exam
exam-1
examvideo
Best seller!
CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Training Course
Best seller!
star star star star star
examvideo-1
$27.49
$24.99

CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Video Training Course

The complete solution to prepare for for your exam with CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 certification video training course. The CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 certification video training course contains a complete set of videos that will provide you with thorough knowledge to understand the key concepts. Top notch prep including CompTIA CASP+ CAS-004 exam dumps, study guide & practice test questions and answers.

143 Students Enrolled
271 Lectures
05:51:00 Hours

CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Video Training Course Exam Curriculum

fb
1

Data Considerations (Domain 4)

8 Lectures
Time 00:32:00
fb
2

Risk Management (Domain 4)

8 Lectures
Time 00:58:00
fb
3

Policies and Frameworks (Domain 4)

8 Lectures
Time 00:51:00
fb
4

Business Continuity (Domain 4)

6 Lectures
Time 00:51:00
fb
5

Risk Strategies (Domain 4)

8 Lectures
Time 00:47:00
fb
6

Vendor Risk (Domain 4)

9 Lectures
Time 01:06:00
fb
7

Securing Networks (Domain 1)

15 Lectures
Time 01:49:00
fb
8

Securing Architectures (Domain 1)

11 Lectures
Time 01:20:00
fb
9

Infrastructure Design (Domain 1)

8 Lectures
Time 00:51:00
fb
10

Cloud and Virtualization (Domain 1)

9 Lectures
Time 00:40:00
fb
11

Software Applications (Domain 1)

8 Lectures
Time 00:54:00
fb
12

Data Security (Domain 1)

10 Lectures
Time 01:21:00
fb
13

Authentication and Authorization (Domain 1)

12 Lectures
Time 01:02:00
fb
14

Cryptography (Domain 1)

7 Lectures
Time 00:42:00
fb
15

Emerging Technology (Domain 1)

10 Lectures
Time 00:56:00
fb
16

Enterprise Mobility (Domain 3)

9 Lectures
Time 01:01:00
fb
17

Endpoint Security Controls (Domain 3)

12 Lectures
Time 01:27:00
fb
18

Cloud Technologies (Domain 3)

8 Lectures
Time 00:51:00
fb
19

Operational Technologies (Domain 3)

5 Lectures
Time 00:37:00
fb
20

Hashing and Symmetric Algorithms (Domain 3)

7 Lectures
Time 00:36:00
fb
21

Asymmetric Algorithms (Domain 3)

10 Lectures
Time 01:02:00
fb
22

Public Key Infrastructure (Domain 3)

11 Lectures
Time 00:55:00
fb
23

Threat and Vulnerability Management

8 Lectures
Time 01:07:00
fb
24

Vulnerability Assessments (Domain 2)

12 Lectures
Time 01:38:00
fb
25

Risk Reduction (Domain 2)

8 Lectures
Time 00:50:00
fb
26

Analyzing Vulnerabilities (Domain 2)

9 Lectures
Time 01:09:00
fb
27

Attacking Vulnerabilities (Domain 2)

14 Lectures
Time 01:44:00
fb
28

Indicators of Compromise (Domain 2)

9 Lectures
Time 00:59:00
fb
29

Incident Response (Domain 2)

6 Lectures
Time 00:44:00
fb
30

Digital Forensics (Domain 2)

6 Lectures
Time 00:31:00

Data Considerations (Domain 4)

  • 1:00
  • 4:00
  • 3:00
  • 5:00
  • 7:00
  • 3:00
  • 6:00
  • 3:00

Risk Management (Domain 4)

  • 2:00
  • 5:00
  • 12:00
  • 3:00
  • 9:00
  • 5:00
  • 18:00
  • 4:00

Policies and Frameworks (Domain 4)

  • 1:00
  • 12:00
  • 5:00
  • 8:00
  • 6:00
  • 9:00
  • 7:00
  • 3:00

Business Continuity (Domain 4)

  • 1:00
  • 14:00
  • 14:00
  • 4:00
  • 11:00
  • 7:00

Risk Strategies (Domain 4)

  • 2:00
  • 4:00
  • 6:00
  • 3:00
  • 8:00
  • 9:00
  • 9:00
  • 6:00

Vendor Risk (Domain 4)

  • 4:00
  • 11:00
  • 7:00
  • 6:00
  • 5:00
  • 11:00
  • 5:00
  • 11:00
  • 6:00

Securing Networks (Domain 1)

  • 7:00
  • 7:00
  • 8:00
  • 3:00
  • 12:00
  • 7:00
  • 7:00
  • 5:00
  • 6:00
  • 3:00
  • 9:00
  • 19:00
  • 5:00
  • 4:00
  • 7:00

Securing Architectures (Domain 1)

  • 1:00
  • 4:00
  • 12:00
  • 6:00
  • 5:00
  • 13:00
  • 10:00
  • 11:00
  • 7:00
  • 6:00
  • 5:00

Infrastructure Design (Domain 1)

  • 1:00
  • 6:00
  • 13:00
  • 6:00
  • 6:00
  • 8:00
  • 5:00
  • 6:00

Cloud and Virtualization (Domain 1)

