Академический Документы
Профессиональный Документы
Культура Документы
¡ SSH allows secure access to resources at the command line on TCP Port 22.
configura on in user's browsers. They transparently inspect and filter user content by
applying rules on routers and firewalls.
¡ RDP or Remote Desktop Protocol allows secure access to resources using a GUI on
¡ Reverse proxies cache, filter, and load balance web traffic for web server farms.
TCP Port 3389.
¡ Open proxies bypass firewalls and content inspec on by using SSL on firewall friendly
¡ VNC or Virtual Network Compu ng GUI insecure access to a remote computer and
generally should not be used. VNC by default uses a TCP port range in the low TCP Port 443 to allow computer users to conceal their ac ons from web servers, ISPs
5800s to the low 5900s. and cable providers.
¡ SSL or Secure Sockets Layer can be used in a Secure Sockets Tunneling Protocol
Complex security solu ons for network data flow
¡ SSL inspec on decrypts, inspects, and then re-encrypts SSL traffic before it is sent to
(SSTP) VPN using firewall friendly TCP Port 443. SSTP requires no setup and can be
its des na on for the purposes of data loss preven on, Internet content filtering, and
used on a kiosk computer.
network intrusion preven on.
¡ IPv6 and associated transi onal technologies. To block IPv6 when there is no IPv6
¡ Network flow data collects IP network traffic as it enters or exits an interface to
rou ng into or out of the network block UDP port 3544 at the firewall. IPv6
determine the source and des na on of traffic, class of service, and the causes of
CompTIA CASP Certification
Exam CAS-002
Control Systems (ICS) can be protected by firewalls, separate VLANs, and intrusion opera ng system such as Windows or Hypervisor (Type 1)
preven on systems. Patching may require recer fica on. UNIX. This is used on desktops for Server
tasks such as training and patch
1.4 Given a scenario, select and troubleshoot security controls for hosts tes ng.
APP
Trusted OS provides mul level security and mandatory access control. Security Enhanced ¡ Container-based hypervisor isolates APP
Linux (SELinux) is a trusted OS implementa on used to prevent malicious or suspicious the guests but doesn't virtualize the Dependencies Dependencies
code from execu ng. hardware. You are generally limited to
End point security so ware includes the following: running the host OS in the virtualized Guest Guest
¡ An -malware so ware includes the following programs / program features: an -virus, container. Container virtualiza on has OS OS
latest an virus defini ons, and which also scans email a achments at the email be used to thwart distributed denial of Hypervisor (Type 2)
gateway. service a acks. Host OS
¡ An -spyware - Spyware transmits Personal Iden fiable Informa on (PII) from your ¡ Hash matching is used in an -virus Server
computer to Internet sites without your knowledge. Spyware nega vely affects so ware, an -spam so ware,
confiden ality. vulnerability scanning, and in
¡ Spam filters - Spam is unwanted email with adver sing. An an -spam solu on signature based intrusion detec on APP 1 APP 1
prevents unsolicited email messages from entering the company's network. SPAM can and intrusion protec on systems. APP 1
Dependencies
APP 1
Dependencies
APP 2
also be blocked at the email gateway. ¡ Sandboxing isolates an applica on so APP 1 APP 1 APP 2
Dependencies Dependencies Dependencies
¡ Patch management - A patch fixes bugs in their programs, addresses security it cannot edit opera ng systems files
APP 1 APP 1 APP 2
problems, or adds func onality. A hot fix is patch that fixes a cri cal issue. Hot fixes are or other files on the user's hard disk Dependencies Dependencies Dependencies
not fully tested. A service pack is a fully tested set of patches. and cannot write data outside of the Container Container Container
stop a process or applica on from launching. content based on website or email Host OS
¡ Data loss preven on (DLP) systems monitor and protect data whether it is at rest, in content. Sites on hacking, adult sites, Server
use, or in mo on. DLP techniques include content inspec on, and analysis of sites with malware, and sites that
transac ons within a centralized management framework. could be used for data exfiltra on
CompTIA CASP Certification
Exam CAS-002
Domain 2.0 Risk Management and Incident Response (Exam Coverage 18%)
¡ The level of risk, depends on what can be done with the data and on how important it
2.1 Interpret business and industry influences and explain associated security risks is that the data remain private.
Risk management of new products, new technologies and user behaviors will limit new
¡ Integrity refers to the risk that data could be modified by unauthorized people. An
a ack vectors.
example is the modifica on of payroll informa on for an organiza on, which could
New or changing business models/strategies must be evaluated for necessary data flows
lead to an employee being paid more than intended.
and the most secure means to join networks.
¡ Partnerships/Outsourcing - Before undertaking a partnership or outsourcing, ¡ Availability refers to the risk that data or services cannot be used when needed. For
management must careful consider the security impact of the change. The addi onal example, if an e-commerce site is down due to equipment failure or malicious a ack,
risk exposure and the cost of mi ga ng may make the change unwise. a company can lose sales and revenue.
