Gibson Security Plus

Confidentiality, integrity, availability

Describes a goal that an organization wants to achieve. Engineers use it in systems analysis and software development to identify and clarify requirements to achieve the goal.

A software development life cycle model that focuses on interaction between customers, developers, and testers. Compare with waterfall.

Ensures that unauthorized entities cannot access data. Encryption and access controls help protect against the loss of it.

A process that scrambles, or ciphers, data to make it unreadable. Normally includes a public algorithm and a private key. Compare with asymmetric and symmetric encryption.

A strong symmetric block cipher that encrypts data in 128-bit blocks. Can use key sizes of 128 bits, 192 bits, or 256 bits.

Information about individuals that can be used to trace a person's identity, such as a full name, birth date, biometric data, and more.

It is designed to protect systems from unauthorized access in order to preserve data integrity

The process in which a user claims an identity, by providing such information as a username.

Process that occurs when a user proves an identity, such as with a password.

The process of granting access to resources for users who's prove their identity (such as with a username and password). Based on identity

The practice of hiding data within data. For example, it's possible to embed text files within an image, hiding them from casual users. It is one way to obscure data to hide it.

An attempt to make something unclear or difficult to understand. It hides data within data.

One of the three main goals of information security known as the CIA security triad. It provides assurance that data or system configurations have not been modified. Audit logs and hashing are two methods used to ensure it's preserved. Compare with availability and confidentiality.

A number created by executing a type of algorithm against data, such as a file or message. It's commonly used to preserve integrity. Common algorithms of this type; are MD5, SHA-1, and HMAC.

A hashing function/ algorithm used to provide integrity. It creates 128-bit hashes, which are also referred to a type of checksums. Experts consider it cracked.

A hashing function/ algorithm used to provide integrity. There are several versions include

A hashing algorithm/ function used to verify integrity and authenticity of a message with the use of a shared secret. It is typically combined with another hashing algorithm such as SHA.

It provides integrity similar to how a hash is used.

A 48-bit address used to identify network interface cards. It is also called a hardware address or a physical address.

An access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). It restricts access based on a need to know.

An encrypted hash of a message, encrypted with the sender's private key. It provides authentication, non-repudiation, and integrity.

It is a data file that identifies individuals or organizations online and is comparable to a digital signature

The ability to prevent a party from denying an action. Digital signatures and access logs provide non-repudiation.

A group of technologies used to request, create, manage, store, distribute, and revoke digital certificates.

One of the three main goals of information security known as the CIA security triad. Ensures that systems and data are up and operational when needed. Compare with confidentiality and integrity.

The process of adding duplication to critical system components and networks to provide fault tolerance.

The capability of a system to suffer a fault, but continue to operate. Said another way, the system can tolerate a system failure as if it never occurred.

A component within a system that can cause the entire system to fail if this component fails.

Fault-tolerant disks, such as RAID-1 (mirroring), RAID-5 (striping with parity), and RAID-10 (striping with a mirror), allow a system to continue to operate even if a disk fails.

Failover clusters include redundant servers and ensure a service will continue to operate, even if a server fails. In a failover cluster, the service switches from the failed server in a cluster to an operational server in the same cluster.

The process of distributing data transfer activity evenly so that no single device is overwhelmed.

If a site can no longer function due to a disaster, such as a fire, flood, hurricane, or earthquake, the organization can move critical systems to an alternate site. The alternate site can be a hot site (ready and available 24/7), a cold site (a location where equipment, data, and personnel can be moved to when needed), or a warm site (a compromise between a hot site and cold site).

If personnel back up important data, they can restore it if the original data is lost. Data can be lost due to corruption, deletion, application errors, human error, and even hungry gremlins that just randomly decide to eat your data.

Uninterruptible power supplies (UPSs) and power generators can provide power to key systems even if commercial power fails.

an alternative power supply device that protects against the loss of power and fluctuations in the power level by using battery power to enable the system to operate long enough to back up critical data and safely shut down

Heating, ventilation, and air conditioning (HVAC) systems improve the availability of systems by reducing outages from overheating.

Heating, ventilation, and air conditioning. A physical security control that increases availability by regulating airflow within data centers and server rooms.

The process used to keep systems up to date with current patches. It typically includes evaluating and testing patches before deploying them.

The possibility or likelihood of a threat exploiting a vulnerability resulting in a loss. Compare with threat and vulnerability.

Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. Compare with risk and vulnerability.

A weakness. It can be a weakness in the hardware, the software, the configuration, or even the users operating the system.

An adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization's information technology (IT) systems and data.

The process of reducing risk by implementing controls. Security controls reduce risk by reducing vulnerabilities associated with a risk, or by reducing the impact of a threat.

Security controls implemented through technology.

Software that protects systems from malware. It protects against most malware, including viruses, Trojans, worms, and more.

They monitor a network or host for intrusions and provide ongoing protection against various threats.