  • 1:00
  • 5:00
  • 5:00
  • 5:00
  • 3:00
  • 5:00
  • 3:00
  • 5:00
  • 8:00

Software Applications (Domain 1)

  • 3:00
  • 7:00
  • 6:00
  • 11:00
  • 9:00
  • 7:00
  • 6:00
  • 5:00

Data Security (Domain 1)

  • 4:00
  • 10:00
  • 7:00
  • 8:00
  • 11:00
  • 8:00
  • 10:00
  • 7:00
  • 12:00
  • 4:00

Authentication and Authorization (Domain 1)

  • 2:00
  • 5:00
  • 4:00
  • 8:00
  • 5:00
  • 3:00
  • 8:00
  • 10:00
  • 7:00
  • 4:00
  • 2:00
  • 4:00

Cryptography (Domain 1)

  • 2:00
  • 7:00
  • 7:00
  • 4:00
  • 7:00
  • 6:00
  • 9:00

Emerging Technology (Domain 1)

  • 4:00
  • 9:00
  • 9:00
  • 5:00
  • 6:00
  • 5:00
  • 4:00
  • 5:00
  • 3:00
  • 6:00

Enterprise Mobility (Domain 3)

  • 3:00
  • 10:00
  • 7:00
  • 9:00
  • 8:00
  • 3:00
  • 5:00
  • 8:00
  • 8:00

Endpoint Security Controls (Domain 3)

  • 2:00
  • 9:00
  • 6:00
  • 5:00
  • 6:00
  • 7:00
  • 6:00
  • 5:00
  • 10:00
  • 6:00
  • 19:00
  • 6:00

Cloud Technologies (Domain 3)

  • 3:00
  • 8:00
  • 5:00
  • 9:00
  • 5:00
  • 4:00
  • 6:00
  • 11:00

Operational Technologies (Domain 3)

  • 2:00
  • 10:00
  • 9:00
  • 11:00
  • 5:00

Hashing and Symmetric Algorithms (Domain 3)

  • 1:00
  • 7:00
  • 3:00
  • 4:00
  • 6:00
  • 5:00
  • 10:00

Asymmetric Algorithms (Domain 3)

  • 2:00
  • 9:00
  • 8:00
  • 7:00
  • 6:00
  • 15:00
  • 4:00
  • 4:00
  • 2:00
  • 5:00

Public Key Infrastructure (Domain 3)

  • 3:00
  • 10:00
  • 8:00
  • 6:00
  • 4:00
  • 4:00
  • 3:00
  • 4:00
  • 4:00
  • 5:00
  • 4:00

Threat and Vulnerability Management

  • 2:00
  • 6:00
  • 7:00
  • 11:00
  • 9:00
  • 13:00
  • 12:00
  • 7:00

Vulnerability Assessments (Domain 2)

  • 2:00
  • 5:00
  • 7:00
  • 11:00
  • 8:00
  • 8:00
  • 8:00
  • 10:00
  • 11:00
  • 5:00
  • 9:00
  • 14:00

Risk Reduction (Domain 2)

  • 2:00
  • 5:00
  • 8:00
  • 5:00
  • 10:00
  • 11:00
  • 7:00
  • 2:00

Analyzing Vulnerabilities (Domain 2)

  • 1:00
  • 5:00
  • 12:00
  • 6:00
  • 6:00
  • 11:00
  • 6:00
  • 10:00
  • 12:00

Attacking Vulnerabilities (Domain 2)

  • 1:00
  • 10:00
  • 9:00
  • 7:00
  • 7:00
  • 6:00
  • 4:00
  • 7:00
  • 9:00
  • 5:00
  • 11:00
  • 16:00
  • 7:00
  • 5:00

Indicators of Compromise (Domain 2)

  • 2:00
  • 4:00
  • 4:00
  • 6:00
  • 7:00
  • 7:00
  • 8:00
  • 5:00
  • 16:00

Incident Response (Domain 2)

  • 1:00
  • 8:00
  • 10:00
  • 7:00
  • 10:00
  • 8:00

Digital Forensics (Domain 2)

  • 1:00
  • 5:00
  • 7:00
  • 7:00
  • 7:00
  • 4:00
examvideo-11

About CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Certification Video Training Course

CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.

Securing Networks (Domain 1)

9. IDS and IPS (OBJ 1.1)

In this lesson, we're going to discuss intrusion detection systems and intrusion prevention systems. There are three types of ID and IPS systems that we're going to discuss: network-based, host-based, and wireless. But before we talk about these three categories, let's take a look at the difference between an ID and an IPS. At their core, an IDS and an IPS work very similarly.

They're both going to be looking for bad things either on the network, on a host, or in the wireless domain, depending on which type of IDs and IPS you're dealing with.

But the big difference is what they do when they find something suspicious with an ID. It will simply log or alert that it discovered something suspicious or malicious. But if you're using an IPS, it's going to log it, it's going to alert on it, and it's going to take some kind of action like blocking the suspicious traffic, preventing that application from running, or kicking that wireless device right off your network.

