection at rest, in transit, and in use
o Data States
 Data at Rest
 Inactive data on storage devices
 Data in Transit
 Moving across networks
 Data in Use
 Currently undergoing change
o Algorithm and Key
 Algorithm (Cipher)
 Performs encryption or decryption
 Key
o Essential for determining cipher output
o Key Strength and Rotation
 Key Length
 Proportional to security
 Key Rotation
 Best practice for security longevity
 o Symmetric and Asymmetric Encryption
 Symmetric
 Uses same key for encryption and decryption
 Asymmetric
 Uses a pair of keys for encryption and decryption
o Symmetric Algorithms
 DES
 Triple DES
 IDEA
 AES
 Blowfish
 Twofish
 Rivest Cipher
o Asymmetric Algorithms
 Diffie-Hellman
 RSA
 Elliptic Curve Cryptography
o Hashing
 Converts data into fixed-size string (digest) using hash functions
 Algorithms
o MD5
 SHA Family
 RIPEMD
 HMAC
o Public Key Infrastructure (PKI)
 Framework managing digital keys and certificates for secure data
transfer
o Digital Certificates
 Electronic credentials verifying entity identity for secure
communications
o Blockchain
 Decentralized, immutable ledger ensuring data integrity and
transparency
o Encryption Tools
 TPM
 HSM
 Key Management Systems
 Secure Enclave
o Obfuscation
 Steganography
 Tokenization
 Data Masking
o Cryptographic Attacks
 Downgrade Attacks
  Collision Attacks
 Quantum Computing Threats
Symmetric vs Asymmetric
 Symmetric Encryption
o Uses a single key for both encryption and decryption
 Often referred to as private key encryption
 Requires both sender and receiver to share the same secret key
 Offers confidentiality but lacks non-repudiation
 Challenges with key distribution in large-scale usage
 More people means more sharing of the keys
o Asymmetric Encryption
 Uses two separate keys
 Public key for encryption
 Private key for decryption
 Often called “Public Key Cryptography”
 No need for shared secret keys
 Commonly used algorithms include Diffie-Hellman, RSA, and Elliptic
Curve Cryptography (ECC)
 Slower compared to symmetric encryption but solves key distribution
challenges
o Hybrid Approach
 Combines both symmetric and asymmetric encryption for optimal
benefits
 Asymmetric encryption used to encrypt and share a secret key
 Symmetric encryption used for bulk data transfer, leveraging the shared
secret key
 Offers security and efficiency
o Stream Cipher
 Encrypts data bit-by-bit or byte-by-byte in a continuous stream
 Uses a keystream generator and exclusive XOR function for encryption
 Suitable for real-time communication data streams like audio and video
o Often used in symmetric algorithms
o Block Cipher
 Breaks input data into fixed-size blocks before encryption
 Usually 64, 128, or 256 bits at a time
 Padding added to smaller data blocks to fit the fixed block size
 Advantages include ease of implementation and security
 Can be implemented in software, whereas stream ciphers are often
used in hardware solutions