6.3 KiB
6.3 KiB
SEC-1: Security Controls
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.1 Security controls
What You Need To Know
Security controls reduce risk. Core 2 expects you to match the control to the problem.
Main groups:
- Physical security controls
- Physical access controls
- Logical security controls
- Authentication and access management
- Data and device management controls
Memory Trick
Use P-L-A-D:
- Physical: stop bodies, cars, theft, and entry
- Logical: permissions, trust, and network/software rules
- Authentication: prove who you are
- Data/device controls: protect data and managed devices
MFA factors:
- Know: password, PIN
- Have: smart card, key fob, phone, token
- Are: fingerprint, face, retina
- Where: location
Physical Security Controls
Bollards:
- Posts/barriers that stop vehicles.
- Exam clue: prevent cars/trucks from reaching a building.
Access control vestibule:
- Two-door controlled entry area.
- One door opens while the other remains locked.
- Exam clue: prevent tailgating or control one-person-at-a-time entry.
Badge reader:
- Reads magnetic stripe, RFID, NFC, or similar badge.
- Exam clue: employee door access or time clock.
Video surveillance/CCTV:
- Cameras and recording.
- Exam clue: monitor entrances, review incidents, license plates, faces, motion.
Alarm systems:
- Door/window/fence circuits, motion detection, duress buttons.
- Exam clue: alert when perimeter or protected area is breached.
Locks:
- Conventional key, deadbolt, electronic PIN, token-based, biometric, multifactor.
Equipment locks:
- Lock racks, cabinets, laptops, or devices.
Guards and access lists:
- Human verification of ID and visitor access.
- Often includes visitor log.
Fences and lighting:
- Fences create perimeter.
- Lighting deters attackers and improves camera visibility.
Magnetometers:
- Detect metal objects.
- Exam clue: weapons screening.
Physical Access Factors
Key fob:
- Small RFID/proximity key.
Smart card:
- Certificate-based card, usually part of MFA.
Mobile digital key:
- Phone acts as key for building, hotel, car, or office.
Biometrics:
- Fingerprint, retina, palm, face, or voice.
- Strong but not easily changed if compromised.
Logical Security Controls
Least privilege:
- Users get only the access needed to do their job.
- Exam clue: reduce damage from mistakes or malware.
Zero Trust:
- Trust nothing automatically.
- Verify users, devices, apps, and requests continuously.
ACL:
- Access Control List.
- Allows or denies traffic or file access based on rules.
Authentication and Access
MFA:
- Multi-factor authentication.
- Requires two or more different factor types.
OTP:
- One-time password.
- Used once for a login/session.
TOTP:
- Time-based one-time password.
- Common authenticator app code that changes every 30 seconds.
SMS/voice codes:
- Codes sent by text or phone call.
- Better than password only, but weaker than authenticator apps or hardware tokens.
Authentication app:
- Generates codes or push approvals.
SAML:
- Security Assertion Markup Language.
- Standard for authentication/authorization between identity provider and service.
SSO:
- Single sign-on.
- Authenticate once and access multiple approved resources.
Just-in-time access:
- Grants elevated/admin access only temporarily.
- Exam clue: reduce standing admin privileges.
PAM:
- Privileged Access Management.
- Broader system for controlling, vaulting, auditing, and granting privileged access.
Data and Device Controls
MDM:
- Mobile Device Management.
- Centrally manages phones/tablets/laptops, policies, screen lock, apps, wipe, and BYOD controls.
DLP:
- Data Loss Prevention.
- Detects/prevents sensitive data from leaving approved locations.
- Exam clue: block SSNs, credit cards, medical records, or confidential files from being emailed/uploaded.
IAM:
- Identity and Access Management.
- Gives the right access to the right identities at the right time.
Directory services:
- Central database of users, computers, groups, printers, and resources.
- Windows example: Active Directory.
Commands To Enter
Windows:
whoami
What it does:
- Shows the current signed-in user.
whoami /groups
What it does:
- Shows groups for the current user.
- Useful for checking whether the user has elevated group membership.
whoami /priv
What it does:
- Shows privileges assigned to the current user.
net user
What it does:
- Lists local user accounts.
net localgroup
What it does:
- Lists local groups.
net localgroup administrators
What it does:
- Shows members of the local Administrators group.
- Use this to check for excessive admin access.
Linux:
whoami
What it does:
- Shows current user.
id
What it does:
- Shows user ID, group ID, and group membership.
groups
What it does:
- Shows groups for the current user.
sudo -l
What it does:
- Shows what commands the current user can run with
sudo, if allowed.
macOS, if available:
whoami
id
groups
What it does:
- Shows user and group identity information.
Mini Lab
Goal:
- Identify authentication factors and local privilege level.
Windows:
- Run
whoami. - Run
whoami /groups. - Run
whoami /priv. - Run
net localgroup administrators. - Record whether your user appears to have admin rights.
Linux:
- Run
whoami. - Run
id. - Run
groups. - Run
sudo -l. - Record whether your user has sudo/admin rights.
Physical control walk-through:
- Pick a building you know.
- Identify one physical control, such as lock, camera, guard, badge reader, or lighting.
- Identify what risk it reduces.
- Identify what it does not protect against.
Scenario practice:
- A user needs admin access for 30 minutes to patch a server. Which control fits?
- A company wants to stop credit card numbers from being emailed. Which control fits?
- A company wants all phones to require PINs and allow remote wipe. Which control fits?
Quick Check Before Quiz
You are ready for the SEC-1 quiz when you can answer these without looking:
- What does least privilege mean?
- What is the difference between SSO and MFA?
- What does DLP protect against?
- What does MDM manage?
- What is just-in-time access?
- Which physical control stops vehicles?