Alright, with a basic understanding of what anIDs and IPS are, let's dig a little deeper into how they work. Let's start with network intrusion detection systems. Now NIDS, or network intrusion detection systems, are responsible for detecting unauthorised network access or attacks. These systems are designed to verify, itemize, categorize, and report on a threat that's coming either from inside or outside of your network based on the placement of your NIB sensor.

Now it's important to note that these devices do not stop an attack; instead, they're programmed to react based on certain criteria and send an event or alert message to an administrator or cybersecurity analyst. That person will then be responsible for preventing or responding to the suspected attack.

Remember, an ID only detects logs, reports, or alerts based on what it finds. It will not prevent the bad thing from actually happening. There are three types of intrusion detection systems: network-based (NIDS), host-based (HIDs), and wireless or Wids.

The difference in these three systems is their installation placement and the type of things they're actually searching for. Network-based IDs are usually standalone devices that monitor the traffic coming into or leaving a network. These are typically configured as a network appliance that is installed on a spam or mirror port of your backbone switch.

This way, it can see a copy of all the network traffic. Generally, you're going to see network IDSes configured to look for network attacks or indications of an upcoming attack. Something like a port scan, suspicious content inside a packet's payload, or traffic coming from or going to a suspicious IP or port. A host-based ID, or HID, on the other hand, is going to be a piece of software installed on a server or endpoint.

This is going to be configured to look at suspicious network traffic going to or from a single server or endpoint, namely the thing it's installed on, as well as any suspicious processes that are running or files that are being accessed. A wireless ID, or Wids, is going to be focused on the wireless network. A wireless ID is focused on detecting attempts to cause a denial of service on the wireless network, such as flooding, authentication requests, disassociation attacks, deauthentication attacks, and other things like that. Intrusion detection systems operate either using signature-based or anomaly-based detection algorithms.

Signature-based IDS analyse traffic based on defined signatures, and they can only recognise attacks based on the previously identified attacks that exist inside their database. For this reason, signature-based IDs require frequent updates to remain effective, and they are not considered effective against zero-day attacks because they've never seen those things before. Now, signature-based IDs are further broken down into two types. We have pattern matching and stateful matching. Pattern matching is going to focus on a specific pattern of steps that are recognized during an attack.

Stateful matching is going to focus on a known baseline of a system and report any changes to that state. Pattern matching is more common in network- and wireless-based IDs, whereas stateful matching is more common in host-based IDs. Anomaly-based IDS are going to analyse traffic and compare it to a normal baseline of traffic to determine whether there is a threat that is occurring.

This is known as "behavioural-based detection" because it reports on anything outside of the normally expected behaviors, but this can also result in a higher rate of false positives. Now, there are five types of anomaly-based detection systems. There are statistical protocols, traffic rules or heuristics, and application-based protocols. Each of these types seeks to identify traffic that appears to be outside of a normal pattern. For example, if the device is a traffic anomaly-based device, it's going to track the historical traffic patterns on that network and report when those patterns are too high or too low in comparison to the normal baseline. In addition to IDS, we also have IPS.

These devices not only scan the traffic to look for malicious activity like an ID does, but they also take actions to stop that bad activity. When you're using an IPS, though, you have to be careful to keep false positives and false negatives to a minimum.

Otherwise, malicious traffic may not be blocked when it should be, or normal activity might get blocked when it shouldn't be. For a network IPS, we want to have the device placed right near the border of the network, right behind your firewall, and that way we have all the traffic funnelling right through it so it can stop and block things as needed. A NIDS, on the other hand, should be attached to a mirrored port off the backbone switch. This way, it can analyse all the traffic in a passive manner.

In some networks, both nips and nibs will be used, and in large networks, there may be several of each device placed in strategic locations around your network. Now, host-based intrusion prevention systems and wireless intrusion prevention systems work just like the HIDs and Wids that we talked about earlier. The big difference is that they can respond to any suspicious activity that is detected.

For example, let's say you're using a host-based intrusion prevention system, and now you try to install a programme that's going to try to change or overwrite a critical system file that hips could detect and block you from being able to do that. Similarly, if you're using a wireless IPS and somebody tries to send a deauthentication frame to clients on the network, it could detect that and refuse to forward those frames to the intended targets.

And then instead, it might take the action of disconnecting the person who sent them. Remember, with an ID, you can only detect, but with an IPS, you can detect and react.

10. Network Access Control (NAC) (OBJ 1.1)

Lesson, we're going to briefly talk about Network Access Control, or NAC, which is used to protect our networks from both known and unknown devices. Network access control, or NAC, is a technology that's used to keep unauthorised users or devices from accessing a private network. Some examples of network access control are Cisco's IOS for Scout, Aruba, Clear, Pass, and Fortineac by Fortinet. With NAC, a device is scanned to determine its current state prior to being allowed access to your network. NAC can be used for computers within our internal network that are physically located in our buildings, or it can be applied to devices that are remotely connected to our network through a VPN. When a device attempts to connect to the network, it can be placed into a virtual holding area while it's being scanned.

