You're reading from CompTIA CASP+ CAS-004 Certification Guide Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam

Product type Paperback

Published in Mar 2022

Publisher Packt

ISBN-13 9781801816779

Length 654 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mark Birch

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Security Architecture

2. Chapter 1: Designing a Secure Network Architecture FREE CHAPTER

3. Chapter 2: Integrating Software Applications into the Enterprise

4. Chapter 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions

5. Chapter 4: Deploying Enterprise Authentication and Authorization Controls

6. Section 2: Security Operations

7. Chapter 5: Threat and Vulnerability Management

8. Chapter 6: Vulnerability Assessment and Penetration Testing Methods and Tools

9. Chapter 7: Risk Mitigation Controls

10. Chapter 8: Implementing Incident Response and Forensics Procedures

11. Section 3: Security Engineering and Cryptography

12. Chapter 9: Enterprise Mobility and Endpoint Security Controls

13. Chapter 10: Security Considerations Impacting Specific Sectors and Operational Technologies

14. Chapter 11: Implementing Cryptographic Protocols and Algorithms

15. Chapter 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs

16. Section 4: Governance, Risk, and Compliance

17. Chapter 13: Applying Appropriate Risk Strategies

18. Chapter 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact

19. Chapter 15: Business Continuity and Disaster Recovery Concepts

20. Chapter 16: Mock Exam 1

21. Chapter 17: Mock Exam 2

22. Other Books You May Enjoy

Security zones

It is important to separate out network assets and services to provide the required levels of security. There will be regulatory requirements for critical infrastructure and SCADA networks. BUs may need to be on separate networks, while internet-facing servers must be placed in perimeter-based networks. Segmentation of networks makes it difficult for an attacker to gain a foothold on one compromised system and use lateral movement through the network.

Consider the following points when segmenting networks:

Keep critical systems separate from general systems and each other if non-related.
Limit and monitor access to assets.
Keep an up-to-date list of personnel authorized to access critical assets.
Train staff to err on the side of caution when dealing with access to critical assets.
Consider air gaps when dealing with equipment supporting critical infrastructure (nuclear plant/petrochemical plant).

DMZ

A DMZ is like a border area between two nations where we do not trust our neighbor 100%. You are stopped at a checkpoint and if you are deemed to be a security risk, you are turned away. In the world of networking, we must use a combination of security techniques to implement this untrusted zone. Typically, an enterprise will create a zone using back-to-back firewalls. The assets in the zone will be accessed by users who cannot all be fully vetted or trusted.

The assets in the DMZ must be best prepared for hostile activity, and we may need to place SMTP gateways, DNS servers, and web and FTP servers into this network. It is imperative that these systems are hardened and do not run any unnecessary services.

Figure 1.33 provides an overview of a DMZ:

Figure 1.33 – DMZ network zone

A DMZ network can also be referred to as a screened subnet.

You're reading from CompTIA CASP+ CAS-004 Certification Guide Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam

Table of Contents (23) Chapters

Security zones

DMZ

Authors (1)

Personalised recommendations for you