This is by no means a comprehensive curriculum for the security+, just bits and pieces of notes for topics that I am not familiar with.
Domains:
- Attacks, Threats, and Vulnerabilities - 24%
- Architecture and Design - 21%
- Implementation - 25%
- Operations and Incident Response - 16%
- Governance, Risk, and Compliance - 14%
##
Acronyms: CA - Certificate Authority DRP - Disaster Recovery Plan BCP - Business Continuity Plan IRP - Incident Response Plan
PII (Personally Identifiable Information) harvesting - the act of collecting personal information from individuals, typically without their knowledge or consent. This can be accomplished through various means such as phishing emails, social engineering, malware or even through legitimate-looking forms and websites.
IoC (Indicator of Compromise) - a piece of information, often technical in nature, used to detect malicious activities or security incidents. Examples of IoCs include known malicious iP addresses, file hashes of malware, or unusual outbound traffic patterns.
RFC (Request for Comments) - a type of publication that describe methods, behaviors, research, or innovations applicable to the working of Internet and Internet-connected systems. Can be produced by IETF (Internet Engineering Task Force), as well as other standard organizations. RFCs provide a detailed, formalized way to introduce and discuss Internet standards and protocols like TCP/IP, SMTP, and HTTP.
CVE (Common Vulnerabilities and Exposures) - a standardized identifier for publicly known cybersecurity vulnerabilities. Managed by the MITRE Corporation, the CVE system provides a way for security researchers and practitioners to identify, discuss, and manage vulnerabilities in a consistent manner. Each CVE entry includes an identification number, a description, and at least one public reference. This makes it easier for people to share data across separate vulnerability management and security tools in a consistent way. CVEs can be imported into security information and event management (SIEM) systems, vulnerability scanners, and other security tools to help manage the vulnerability lifecycle.
NVD (National Vulnerability Database) - is a U.S. government repository of standards-based vulnerability management data. It is maintained by the National Institute of Standards and Technology (NIST) and provides a comprehensive and centralized source of information on cybersecurity vulnerabilities. The NVD includes databases of security checklists, security-related software flaws, misconfigurations, product names, and impact metrics, often supplementing CVE entries with additional data. The NVD often provides CVSS scores of vulnerabilities, and can be used as a data feed for SIEM systems, vulnerability management systems, and other security tools.
CVSS (Common Vulnerability Scoring System) - is an industry-standard metric used to measure the severity and impact of computer security vulnerabilities. CVSS provides a quantitative score reflecting the potential risk associated with a vulnerability, helping organizations prioritize remediation efforts based on the risks they are most exposed to. The CVSS score ranges from 0 to 10, with higher numbers indicating greater severity.
DBA (Database Administrator) - a role responsible for the installation, configuration, upgrading, administration, monitoring, maintenance, and security of databases in an organization. DBAs are responsible for defending against common database security threats like SQL injection.
DBaaS (Database as a Service) - a cloud service that provides users with some form of access to a database without the need for physical hardware and database administration. The cloud services provider takes care of step, maintenance, backups, and scaling. this model allows organizations to focus more on the application logic rather than the underlying database management tasks.
AIS (Automated Indicator Sharing) - an initiative by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) aimed at enabling the real-time exchange of cyber threat indicators between the government and the private secure. AIS seeks to provide a platform for sharing actionable information to help participants defend against cyber threats more effectively.
OSINT (Open Source Intelligence) - refers to the process of collecting and analyzing publicly available information from various sources such as newspapers, government publications, social media platforms, websites, and more. OSINT is used by intelligence agencies, cybersecurity analysts, and even marketing teams to gather information that can inform strategic decisions, security postures, or market analysis.
STIX (Structured threat Information eXpression) - a language for describing cyber threat information in a standardized and structured manner. STIX allows organizations to share threat intelligence in a way that can be easily understood and processed by human and machines alike. It covers a wide array of threat information, including indicators, tactics, techniques, and procedures (TTPs), incidents and more.
TAXII / TAXIITM (Trusted Automated eXchange of Indicator Information) - a protocol designed for the automated changes of cyber threat information. TAXII defines a set of services and message exchanges that, when implemented, enable sharing of actionable threat information across organization and product/service boundaries. TAXII is often used in tandem with STIX to facilitate the sharing of structured threat information.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of email. It allows you to secure email messages in a way that ensure the confidentiality, integrity, and authenticity of the email content. S/MIME is built upon the MIME standard and adds security features like encryption and digital signatures to email messages, making it more secure than plain text or MIME-only emails.
RFC (Request for comments) - a publication from the technology community that descibes various aspects, including protocols, procedures, methods, and systems, related to the Internet and networking.
RFQ (Request for Quotation) is a business document that organizations use to request vendors to provide a quote for the cost of goods or services.
RFI (Request for Information) is a business document used by organizations to collect information from potential suppliers or vendors.
RFP stands for “Request for Proposal,” and it is a formal document that organizations use to solicit bids from potential vendors for a specific project or solution.
TTP stands for “Tactics, Techniques, and Procedures.” It is a term commonly used in cybersecurity and military contexts to describe the specific methods employed by cyber adversaries.
IPS stands for Intrusion Prevention System. It is a critical component in network security designed to detect and prevent known and unknown threats.
MaaS stands for “Monitoring as a Service”,
SSH stands for Secure Shell. It is a cryptographic network protocol for secure data communication, remote command-line login, and remote command execution.
TLS stands for Transport Layer Security. It is a cryptographic protocol designed to provide secure communications over a computer network, such as the internet. TLS is the successor to SSL (Secure Sockets Layer) and is commonly used to secure web traffic, though it can secure other types of data transmissions as well
SSL stands for Secure Sockets Layer, and it is a cryptographic protocol that secures communications over a network.