The device can be checked for a number of different factors, including if the antivirus definitions are up-to-date, the status of its security patching, and other items that might introduce a security threat into our network if they weren't met. If the device passes this examination, it's going to be allowed to enter and is going to receive access to all the resources provided by the network. But if the device fails the inspection, it's still going to be placed in a digital quarantine area and a remediation area. Now, while it's in this remediation area, the device can receive antivirus updates, operating system patches, and other security services, but it cannot logically communicate with other portions of the network like a bad child.

This device is in timeout until it can be rehabilitated and meet all requirements for it to be able to pass the initial Mac examination. Once it meets those Mac requirements, it can be moved back into the network and regain full access to those network resources. Now, there are three types of network access control solutions. We have persistent, nonpersistent, and volatile agents. Persistent agents are pieces of software that are installed on the device that's requesting access to the network. This works really well in corporate environments because the organisation owns the devices and controls their software. Baselines, a nonprofit agent solution, is popular on college campuses. These solutions require the user to connect to the network, usually over WiFi, and then log into a web-based portal and click a link.

This link then downloads an agent that's going to scan the device for compliance, and then it's going to delete itself from that user's machine after it finishes the scan and either allows them into the network or doesn't allow them into the network. Agentless Naq Solutions, on the other hand, instals the scanning engine on the domain controller instead of on the endpoint device.

This works well when the organisation is using a "bring your own device" policy or doesn't have access to the endpoint devices to install an agent-based snack solution on them. Agent-based solutions can usually provide a deeper examination of a device. But our agentless solutions are getting better and more in-depth all the time. Ageless solutions are also called volatile solutions because they run completely in the volatile memory of the device once the scan begins. from the active directory controller.

11. Remote Access (OBJ 1.1)

In this lesson, we're going to discuss remote access. This is because there's been a shift in recent years in regards to employees working outside of their office cubicles and office buildings. In order to support the users working remotely, it's necessary that we provide them with the ability to remotely access our networks and all the resources they contain to do this. This way, we can provide virtual private networks and other types of connections like SecureShell, the Remote Desktop Protocol, and the Virtual Network Computing protocol.

Now, by allowing the use of remote access technologies, we can provide our users with the ability to access resources even when they're not physically located in the same place as their office or systems. When I first started working in the IT field, we commonly used dial-up modems for remote access. They used the Slip or Serial Line Internet Protocol, or PPP, the point-to-point protocol over layer two of the OSI model, to perform our authentication when we connected via dial-up. Now, in some large organizations, you may still find some legacy systems that utilise this type of setup using either SIP or PPP. Luckily, over time, better authentication processes were developed.

The use of a Tacks Plus or a Radius Server became more commonplace to provide additional security to these early dial-up remote access connections. And these are often still used today, even though we're not doing it over dial-up. Now, if our organisation still utilises a dial-up connection for remote access, we need to configure it to perform a callback service upon the initial connection of that remote access connection. This works by having the user dial into the remote access server, and then the server disconnects that request. The server will then call the user back at a known and authorised phone number. This added layer of security can really help the authentication process, but it does limit a user to a known phone number when they're attempting that connection, such as their home landline, if they still have one.

Again, this is a much older technology that you're probably not going to use today. Now, from a physical security standpoint, our bank of remote-access modems should all be located in a single closet so our technicians can keep an eye on them.

Water dialling is another concern we have when dealing with dial-up remote access because an attacker may attempt to connect to random numbers until they find a remote access server that picks up that dial tone. Now, to prevent this, our modem should only answer a call after a certain number of rings as an additional security measure. Now, many organisations have chosen to eliminate dial-up completely for many different reasons, including their limited bandwidth.

And so now we are going to perform remote access using newer and faster technologies over the Internet. Because most employees have access to high-speed Internet at home or when they're traveling, we're going to use virtual private networks, or VPNs, to replace dial-up remote access in most of our organizations. Now, VPNs, or a virtual private network, are going to allow a user to create an encrypted tunnel over an untrusted network such as the Internet and then remotely connect securely into our enterprise networks. We can secure our VPNs using not only a username and password but also many other factors of authentication.

The VPN tunnel itself can also be encrypted using strong encryption technologies such as AES, the Advanced Encryption System, using a 256-bit shared secret encryption key. These VPN connections provide a layer of encryption around the connection, creating a virtual and secure circuit between the end user's device and the VPN concentrator that's terminating the connection inside our enterprise networks.

VPNs are commonly used by teleworkers and travelling employees to be able to remotely access corporate resources, such as our shared file servers. This type of VPN is known as a remote access VPN or a client-side VPN. Often, security professionals are going to combine VPN solutions with NASC solutions as well.

By doing this, it allows a remote worker to connect to the corporate network over the VPN, and then our network access control solution can scan that device for compliance prior to giving it full access to our corporate network. Now, VPNs can also be used to connect two sites together as opposed to purchasing a dedicated lease line. For example, let's say your company has a small satellite office in Washington, DC.

And they want to connect it back to their headquarters over in San Francisco, California. Implementing a site-to-site VPN would be far less expensive than purchasing a dedicated line that spans 3000 or more miles across the entire United States.

