Troubleshoot Common Security Issues

CompTIA Security+ SY0-701 — Domain 10

🔧 Endpoint Security

  • Hardening: Remove unnecessary software, disable unused ports/services, disable auto-run features. Learn more about system hardening on OWASP.
  • Patch management: Use automated patching where possible. Always test critical patches before deployment. Include rollback procedures.
  • Antivirus/Anti-malware: Detect and prevent malware infections. Look for real-time protection, behavioral analysis, and quarantine options.
  • HIDS/HIPS: Monitor and potentially block malicious activity directly on endpoints. Learn more about HIDS on SANS Institute.
  • EDR (Endpoint Detection and Response): Provides advanced threat hunting, response workflows, and behavioral detection.
  • Sandboxing: Execute unknown or suspicious files in an isolated environment for testing.

🔐 Network Segmentation

  • Security Zones: Define levels of trust: untrusted (Internet), DMZ (public-facing), trusted (internal), enclave (highly secure), air-gapped (offline). More about DMZs on Wikipedia.
  • VLANs: Logical segmentation at Layer 2; improves manageability and isolates broadcast domains.
  • Traffic control: Monitor both north–south (external-internal) and east–west (internal lateral) traffic to contain threats.
  • Isolation strategies: Separate business-critical systems, guest networks, or legacy devices.

📱 Mobile Device Management (MDM)

  • Deployment Models: COPE (corporate owned, personally enabled), BYOD, CYOD, COBO. Each has tradeoffs in control and privacy. Learn more about BYOD policies on Cisco.
  • MDM Controls: Enforce screen lock, device encryption, remote wipe, app whitelisting, and GPS tracking.
  • Containerization: Separates corporate from personal data on mobile devices, improving privacy and compliance.
  • Geofencing: Automatically triggers policy or alerts when devices enter/exit defined locations.

🌐 Secure Mobile Connections

  • VPNs: Encrypt mobile network traffic; consider always-on VPNs for compliance. Learn more about VPNs on ExpressVPN.
  • Certificate-Based Auth: More secure than passwords; used for Wi-Fi, VPN, or app logins.
  • Management Frame Protection: Prevents disassociation attacks against Wi-Fi networks.
  • Secure Channels: Use TLS, HTTPS, and SSH instead of plain-text protocols like HTTP or FTP.
  • Evil Twin Detection: Watch for spoofed access points and implement WIDS (Wireless IDS). Get deeper into WIDS on Cisco.