Any attempt to secure computers and networks against security threats should take into account the different vulnerabilities of computer networks and the best methods to mitigate attacks aimed at those vulnerabilities. A network with perfect communications security but no access control is still an extremely vulnerable network. To protect our data and communications, we need to consider how to mitigate and counter application, host, and data security risks.
In this chapter, we will discuss security as it pertains to your applications, data, and host computer systems. It is important to secure networks and physically secure systems, but applications must be patched and hardened, data should be protected through techniques such as encryption, and company computers should be secured so data cannot be compromised, nor sessions hijacked. The core Security+ exam objectives covered in this chapter are as follows:
- Explain the importance of application security
- Carry out appropriate procedures to establish host security
- Explain the importance of data security