Now, when you create a site to decide, VPNconnection routers on both sides of the site will be configured with encryption keys to ensure that all traffic between those sites remains safe from prying eyes as it travels over the untrusted Internet that's being used between those two locations. Another remote access option is to use Secure Shell, or SSH.

Now, SSH is commonly used by system administrators and network technicians to remotely access and configure servers and network devices over a text-based command-line interface. In the old days, technicians used to use telnet to be able to remotely access these devices, but this is no longer considered secure because it sends data across the network in unencrypted clear text. Secure Shell, on the other hand, is going to utilise encryption for all of its network connections to protect the data during transmission.

To ensure that our SSH connections remain secure, it's recommended that we utilise the Access Control list to prevent inadvertent connections. In addition to this, we also want to use SSH version 2 for the best security and protection.

The next protocol we need to talk about is the Remote Desktop Protocol, or RDP. Now, the Remote Desktop Protocol is a proprietary protocol that was developed by Microsoft to allow administrators and users to remotely connect to another computer using a graphical interface. Instead of using a command-line interface like you would get with Secure Shell, This allows the user to operate the computer as if they were simply sitting in front of a Windows desktop. They can use their mouse and keyboard, and it looks just the same.

RGP is going to provide for native encryption as part of its design, but it doesn't provide for authentication. So we need to enable TLS or SSL for service authentication, and we should require a digital certificate for increased security when we're using RDP as a remote access method to connect to our servers and clients remotely. VNC, or "virtual network computing," is the next protocol we need to discuss.

VNC is similar to the RDP protocol, but it's platform-independent. If we need to access a Linux, OS X, or Windows machine using a graphical user interface, then we might want to use VNC.

This is a great solution because it's fully cross-platform and open source. In order to use VNC, we must have a VNC server set up on the machine that we want to access, a VNC client on the machine that we want to access it from, and the VMC protocol known as the Remote Frame Buffer, or RFB, to communicate between those two systems.

VNC, or virtual network computing, normally operates over port 5900, and it should only be used internally within your own network because it is not encrypted by default. Now, if you're going to connect over a connection outside of your enterprise network, you can do that by connecting over a VPN or an SSH connection first and then tunnelling VNC over that connection. This will give you the graphical interface of VNC with the more secure encryption of a VPN or SSH tunnel.

Now, while remote access provides users with additional capabilities while traveling, the biggest benefit of remote access is really for our administrators. Through remote administration, system administrators can remotely configure servers, workstations, or network devices, no matter where they are in the world. Instead of waiting for an administrator to get in their car and drive to the office and work on a broken workstation, these days that administrator can remotely access that machine without ever leaving their desk.

This is known as remote assistance. Remote assistance relies on the same technology as desktop sharing and application sharing, like RDP and VNC. By creating a secure AES-encrypted tunnel between the administrator's machine and the workstation, the administrator can see what is displayed on the screen and can even enter mouse and keyboard commands for them from the remote location. Now, while this remote capability makes the administrator's job much easier, attackers are also using that same technology against us.

For example, if an attacker gains remote access to a workstation or server by exploiting a vulnerability, they can then connect to it using remote assistance tools like RDP or VNC. in order to control that machine as if they were sitting directly in front of it. To mitigate this type of attack, we should always ensure that all of our updates and patches have been properly installed and that the systems are tightly configured when they're being allowed to have remote access.

Additionally, we should properly configure logging and auditing for any remote access solution, and we should regularly review those logs and audit trails to ensure that no malicious users have gained remote access to any of our systems. It is also highly recommended that all remote administrators and remote access solutions utilise multifactor authentication, strong encryption, and strong passwords to prevent malicious users from taking advantage of this essential customer service tool.

12. Unified Communications (OBJ 1.1)

In this lesson, we're going to discuss unified communications and the various methods used by our network users to communicate effectively and, hopefully, securely within our network. Unified communication is a business concept that integrates communication technologies that perform multiple functions into a single enterprise network line. It isn't a single product, but instead an integration of multiple products to provide the functionality that we require. As our organisations are more remote and dispersed than ever before, unified communication attempts to close the distance gap and keep our communications flowing.

This is done by providing different functions such as voice and telephone, mobility, presence information, instant message and chat capability, audio and video conferencing, desktop sharing, voicemail, email, document sharing, and much more. Unified communication provides both real-time and non-real-time delivery of our messaging services. It is an evolution of the older unified messaging, which only provided non-realtime services like email and voicemail.

In this lesson, we're going to take a closer look at some of these technologies. First, let's talk about presence. Almost all modern workstations now have applications on them to determine the presence of the user. These presence utilities indicate whether or not the user is available, as well as their status, such as "online," "busy," "out to lunch in a meeting," or other common categories.

In the old days, many organisations used a tracking board to know where their employees were, but these days, most tracking is done through presence-enabled applications. These presence utilities are generally embedded into other communication tools, such as our voice-over-IP systems, instant messaging services, and even our email clients. For example, in my company, we use Slack to provide presence information about our team members, as well as give them the ability to send an instant message directly or to a large group of people inside of our chat.

