Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CompTIA CASP+ CAS-004 Certification Guide

You're reading from   CompTIA CASP+ CAS-004 Certification Guide Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam

Arrow left icon
Product type Paperback
Published in Mar 2022
Publisher Packt
ISBN-13 9781801816779
Length 654 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Mark Birch Mark Birch
Author Profile Icon Mark Birch
Mark Birch
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Security Architecture
2. Chapter 1: Designing a Secure Network Architecture FREE CHAPTER 3. Chapter 2: Integrating Software Applications into the Enterprise 4. Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions 5. Chapter 4: Deploying Enterprise Authentication and Authorization Controls 6. Section 2: Security Operations
7. Chapter 5: Threat and Vulnerability Management 8. Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools 9. Chapter 7: Risk Mitigation Controls 10. Chapter 8: Implementing Incident Response and Forensics Procedures 11. Section 3: Security Engineering and Cryptography
12. Chapter 9: Enterprise Mobility and Endpoint Security Controls 13. Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies 14. Chapter 11: Implementing Cryptographic Protocols and Algorithms 15. Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs 16. Section 4: Governance, Risk, and Compliance
17. Chapter 13: Applying Appropriate Risk Strategies 18. Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact 19. Chapter 15: Business Continuity and Disaster Recovery Concepts 20. Chapter 16: Mock Exam 1 21. Chapter 17: Mock Exam 2 22. Other Books You May Enjoy

Application- and protocol-aware technologies

Some applications will benefit from dedicated security appliances/services operating on sole behalf of those applications. Imagine you wanted to protect your web application server from typical exploits, including cross-site scripting (XSS), cross-site request forgery (XSRF), and Structured Query Language (SQL) injection. In that case, you would not want to filter all traffic for these exploits using the network firewall; it would have a huge workload and would slow down traffic for the entire network. Application-aware security appliances process traffic only being forwarded to that service.

The types of security applications that inspect and apply rulesets to application layer traffic are said to be using DPI.

It is important to plan for the placement of these devices to ensure traffic can be inspected before entering or leaving the network and to also minimize latency or delay where inspection and filtering are not required.

In the following section, we will take a look at some examples of application- and protocol-aware security solutions.

DLP

We must ensure the enterprise does not breach legal or regulatory compliance by exfiltration of sensitive data, either knowingly or unknowingly. It is important that intellectual property and customer data are protected, even when compliance is not a factor. Physical restrictions and/or enforceable policy may be used to block data exfiltration to a removable storage medium. DLP can also be implemented on the edge of the network, or as part of a cloud solution. Microsoft is one of many providers offering DLP as part of the Cloud Access Security Broker (CASB) security suite. In the following screenshot, we are selecting built-in rules to block the exfiltration of financial data:

 Figure 1.14 – Microsoft 365 DLP rule

Figure 1.14 – Microsoft 365 DLP rule

There are many built-in templates for regulated industries.

WAF

A WAF is defined as a security solution on the web application level. It allows for HyperText Transfer Protocol/HTTP Secure (HTTP/HTTPS) traffic to be inspected for anomalies without slowing down the rest of the network traffic. A WAF can be implemented as an appliance, plugin, or filter that applies a set of rules to an HTTP connection.

A WAF helps prevent attacks, such as the following:

  • SQL injection attacks
  • XSS attacks
  • Malicious file execution
  • CSRF attacks
  • Information leakage
  • Broken authentication
  • Insecure communications

A WAF can also provide URL encryption and site usage enforcement, as illustrated in the following diagram:

 Figure 1.15 – WAF

Figure 1.15 – WAF

Advantages

A WAF has the following advantages:

  • Allows for the creation of custom rules
  • Monitors and blocks malicious traffic
  • Can prevent live attacks
  • Protects vulnerable web applications

Disadvantages

A WAF has the following disadvantages:

  • May slow web traffic
  • Could block legitimate traffic
  • Requires frequent tuning

Database activity monitoring

Database activity monitoring (DAM) tools monitor, capture, and record database activity in near real time and can generate alerts when rules are violated.

DAM can be accomplished by doing the following:

  • Network sniffing
  • Reading of database logs
  • Memory analysis

DAM tools can correlate data and provide the administrator with the tools to detect anomalous database activity and capture a log of events, should this be required for forensics.

As a database is often a critical line-of-business (LOB) solution, often hosting enterprise resource planning (ERP), customer relationship management (CRM), sales order processing, and so on, investing in this additional technology will be worth the cost.

Spam filter

A spam filter typically scans incoming emails to protect your employees from email-borne threats. It can also scan emails leaving the organization (although this is more likely taken care of by a DLP solution). It can be deployed on the demilitarized zone (DMZ) network, filtering incoming SMTP traffic, and will typically perform additional tasks such as querying Spamhaus Block List (SBL) providers, such as Spamhaus, to drop connections from verified blocked domain names or IP addresses.

Many organizations will deploy this service in a cloud deployment, especially if the ISP hosts the email servers.

The following section covers some of the additional considerations to allow for secure remote working and administration.

You have been reading a chapter from
CompTIA CASP+ CAS-004 Certification Guide
Published in: Mar 2022
Publisher: Packt
ISBN-13: 9781801816779
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime