CASP Domain 1: Enterprise Security

March 16, 2018 by Fakhar Imam

Enterprise Security falls under the first domain of the CompTIA Advanced Security Practitioner (CASP) exam, version CAS-002, and contributes 30% to the overall percentage of the exam. Below is the comprehensive description of essential Enterprise Security concepts for CASP candidates.

What Do I Need to Know About Cryptographic Concepts and Techniques for CASP?

The underlying sections spell out some indispensable cryptographic concepts and techniques that you need to know for the CASP exam.

Key stretching: This technique is used to thwart brute-force attacks by making password generation system more secure. Password generation works by converting a weak password into a longer and more random key, which is a more daunting task to crack. Key stretching is used with several functions, such as WiFi Protected Access (WPA), WPA2, GNU Privacy Guard (GPG), and Pretty Good Privacy (PGP).

Hashing: Hashing is another cryptographic technique that generates (using a hash function) a hash value, checksum value, or message digest for a particular data object. Hashing is aimed at maintaining data integrity and making authentication control more effective. Modern hash functions include Message Digest 5 (MD5), MD6, and SHA hashes family that encompasses SHA-1, SHA-2, and SHA-3.

Code signing: This is a process of digitally signing scripts and executable programs to confirm the legitimacy of software authors. Moreover, code signing also proves that the code has not been tampered or altered.

Pseudorandom number generation: Pseudorandom number generation is an algorithm that utilizes mathematical formulas to generate sequences of random numbers that are often used in probability and statistical applications.

Perfect Forward Secrecy: This technique makes sure that a session key obtained from a set of keys cannot be stolen or compromised if one of the keys is stolen in the future.

Transport Encryption: This cryptographic technique ensures that data isn’t compromised through sniffing attacks when it’s in transit over a network. Transport transcription can be provided through IPsec, SET, SSH, HTTP/HTTPS/SHTTP, and SSL/TLS security mechanisms.

Digital Signature: This is a mathematical technique used for the authentication, integrity, and non-repudiation of digital documents or messages.

Entropy and Diffusion: In cryptography, entropy is the unpredictability or randomness of the plaintext message. Applying entropy to the plaintext message will neutralize the structure that’s present in that insecure plaintext message. On the other hand, diffusion is used to change the location of a plaintext within a cipher-text.

Confusion and Non-repudiation: This is the act of changing the key value on the eve of each round of encryption in order to conceal a statistical connection between a cipher-text and a plaintext. Non-repudiation ensures that the sender cannot deny the sending of a message and the receiver, likewise, cannot deny receiving the message.

Confidentiality and Integrity: Confidentiality prevents unauthorized disclosure of data to malicious actors, whereas Integrity protects data and information from damage or a deliberate change.

Chain of Trust/Root of Interest: This is a hierarchical root-of-interest model that is used when organizations implement Public Key Infrastructure (PKI). The Root-of-interest model involves three components, including Registration Authorities (RA), Certificate Authorities (CA), and central directory management system.

Cryptographic Applications and Proper/Improper Implementation: Cryptographic applications must be up-to-date with latest security patches, hotfixes, and service packs.

Advanced PKI Concepts: Advanced PKI Concepts may include wild card, OCSP vs. CRL, issuance to entities, users, systems, applications, and key escrow.

Steganography: This is the act of concealing a message within other non-secret data or text.

Implications of cryptographic methods and design: When implementing cryptography, enterprises must consider its implications, including stream ciphers, block ciphers, modes, Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), known flaws, and strength vs. performance vs. feasibility vs. interoperability.

Cryptographic Implementations: CASP professionals must understand some vital cryptographic implementations, including Digital Rights Management (DRM), GNU Privacy Guard, watermarking, Secure Shell (SSH), Secure Sockets Layer (SSL), and Secure Multipurpose Internet Mail Extensions (S/MIME).

What Do I Need to Know About Security Implications Associated With Enterprise Storage?

Below are the concepts that define security implications associated with enterprise storage.

Storage types: There are various storage types where enterprises’ and individuals’ data can be stored. These storage types include cloud storage, virtual storage, data archiving, data warehousing, Storage Area Networks (SAN), Network Attached Storage (NAS), and Virtual Storage Area Networks (vSAN).

Secure Storage Protocols: These require strong knowledge of Internet Small Computer System Interface (iSCSI), Fiber Channel over Ethernet (FCoE), Network File System (NFS), and Common Internet File System (CIFS).

Secure storage management: A storage solution must be managed securely regardless of whether it’s physical or virtual. The methods for secure management of a storage solution include multipath, deduplication, snapshot, LUN masking/mapping, dynamic disk pools, offsite or multisite replication, HBA allocation, and encryption.

What Do I Need to Know About Network and Security Components, Concepts, and Architecture for CASP?

In order to feel ready for the test, you will need to know following vital concepts regarding network and security components, concepts, and architecture.

Advanced Network Design: Whether wired or wireless networks, recent advances in their design incorporate remote access that can be secured through VPN, SSH, RDP, VNC, and SSL. Other advanced network design components encompass IPv6 and associated transitional technologies, transport encryption, network authentication methods, 802.1x, and mesh networks.

Security devices: Implementing a secure network requires the strong understanding of the security devices (both hardware and software based) and their capabilities. These devices are related to Unified Threat Management (UTM) and include network firewalls, gateway anti-spam and antivirus, content filtering, load balancing, and data leak prevention. Other critical security devices include NIPS, NIDS, In-line Network Encryptor (INE), Security Information and Event Management (SIEM), Hardware Security Modules (HSM), placement of devices, and application and protocol-aware technologies (such as Web Application Firewall {WAF}, NextGen Firewall, IPS, Passive Vulnerability Scanner, and Database Security Monitors {DSMs}).

Virtual networking and security components: These components involve switches, firewalls, proxies, routers, and wireless controllers.

Complex network security solutions for data flow: There are two complex network security solutions for data flow. They are called SSL Inspection and Network Flow Data.

Secure configuration and baselining of networking and security components: Doing so requires a consistent change process and some methods to restrict administrative access to security devices. For this purpose, the CASPs should have the knowledge of Access Control Lists (ACLs), change monitoring, configuration lockdown, and availability controls.

Software-defined networking: This involves three planes to form the network architecture. These planes include control plane, data plane, and management plane.

Cloud-managed Networks: Cloud-managed networks are based on three popular cloud service models. These service models include Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).

Network management and monitoring tools: These tools include NIDS, NIPS, audit tools, and protocol analyzers. NIDS use several methods including Signature-based detection, statistical anomaly-based detection, and stateful protocol analysis detection.

Advanced configuration of routers, switches, and other network devices: When performing advanced configuration on routers, switches, and other networks, security professionals must consider some security concerns, including transport security, trunking security, and route protection.

Security Zones: Security zones are created when a network is designed. The essential security zones for the CASP exam include data-flow enforcement, Demilitarized Zone (DMZ), and separation of critical assets.

Network Access Control (NAC): NAC involves a vital security solution, called Quarantine/Remediation. A network device that fails its examination is placed in the restricted network until the Remediation solution resolves the issue.

Operational and consumer network-enabled devices: In addition to the security of common infrastructural devices (such as switches, routers, and firewalls), CASP professionals also provide security to some specialized devices, including IP video, sensors, HVAC controllers, building automation systems, A/V systems, and scientific/industrial equipment.

Critical Infrastructure/Supervisory Controls and Data Acquisition/Industrial Control Systems (ICS): These incorporate a variety of control systems that are used in industrial productions. For example, Supervisory Control and Data Acquisition (SCADA) is a widely-used control system architecture.

What Do I Need to Know Regarding Security Controls for Hosts?

