Chapter 1: General Security Concepts

The Following Comptia Security+ Exam Objectives are Covered in this Chapter:

• 1.1 Access Control

  • 1.1.1 MAC/DAC/RBAC

• 1.2 Authentication

  • 1.2.1 Kerberos

  • 1.2.2 CHAP

  • 1.2.3 Certificates

  • 1.2.4 Username/Password

  • 1.2.5 Tokens

  • 1.2.6 Multi-Factor

  • 1.2.7 Mutual Authentication

  • 1.2.8 Biometrics

• 1.3 Non-essential Services and Protocols – Disabling unnecessary systems/process/programs

• 3.3 Security Topologies

  • 3.3.1 Security Zones

    • 3.3.1.1 DMZ

    • 3.3.1.2 Intranet

    • 3.3.1.3 Extranet

  • 3.3.2 VLANs

  • 3.3.3 NAT

  • 3.3.4 Tunneling

• 5.7 Risk Identification

  • 5.7.1 Asset Identification

  • 5.7.2 Risk Assessment

  • 5.7.3 Threat Identification

  • 5.7.4 Vulnerabilities

Advances in computer technology have created an acute need for people to help monitor and secure the data and information that people use to accomplish their work. These advances also put technologies into the hands of people who frequently do not have the experience and knowledge to protect it. As a computer security professional, you have a primary responsibility to protect and safeguard the information that your organization uses. Security is a high growth area in the computer industry, and the need for qualified people is increasing very rapidly. Your pursuit of the Security+ certificate is a good first step in this process.

In this chapter, we will discuss the various aspects of computer security as they relate to your job. This chapter introduces the basics of computer security and provides you several models that you can use to understand the risks that your organization faces and steps you must take in order to minimize those risks.