Bilal Yousaf

CompTIA Security+ (Part 1)

Threats, Attacks, and Vulnerabilities | Architecture and Design | Implementation

Welcome to Part 1 of the CompTIA Security+. This blog post explains important topics for cybersecurity!

Threats, Attacks, and Vulnerabilities

Malware types
Viruses, worms, ransomware, and spyware that damage or steal from systems.

Phishing
Tricking users with fake emails or messages to get personal information.

Social engineering
Using human tricks (not tech) to get access to systems or data.

DoS/DDoS attacks
Flooding a network or website to make it crash or slow down.

Threat actors
People or groups who attack, like hackers or insider threats.

Threat vectors
Ways attackers use to reach and attack systems, like emails or USBs.

Penetration testing
Ethical hacking to find weak points in a system before real hackers do.

Vulnerability scanning
Using tools to detect known security issues in systems.

Architecture and Design

Secure network architecture
Planning networks in a safe way to reduce attack risk.

Cloud and virtualization security
Protecting data and systems running in the cloud or virtual environments.

Secure system design
Building systems with security features from the start.

Zero trust
Never trust anything by default — always verify first.

Defense in depth
Using many layers of security to protect a system.

Segmentation
Breaking a network into parts to stop threats from spreading.

Implementation

Secure protocols
Using safe communication methods like:

Wireless security
Protecting Wi-Fi using strong methods like WPA3 and enterprise mode.

Authentication and authorization
Checking who you are (auth) and what you can access (authz) with tools like MFA, RADIUS, LDAP.

Public Key Infrastructure (PKI)
A system that uses digital certificates to secure data and identity.

Network and host security
Using firewalls, IDS/IPS, and antivirus to protect devices and networks.

Stay connected for Part 2 of CompTIA Security+.