The following security controls are vital for hosts, and you must understand them for your CASP exam.

Trusted OS: A trusted OS is a hardened system that is fully protected and doesn’t provide any potential avenues to malicious actors.

Endpoint Security Software: Endpoint security of the hosts can only be accomplished if each computing device on a network is protected with an effective security software that includes antivirus, anti-malware, anti-spyware, patch management, spam filters, data loss prevention, HIPS/HIDS, host-based firewalls, and log monitoring.

Host Hardening: Host hardening can be achieved through standard operating environment or configuration baselining (such as application whitelisting and blacklisting), security/group policy implementation, command shell restrictions, patch management, configuring dedicated interfaces (such as out-of-band NICs, ACLs, Management Interface, and data interface), full disk encryption, and peripheral restrictions (such as USB, Bluetooth, and Firewire).

Security advantages and disadvantages of virtualized servers: In this section, the CASP student will learn Type 1 Hypervisor, Type II Hypervisor, and container-based virtualization.

Cloud augmented security services: In the evolving world of cybercrimes, storing sensitive data on cloud environments can be dangeous. Prevention measures involve hash matching (such as antivirus, anti-spam, and vulnerability scanner), sandboxing, and content filtering.

Bootloader protection: This encompasses secure booting, measured launch, integrity measurement architecture (IMA), and BIOS/UEFI.

Vulnerability associated with co-mingling of hosts with different security requirements: When several guest systems are virtualized, they share a common host machine that may raise security issues such as VM escape, privilege elevation, live VM migration, and data remnants.

In addition to the aforementioned security controls, there are still more important security controls for hosts, including virtual desktop infrastructure (VDI), Terminal Services/application delivery services, TPM, VTPM, and HSM.

What Do I Need to Know about Application Vulnerability and Appropriate Security Controls for CASP?

The underlying sections define some critical concepts regarding application vulnerability and appropriate security controls for your CASP exam.

Web application security design consideration: There are three methods for web application security design. These include Secure by Design, Secure by Default, and Secure by Deployment.

Specific application issues: CASP candidates must understand some specific application issues, including Cross-Site Request Forgery (CSRF), click-jacking, input validation, session management, improper error and exception handling, SQL injection, improper storage of sensitive data, privilege escalation, improper storage of sensitive data, secure cookie storage and transmission, fuzzing/fault injection, memory leaks, buffer overflow, race conditions, integer overflows, geo-tagging, resource exhaustion, and data remnants.

Application security framework: This involves three core concepts, including standard libraries, industry-accepted approaches, and web services security (WS-security).

Client-side processing vs. server-side processing: Developing a web application requires two important questions to be answered, including what information will be processed on the client-side (browser) and what will be processed on the server-side. Answering these questions requires a strong understanding of JSON/REST, browser extension (such as ActiveX, Java Applets, and Flash), HTML5, AJAX, SOAP, state management, and JavaScript.

Some other indispensable security controls for CASP exam include secure coding standards, Database Active Monitor (DAM), and Web Application Firewalls (WAF).

Where Should I Focus My Time Studying?

Though passing CASP exam sometimes feels like undoing a Gordian knot, acquiring the proper study and training and studying the appropriate material will more likely than not lead you to accomplish your cherished goal of a CASP credential. Candidates should focus their time studying CompTIA’s official material, which receives the CompTIA Authorized Quality Curriculum (CAQC) seal. Here is a CASP Resources article that includes everything you need to know in this regard.

InfoSec’s CASP Boot Camp—Your First Bet

Do you want to take the CompTIA CASP exam? Fortunately, InfoSec Institute offers a uniquely designed CASP Boot Camp for the candidates aspiring for CASP examination. The goal of this course is to provide IT experts with the most comprehensive accelerated environment for the CASP exam.

InfoSec also offers thousands of articles on a variety of security topics.

Posted: March 16, 2018
Articles Author
Fakhar Imam
View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *