1
Q
What is it and what is the goal? TSR & UDT
Zero Trust
A
Demands verification for every device, user and transaction regardless of its origin
The goal is to achiecve Threat Scope Reduction
2
Q
To create a zero trust architecture we must use 2 planes.
Control Plane vs Data Plane
A
Control Plane: The communication used to control and configure a network take place on the Control Plane
Data Plane: The communications used by end users and software to communicate with eachother take place on the Data Plane. The Data Plane contains all of the systems that carry out the work of the organisation
Seperating the control and data plane reduces the likelhood of an attacker being able to reconfigure the network by accessing the control plane
3
Q
2 key elements
Control plane elements
A
- Policy Engine: Decides whether to grant access to a resource for a given subject. The Policy Engine uses enterprise policy to grant, deny or revoke access to the resource
- Policy Administator: Responsible for communicating the desicion made by the Policy Engine to the tools on the network that enforce the desicions, known as the Policy Enforcement Point
4
Q
4 elements
Data Plane elements
SSEP
A
Data Plane contains all of the systems that carry out the work of the organisation. The core elements are…
- Subject: User who wants to access a reosurce
- Sytem: The system used by the user to access the resource
- Enterprise Resource: User wants to access a file, server or service
- Policy Enforcement Point: Determines whether to allow access - this is the only system that crosses both the control and data plane as it must recieve the instructions from the Policy Administrator to enforce it on the data plane
5
Q
Policy Desicion Point
A
Together Policy Engine and Policy Administator are known as Policy Desicion Point
6
Q
Secure Access Service Edge (SASE)
A
Closely realted to Zero Trust that brings together networking and security functions - delivers them as an integrated cloud service.
Adds more security measures such as Intrustion Prevention Systems and Data Loss Prevention etc.
CompTIA Security + (SY0-701)
flashcards
Decks in class (238)
# Cards
-
Section 2.5 Threats and Vulnerabilities3
-
Section 2.6 Confidentiality3
-
Section 2.7 Integrity3
-
Section 2.8 Availability5
-
Section 2.9 Non-Repudiation4
-
Section 2.10 Authentication4
-
Section 2.11 Authorisation2
-
Section 2.12 Accounting3
-
Section 2.13 Security control categories5
-
Section 2.14 Security control types7
-
Section 2.15 Gap Analysis5
-
Section 2.16 Zero Trust6
-
Section 3.18 Threat Actor4
-
Section 3.19 Threat Actor Attributes3
-
Section 3.20 Unskilled Attackers3
-
Section 3.21 Hacktivists6
-
Section 3.22 Organised Crime5
-
Section 3.23 Nation State Actor7
-
Section 3.24 Insider Threats4
-
Section 3.25 Shadow IT3
-
Section 3.26 Threat Vectors and Attack Surfaces9
-
Section 3.27 Outsmarting Threat Actors8
-
Section 4.29 Physical Security: Fencing and Bollards4
-
Section 4.30 Attacking with Brute Force4
-
Section 4.31 Surveillance Systems6
-
Section 4.32 Bypassing Surveillance Systems6
-
Section 4.33 Access Control Vestibule's5
-
Section 4.34 Door Locks4
-
Section 4.35 Access Badge cloning3
-
Section 5.37 Social Engineering Motivation Triggers8
-
Section 5.38 Impersonation5
-
Section 5.39 Pretexting1
-
Section 5.40 Phishing Attacks7
-
Section 5.41 Preventing Phishing Attacks4
-
Section 5.42 Conducting an Anti-Phishing attack1
-
Section 5.43 Frauds and Scams6
-
Section 5.44 Influence Campaigns3
-
Section 5.45 Other Social Engineering Attacks9
-
Section 6.46 Malware3
-
Section 6.47 Viruses12
-
Section 6.48 Worms3
-
Section 6.49 Trojans2
-
Section 6.51 Ransomware4
-
Section 6.52 Zombies and Botnets5
-
Section 6.53 Rootkits9
-
Section 6.54 Backdoors and Logic Bombs3
-
Section 6.55 Keylogger4
-
Section 6.56 Spyware and Bloatware5
-
Section 6.57 Malware Attack Techniques10
-
Section 6.58 Indications of Malware attacks9
-
Section 7.60 Data Protection and Classifications8
-
Section 7.61 Data Ownership9
-
Section 7.62 Data States6
-
Section 7.63 Data Types9
-
Section 7.64 Data Sovereignty4
-
Section 7.65 Securing Data8
-
Section 7.66 Data Loss Prevention (DLP)5
-
Section 8.68 Cryptographic Solutions: Symmetric v Asymmetric3
-
Section 8.69 Symmetric vs Asymmetric5
-
Section 8.70 Symmetric Algorithms6
-
Section 8.71 Asymmetric Algorithms7
-
Section 8.72 Hashing9
-
Section 8.73 Increasing Hash Security6
-
Section 8.74 Public Key Infrastructure (PKI)4
-
Section 8.75 Digital Certificates17
-
Section 8.77 Blockchain7
-
Section 8.78 Encryption Tools5
-
Section 8.79 Obfuscation3
-
Section 8.80 Cryptographic Attacks10
-
Section 9.81 Risk Management6
-
Section 9.82 Risk Assessment Frequency6
-
Section 9.83 Risk Identification and Analysis7
-
Section 9.84 Risk Register12
-
Section 9.85 Qualitative Risk Analysis3
-
Section 9.86 Quantitative Risk Analysis6
-
Section 9.87 Risk Management Strategies6
-
Section 9.89 Risk Monitoring and Reporting8
-
Section 10.90 Third-party Vendor Risks & Supply Chain Risks6
-
Section 10.91 Supply Chain Attacks3
-
Section 10.92 Vendor Assessment9
-
Section 10.93 Vendor Selection and Monitoring5
-
Section 10.94 Contracts and Agreements8
-
Section 11.95 Governance and Compliance10
-
Section 11.96 Governance4
-
Section 11.97 Governance Structures6
-
Section 11.98 Policies7
-
Section 11.99 Standards5
-
Section 11.100 Procedures4
-
Section 11.101 Governance Considerations4
-
Section 11.102 Compliance11
-
Section 11.103 Non-compliance Consequences6
-
Section 12.104 Asset and Change Management2
-
Section 12.105 Acquisition and Procurement7
-
Section 12.106 Mobile Asset Deployments4
-
Section 12.107 Asset Management10
-
Section 12.108 Asset Disposal and Decommissioning12
-
Section 12.109 Change Management7
-
Section 12.110 Change Management process9
-
Section 12.111 Technical Implications of Changes7
-
Section 12.112 Documenting Changes6
-
Section 13.113 Audits and Assessments6
-
Section 13.114 Internal Audits and Assessments10
-
Section 13.115 Performing an Internal Assessment5
-
Section 13.116 External Audits and Assessments7
-
Section 13.117 Performing an External Assessment4
-
Section 13.118 Penetration Testing5
-
Section 13.119 Reconnaissance in Pentesting7
-
Section 13.120 Performing a Basic PenTest1
-
Section 113.121 Attestation of Findings7
-
Section 14.122 Cyber Resilience and Redundancy4
-
Section 14.123 High Availability9
-
Section 14.124 Data Redundancy9
-
Section 14.126 Capacity Planning5
-
Section 14.127 Powering Data Centers10
-
Section 14.128 Data Backups11
-
Section 14.129 Continuity of Operations Plan7
-
Section 14.130 Redundant Site Considerations12
-
Section 14.131 Resilience and Recovery Testing7
-
Section 15.133 Security Architecture: On Premise vs The Cloud19
-
Section 15.134 Cloud Security16
-
Section 15.135 Virtualisation and Containerisation11
-
Section 15.136 Serverless7
-
Section 15.137 Microservices9
-
Section 15.138 Network Infrastructure4
-
Section 15.139 Software-defined Network (SDN)5
-
Section 15.140 Infrastructure as Code (IaC)8
-
Section 15.141 Centralised vs Decentralised Architectures14
-
Section 15.142 Internet of Things (IoT)7
-
Section 15.143 ICS and SCADA13
-
Section 15.144 Embedded Systems10
-
Section 16.146 Security Infrastructure: Ports and Protocols37
-
Section 16.147 Firewalls11
-
Section 16.148 Configuring Firewalls7
-
Section 16.149 IDS and IPS9
-
Section 16.150 Network Appliances5
-
Section 16.151 Port Security13
-
Section 16.152 Securing Network Communications19
-
Section 16.153 SD-WAN and SASE11
-
Section 16.154 Infrastructure Considerations7
-
Section 16.155 Selecting Infrastructure Controls17
-
Section 17.156 Identity and Access Management (IAM) Solutions6
-
Section 17.157 Identity and Access Management (IAM)10
-
Section 17.158 Multi-factor Authentication11
-
Section 17.159 Password Security18
-
Section 17.160 Password Attacks9
-
Section 17.161 Single Sign-On (SSO)7
-
Section 17.162 Federation9
-
Section 17.163 Privileged Access Management (PAM)4
-
Section 17.164 Access Control Models7
-
Section 17.165 Assigning Permissions7
-
