Transcription

CompTIA Advanced Security Practitioner (CASP )CAS-004 Cert GuideEditor-in-ChiefMark TaubCopyright 2023 by Pearson Education, Inc.Director, ITP ProductManagementBrett BartowAll rights reserved. No part of this book shall be reproduced, stored ina retrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission fromthe publisher. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken inthe preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damagesresulting from the use of the information contained herein.ISBN-13: 978-0-13-734895-4ISBN-10: 0-13-734895-9Library of Congress Control Number: 2022933627ScoutAutomatedPrintCodeTrademarksAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Pearson IT Certification cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.Microsoft and/or its respective suppliers make no representations about thesuitability of the information contained in the documents and related graphics published as part of the services for any purpose. All such documents andrelated graphics are provided “as is” without warranty of any kind. Microsoftand/or its respective suppliers hereby disclaim all warranties and conditionswith regard to this information, including all warranties and conditions ofmerchantability, whether express, implied or statutory, fitness for a particularpurpose, title and non-infringement. In no event shall Microsoft and/or itsrespective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits,whether in an action of contract, negligence or other tortious action, arisingout of or in connection with the use or performance of information availablefrom the services.Executive EditorNancy DavisDevelopment EditorEllie BruManaging EditorSandra SchroederSenior Project EditorTonya SimpsonCopy EditorKitty WilsonIndexerTim WrightProofreaderBarbara MackTechnical EditorChris CraytonPublishing CoordinatorCindy TeetersCover DesignerChuti PrasertsithCompositorcodeMantraThe documents and related graphics contained herein could includetechnical inaccuracies or typographical errors. Changes are periodicallyadded to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or theprogram(s) described herein at any time. Partial screenshots may be viewedin full within the software version specified.Microsoft and Windows are registered trademarks of the MicrosoftCorporation in the U.S.A. and other countries. Screenshots and iconsreprinted with permission from the Microsoft Corporation. This book isnot sponsored or endorsed by or affiliated with the Microsoft Corporation.A01 McMillian FM pi-plxl.indd 219/05/22 9:43 PM

About the AuthorxlvAbout the AuthorTroy McMillan, CASP, is a product developer and technical editor for CyberVistaas well as a full-time trainer. He became a professional trainer more than 20 yearsago, teaching Cisco, Microsoft, CompTIA, and wireless classes. His recent workincludes Author of CompTIA CySA CS0-002 Cert Guide (Pearson IT Certification) Author of CompTIA A Complete Review Guide (Sybex) Author of CompTIA Server Study Guide (Sybex) Contributing subject matter expert for CCNA Cisco Certified Network AssociateCertification Exam Preparation Guide (Kaplan) Prep test question writer for Network Study Guide (Sybex) Technical editor for Windows 7 Study Guide (Sybex) Contributing author for CCNA-Wireless Study Guide (Sybex) Technical editor for CCNA Study Guide, Revision 7 (Sybex) Author of VCP VMware Certified Professional on vSphere 4 Review Guide: ExamVCP-410 and associated instructional materials (Sybex) Author of Cisco Essentials (Sybex) Co-author of CISSP Cert Guide (Pearson IT Certification) Prep test question writer for CCNA Wireless 640-722 (Cisco Press)He also has appeared in the following training videos for OnCourse Learning:Security ; Network ; Microsoft 70-410, 411, and 412 exam prep; ICND 1;ICND 2; and Cloud .He now creates certification practice tests and study guides and online courses forCybervista. Troy lives in Asheville, North Carolina, with his wife, Heike.A01 McMillian FM pi-plxl.indd 4519/05/22 9:43 PM

CHAPTER 8Managing the Impact ofEmerging Technologies onEnterprise Security andPrivacy Nano Technology: This section discusses the use of matter on atomic,molecular, and supramolecular scales for industrial purposes. Deep Learning: This section covers the implementation of machinelearning (ML), including natural language processing and deep fakes. Biometric Impersonation: This section covers measurement and mitigationof targeted biometric impersonation.This chapter covers CAS-004 Objective 1.8: Explain the impact of emergingtechnologies on enterprise security and privacy.Security professionals must stay abreast of all the latest trends and emerging technologies, especially as they relate to security. In this chapter you’ll learn about someof these technologies and concepts and how to manage their effects in enterprisesecurity and privacy.Artificial IntelligenceArtificial intelligence (AI) and machine learning (ML) have fascinated humansfor decades. Since the first time we conceived of the idea of talking to a computer and getting an answer like characters did in comic books years ago, wehave waited for the day to come when smart robots would not just do the dirtywork but learn just as humans do.Today, robots are taking on increasingly more and more detailed work. One ofthe exciting areas where AI and ML are yielding dividends is in intelligent network security—or intelligent networks. Intelligent networks seek out their ownvulnerabilities before attackers do, learn from past errors, and work on a predictive model to prevent attacks.For example, automatic exploit generation (AEG) is the “first end-to-end systemfor fully automatic exploit generation,” according to the Carnegie Mellon9780137348954 print.indb 21919/05/22 4:33 PM

