CompTIA Security+ Cert Prep: Implementing Security Applications
IT administrators have been tasked with ensuring security for increasing complex corporate networks. Disparate technologies, multiple operating systems and a mobile workforce make this a daunting task. In the escalating systems security battle, hardware based controls must be augmented with additional threat protection.
Security software helps to bridge that gap. From intrusion detection to virus eradication, these tools have emerged as a a critical piece to the corporate security puzzle.
As we’ve previously covered the benefits of certification, in particular, CompTIA’s Security+, we continue our review with a closer look at objective 1.5: application security.
• Host-Based Intrusion Detection System
Intrusion detection systems are designed to gather and analyze data from across the network, to help identify potential internal or external threats. These systems come in two forms: Host-based intrusion detection systems (HIDS) and network intrusion detection systems (NIDS).
Under the HIDS protection scheme, security applications like firewalls, antivirus and other threat detectors are installed on every computer, or host, attached to the network. By contrast, with NIDS, this software is installed only at certain network access points like servers. As you might imagine, both options have advantages and disadvantages, so most administrators will employ a combination of both technologies.
• Personal Software Firewall
A firewall is essentially a piece of software that sits between a computer or network and the outside world. From an individual perspective, there are many free alternatives. But for corporate networks, more robust, feature rich programs are usually employed. Though some firewalls have been known to cause performance degradation, no network should be without one.
Antivirus software has evolved from tools that detect and eradicate simple viruses, to programs capable of thwarting all forms of malware and spyware. How does anitvirus software really work? Signature-based detection involves searching for known malicious patterns in executable code.
But this doesn’t address the loads of new malware that seems to appear every week. These are termed “zero-day threats”, and a require what’s termed heuristics, a form of intelligent guesswork. So, known virus data is used to formulate better predictions of new threats.
Spam is certainly a time waster, but it also clogs precious bandwidth and has the potential to come laden with malware. There is no single spam solution, but a collection of user reliant, email client and server based tools. The difficulty is managing over-aggressive filters, blocking legitimate emails.
• Popup blockers
We’ve all seen them while browsing the web: pop-up ads demanding our attention. At a minimum, they are an annoyance, but at their worst, can redirect traffic to unsavory websites. Browsers have the ability to block some offenders, but more often than not, additional addons are required to effectively manage the intrusion.
In preparing for the CompTIA Security+ exam, you should have a solid understanding of each of these application security techniques and how to implement them.
Complete exam objectives are available on the CompTIA website. Also, be sure to check out Train Signal’s Security+ training which is a comprehensive course complete with a free Transcender practice exam.