¡ Cloud - Security drawbacks of cloud compu ng are loss of physical control over data, Determine minimum required security controls based on aggregate score. If different
and blended systems and data. tables in a database have different CIA values then the highest value in each category is
determines the overall database CIA score.
Extreme scenario planning/worst case scenario. If a risk is unlikely, but would put an
Cloud Compu ng Benefits and Disadvantages organiza on out of business, then it should be mi gated.
Conduct system specific risk analysis. The Agile project development model should
require an in-depth risk analysis before moving on to the next phase.
Benefits Session Protection Make risk determina on either qualita ve based in expect judgment or quan ta ve
based on a numerical analysis.
¡ Magnitude of impact. High impact events must be mi gated or avoided. SLE is Single
Loss Expectancy. SLE is the impact of the threat
¡ Likelihood of threat is ARO or Annual Rate of Occurrence
¡ ALE is Annual Loss Expectancy. ALE = SLE x ARO
¡ Return on investment (ROI) is the amount of money or benefit gained in rela on to
the amount of money spent is called return on investment.
¡ Total cost of ownership would include maintenance as well as acquisi on costs.
Recommend which strategy should be applied based on risk appe te. Strategies for
addressing risk fall into four general categories: mi gate, transfer, accept, and avoid.
¡ Avoid show stopping risks.
¡ Transfer risks using SLAs, insurance, and partnerships such as NATO.
¡ Mergers can be dangerous, because companies must integrate differing technology
¡ Mi gate risks using controls such as firewalls, DLP, and intrusion protec on systems.
pla orms and security controls, streamline security responsibili es and repor ng, and
review the handling of sensi ve data. ¡ Accept low level risks when the cost to mi gate is greater than the cost of loss.
¡ Dives tures must insure a clean break between companies when security controls are Risk management processes
¡ Exemp ons to risks must be carefully weighed, because of unintended consequences
maintained. Confiden ality agreements should be signed.
¡ Deterrence is exemplified in a warning to another na on that if they hack our power
Security concerns of integra ng diverse industries should be addressed with a risk
assessment so that each organiza on is aware of the other organiza on's risk por olio. grid, then we either respond in turn, or bomb their power grid.
This risk assessment should look at the following: ¡ Inherent risk is innate in ac vity, such as connec ng to the Internet, driving, or even
¡ Rules concerning what is and isn't allowed by each of the separate companies.
breathing the air that others breathe. It is generally accepted as a cost of doing
business.
¡ Policies that outline the high-level security objec ves of the separate companies.
¡ Residual risk is what is le a er an organiza on has mi gate all the risks that their
Generally the policies that offer the highest security should be adopted.
budget allows.
¡ Regula ons and standards that will apply to the parent company as a result of a
merger. These might include PCI, SAS 70 and/or HIPAA standards. Enterprise Security Architecture (ESA) framework provides a more formalized
methodology is needed that can take business drivers, capabili es, baselines, and
¡ Geography - A company to be acquired that is located in Europe would subject the
reusable pa erns into account
parent company based in the USA to European Union (EU) business related
Con nuous improvement/monitoring. If security was perfect today, only con nuous
compliance and regulatory requirements monitoring and improvement can make sure that new a acks are thwarted.
Ensuring third party providers have requisite levels of informa on security. This should Business Con nuity Planning (BCP) provides for quick resump on of cri cal business
be included in a SLA and a non-disclosure agreement. func ons a er a disaster.
Internal and external influences include the following: Compe tors, auditors/audit
findings, regulatory en es, internal and external client requirements, and new ini a ves
by top level management.
Impact of de-perimeteriza on (e.g. constantly changing network boundary) – Defense in Business Con nuity Plan (BCP) Life Cycle
depth must be implemented with host based firewalls and intrusion preven on systems.
¡ Telecommu ng
¡ Cloud compu ng is elas c, on-demand, and can save money. But the company loses
full control over their data
Blended systems and data add complexity which can reduce security.
¡ BYOD risks should be reduced by encryp ng data in transit for remote access and
implemen ng NAC to limit insecure devices access.
¡ Outsourcing agreements should include security clauses such as the right to audit. A
review should be conducted of the outsourcing provider's security policies, procedures
and relevant hos ng cer fica ons.
Domain 4.0 Integration of Computing, Communications and Business Disciplines (Exam Coverage 15%)
4.1 Given a scenario, facilitate collabora on across diverse business units to achieve
security goals security policies
Interpre ng security requirements and goals to communicate with stakeholders from ¡ Cloud-based collabora on should be encrypted. Implement NAC to limit insecure
other disciplines devices access to a company cloud.
¡ Sales staff are high value targets for compe tors as they usually know corporate plans, Remote access - Encrypt data in transit for remote access. Implement NAC to limit
roadmaps, and new products. insecure devices access.
¡ Programmers are responsible for secure coding that is baked-in and code review. Mobile device management or MDM. To ensure that the so ware will not be modified
¡ Database administrators have access to confiden al data such as corporate financials, by a third party or end users before being installed on mobile devices implement remote
customer account PII. a esta on with applica on whitelis ng.