220CompTIA Advanced Security Practitioner (CASP ) CAS-004 Cert GuideInstitute’s own description of its AI named Mayhem. Developed for off-the-shelf aswell as the enterprise software being increasingly used in smart devices and appliances, AEG can find a bug and determine whether it is exploitable.Machine LearningMachine learning is what makes AI possible. It is the use of generated training datato build a model that makes predictions and decisions without being explicitly programmed to do so. For example, in the case of using AI to adapt to network threats,algorithms can identify unusual activity and match it with similar activity that led toan attack. thereby leading to an action designed to head off or mitigate such an attack.Quantum ComputingQuantum computing is the use of quantum states, such as superposition and entanglement, to perform computation. These states are properties founded in quantumscience. Quantum computing uses these properties to perform encryption and tosolve extremely difficult mathematical equations. It is anticipated that the use ofquantum computing will enhance the machine learning process.BlockchainAnother implementation of cryptography is cryptocurrency, such as bitcoin. Cryptocurrencies make use of a process called blockchain. A blockchain is a continuouslygrowing list of records, called blocks, that are linked and secured using cryptography.Blockchain is typically managed by a peer-to-peer network collectively adhering to aprotocol for validating new blocks. The blockchain process is depicted in Figure 8-1.Blockchain Process StepsP2P NetworkCommunication12Someone in the Peer toPeer network requests atransaction.The requestedtransaction is broadcastto the P2P networkconsisting of computers,known as nodes.Validation3The network of nodesvalidates the transactionand the user ’s statususing algorithms.A verified transactioncan involvecryptocurrency,contracts, records orother information.Figure 8-19780137348954 print.indb 220Verification4Once verified, thetransaction is combinedwith other transactionsto create a new block ofdata for the ledger.Confirmation5The new block is thenadded to the existingblockchain, in a way thatis permanent andunalterable.The transaction iscomplete.Blockchain19/05/22 4:33 PM

Chapter 8: Managing the Impact of Emerging Technologies on Enterprise Security221Homomorphic EncryptionHomomorphic encryption is a form of encryption that is unique in that it allowscomputation on ciphertexts and generates an encrypted result that, when decrypted,matches the result of the operations as if they had been performed on the plaintext.Its great value lies in the fact that privacy can be maintained because the data isnever in a plaintext state, even though edits have been made. With other encryption processes, the data would be required to be decrypted to make the edits. In thissection you’ll learn about several operations that are possible using homomorphicencryption.Secure Multiparty ComputationPrivate Information RetrievalA private information retrieval (PIR) protocol can retrieve information from aserver without revealing which item is retrieved. One of the ways to construct a protocol for private information retrieval is based on homomorphic encryption.Secure Function EvaluationSecure function evaluation (SFE) is a process in which multiple parties collectivelycompute a function and receive its output without learning the inputs from anyother party. It allows for two parties to each contribute a value to a computation andgenerate the same answer without knowing the value the other party contributes.This can be done using fully homomorphic encryption.Private Function EvaluationPrivate function evaluation (PFE) is the process of evaluating one party’s privatedata using a private function owned by another party. PFEs solutions seek to ensurethat the privacy of the data and the function are both preserved. Existing solutionsfor PFE secure multiparty computations by hiding the circuit’s topology and thegate’s functionality through additive homomorphic encryption.Distributed ConsensusEarlier in this chapter you learned about blockchain. One of the mechanisms ofblockchain is distributed consensus. Distributed consensus is a process whereby distributed nodes reach agreement or consensus on the validity of transactions. Sinceblockchain lacks a central authority, distributed consensus provides a necessaryfunction to the blockchain. Consensus algorithms ensure that the protocol rules arebeing followed and guarantee that all transactions occur in such a way that the coins9780137348954 print.indb 22119/05/22 4:33 PM