The major issue with using presence utilities is that many of them do not include authentication or provide confidentiality to your end users. Instead, they often rely on the underlying application, such as the email client or chat program, to provide those functions. If your organisation is going to design its own proprietary system or web application that's going to use presence as one of its features, you should really look into using something that has a secure communication protocol like XMPP, the Extensible Messaging and Presence Protocol, which operates over an encrypted TLS tunnel. If our company uses public key infrastructure for authentication, we should also configure our presence system to rely on that PKI for its authentication to.

Another common tool that's gained popularity in the workplace over the past two decades is instant messaging. Now, instant messaging, or more commonly known as chat, is going to be preferred by many users over email because it gives you real-time or near-real-time communication. Whether our organisation uses Slack, Google Hangouts, Microsoft Teams, or some other integrated chat system, security professionals really need to understand the security risks involved with these tools.

One of the biggest vulnerabilities is that instant messaging is prone to information disclosure if it's not configured to use strong encryption. In the early days of workplace instant messaging, attackers frequently targeted it in order to transfer malware into our networks as well. To prevent this, our instant messaging client should be protected by antimalware solutions, and we should always train our users on the dangers of accepting files through instant messenger.

The other common security issue with instant messaging systems is when an account is hijacked through social engineering. Since many of these instant message systems rely on the same usernames and passwords as social media or email programs, if the user shares their instant message credentials, then more of our applications could also be subject to attack. While instant messaging has risen in popularity in the business world, no form of communication is more prevalent in our organisations than email.

Email is usually received over the IMAP or POP3 protocols. IMAP is the Internet Message Access Protocol and runs over port 143 when you're not using encryption. We should, however, always configure IMAP to run over an SSL or TLS-encrypted tunnel using port 993. Now, iMapp has a lot more functionality than the older POP-3 protocol known as Post Office Protocol version 3. Pop Three is run over port 10 without encryption, but again, you should always use it with an encrypted SSL or TLS tunnel using port 995.

Both IMAP and POP3 are inbound messaging protocols for email. To send email out of our network, our email servers rely on the Simple Mail Transfer Protocol, or SMTP. SMTP uses port 25 without encryption and port 465 when configured over a TLS or SSL encrypted tunnel. Email is fraught with danger. Emails are frequently spoofed to appear to be from a trusted source and are usually part of a phishing campaign. To mitigate email spoofing, we should implement a validation system with the Sender Policy Framework, or SPF.

This will validate the sender's DNS prior to delivering any email to our users. Inboxes As you probably already know, phishing is a social engineering attack that attempts to trick an email recipient into performing some kind of action. When this is done against a large target audience, we call this phishing. If the target audience is more narrowly focused, this is known as spear phishing.

When the target is an organization's high-level executives, we call this whaling. To mitigate these various types of phishing attacks, our organisation should deploy a solution that either verifies all links in an email or simply removes the links from inbound emails. Also, training your users is a key factor in preventing phishing and other forms of social engineering. Spam is yet another challenge when running an email system.

While spam is more of an annoyance than a malicious problem, it does use up valuable processing, memory, and storage capacity on our email servers. In many places, spamming is considered illegal, and therefore its senders like to relay their messages through unsecured corporate email servers to ensure that they aren't using your organisation's email servers to send their spam. You should always disable relaying on your email servers to ensure it does not pass spam messages through your servers, giving you a bad reputation.

Another issue with emails is that they are sent in plain text across the Internet. Because of this, there is a large possibility of information disclosure. To mitigate this, we need to set up email encryption between our end users. This could be part of our organization's more robust PKI solution that we're using for authentication as well.

In addition to email, phone calls are still heavily used in a lot of organizations. Because of this, every organisation needs to have a phone system to conduct their business. There are two types of phone systems available: traditional PBX systems and voice over IP (VoIP) digital systems. PBXs, or private branch exchanges, are going to use older technology that's used with analogue phones.

The newer phone systems rely on VoIP, or voice over IP, technology, and these are completely digital. While there are advantages to both types of these systems, businesses are moving more and more towards digital VoIP systems because of the decreased cost of ownership. Traditional PBX systems have some advantages, though. First, they're separated from your data network, which can prevent eavesdropping. Second, long-distance toll fraud can only occur if physical access is gained or if the maintenance port is left unsecured on your PBX system.

And third, to conduct a denial of service against a traditional system, an attacker would have to physically cut the wires leading to it. On the other hand, utilising a VoIP system also has a lot of benefits, including a lower cost of ownership, a lower cost per minute for phone calls, and the combination of a voice and data network for our organization. This consolidated network means that we only have to have one set of technicians and one set of equipment to manage the entire infrastructure.

Unfortunately, there are a few disadvantages to relying on a VoIP system. First, the threat of snooping and eavesdropping is increased because all calls are simply a series of Internet packets. Second, service theft and toll fraud can occur from anywhere in the world because, again, it just involves packet manipulation. And third, the threat of a denial-of-service attack increases because the phone system relies on your organization's Internet connection and a server known as a call manager. Eventually, organisations aren't going to have a choice.

