Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CompTIA CASP+ CAS-004 Certification Guide

You're reading from   CompTIA CASP+ CAS-004 Certification Guide Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam

Arrow left icon
Product type Paperback
Published in Mar 2022
Publisher Packt
ISBN-13 9781801816779
Length 654 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Mark Birch Mark Birch
Author Profile Icon Mark Birch
Mark Birch
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Security Architecture
2. Chapter 1: Designing a Secure Network Architecture FREE CHAPTER 3. Chapter 2: Integrating Software Applications into the Enterprise 4. Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions 5. Chapter 4: Deploying Enterprise Authentication and Authorization Controls 6. Section 2: Security Operations
7. Chapter 5: Threat and Vulnerability Management 8. Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools 9. Chapter 7: Risk Mitigation Controls 10. Chapter 8: Implementing Incident Response and Forensics Procedures 11. Section 3: Security Engineering and Cryptography
12. Chapter 9: Enterprise Mobility and Endpoint Security Controls 13. Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies 14. Chapter 11: Implementing Cryptographic Protocols and Algorithms 15. Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs 16. Section 4: Governance, Risk, and Compliance
17. Chapter 13: Applying Appropriate Risk Strategies 18. Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact 19. Chapter 15: Business Continuity and Disaster Recovery Concepts 20. Chapter 16: Mock Exam 1 21. Chapter 17: Mock Exam 2 22. Other Books You May Enjoy

Advanced configuration of network devices

It is important to consider all the current threat actors and future threat actors when designing an enterprise network. Networks are complex and need thorough planning to properly mitigate against known threats and future unknown threats. Advanced tools to detect and mitigate these threats are covered in Chapter 2, Integrating Software Applications into the Enterprise, of the book. Baseline configuration guides (government/DoD networks use STIGs,) are essential, along with a configuration policy. Routers, switches, and other core network components should be compliant before being placed into a production/live environment.

Transport security

It is important when remotely configuring services and hardware over the network that all connections are encrypted and authenticated. Many organizations use the Zero Trust model, ensuring all network connections and actions must be validated.

SSH is recommended for accessing network appliances and services across the network.

Tip

When using SNMP for monitoring and management, it is important to ensure support for version 3 (v3), with full support for encryption and authentication.

Port security

Port security means restricting access to network ports using a combination of disabling unused network ports and deploying ACLs on network appliances.

On a layer 2 device, such as a Wi-Fi AP or switches, we can restrict access based on MAC addresses, and we can enable port security on a per-port basis.

There are two different approaches to restricting access to ports, as outlined here:

  • Dynamic locking: You can specify the maximum number of MAC addresses that can be associated with a port. After the limit is reached, additional MAC addresses are not added to the CAM table; only the frames with allowable-source MAC addresses are forwarded.

Cisco refers to these dynamic addresses as sticky secure MAC addresses.

  • Static locking: You can manually specify a list of MAC addresses for a port.

Figure 1.30 shows a MAC filter on a wireless AP:

Figure 1.30 – Wireless ACL

Figure 1.30 – Wireless ACL

Restrictions can be implemented using either the whitelisting or blacklisting of MAC addresses.

Route protection

It is important to ensure network traffic flow is protected. Routers will send neighbors route updates using common dynamic routing protocols. If these routes are poisoned or tampered with, this could allow an attacker to route all traffic through an MITM exploit, sniffing all network traffic. Data could be sent through an endless series of loops, causing a DoS exploit. To prevent these types of attacks, we should ensure we adopt the following practices:

  • Network devices are configured using an approved baseline.
  • Routing updates should only be accepted after a secure authentication handshake.
  • We should avoid the use of less secure routing protocols (such as RIP).
  • Disable unnecessary management interfaces.

Distributed DoS protection

Distributed DoS (DDoS) attacks can cause major availability issues for an enterprise, often resulting in costly outages and disaffected customers. Recent attacks have seen traffic volumes of over 2.5 terabytes per second (Tbps) directed at a target organization. In 2017, Google was targeted in an attack that resulted in spoofed Domain Name System (DNS) requests being sent to 180,000 DNS servers. The resulting traffic was directed at Google infrastructure services. The following screenshot shows high levels of ingress traffic:

Figure 1.31 – DDoS attack traffic

Figure 1.31 – DDoS attack traffic

DDoS mitigation is used to describe the process of guarding applications or networks against a DDoS attack. We can configure rules on our edge routers or work with our ISP to deliver this mitigation.

ISPs will incorporate these services into the services that their customers are using, or this may be an additional chargeable service.

Remotely triggered black hole

Remotely triggered black hole (RTBH) is a technique documented in IETF RFCs 5635 and 3882. RTBH filtering is a popular and effective technique for the mitigation of DoS attacks.

Often, a DDoS attack will overwhelm security devices on the enterprise perimeter. To thwart this type of attack, the customer will have an arrangement with their ISP. When a threshold is reached, a rule is triggered that sends an authorized route update to the ISP routers. The rule will automatically drop all traffic intended for the customer's internet-facing service. The ISP can then begin to identify the attack and look to block the malicious traffic. When this is done, the normal routing will be put back in place. The process is illustrated in the following diagram:

 Figure 1.32 – RTBH

Figure 1.32 – RTBH

Blackhole used for DDOS mititigation can also be referred to as sinkholes.

You have been reading a chapter from
CompTIA CASP+ CAS-004 Certification Guide
Published in: Mar 2022
Publisher: Packt
ISBN-13: 9781801816779
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image