222CompTIA Advanced Security Practitioner (CASP ) CAS-004 Cert Guideare only able to be spent once. Consider the diagram in Figure 8-2. When the failednode loses all data or transactions due to failure, the other nodes contribute whatthey know about what was contained in that node, and the information is used torestore the failed node.I crashedand burnedNode 20Okay got it!I vote 2Node 3Node 102Okay got it!I vote 202Node 4Figure 8-202Distributed ConsensusBig DataBig data is a term for sets of data so large or complex that they cannot be analyzedby using traditional data processing applications. Specialized applications have beendesigned to help organizations with their big data. The big data challenges that maybe encountered include data analysis, data capture, data search, data sharing, datastorage, and data privacy.While big data is used to determine the causes of failures, generate coupons atcheckout, recalculate risk portfolios, and find fraudulent activity before it ever has achance to affect an organization, its existence creates security issues. The first issue isits unstructured nature. Traditional data warehouses process structured data and canstore large amounts of it, but there is still a requirement for structure.Big data typically uses Hadoop, which requires no structure. Hadoop is an opensource framework used for running applications and storing data. With the HadoopDistributed File System (HDFS), individual servers that are working in a cluster can9780137348954 print.indb 22219/05/22 4:33 PM

Chapter 8: Managing the Impact of Emerging Technologies on Enterprise Security223fail without aborting the entire computation process. There are no restrictions onthe data that this system can store.While big data is enticing because of the advantages it offers, it presents a number ofissues: Organizations still do not understand it very well, and unexpected vulnerabilities can easily be introduced. Open-source codes are typically found in big data, which can result in unrecognized backdoors. Big data can contain default credentials. Attack surfaces of the nodes may not have been reviewed, and servers may nothave been hardened sufficiently. Authentication of users and data access from other locations may not becontrolled. Log access and audit trails may be an issue. Opportunities for malicious activity, such as malicious data input and poorvalidation, are plentiful. The relative security of a big data solution rests primarily on the knowledgeand skill sets of the individuals implementing and managing the solution andthe partners involved rather than the hardware and software involved.Virtual/Augmented RealityVirtual/augmented reality (AR) provides a view of a physical, real-world environment whose elements are “augmented” by computer-generated or extracted realworld sensory input such as sound, video, graphics, or GPS data. Many mobiledevices support AR when the proper apps are installed. An interesting AR deviceis the Twinkle in the Eye contact lens. This lens, which is implanted in an eye, isfabricated with an LED, a small radio chip, and an antenna. The unit is poweredwirelessly by RF electrical signal and represents the start of research that couldeventually lead to screens mounted onto contact lenses worn on human eyes. Whenthis lens technology is perfected, we will no longer need mobile devices, as AR chipswill eventually be able to be implanted into our eyes and ears, making humans theextension of their own reality.So, what is the difference between virtual and augmented reality? Well, there is a bitof difference. Virtual reality (VR) immerses users in a fully artificial digital environment, while augmented reality (AR) overlays virtual objects on the real-worldenvironment.9780137348954 print.indb 22319/05/22 4:33 PM

224CompTIA Advanced Security Practitioner (CASP ) CAS-004 Cert GuideSecurity issues with AR and VR revolve around the following issues: Breaches that expose tremendous amounts of data Privacy issues as hackers may gain access to a user’s augmented reality deviceand record the user’s behavior Unreliable data and data manipulation when delivered by a third party3-D Printing3-D printers create objects or parts by joining or solidifying materials under computer control to create three-dimensional objects. Some versions use a data sourcesuch as an additive manufacturing file (AMF) file (usually in sequential layers). 3-Dprinters use rolls of special filament as the material source. This filament comes invarious colors (see Figure 8-3).Figure 8-3Plastic FilamentSecurity issues with 3-D printing are related to the fact that thousands of 3-D printers are exposed online to remote cyber attacks. The SANS Internet Storm Center scanned the Internet for vulnerable 3-D printers and found more than 3,700instances of interfaces exposed online.Passwordless AuthenticationMany enterprises are continuing to move toward passwordless authentication.Passwordless authentication is any authentication method that does not rely on the9780137348954 print.indb 22419/05/22 4:33 PM

Chapter 8: Managing the Impact of Emerging Technologies on Enterprise Security225use of passwords. You have already learned of one such method: biometrics. Othermethods include the use of certificates and methods that rely on public key cryptography. Some definitions also include methods that combine passwords with otherforms of authentication, such as a smart card or a password in addition to a biometric sample.Moving toward passwordless authentication has increased the security of theauthentication and authorization process because alternatives such as biometrics andcertificate-based authentication are much harder to defeat than passwords.Nano TechnologyA nanometer is a unit of measurement that is incredibly small. In fact, it would takethree atoms of gold lined up to make one nanometer. Nano technology is the useof matter on atomic, molecular, and supramolecular scales for industrial purposes.Examples of its implementation include Tennis balls to last longer Golf balls to fly straighter Bandages infused with silver nanoparticles to heal cuts faster Diesel engines with cleaner exhaust fumesNano technology can help increase security in that it may enable more complexcryptographic schemes. Advances in nanoscale technology and the use of quantumtechnology may make quantum chips available that will be far more secure than traditional cryptographic hardware.Deep LearningDeep learning is a form of machine learning that uses artificial neural networks andrepresentational learning. It has been applied to many fields, including computerscience. While neural networks are conceptually like biological networks, they havesome differences—the biggest one being that a biological network is dynamic, anda neural network is static. Nevertheless, deep learning has been used to observe andlearn in fields such as speech recognition, drug design, medical image analysis, material inspection, and board game programs.Natural Language ProcessingNatural language processing (NLP) is a form of machine learning that attemptsto enable a computer system to read and understand a document, including the9780137348954 print.indb 22519/05/22 4:33 PM