Though the Federal Communications Commission has already begun removing the analogue phone network inside the United States, there is no determined date yet for the final removal, but it is an eventuality that will probably happen before 2030. Therefore, as security practitioners, we have to understand the threats to VoIP systems and how to mitigate them. One mitigation is to create separate voice and data networks within our organization. We should also hide the true IP addresses of our phones using network address translation. Also, we need to make sure that we're always updating and patching the phones themselves to prevent an attack because, after all, these devices, while they look like phones, are just computers at the end of the day.

And so we need to make sure that we're protecting them just like we would any other endpoint. Finally, we want to make sure we're disabling any unnecessary features or services as another form of device hardening. When using VoIP for communications, you must also ensure that Quality of Service (QoS) is implemented to improve the quality of your service. If you're operating in a high-security environment, you also want to create a separate phone network for classified conversations that require encryption between different endpoints.

Now, when you're dealing with VoIP systems, remember that these rely on the Session Initiation Protocol, or Sip, and the Realtime Transport Protocol, or RTP, to initiate and perform the phone calls themselves. Unfortunately, just like email, VoIP has become subject to spam as well. The spitting attack, or spam over Internet telephony, creates unsolicited recorded phone calls that are sent out to voice systems all over the world.

For example, you probably get a call once a week telling you that your car warranty has expired. This is an example of a spit attack. To prevent this, you may wish to implement the secure Real Time Transport Protocol, or SRtP, instead of the insecure original version of RTP. Oftentimes, though, a phone call simply isn't good enough, and instead we want to join a conference. Now, conferencing can be performed as a webconference, an audio conference, or a video conference.

Web conferencing tools allow employees to conduct meetings over the Internet. These tools allow for complex meetings to be performed without needing employees to travel to a physical location. Web conferencing is connected through a web application or a specific piece of software installed within our organization's network. During the Web conference, attendees can chat using text-based or audio-integrated services within the conference.

The hosts of the Mean can also share their screens, share documents, and in some cases, use a virtual whiteboard to collaborate in real time. Some examples of web conferencing suites are things like Zoom, Microsoft Teams, Adobe Connect, GoToMeeting, Google Hangouts, WebEx, and Blackboard Collaborate.

While Web conferencing is an excellent solution for collaboration, it does introduce some security issues for us that we need to think about, such as when we're discussing sensitive topics and confidential company information. For example, some Web conferencing software will allow users to record and store everything that is said during the conference to enable playback at a later time.

If there's a data breach on that web conference server, though, that recording could find its way into our competitors' hands. Even if we set the Web conference to turn off recording, data from the conference could be copied by the participants and shared outside of the authorised participant list. For example, a participant can use a screen capture programme to make copies of the presentation that's being shared by the host and then forward that information to non-attendees.

Another challenge with Web conferencing software is ensuring that only authorised participants are actually in attendance. Some Web conferences allow anybody with that conference link to join in, and this can lead to uninvited guests observing our meetings. To overcome this, we should choose web conferencing software that allows access control through a strong authentication system. Another concern with Web conferences is that the data could be captured between the host and the participants.

To overcome this, we want to make sure we're utilising encryption technologies like TLS and SSL tunnels, just like we do for any other Web service that we utilize. When selecting a Web conference product for our organization, it's important to always select one that utilises good security practices. This includes good end-to-end encryption of any data being transmitted from the host to the participants and an integrated authentication scheme to be able to prevent non-authenticated users from accessing that conference. Our organisation should also create security policies that address the proper use of Web conferencing technologies. For example, your organisation may prevent the sharing of confidential or sensitive information over Web conferences to prevent any data leakage.

Additionally, we should individually create each Webconference with a unique link and password to prevent inadvertent access by noninvited users. If our company is going to host its Web conferencing server on its internal network, we must also consider how remote workers will attend securely.

The simplest and most secure solution would be to require those remote employees to connect to the company network via a VPN connection in order to access the Web conference. Whereas Web conferences are focused on audio and visual methods of transferring information to participants, audioconferences focus solely on audio content. Audio conferences are nothing new and have been around for decades in the form of teleconferences.

With a teleconference, participants dial into a central phone number to access a bridge. Once the bridge receives a phone call, the participant enters a conference room identifier, which uses a number and some sort of pin or access code.

The attendees are placed in that audio bridge once they have been authorized. Depending on the size of the bridge, it may allow only a few participants, or it can allow up to several hundred concurrent participants. Most bridges support around 20 users by default. The biggest limitation with older telephone conferences was the number of phone lines required because everyone had a dedicated phone line for every single user connected to the bridge.

In modern audio conferences, though, this limitation is mostly eliminated. We're no longer constrained by the number of phone lines, but by the bandwidth of the bridge and the host. Each participant is going to consume roughly 50 MB of bandwidth. Thankfully, with today's modern networks, this is a relatively small amount, and even if we have dozens or even hundreds of users, we can do that in an audio conference without much lag on the network. Video conferences work similarly, but they consume more bandwidth per user.

