Please enable JavaScript.
Coggle requires JavaScript to display documents.
CompTIA Security+ Chapter 5 (Secure Systems Design (Hardware &…
CompTIA Security+ Chapter 5
Secure Systems Design
OS
Trusted operating system
Master Image
Resiliency and Automation Strats
Group Policy; security templates
Secure Baseline and Integrity Measurements
Patch Management & Change Management
Applications
Whitelisting and blacklisting
Unauthorized Software and Compliance Violations
malware
license compliance violations; misusing cdkeys
Secure Staging and Deployment
Sandboxing
chroot
Staging environments: Development, Test, Staging, Production
Peripheral Safety
Hardware & Firmware Security
Full disk encryption (FDE)
Self-encrypting drives (SEDs)
Unified Extensible Firmware Interface (UEFI) & BIOS
EMP & EMI
Trusted Platform Module (TPM)
Hardware Security Module (HSM)
Cloud Computing
Cloud vs On-premise vs Hosted
SaaS(Software), PaaS(Platform), Iaas(Infrastructure)
Security Responsibilities for each of these.
Security as a Service
Cloud Access Security Broker (CASB)
Cloud Deployment Models:
Public
Private
Community
Hybrid
Mobile Devices Security
Deployment Models
Company owned
Company owned, Personally enabled
BYOD
ChooseYOD
Virtual Desktop Infrastructure (VDI)
Connection Methods
Cellular
WiFi
SATCOM
Bluetooth
NFC (Near Field Coms)
ANT (proprietary wireless protocols, fitbit)
Infrared
USB
Mobile Device Management (MDM)
Microsoft System Center Configuration Manager (SCCM, also known as ConfigMgr)
Manage: Apps, encryption, storage, Containerization,
Remote Wipe
Authentication: Geofencing,
Context-aware Authenication
, Push notifications
Unauthorized Software
Third-Party app store
Jailbreaking
Firmware OTA updates
Custom Firmware
Sideloading
Short Message Service (SMS) and Multimedia Messaging Service (MMS).
MDM Controlling:
Hardware (camera, mic, USB OTG)
Connections - tethering(share internet), Wi-Fi Direct(no internet)
Embedded Systems
Weaknesses
Vulnerabilities not often patched
Set to default configs
Examples:
Smart TV
Internet of Things (IoT)
Wearable Technology
Microchips in pets / people
Home Automation
Camera Systems
System on a chip (SoC)
Industrial control system (ICS)
Supervisory Control and Data Acquisition (SCADA)
Protecting Data
Encyption (covered already)
Strong access controls
Database column encrypting (selective encrypt)
File and folder level encryption
GNU Privacy Guard (GnuPG / GPG), linux
Encrypting File System (EFS), windows
Linux Permissions
chmod (change mode)
Permissions: r, w, x (
4,2,1
)
Add numbers
to combine permissions
Windows Permissions
Read
Read & Execute
Write
Modify (r,x,w & delete)
Data loss prevention (DLP)
Selectively prevent user from copy/print files
data exfiltration
DLP monitors
outgoing
data
Cloud-based DLP