CompTIA IT Fundamentals+

(Exam FC0-U61)
Module 5 / Unit 1 / Security Concerns

Copyright © 2018 CompTIA, Inc. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in
any form or by any means, or stored in a database or retrieval system, without the prior written permission CompTIA, 3500 Lacey Road, Suite 100, Downers Grove, IL 60515-5439. CompTIA® and the CompTIA logo are registered trademarks of CompTIA, Inc., in
the U.S. and other countries. All other product and service names used may be common law or registered trademarks of their respective proprietors.
 Objectives
• Distinguish threats to the
confidentiality, integrity, and
availability of information
processing systems
• Identify social engineering
techniques
• Describe the importance of
business continuity and how to
make systems fault tolerant
• Explain the importance of disaster
recovery plans Image by racorn © 123rf.com

372
CompTIA IT Fundamentals+
 Computer Security Basics
•Controlling access to resources
•Balance security with accessibility
•Properties of secure information—“CIA Triad”
o Confidentiality
o Integrity
o Availability

•Security threats
373
CompTIA IT Fundamentals+
 Confidentiality Concerns
•Snooping
•Eavesdropping/wiretapping/sniffing
•Social engineering/dumpster diving

374
CompTIA IT Fundamentals+
 Integrity Concerns
•Man-in-the-Middle (MitM)
•Replay
•Impersonation

375
CompTIA IT Fundamentals+
 Availability Concerns
•Denial of Service (DoS)
•Power outage
•Hardware failure
•Destruction
•Service outage

376
CompTIA IT Fundamentals+
 Authorization, Authentication, and Auditing
• Access control system
• Authentication
o Prove that a user is who they say they are
o Associate that person with a unique computer or network user account

• Authorization
o Create barriers around the resource such that only authenticated users can gain
access
o Resource permissions lists

• Accounting
o Recording when and by whom a resource was accessed

377
CompTIA IT Fundamentals+
 Social Engineering
•Getting people to reveal confidential information
•Attackers often build access with piecemeal steps
•Any information about a company can be helpful
in making social engineering attacks more likely to
succeed

378
CompTIA IT Fundamentals+
 Impersonation, Trust, and Dumpster Diving
• Gain access by pretending to be
someone else
o Intimidate through false rank or spurious
technical jargon
o Exploit trust - coax and persuade
• Building trust is easier if you have
information that will convince your
target (or put them off-guard)
o Department employee lists, job titles,
phone numbers, diary, invoices, or
purchase orders
• “Dumpster diving” for discarded
company information
379
CompTIA IT Fundamentals+
 Identity Fraud and Shoulder Surfing
•Identity fraud
o Masquerade as someone else
o Control accounts that are supposed to be operated by
someone else
o Exploit stolen Personally Identifiable Information (PII)
•“Shoulder surfing” to observe credentials

380
CompTIA IT Fundamentals+
 Defeating Social Engineering Attacks
•Training and education
•Security policies
o Proper support procedures
o Account and device
protection—e.g. using screen
locks to prevent “lunchtime
attacks”
o Identity badges, escorted
visitors, and secure doors
381
CompTIA IT Fundamentals+
 Business Continuity and Fault Tolerance
•Outages cost—financially and reputational damage
•Business continuity plans minimize outages or the
effect of outages
•Fault tolerance
o Design systems without single points of failure
o Develop contingency plans to cope with failures
o Provision redundant components and systems to allow failover
382
CompTIA IT Fundamentals+
 Data Redundancy
•Redundant Array of Independent Disks (RAID)
•Configurations to allow the storage system to
tolerate individual disk unit failures
o RAID 1—disk mirroring
o RAID 5—striping with parity
•RAID cannot replace the need for backups
383
CompTIA IT Fundamentals+
 Network Redundancy
•Multiple adapter cards/ports for individual host
o Also allows load balancing
•Multiple network paths between nodes
•Routers can detect failed links and choose
alternative paths

384
CompTIA IT Fundamentals+
 Power Redundancy
•Dual power supplies
•Redundant circuits
•Uninterruptible Power Supply (UPS)
•Backup power generator

385
CompTIA IT Fundamentals+
 Site Redundancy and Replication
•Providing redundancy at the site level
•Replication can be used to synchronize data
between multiple sites

386
CompTIA IT Fundamentals+
 Disaster Recovery
•Plans for specific scenarios rather than overall
business continuity
o Workflows and resources
o Wide range of possible major and minor scenarios

•Prioritization
•Data restoration
•Restoring access
387
CompTIA IT Fundamentals+
 Review
• Distinguish threats to the
Image by Wavebreak Media © 123rf.com

confidentiality, integrity, and

availability of information
processing systems
• Identify social engineering
techniques
• Describe the importance of
business continuity and how to
make systems fault tolerant
• Explain the importance of
disaster recovery plans

388
CompTIA IT Fundamentals+