Because we're sending audio and video, each participant consumes roughly ten to twenty times more bandwidth when using video instead of audio conferencing. The other challenge with video conferencing is the number of people that can be displayed on the screen at one time.

Most modern video conferencing software limits that to about four, six, or nine users, depending on what you have in your software set up. Any additional users beyond those numbers would be in the conference, but they would be offscreen, and you wouldn't see them in terms of security.

The same concerns as with web conferencing are still going to apply here. This includes the recording of our audio or video conferences, the authentication of the users allowed into those conferences, and any data in transit between those participants.

Audio and video conferencing solutions can simply be a piece of software on a user's desktop or mobile device, or you may have a conference room system, which is actually hardware equipment that's dedicated to this purpose. This is known as a VTC, or video teleconference, system.

These VTCS are a source of concern from a security perspective because they also require patches and updates to remain secure. These systems often need firmware updates to implement their security patches, and this can be more difficult for administrators to perform than a simple update. To better protect our network, it is a good idea to place these VTC systems in their own network segment using good network segmentation techniques to provide additional security.

Examples of audio and video teleconferencing systems and software include VTC Systems, Google Hangouts, Zoom Conferencing, Skype, Facebook Messenger, and FaceTime. Another form of unified communication revolves around document and storage collaboration. After all, every organisation needs a way to store their documents and access them for collaboration. While there are many different examples of solutions for this, the four most popular of these are Microsoft SharePoint, OneDrive, Dropbox, and Google Drive.

Microsoft SharePoint is a web server that's often internally hosted inside an organization's network. This tool allows us to share documents, data, calendars, and much more on top of it. SharePoint was designed from the ground up to be a collaboration platform based on knowledge management and information management principles. One of SharePoint's major benefits is that it can also integrate with Active Directory for access control. OneDrive, Dropbox, and Google Drive all work basically the same way.

Google Drive, for example, is a cloud-based solution, and when an organisation chooses to use GoogleDrive, all the documents and data are stored within that system inside the Google cloud. Google Drive is an excellent collaboration tool and even includes the Office productivity suite for word processing, spreadsheets, and slide presentations where multiple people can simultaneously work on a single document in real time. as part of those core features. Regardless of which collaboration solution we choose, we really have to think about the security risks involved. With a solution like SharePoint, we can integrate single sign-on, or SSO, and this will give us the capability by integrating it with Active Directory.

But if a user account is breached, that attacker can now access our document repository as well as our network. because they share the same credentials with Google Drive. Our login credentials for Google Drive might be different than those for the network. Usually our Google Drive credentials are the same as our email credentials, regardless of which solution we choose, though both are going to use the username and password model for access control by default. To increase security, though, we should implement two-factor authentication.

Most document collaboration tools rely on web-based technologies, and therefore, this puts them at risk for web-based threats like malware and unauthorised tracking of user actions. To combat these threats, users should implement a VPN when connecting back to a document repository like a SharePoint server. Another issue with these collaboration tools is that they make it very easy to find information. After all, that's what they're designed to do. But this also makes it easy for attackers to fingerprint our document structures and our repositories based on the default structures and settings used by these different solutions.

Also, these tool sets often create summaries and reports on a daily or weekly basis for the administrators, and these can often be emailed to an administrator, creating an additional vulnerability because, again, email is insecure and can lead to data compromise. The bottom line is that whatever solution we choose, we have to make sure it is properly secured. Remember, we're going to be placing a large amount of our organization's critical data into these collaboration systems, so we always want to make sure we're utilising proper data at rest encryption and data in transit encryption to protect our data. Also, we want to make sure we're periodically conducting access control reviews to ensure that privilege creep has not occurred for our users. Bye.

Prepaway's CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 video training course for passing certification exams is the only solution which you need.

examvideo-12

Pass CompTIA CASP+ CAS-004 Exam in First Attempt Guaranteed!

Get 100% Latest Exam Questions, Accurate & Verified Answers As Seen in the Actual Exam!
30 Days Free Updates, Instant Download!

block-premium
block-premium-1
Verified By Experts
CAS-004 Premium Bundle
$39.99

CAS-004 Premium Bundle

$69.98
$109.97
  • Premium File 229 Questions & Answers. Last update: Jan 29, 2023
  • Training Course 271 Lectures
  • Study Guide 530 Pages
 
$109.97
$69.98
examvideo-13
Free CAS-004 Exam Questions & CompTIA CAS-004 Dumps
Comptia.braindumps.cas-004.v2022-11-03.by.jenson.49q.ete
Views: 343
Downloads: 208
Size: 1.89 MB
 
Comptia.passguide.cas-004.v2021-09-16.by.lacey.77q.ete
Views: 190
Downloads: 612
Size: 1.03 MB
 

Student Feedback

star star star star star
48%
star star star star star
52%
star star star star star
0%
star star star star star
0%
star star star star star
0%

Add Comments

Post your comments about CAS-004: CompTIA Advanced Security Practitioner (CASP+) CAS-004 certification video training course, exam dumps, practice test questions and answers.

Comment will be moderated and published within 1-4 hours

insert code
Type the characters from the picture.
examvideo-17