IPsec (Internet Protocol Security) is a suite of protocols that adds a layer of security to Internet Protocol (IP) communications. It works by encrypting and/or authenticating each IP packet in a data stream. IPsec can operate in two modes: Transport Mode, where only the payload of the IP packet is encrypted, and Tunnel Mode, where the entire IP packet is encrypted and then encapsulated in a new IP packet. IPsec is often used for Virtual Private Networks (VPNs) to secure the communication between sites over the internet.
PGP (Pretty Good Privacy) is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for encrypting and decrypting texts, emails, files, directories, and disk partitions to increase the security of email communications. It uses a combination of symmetric-key cryptography and public-key cryptography.
FTP, HTTP, IMAP, POP, SMTP, and Telnet are all examples of cleartext (unencrypted) network protocols. Cleartext protocols transmit data in an unencrypted form, making it easier for attackers to eavesdrop on the data being transmitted over the network.
SIEM stands for Security Information and Event Management. It is a comprehensive solution that provides real-time analysis of security alerts generated by various hardware and software infrastructure in an organization
SOAR stands for Security Orchestration, Automation, and Response.
A proxy server acts as an intermediary between a client and a server, forwarding requests and responses between the two. Proxy servers are used for various purposes, including security, load balancing, data caching, and anonymity.
Unified Communications (UC) server is a system that integrates various real-time communication services such as voice calling, video conferencing, instant messaging, and data sharing into a single platform. UC servers aim to enhance productivity and streamline communication by enabling users to use multiple forms of communication via a single interface.
An Industrial Control System (ICS) server is a specialized server designed to manage and control industrial operations. ICS servers are commonly used in critical infrastructure like power plants, water treatment facilities, manufacturing, and oil and gas refineries. These servers interact with field devices such as sensors, actuators, and PLCs (Programmable Logic Controllers) to monitor and control physical processes.
An Industrial Control System (ICS) server is a specialized server designed to manage and control industrial operations. ICS servers are commonly used in critical infrastructure like power plants, water treatment facilities, manufacturing, and oil and gas refineries. These servers interact with field devices such as sensors, actuators, and PLCs (Programmable Logic Controllers) to monitor and control physical processes.
Simple Network Management Protocol (SNMP) is a protocol used for managing devices on IP networks. It’s commonly used for gathering information from and configuring network devices, such as servers, printers, switches, and routers. SNMP operates over UDP (User Datagram Protocol) and is part of the TCP/IP protocol suite.
PCAP (Packet CAPture) refers to the capturing of network packets in order to inspect them and diagnose network behaviors. The term is often used to refer to the data files where this packet data is stored. These files can be analyzed using tools like Wireshark or tcpdump. The .pcap file extension is standard for these types of files.
HIPS stands for Host-based Intrusion Prevention System. It is a security software or hardware application that runs on individual hosts or devices on a network. HIDS stands for Host-based Intrusion Detection System.
NIDS stands for Network-based Intrusion Detection System. Unlike HIDS (Host-based Intrusion Detection System), which operates on individual hosts, NIDS monitors the traffic across an entire network.
IMAP stands for Internet Message Access Protocol. It’s a standard email protocol that stores email messages on a mail server and allows the end user to view and manipulate the messages as though they were stored locally on their device.
MSSP stands for Managed Security Services Provider. An MSSP is a company that offers specialized outsourced services to manage various aspects of an organization’s information security program.
MSP stands for Managed Service Provider. An MSP is a company that remotely manages a customer’s IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.
The term “Fog computing” refers to a local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.
In client-server model, the term “Thin client” refers to a networked computer equipped with the minimum amount of hardware and software components. As opposed to thick client, which runs applications locally from its own hard drive, thin client relies on network resources provided by a remote server performing most of the data processing and storage functions.
Containerization is a lightweight form of virtualization that involves encapsulating an application and its dependencies into a “container.” This allows the application to be run consistently across various computing environments.
Microservices, or the microservices architecture, is an architectural style that structures an application as a collection of loosely coupled, independently deployable services. Each microservice typically focuses on a specific business functionality and can be developed, deployed, and scaled independently.
VPC (Virtual Private Cloud): A VPC is a virtual network in a public cloud environment that is logically isolated from other virtual networks. A VPC is the cloud equivalent of a traditional on-premises data center.
The term “VM sprawl” is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls.
The term “VM escape” refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.
Code obfuscation is a technique used to make the source code more difficult to read or understand. The logic of the code remains the same, but it becomes hard to reverse-engineer. Obfuscation might rename variables or functions with meaningless labels, rearrange the execution flow of the code, or use other techniques to complicate the code, but it doesn’t encrypt it.
TOTP stands for Time-Based One-Time Password. It is an algorithm that computes a one-time password from a shared secret key and the current time. TOTP is widely used for Two-Factor Authentication (2FA) and is an extension of the OTP (One-Time Password) mechanism.
An authenticator application is a software that generates additional authentication token (in the form of a random code) used in multi-step verification process.
CRC (Cyclic Redundancy Check): This is a method used in computing to detect accidental changes to raw data.
FAR (False Acceptance Rate): This is the correct answer. The False Acceptance Rate is a measure of how often the biometric system incorrectly identifies an unauthorized user as a legitimate one.
FRR (False Rejection Rate): This is a measure of how often the biometric system incorrectly rejects an access attempt by an authorized user.
CER (Crossover Error Rate): This is a point where the False Acceptance Rate and False Rejection Rate are equal. It is often used as a summary measure of a system’s overall accuracy but is not specifically a measure of the likelihood of incorrect acceptance of unauthorized users.