Holiday Skills Carnival:
 Buy 1 Get 1 FREE
AVAIL NOW
Days
Hours
Minutes
Seconds

Common Security Techniques for Computing Resources

Author by: Ruchi Bisht
Aug 28, 2025 1090

In this blog, we dive into CompTIA Security+ Domain 4, Section 4.1, which covers common security techniques for safeguarding computing resources. In our previous series, we explored Security+ Domain 3 and its subsections. Now, we shift focus to Domain 4.1, a critical section that emphasizes the application of standard security measures across various devices and systems.

CompTIA Security+ Domain 4

4.1: Apply Common Security Techniques to Computing Resources

This section is essential for understanding how to protect various types of devices and systems in a networked environment. Let us discuss the topics covered in this section.

 Secure Baselines

Secure baselines are standard configurations that an organization uses to manage the security of its systems effectively. It involves several critical steps:

  • Establish: This involves setting a standard or baseline configuration known to be secure. It is about identifying the secure state of a system or device, taking into account its role and the data it processes.
  • Deploy: Once a secure baseline is established, the next step is to deploy this configuration across all relevant systems. This ensures uniformity in security postures.
  • Maintain: Security is an ongoing process. Maintaining secure baselines involves regular updates and modifications in response to emerging threats, vulnerabilities, and changes in the organization’s environment or policies.

Hardening Targets

Hardening is the process of securing systems by minimizing their attack surface. This can involve disabling unnecessary services, applying security patches, and configuring security settings. Different types of systems require different hardening techniques:

  • Mobile Devices: Securing mobile devices involves implementing strong authentication, ensuring up-to-date operating systems and applications, using Mobile Device Management (MDM) solutions, and applying data encryption.
  • Workstations: Workstation hardening includes installing antivirus software, enabling firewalls, regular patching, disabling unnecessary services, and enforcing least privilege access controls.
  • Switches & Routers: For network devices like switches and routers, hardening involves securing administrative access, disabling unnecessary services, implementing VLANs and Access Control Lists (ACLs), and updating firmware.
  • Cloud Infrastructure: Securing resources hosted in the cloud, such as virtual machines, storage, and databases. This requires the use of cloud-native security tools, encryption of data both in transit and at rest, and the implementation of strict access controls.
  • Servers: Server hardening includes minimizing the number of running services, closing unnecessary ports, and regularly applying patches and updates.
  • ICS/SCADA: ICS/SCADA (Industrial Control Systems and Supervisory Control and Data Acquisition) systems require specialized security measures due to their critical nature. This often involves network segmentation, strict access controls, robust authentication mechanisms, and physical security measures.
  • Embedded Systems: These are specialized computing systems within larger devices. Securing them involves minimizing software footprints, regular firmware updates, and using secure coding practices.
  • RTOS (Real-Time Operating Systems): These systems are used in time-sensitive environments like medical or military applications. Hardening includes minimizing the attack surface and ensuring reliable and timely updates.
  • IoT Devices: Internet of Things devices are increasingly common and varied. Securing them involves ensuring up-to-date firmware, changing default passwords, and securing network connections.

Wireless Devices

    • Installation Considerations

When installing wireless devices, certain considerations are crucial to ensure a secure and efficient network. These include:

  • Site Surveys: A site survey is an in-depth examination and analysis of a proposed wireless network installation site. It helps to identify potential sources of interference, physical obstructions, and optimal access point placement, ensuring efficient and secure network deployment.
  • Heat Maps: Heat maps are visual presentations of the wireless signal strength and coverage within an area. They are created using software tools during or after a site survey and guide optimal access point placement, ensuring effective and reliable wireless network coverage.

Mobile Solutions

    • Mobile Device Management (MDM): MDM is a technology that helps organizations manage and secure their employees’ mobile devices. It is particularly useful when employees use multiple mobile service providers across different operating systems.
    • Deployment Models
      • Bring Your Own Device (BYOD): This model allows staff to bring their personal devices to work and connect them to the corporate network.
      • Corporate-Owned, Personally Enabled (COPE): In this model, the organization provides the devices to employees but allows for some personal use. This offers the highest level of control over security, as the organization owns and manages the devices.
      • Choose Your Own Device (CYOD): In this model, organizations offer a selection of approved devices from which employees can choose. This allows more control over security compared to BYOD, but still offers employees some choice.

