CompTIA Security+ Chapter 4: Network Security

High-Availability Network

• A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.

Secure Access to Internal Resources

• A bastion host is a special-purpose server that provides secure access to internal resources while minimizing traffic allowed through the security boundary.
• A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.
• It can be configured to allow only certain types of traffic and block all other traffic.
• It can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic.

Compensating Control

• A compensating control is a security measure that mitigates the risk of a vulnerability or weakness that cannot be resolved by the primary control.
• It does not prevent or eliminate the vulnerability or weakness, but reduces the likelihood or impact of an attack.
• Example: A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses is a compensating control.

Disaster Recovery Plan

• A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore normal operations of an organization in the event of a system failure, natural disaster, or other emergency.

Bug Bounty Program

• A bug bounty program is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system.
• It is used by companies to improve their security posture and incentivize ethical hacking.

Smishing Attack

• Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information.

Shadow IT

• Shadow IT refers to the use of unauthorized or unapproved IT resources within an organization.
• Example: A marketing department setting up its own project management software without telling the appropriate departments.

Endpoint Log

• An endpoint log is a file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or smartphone.
• It can provide valuable data for security analysts, such as the processes running on the device, the network connections established, the files accessed or modified, and the user actions performed.

Content Filter

• A content filter is a device or software that blocks or allows access to web content based on predefined rules or categories.
• Example: A content filter blocking a new retail website because it is mistakenly categorized as gambling.

Chain of Custody

• Chain of custody is the process of documenting and preserving the integrity of evidence collected during an incident response.
• It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored.

Safety Controls

• Safety controls are security controls that are designed to protect human life and physical assets from harm or damage.
• Example: Safety controls should be designed to fail open in case of an emergency.

Vulnerability Scanning Report

• A vulnerability scanning report provides information about potential vulnerabilities in a system or network.
• Example: A report showing an open Telnet port with a high severity vulnerability, but further testing reveals that the Telnet server supports encryption, making it a false positive.