If you’re planning to take the SY0-501 version of the Security+ exam, you should understand concepts related to secure systems design. This helps ensure that computing systems are deployed and maintained in a secure state.
For example, can you answer this question?
Q. Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computer’s configuration. Which of the following will meet this goal?
A. Trusted Platform Module
B. Hardware root of trust
C. Remote attestation
D. Trusted operating system
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
Operating Systems
There are three primary types of computer operating systems (OSs): Windows, Apple’s operating systems, and Linux- or Unix-based systems.
Within these types, there are many different versions. For example, the Windows operating system includes versions for desktop workstations (including laptops) and other versions for servers. Additionally, these versions are regularly updated such as Windows 8 and Windows 10, and Windows Server 2012 and Windows Server 2016. Windows operating systems are closed source software, meaning that the underlying code is not freely available to the public. Microsoft developed these OSs and updates them.
Apple also uses closed source OSs—macOS for its Macintosh computers and iOS as a mobile OS for mobile devices such as iPhones and iPads. Because they are closed source, only Apple updates or modifies these OSs.
Linux is derived from Unix and is open source, meaning that it is freely available to anyone. Developers have access to the code and can modify, improve, and, at times, freely redistribute it. Because of this, there is an almost endless assortment of Linux versions. As an example, the Android OS is open source software, and it was derived from the open source Linux OS. Additionally, many mobile device manufacturers modify the Android OS and use it as a mobile OS for their devices. It’s worth noting that the use of Linux in many systems has steadily increased. More, CompTIA has been adding additional Linux-based objectives in their exams, including the Security+ exam.
While you primarily see OSs operating on desktops, laptops, and servers, they are also operating in other locations, including:
• Kiosks. A kiosk is a small structure in an open area used to sell something, provide information, or display advertisements. For example, an organization can create a touch-screen application installed on a computer and place it in a kiosk. This could be in a mall or store (designed to advertise something), in a medical center (designed to share information), or anywhere an organization thinks it might be useful.
• Network. Many network devices such as switches, routers, and firewalls include an operating system used to manage the device. These are often a version of Linux. Some Cisco network devices use the Cisco IOS (originally called the Internetwork Operating System).
• Appliance. A network appliance is a dedicated hardware device that bundles several features within it. A unified threat management (UTM) device includes multiple layers of protection. Many appliances run on a Linux version.
It’s also possible to use live boot media to create a non-persistent operating system on a computer. As an example, the Defense Information Systems Agency (DISA) uses Bootable Media (BootMe), which is a CD that authorized Department of Defense (DoD) users can use to run an operating system on almost any computer. It provides users with an operating system to perform specific functions, such as accessing DoD resources via remote access. It’s called a non-persistent operating system because it disappears when users turn off the computer.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Peripherals
When implementing secure systems design, organizations should consider the use of various computer peripherals, including the following:
• Wireless keyboards and wireless mice. Wireless transmissions can sometimes be intercepted. If these devices are used with systems processing sensitive data, it might be prudent to use wired devices instead.
• Displays. If displays show sensitive or private data, their view should be limited. For example, they shouldn’t be viewable from windows. Additionally, privacy screens can be placed over displays to limit the view of the information unless someone is looking straight at the display.
• External storage devices. External storage devices include any external device that has memory capabilities. It typically refers to external USB drives, but also includes other devices such as smartphones, tablets, MP3 players, and digital cameras. Users can plug them into a system and easily copy data to and from a system. They can transport malware without the user’s knowledge and can be a source of data leakage. Malicious users can copy and steal a significant amount of information using an easily concealable thumb drive. Also, users can misplace these drives and the data can easily fall into the wrong hands. Many organizations block the use of any external devices using technical policies.
• Digital cameras. Digital cameras typically include built-in storage and support additional storage by plugging in a memory card. These include the same risks as any external storage device.
• Wi-Fi-enabled MicroSD cards. Traditional Micro Secure Digital (SD) cards need to be plugged into a port to read the data. They are typically used in digital cameras. However, newer MicroSD cards include wireless capabilities. As with any wireless devices, the risk is that wireless transmissions can be intercepted, so if these are necessary, they should be configured with strong wireless security.
• Printers and other multi-function devices (MFDs). MFDs often have extra features that should be considered when purchasing them, especially if they will process sensitive information. These typically have embedded systems with their own risks discussed later in this chapter. Additionally, they often have internal storage that might retain documents that they process. For example, if the device is used to copy or scan a document, a copy of the document might remain in the system’s internal memory.
Also, when implementing secure systems design, it’s also important to evaluate several hardware elements such as Trusted Platform Module (TPM). A TPM supports secure boot and attestation processes. When the TPM is configured, it captures signatures of key files used to boot the computer and stores a report of the signatures securely within the TPM. When the system boots, the secure boot process checks the files against the stored signatures to ensure they haven’t changed. If it detects that the files have been modified, such as from malware, it blocks the boot process to protect the data on the drive.
A remote attestation process works like the secure boot process. However, instead of checking the boot files against the report stored in the TPM, it uses a separate system. Again, when the TPM is configured, it captures the signatures of key files, but sends this report to a remote system. When the system boots, it checks the files and sends a current report to the remote system. The remote system verifies the files are the same and attests, or confirms, that the system is safe.
Q. Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computer’s configuration. Which of the following will meet this goal?
A. Trusted Platform Module
B. Hardware root of trust
C. Remote attestation
D. Trusted operating system
Answer is C. A remote attestation process checks a computer during the boot cycle and sends a report to a remote system. The remote system attests, or confirms, that the computer is secure. None of the other answers sends data to a remote system.
A Trusted Platform Module (TPM) is a hardware chip on a motherboard and provides a local secure boot process.
A TPM includes an encryption key burned into the CPU, which provides a hardware root of trust.
A trusted operating system meets a set of predetermined requirements typically enforced with the mandatory access control (MAC) model.
Read the Firmware/Hardware Security blog post to know more about several hardware elements when implementing secure systems design.
See Chapter 6 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide for more information on malware.