226CompTIA Advanced Security Practitioner (CASP ) CAS-004 Cert Guidenuances. One common application of this is an automated chat or help function. Asa deep understating of what the user is typing in the chat box is essential to providing good service, the application of natural language processing makes this possible.Deep FakesDeep fakes comprise synthetic media that impersonates a real person’s appearanceand speech. A deep fake is so named because it uses a form of deep learning to learnboth the appearance and the speech patterns of the target individual.Biometric ImpersonationWhile we have in the past considered biometric authentication to be the goldstandard in security, it is not without weaknesses. Biometric impersonation, oncethought to be difficult or even impossible, is apparently possible in some cases. Forexample, it has been shown that by accessing data generated by someone’s activitymonitoring software, like Fitbit, and using a generic algorithm, information can bederived that can be used to impersonate that person.9780137348954 print.indb 22619/05/22 4:33 PM

Chapter 8: Managing the Impact of Emerging Technologies on Enterprise Security227Exam Preparation TasksAs mentioned in the Introduction, you have a couple choices for exam preparation:the exercises here and the practice exams in the Pearson IT Certification test engine.Review All Key TopicsReview the most important topics in this chapter, noted with the Key Topic icon inthe outer margin of the page. Table 8-1 lists these key topics and the page numberon which each is found.Table 8-1Key Topics for Chapter 8Key Topic ElementDescriptionPage NumberFigure 8-1Blockchain220Figure 8-2Distributed Consensus222ListIssues with big data223Figure 8-3Plastic Filament224ListImplementations of nano technology225Define Key TermsDefine the following key terms from this chapter and check your answers in theglossary:artificial intelligence (AI), machine learning (ML), quantum computing, blockchain, homomorphic encryption, private information retrieval (PIR), securefunction evaluation (SFE), private function evaluation (PFE), distributed consensus, big data, virtual reality (VR), augmented reality (AR), 3-D printer, passwordless authentication, nano technology, deep learning, deep fake, biometricimpersonationComplete Tables and Lists from MemoryThere are no memory tables or lists in this chapter.9780137348954 print.indb 22719/05/22 4:33 PM

228CompTIA Advanced Security Practitioner (CASP ) CAS-004 Cert GuideReview Questions1. Which of the following makes artificial intelligence possible?a. Machine learningb. Distributed consensusc. Secure functiond. Quantum computing2. Activity-monitoring software, like Fitbit, can make which attack possible?a. Data exfiltrationb. Biometric impersonationc. Side channel attackd. SYN flood3. Which of the following is expected to enhance the machine learning process?a. Multiparty computationb. Distributed consensusc. Secure functiond. Quantum computing4. Which of the following comprises synthetic media that impersonates a realperson’s appearance and speech?a. Digital certificateb. Machine learningc. Deep faked. Distributed consensus5. Cryptocurrencies make use of which of the following?a. Distributed consensusb. Deep fakec. Quantum computingd. Blockchain9780137348954 print.indb 22819/05/22 4:33 PM

Chapter 8: Managing the Impact of Emerging Technologies on Enterprise Security2296. Which of the following is used to make tennis balls last longer?a. Nano technologyb. Blockchainc. Machine learningd. Deep learning7. Which of the following allows computation on ciphertexts and generates anencrypted result that, when decrypted, matches the result of the operations asif they had been performed on the plaintext?a. Asymmetric encryptionb. Homomorphic encryptionc. Hashingd. Salting8. Which of the following processes used an additive manufacturing file (AMF)?a. Deep learningb. Distributed consensusc. 3-D printingd. Virtual reality9. Which of the following is a type of protocol that can retrieve informationfrom a server without revealing which item is retrieved?a. Secure function evaluationb. Private function evaluationc. Private information retrievald. Public function evaluation10. Which of the following immerses users in a fully artificial digital environment?a. IRb. ARc. DRd. VR9780137348954 print.indb 22919/05/22 4:33 PM

Review All Key Topics Review the most important topics in this chapter, noted with the Key Topic icon in the outer margin of the page. Table 8-1 lists these key topics and the page number on which each is found. Table 8-1 Key Topics for Chapter 8 Key Topic Element Description Page Number Figure 8-1 Blockchain 220 Figure 8-2 Distributed .