Security+: Technologies and Tools - Proxy [DECOMMISSIONED ARTICLE]
NOTE: This article reflects an older version of the Security+ Exam – please see the current Security+ Certification page for the most up-to-date information.
The Security+ syllabus is updated every three years. Normally, the exam is denoted by a code consisting of a sequence of letters and numbers; for example, SY0-401 is the most recently outdated exam. During the revision, many changes have been made from the previous version to the most recent exam. This article covers the most recent changes leading to the current exam, the SY0-501. We will cover the changes related to proxies. We will look at how they were covered and how they are now covered, while also mentioning what candidates must know for the exam.
Exam Changes Overview
Between the two exams, SY0-401 and SY0-501, there is a significant overall change in the content. The new exam focuses on attacks, risk management, and hands-on skills using technologies and tools. As a result, the domains have been re-named and re-ordered to reflect cybersecurity trends as determined in the Security+ SY0-501 Job Task Analysis (JTA).
Under the previous exam (SY0-401), proxies were covered in the Network Security domain, specifically under section 1.1 Implement security configuration parameters on network devices and other technologies, which covered 20% of the overall exam, but is now currently found in the Technologies and Tools domain (22% of the overall exam) under section 2.2 Install and configure network components, both hardware and software-based, to support organizational security.
Compared to the previous exam, the most recent changes ensure that candidates are able to explain the concepts by translating them to real-life problems. This has been achieved by a 21% increase from the previous exam.
Exam Changes Comparison
There are various malicious motives for targeting organizations. They may include competitor companies that are out to obtain intellectual property from rival organizations (or execute espionage missions), rogue states that might sponsor attacks against certain industries that affect target organizations, or rogue employees who might want to cause havoc for a former employer. These and many other factors prompt security departments to take the strictest measures to ensure they do not fall victim to such attacks. Such measures include the installation and configuration of various security devices. CompTIA Security+ has been revised to ensure that the most recent changes are made to the exam to ensure it reflects with problems organizations face today. Let’s discuss some changes in how proxies are examined.
Emphasis in the older exam was primarily placed on various proxy technologies, functionality, efficiency, and security configuration. The following technology implementations were tested:
Caching proxies were discussed in detail. Candidates were required to understand how caching of information was done in order to ensure that bandwidth is reduced within the network so as to increase the overall network performance at the organization.
Explicit proxies were discussed. Candidates were examined on this mechanism, which allows applications to define the proxy server to connect to. They were required to understand the need for this type of proxies along with their advantages and disadvantages.
Transparent proxies allow applications to communicate on the network without having to explicitly configure a proxy. One thing candidates needed to know is that, with this proxy mechanism, problems may be encountered because the application isn't directly communicating with the Internet but is going through the proxy. The security concern here is that many applications (security applications within the network, for instance) may behave differently with transparent proxies. If, for instance, antivirus updates cannot be downloaded over a proxied network, then the purpose of having the proxy is defeated.
With the new exam, candidates are examined on their abilities to configure various proxies for security. These include explicit, transparent, forward, application, and reverse proxies and candidates are required to know the security threats posed by open proxies to organizations. The following security capabilities must be mastered by candidates preparing for the exam:
Caching makes it possible to locally store frequently requested content from the Internet, and this saves network bandwidth and improves the network’s response for clients making other requests.
Access control defines rules that regulate the permissions a client should have in accessing the internet. Certain sites may be blocked while others may be restricted for a specified amount of time. Organizations allow certain sites to be accessed only after working hours to increase productivity.
URL filtering allows certain characters (or input) to be properly sanitized to avoid abusing application security by injecting content that manipulates the application’s behavior. Attackers may perform attacks such as XSS or SQL injections just by injecting malicious code.
Content scanning allows for the proxy server to intercept traffic on transit and analyze it for malicious content such as virus payloads. This is one of the most important capabilities, especially with the rise of ransomware and APT attacks that organizations are facing.
The various types of proxies (transparent and explicit) and their configuration methods are also examined, as in the previous exam. Scenarios are also frequent now, with candidates expected to show problem-solving skills by determining the best types of proxies to be configured for each environment. Consider, for example, a proxy within the network that can be used to control the organization’s access to the internet. This type of configuration is known as a forward proxy and could allow a combination of other security mechanisms such as URL filtering to be performed at the proxy server.
The exact opposite of this configuration is a reverse proxy, where multiple users from the Internet connect into the organization and have their requests run through a proxy server and then channeled to the service they requested. This is done while at the same time ensuring that security is assured for the servers in the organization.
Candidates are also examined on yet another type of proxy known as an open proxy, in which a third party configures a proxy server on the internet. This kind of proxy is used to circumvent security mechanisms that prevent users within the network from accessing certain sites.
Different proxies are faced with different security implications. Open proxies, for example, may introduce security concerns within the organization’s network, since they allow for the bypassing of security infrastructure meant to protect users accessing the internet.
The new exam focuses on hands-on skills, going deeper into proxy configurations with the intention of ensuring that candidates master the different technologies available in the market. This revision also ensures that candidates spend more effort preparing for that what is relevant in combating today’s evolving cyber threats.