A software or a network device used to filter traffic. Firewalls can be application-based (running on a host), or network-based. Stateless firewalls filter traffic using rules within an ACL. Stateful firewalls filter traffic based on its state within a session.

A security principle that specifies that individuals and processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more.

Security controls implemented via administrative or management methods.

A process used to identify and prioritize risks. It includes quantitative risk assessments and qualitative risk assessments.

It attempts to discover current vulnerabilities or weaknesses.

A method of testing targeted systems to determine if vulnerabilities can be exploited. These are intrusive tests.

It's importance in reducing risks cannot be overstated. It helps users maintain password security, follow a clean desk policy, understand threats such as phishing and malware, and much more.

It uses baselines to ensure that systems start in a secure, hardened state.

The goal is to reduce the overall impact on the organization if an outage occurs.

Physical media such as USB flash drives, external and internal drives, and backup tapes.

This includes physical controls, such as cameras and door locks, and environmental controls, such as heating and ventilation systems.

Security controls that you can physically touch.

is a part of the U.S. Department of Commerce, and it includes a Computer Security Division hosting the Information Technology Laboratory (ITL). The ITL publishes Special Publications (SPs) in the 800 series that are of general interest to the computer security community. Many IT security professionals use these documents as references to design secure IT systems and networks.

Security controls that attempt to prevent a security incident from occurring.

It is the practice of making a system or application more secure than its default configuration. This uses a defense-in-depth strategy with layered security.

Ensuring that users are aware of security vulnerabilities and threats helps prevent incidents. When users understand how social engineers operate, they are less likely to be tricked.

Guards prevent and deter many attacks. For example, guards can prevent unauthorized access into secure areas of a building by first verifying user identities.

Policy ensures that user accounts are disabled when an employee leaves. This prevents anyone, including ex-employees, from continuing to use these accounts.

Security controls that attempt to detect security incidents after they have occurred.

records details of activity on systems and networks

Monitoring of logs to detect trends.

examines the security posture of an organization. Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide (p. 73). Kindle Edition.

A closed-circuit television (CCTV) system can record activity and detect what occurred.

Many alarm systems can detect motion from potential intruders and raise alarms.

Procedures that ensure administrators can recover a system after a failure.

Used to secure portable computers, external hard drives, and other portable pieces of hardware to a table or other object.

Other locks such as locked doors securing a wiring closet or a server room also deter attacks.

A technology that allows you to host multiple virtual machines on a single physical system. Different types include Type I, Type II, and application cell/container virtualization.

The software that creates, runs, and manages the VMs. Several virtualization technologies currently exist, including VMware products, Microsoft Hyper-V products, and Oracle VM VirtualBox.

The physical system hosting the VMs. It requires more resources than a typical system, such as multiple processors, massive amounts of RAM, fast and abundant hard drive space, and one or more fast network cards.

Operating systems running on the host system

Refers to the ability to resize computing capacity based on the load.

Hypervisor that runs directly on the system hardware. They are often called bare-metal hypervisors because they don't need to run within an operating system.

Hypervisor that runs as software within a host operating system. For example, the Microsoft Hyper-V hypervisor runs within a Microsoft operating system.

AKA application containers. A virtualization technology that runs services or applications within isolated containers. Each container shares the kernel of the host.

The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages.

Security controls that attempt to discourage individuals from causing a security incident.

Security controls that are alternative controls used when a primary security control is not feasible.

Security controls that attempt to reverse the impact of a security incident.

A copy of a virtual machine (VM) at a moment in time. If you later have problems with the VM, you can revert it to the state it was in when you took the snapshot. Some backup programs also use it to create a copy of data at a moment in time.

Users access a server hosting virtual desktops and run the desktop operating system from the server.

A method used in virtual desktops where changes made by a user are not saved. Most (or all) users have the same desktop. When users log off, the desktop reverts to its original state.

Software that simulates the hardware of a physical computer, creating one or more logical machines within one physical machine.

An attack that allows an attacker to access the host system from within a virtual machine. The primary protection is to keep hosts and guests up to date with current patches.

A vulnerability that occurs when an organization has many VMs that aren't properly managed. Unmanaged VMs are not kept up to date with current patches. Compare with system sprawl.

A command-line tool used to test connectivity with remote systems.

A command-line tool and a command-line command used on Linux systems or on Window systems to show and manipulate settings on a network interface card (NIC).

A command-line tool used to show network statistics on a system.

This is the normal state for the data transfer phase of a connection. It indicates an active open connection

System action that indicates the system is waiting for a connection request. The well-known port a system is conducting this action on indicates the protocol

This indicates the system is waiting for a connection termination request. •

This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.

This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN,

This indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake

A command-line tool used to trace the route between two systems.

A command-line tool used to show and manipulate the Address Resolution Protocol (ARP) cache.

A command-line tool used to connect to remote systems.