Domain 1: Security Fundamentals

 Introduction
o Security Fundamentals
o Blue Team Roles

 Soft Skills
o Skills
o Communication
o Teamwork
o Problem Solving
o Time Management
o Motivation
o Mental Health
 Security Controls
o Security Controls
 Access Controls
 Mantraps
 Turnstiles/Gates
 Electronic Doors
o Physical Security
 Deterrents
 Warning Signs
 Fences
 Guard dogs
 Security Lighting
 CCTV Cameras
 Monitoring Controls
 CCTV
 Security Guards
 IDS-Intrusion Detection Systems
o Network Security
 NIDS (Network Intrusion Detection System
o Inline
o Network tap
o Passive
 Firewalls
 HIDS-Host Intrusion Detection System
 HIPS-Host Intrusion Prevention System
 Anti-Virus (AV)
o Signature-based
o Behavior-based
o Endpoint Security
 NAC (Network Access Control)
 AAA (Authentication, Authorization, Accountability
 UDP (User Datagram Protocol)
 Connectionless
  Uses Ports
 TCP-Transmission Control Protocol
 “Handshake”
o Syn-Syn Ack-Ack-Established
 ICMP-Internet Control Message Protocol
 IP-Internet Protocol
 MAC (Media Access Control)
 Fixed on NIC Card (Physical)
 Log Monitoring
 Web Proxy Logs
 Perimeter Firewalls
 EDR (Endpoint Detection and Response)
 Vulnerability Scanning
 External Scan
 Internal Scan
 DLP (Data Loss Prevention)
 strategy focuses on ensuring that your most secure data resources
are protected against exfiltration. One of the best ways to safeguard
these assets is to keep employees informed about phishing tactics,
as well as installing antimalware to prevent data loss from malicious
programs hackers install on your endpoints.
o Email Security
 Encrypted Connections
 Should occur over an SSL/TLS connections.
 Encrypt emails
 Create Strong Passwords
 2-factor authentication
 Training and anti-phishing workshops
 Use domain authentication
 Networking
o Networking 101
 Fundamentals
o OSI Model
 “All People Seem To Need Data Processing”
 Application
 Presentation
 Session
 Transport
 Network
 Data Link
 Physical
o Network Devices
 Router-Hub-Switch-Bridge-Firewall
 Firewalls
 IPS (Intrusion Protection Systems)
 UTM (Unified Threat Management)
 NAC (Network Access Control)
  Email Security Gateways
 WAF (Web Application Firewalls)
 VPN Gateways
 Network Device backup and recovery
o Network Tools
 Wireshark
 Metasploit
 Nessus
 TcpDump
 John The Ripper
 OSSEC
 KisMAC
 Encryption Software
 Nmap
 Aircrack-ng
 Burp suite
 Splunk
 Nagios
 Tor
 AV Software
 Netcat
 Firewall
 Snort
 Kali Linux
 Ettercap
 NetStumbler
 Software Testing
 Bitdefender
o Ports and Services
 20, 21-FTP (File Transfer Protocol)
 22-SSH (Secure Shell Communications)
 23-Telnet
 25-SMTP relaying (transmission of email from email server to email server)
 587-NEW SMTP
 53-DNS (Domain Name System)
 67, 68-DHCP (Dynamic Host Configuration Protocol)
 80-HTTP (Hypertext Transfer Protocol)
 443-HTTPS (Hypertext Transfer Protocol Secure)
 514-Syslog/UDP
 3389-RDP (Remote Desktop Protocol)
o How to Port Scan with Nmap
 Nmap <target>
 Management Principles
o Principles
o Risk
 Risk Reduction
 Risk Avoidance
  Risk Transfer
 Risk Acceptance
o Policies and Procedures
 AUP-Acceptable use policy
 SLA-Service level agreement
 BTOD-Bring your own device
 MOU-Memorandum of understanding
o Compliance and Framework
 NIST Cybersecurity Framework
 Was established to improve critical infrastructure cybersecurity.
Called for greater collaboration between the public and private
sector for identifying, assessing, and managing cyber risk. NIST IS
THE GOLD STANDARD
 ISO 27001 and ISO 27002: International Organization for Standardization
 Certifications that are considered the international standard for
validating a cybersecurity program-internal and across 3rd parties.
With ISO certification, companies can demonstrate to the board,
customers, partners, and shareholders that they are doing the right
things with cyber risk management
 SOC2: Service Organization Control Type 2
 Trust-based cybersec framework and auditing standard developed by
the American Institute of Certified Public Accountants (AICPA) to
help verify that vendors and partners are securely managing client
data
 NERC-CIP: North American Electric Reliability Corporation-Critical
Infrastructure Protection
 Introduced to mitigate the rise in attacks on U.S. critical
infrastructure and growing 3rd party risk
 Is a set of cybersec standards designed to help those in the utility
and power sector reduce cyber risk and ensure the reliability of bulk
electric systems
 HIPAA: Health Insurance Portability and Accountability Act
 Cybersec framework that requires healthcare organizations to
implement controls for securing and protecting the privacy of
electronic health information.
 GDPR-General Data Protection Regulation
 A regulation in EU law on data protection and privacy that requires a
minimum standard of security to be met, data breach notifications,
and the ability for data subjects to request a copy of all information
stored on them
 FISMA: Federal Information Security Management Act
 A comprehensive cybersec framework that protects federal
government information and systems against cyber threats. FISMA
also extends to 3rd part vendors who work on behalf of federal
agencies