 Connection Methods

    • Cellular: This covers the security aspects of cellular networks, such as 4G and 5G. It involves understanding the vulnerabilities associated with cellular networks, like interception of data, unauthorized access, and potential for man-in-the-middle attacks.

Protection Measures: This includes using encryption, VPNs for secure data transmission, and implementing strong authentication and access control measures.

  • Wi-Fi: Here, the focus would be on securing wireless networks. Wi-Fi networks are prone to risks like eavesdropping, unauthorized access, and attacks on the Wi-Fi protocol itself.

Protection Measures: Securing Wi-Fi involves using WPA3 (Wi-Fi Protected Access 3), setting up strong passwords, implementing network segregation, and using firewalls and intrusion detection/prevention systems.

  • Bluetooth: This covers the security considerations for Bluetooth technology. Bluetooth connections can be exploited through vulnerabilities like BlueBorne or Bluesnarfing, allowing attackers to intercept data or take control of devices.

Protection Measures: This involves using the latest Bluetooth versions with enhanced security features, enabling authorization and authentication mechanisms, and ensuring that devices are not discoverable when not in use.

Wireless Security Settings

    • Wi-Fi Protected Access 3 (WPA3): WPA3 is an advanced security protocol for wireless networks. It enhances the security of Wi-Fi connections by providing more robust encryption through Simultaneous Authentication of Equals (SAE) and offers improved protection against brute-force attacks.
    • AAA/Remote Authentication: AAA stands for Authentication, Authorization, and Accounting, and is further elaborated upon in Domain 1 Section 1.2. You can find additional information on this topic within that section. Remote Authentication refers to the process of verifying a user’s identity when they are not physically present at the network’s location, often implemented through services like RADIUS.
    • Dial-In User Service (RADIUS): RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that helps manage user authentication, authorization, and accounting for people who connect and use a network service. It is widely used in wireless networks and VPN services for managing access.
    • Cryptographic Protocols: These protocols are essential for securing communications over networks. They use various cryptographic techniques like encryption, hashing, and digital signatures to ensure data’s confidentiality, integrity, and authenticity. Examples include SSL/TLS for securing web traffic and IPsec for secure VPN connections.
    • Authentication Protocols: These protocols are utilized to verify the identity of users, devices, or other entities in a communication network. They make sure that only authorized entities can access network resources. Examples include PAP, CHAP, and EAP, each with different levels of security and used in various contexts like VPNs, wireless networks, and more.

Application Security

In application security, below are essential techniques and practices used to secure applications from various threats and vulnerabilities.

  • Input Validation: This method ensures that the input received by an application is correct, appropriate, and secure. It prevents attacks like SQL injection or XSS.
  • Secure Cookies: In web applications, cookies are used to store user data. Secure cookies are encrypted or protected in such a way that they prevent unauthorized access or manipulation. It includes flags like ‘Secure’ and ‘HttpOnly’ to resist interception and cross-site scripting attacks.
  • Static Code Analysis: This method is used to analyze an application’s source code without actually executing it. It identifies vulnerabilities, such as coding errors or security loopholes, early in the development cycle.
  • Code Signing: This technique involves digitally signing software scripts and executables to verify the author’s identity and maintain software integrity, essential for trust in distributed software.

Sandboxing: Sandboxing is a security technique that creates a controlled environment, called a “sandbox,” to run code that may be untrusted or potentially harmful. This controlled environment prevents the code from affecting the rest of the system. It is commonly used to analyze and execute suspicious files or applications without risking harm to the overall system.

Master CompTIA Security+ with InfosecTrain

To equip yourself with these essential skills and stay ahead in the dynamic cybersecurity field, joining InfosecTrain‘s CompTIA Security+ certification training course is a strategic step forward. This course doesn’t just prepare you for the certification exam; it immerses you in real-world scenarios, equipping you with practical know-how to secure diverse computing resources effectively. From understanding network security nuances to mastering application protection, the course offers comprehensive coverage indispensable for any aspiring or practicing IT professional.

CompTIA Security+

TRAINING CALENDAR of Upcoming Batches For Security+ SY0-701

Start Date End Date Start - End Time Batch Type Training Mode Batch Status
13-Dec-2025 18-Jan-2026 09:00 - 13:00 IST Weekend Online [ Open ]
18-Jan-2026 07-Mar-2026 19:00 - 23:00 IST Weekend Online [ Open ]
14-Feb-2026 22-Mar-2026 09:00 - 13:00 IST Weekend Online [ Open ]
TOP