Section 18.166 Vulnerabilities and Attacks2
-
Section 18.167 Hardware Vulnerabilities13
-
Section 18.168 Bluetooth Vulnerabilities and Attacks16
-
Section 18.169 Mobile Vulnerabilities and Attacks7
-
Section 18.170 Zero-day Vulnerabilities4
-
Section 18.171 Operating System Vulnerabilities6
-
Section 18.172 SQL and XML Injections10
-
Section 18.174 XSS and XSRF18
-
Section 18.175 Buffer Overflow6
-
Section 18.176 Race Conditions9
-
Section 19.178 Malicious Activity: and Distributed Denial of Service14
-
Section 19.179 Domain Name System (DNS) Attacks6
-
Section 19.180 Directory Traversal Attack5
-
Section 19.181 Execution and Escalation Attacks11
-
Section 19.182 Replay Attacks5
-
Section 19.183 Session Hijacking7
-
Section 19.184 On-path Attacks10
-
Section 19.185 Injection Attacks4
-
Section 19.186 Indicators of compromise (IoC)10
-
Section 20.188 Hardening: and Changing Default Configurations4
-
Section 20.189 Restricting Applications8
-
Section 20.190 Unnecessary Services1
-
Section 20.191 Trusted Operating Systems5
-
Section 20.192 Updates and Patches6
-
Section 20.193 Patch Management5
-
Section 20.194 Group Policies8
-
Section 20.195 SELinux Policies17
-
Section 20.196 Data Encryption Levels7
-
Section 20.197 Secure Baselines6
-
Section 21.199 Security Techniques: and Wireless Infrastructure Security7
-
Section 21. 200 Wireless Security Settings18
-
Section 21.201 Application Security7
-
Section 21.202 Network Access Control (NAC)9
-
Section 21.203 Web and DNS Filtering8
-
Section 21.204 Email Secuirty9
-
Section 21.205 Endpoint Detection and Response10
-
Section 21.206 User Behaviour Analytics6
-
Section 21.207 Selecting Secure Protocols8
-
Section 22.209 Vulnerability Management: & Identifying Vulnerabilities13
-
Section 22.210 Threat Intelligence Feeds7
-
Section 22.211 Responsible Disclosure Programs3
-
Section 22.212 Analysing Vulnerabilities11
-
Section 22.213 Conducting Vulnerability Scans1
-
Section 22.214 Assessing Vulnerability Scan Reports1
-
Section 22.215 Vulnerability Response and Remediation6
-
Section 22.216 Validating Vulnerability Remediation7
-
Section 22.217 Vulnerability Reporting5
-
Section 23.219 Alerting and Monitoring: & Monitoring Resources11
-
Section 23.220 Alerting and Monitoring Activities11
-
Section 23.221 Simple Network Management Protocol (SNMP)14
-
Section 23.222 Security Information and Event Management (SIEM)10
-
Section 23.223 Data from Security Tools7
-
Section 23.224 Security Content Automation and Protocol (SCAP)12
-
Section 23.225 Network and Flow Analysis12
-
Section 23.226 Single Pane of Glass7
-
Section 24.228 Incident Response: & Incident Response Process18
-
Section 24.229 Threat Hunting6
-
Section 24.230 Root Cause Analysis7
-
Section 24.231 Incident Response Training and Testing5
-
Section 24.232 Digital Forensic Procedures11
-
Section 24.233 Data Collection Procedures6
-
Section 24.234 Disk Imaging and Analysis1
-
Section 25.236 Investigating an Incident: & Investigate data15
-
Section 25.237 Dashboards3
-
Section 25.238 Automated Reports12
-
Section 25.239 Vulnerability Scans5
-
Section 25.240 Packet Captures2
-
Section 25.241 Firewall Logs1
-
Section 25.242 Application Logs0
-
Section 25.243 Endpoint Log0
-
Section 25.244 OS-specific Security Logs0
-
Section 25.245 IPS/IDS Logs1
-
Section 25.246 Network Logs0
-
Section 25.247 Metadata2
-
Section 26.248 Automation and Orchestration6
-
Section 26.249 When to Automate and Orchestrate6
-
Section 26.250 Benefits of Automation and Orchestration8
-
Section 26.251 Automating Support Tickets5
-
Section 26.252 Automating Onboarding7
-
Section 26.253 Automating Security5
-
Section 26.254 Automating Application Development5
-
Section 26.255 Integrations and APIs7
-
Section 27.257 Security Awareness: & Recognising Insider Threats7
-
Section 27.258 Objective 5.6 Password Managers4
-
Section 27.259 Avoiding Social Engineering10
-
Section 27.260 Policy and Handbooks10
-
Section 27.261 Remote and Hybrid Work Environments4
-
Section 27.262 Creating a Culture of Security7
