Security Forem

Cover image for CompTIA Security+ SY0-701 4.1 Study Guide: Application and Systems Hardening
Andrew Despres
Andrew Despres

Posted on

CompTIA Security+ SY0-701 4.1 Study Guide: Application and Systems Hardening

#comptia #securityplus #beginners #cybersecurity

CompTIA Security+ SY0-701: Application and System Hardening Study Guide

This guide provides a comprehensive synthesis of application security, system hardening, and secure wireless configuration, covering critical concepts for the CompTIA Security+ SY0-701 exam.

1. Application Security and Development

Application Security and Development

Developing and maintaining secure applications requires a balance between speed and security. Vulnerabilities often emerge when developers fail to account for malicious or unexpected input.

Input Validation and Testing

  • Input Validation: This is the process of ensuring that an application only accepts data in the expected format. If a field requires a five-digit zip code, the application should reject any input that is longer, shorter, or contains letters.
    • Real-World Comparison: Input validation is like a bank teller who only accepts a specific government-issued ID for a withdrawal; if you try to use a library card, the transaction is rejected.
  • Fuzzing: An automated testing process where "fuzzers" provide random or unexpected data to input fields to see if the application crashes or performs unexpectedly.
  • Cookies: Small data files stored in a browser to track sessions or personalize web pages. They are not executable but can contain sensitive session data.
    • Secure Attribute: Developers use this attribute to ensure cookies are only transmitted over encrypted HTTPS connections. Sensitive data should never be stored directly in a cookie.

Code Analysis and Integrity

  • Static Application Security Testing (SAST): Also known as static code analysis, this process involves running code through an analyzer to find vulnerabilities like buffer overflows or SQL injections without actually executing the program.
    • Note: SAST is not perfect; it can produce false positives and may miss implementation errors in areas like cryptography.
  • Code Signing: To ensure an application hasn’t been tampered with and truly comes from the stated developer, manufacturers use asymmetric encryption to digitally sign the code. If the signature is invalid during installation, the operating system alerts the user.

Sandboxing

Sandboxing isolates an application so it only has access to the data necessary for its function.

  • Development Sandboxes: These are isolated environments where developers test new code without affecting the production network.
  • Runtime Sandboxing: Modern operating systems use this to protect the system. For example, a mobile browser might see your bookmarks but be blocked from accessing your camera roll or personal photos.

2. Hardening Targets and Infrastructure

Hardening Targets and Infrastructure

"Hardening" is the process of securing a system by reducing its surface of vulnerability. Default configurations are rarely secure and must be modified.

General Hardening Techniques

  • Hardening Guides: Manufacturers and third parties often provide checklists for securing specific operating systems (OS) or applications.
  • Patching: Installing security updates to close known vulnerabilities. Many organizations use "Patch Tuesday" to test and deploy updates efficiently.
  • Software Removal: A critical best practice is to remove any unused software, as every application represents a potential entry point for an attacker.
  • Least Privilege: Configuring applications and users to have only the minimum access required to perform their functions.

Specialized Systems

List of specialized systems and their hardening focus

3. Secure Baselines

Secure Baselines

A security baseline is a set of standard configurations that must be applied every time a system or application is deployed.

  • Standardization: Using tools like Microsoft’s Security Compliance Toolkit (SCT) to push thousands of Group Policy settings to workstations.
  • Persistence: Baselines must be audited to ensure they remain in effect and updated when new vulnerabilities are discovered or when the OS is upgraded.

4. Wireless and Mobile Security

Wireless and Mobile Security

Wireless communication is inherently vulnerable because signals travel through the air, where they can be intercepted.

Wireless Monitoring

  • Site Surveys: Periodically checking the wireless spectrum to identify access points (SSIDs) and determine the best channels to avoid interference.
  • Heat Maps: Visual representations of signal strength. Yellow/red areas indicate strong signals, while blue areas indicate weak coverage.
  • Spectrum Analyzers: Tools that identify all signals on a frequency, not just those from Wi-Fi devices.

Mobile Deployment Models

  • BYOD (Bring Your Own Device): Employees use personal phones for work. Requires an MDM to partition corporate data from personal data.
  • COPE (Corporate Owned, Personally Enabled): The company provides the device, but the user can use it for personal tasks.
  • CYOD (Choose Your Own Device): Similar to COPE, but the employee chooses from a list of approved corporate devices.
  • MDM (Mobile Device Manager): A centralized tool used to push security policies (like screen locks), monitor devices, and manage data segmentation.

Wireless Encryption: WPA2 vs. WPA3

WPA2 (Wireless Protected Access 2) has been the standard for years, but it is vulnerable to brute-force attacks because it uses a four-way handshake that transmits a hash.

  • WPA3 Improvements:
    • GCMP (Galois Counter Mode Protocol): A stronger encryption and integrity check than WPA2.
    • SAE (Simultaneous Authentication of Equals): Also called the "Dragonfly Handshake." It uses a Diffie-Hellman key exchange to derive keys without sending hashes over the air, effectively stopping offline brute-force attacks.
    • Individual Session Keys: Even if everyone uses the same password (PSK), WPA3 provides each user with a unique session key, meaning they cannot see each other's traffic.

5. AAA Framework and Access Control

AAA Framework and Access Control

Network Access Control (NAC) ensures only authorized users can connect to the network, typically using the 802.1X standard.

The AAA Framework

  1. Identification: Claiming an identity (usually a username).
  2. Authentication: Proving you are who you say you are (password).
  3. Authorization: Determining what resources you are allowed to access.
  4. Accounting: Logging metrics, such as login time, data used, and logout time.

Key Protocols

  • RADIUS (Remote Authentication Dial-In User Service): A common protocol for centralized authentication. When you log into a VPN or a corporate Wi-Fi, your credentials are sent to a RADIUS server.
  • 802.1X: A framework for port-based NAC. It uses three roles:
    • Supplicant: The user/device trying to join.
    • Authenticator: The device you connect to (e.g., a switch or access point).
    • Authentication Server: The back-end server (RADIUS/AAA) that validates credentials.
  • EAP (Extensible Authentication Protocol): A flexible framework used within 802.1X to pass authentication information between the supplicant and the authentication server.

Securing an environment is a continuous cycle of hardening targets, establishing secure baselines, and monitoring wireless and application behaviors. As you move forward in your Security+ studies, remember that security is not a single product but a layered approach involving configuration, testing, and centralized management.

Top comments (0)