¡ BYOD should u lize an MDM solu on with encrypted containeriza on of company
¡ Network administrators maintain availability of servers, switches, routers, and security
data.
devices.
Over-the-air technologies concerns include downloading malicious apps that can track
¡ Management/execu ve management provide direc on and support for security
devices or and spying on the user. Also unencrypted data stored in SIM cards, SMS
policies and ini a ves.
phishing, and geoloca on of shared photos.
¡ Financial staff record and control of sensi ve informa on. They monitor cash flows and 4.3 Implement security ac vi es across the technology life cycle
look for irregulari es. End-to-end solu on ownership is exemplified by end-to-end encryp on for data transfer
¡ Human resources vet and help train new employees. In the vent an employee is using SSL tunneling so ware on the financial system used between company loca ons.
terminated, HR coordinates with IT security to ensure that employee access is ¡ Opera onal ac vi es include thwar ng threats and vulnerabili es during normal and
promptly terminated, abnormal computer opera ons.
¡ Emergency response team respond to, contain, and remediate security incidents and ¡ Commissioning of systems should not put a company on the bleeding edge of
share the solu ons. technology.
¡ Facili es manager controls HVAC and janitorial services. ¡ Decommissioning and asset disposal should include sani za on and destruc on of
¡ Physical security manager controls guards, locks, burglar alarm systems, and card sensi ve materials.
reader access control systems. ¡ Asset/object reuse. Before an asset is reused mul ple bit level overwrites should be
Provide objec ve guidance and impar al recommenda ons to staff and senior performed on the hard drive.
management on security processes and controls may be provided by third party audits ¡ General change management should involve a change management board that
and penetra on tes ng. approves significant changes.
Establish effec ve collabora on within teams to implement secure solu ons. This may Systems Development Life Cycle
mean job shadowing and/or crosschecks on applica on code. ¡ Security System Development Life Cycle (SSDLC)/Security Development Lifecycle (SDL)
IT governance includes Enterprise Security Architecture (ESA) frameworks that plan, SDLC creates so ware that is secure by design. The price of failure is costly and
allocate, and control informa on security resources that include people, processes, and disrup ve events.
technologies so that IT aligns with business needs.
¡ Security Requirements Traceability Matrix (SRTM) is a table that enumerates security
requirements and their associated security controls.
4.2 Given a scenario, select the appropriate control to secure communica ons and
collabora on solu ons ¡ Valida on and acceptance tes ng verified that the product or applica on meets the
Security of unified collabora on tools security as well as func onality requirements. Acceptance tes ng could be black box
¡ Web and video conferencing should ensure that desktop sharing is read only or access or white box or some combina on.
is ghtly controlled. ¡ Security implica ons of agile, waterfall and spiral so ware development
¡ Instant messaging might be limited to within an organiza on, encrypted, and archived. methodologies. These development models can be equally secure if security
¡ Remote assistance provide temporary control of emote computers to resolve issues. milestones coincide with func onal milestones and security is not an a erthought.
Authen ca on must be strong so an a acker is not granted access to an employee's Adapt solu ons to address emerging threats and security trends such as the rise of
computer. advanced persistent threats.
¡ Presence allows employees to see if another party is immediately available to chat.
Asset management includes inventory and classifica on of IT assets so they can be
properly protected.
¡ Email that is sensi ve should be digitally signed and encrypted using a program such as
Device tracking technologies can be used to spy on the user or to make sure that a user is
S/MIME, PGP, or GPG.
not misusing a company vehicle on company me.
¡ Telephony should be encrypted if sensi ve informa on is discussed. ¡ Geo-loca on/GPS loca on technologies enable tracking the real-world loca on of an
¡ VoIP can be secured using Secure Real- me Protocol (SRTP) by install a HIPS on the item. These technologies allow geotagging of loca ons of photographs,
Session Ini a on Protocol (SIP) servers and configuring 802.1q on the network. ¡ Object tracking and containment technologies
¡ Collabora on sites facilitate coopera on between organiza onal units and a be er ¡ Geo-tagging/geo-fencing cannot automa cally disable cameras within a facility or
understanding of their roles and responsibili es in effec ve informa on security. provide a no fica on that a package or user has arrived onsite.
¡ Social media is an ineffec ve solu on because its policies may not align with business ¡ RFID, beacons, and satellites can be used to perform geo-tagging.
© 2015 ExamForce, a Division of LearnForce Partners, LLC. All Rights Reserved. No part of this work may be reproduced, transcribed, or used in any form or by any means
graphic, electronic, or mechanical, including photocopying, recording, taping, web distribu on, or informa on storage and retrieval systems without the prior wri en permission
of the copyright holder. For more informa on visit our website at www.examforce.com or call 800-845-8569 (US and Canada) or (727) 507-9646 Int'l. Some of the product and
company names used in this work may be trademarks or registered trademarks of their respec ve owners and have been used for iden fica on purposes only.