Security Plus Short Notesx - Tomax7


Nov 30, 2013 (3 years and 4 months ago)


Security+ Short Notes:

General Security Concepts

is an industry standard authentication protocol used to verify user or host identity.

based access control (RBAC) is an access control model. In this model, a user can access resources
according to his role in the organization.

Mandatory Access Contr
ol (MAC) is a model that uses a predefined set of access privileges for an object of the

Authentication is a process of verifying the identity of a person, network host, or system process. The
authentication process compares the provided credential
s with the credentials stored in the database of an
authentication server.

based authentication is the most secure method of authentication. It provides stronger key for
encryption as compared to Digest authentication and sends encrypted passwo
rds across the network. This
prevents unauthorized users from intercepting the passwords.

Anonymous authentication is generally used for public Internet Web sites. Using this method, a user can establish
a connection with a Web server without providing use
rname and password.

Authentication is a process of verifying the identity of a person, network host, or system process. The
authentication process compares the provided credentials with the credentials stored in the database of an
authentication server.

ssword Authentication Protocol (PAP) transmits user credentials as plaintext.

A certificate is a digital representation of information that identifies authorized users on the Internet and intranets.

Biometrics is a method of authentication that uses physic
al characteristics, such as fingerprints, scars, retinal
patterns, and other forms of biophysical qualities to identify a user.

Mutual authentication is a process in which a client process and server are required to prove their identities to
each other be
fore performing any application function.

User accounts can be disabled, rather than being deleted, as a security measure to prevent a particular user from
logging on.

factor authentication involves a combination of multiple methods of authentication
. For example, an
authentication method that uses smart cards as well as usernames and passwords can be referred to as multi
factor authentication.

Anonymous authentication is an authentication method used for Internet communication. It provides limited
cess to specific public folders and directory information or public areas of a Web site.

Biometrics is the most secure method of authentication.

The distributed denial
service (DDoS) attack involves multiple compromised systems to attack a single targe

Eavesdropping is the process of listening in private conversations.

Spoofing refers to the emulation of the identity of a network computer by an attacking computer.

SYN attack refers to a condition in which a hacker sends a bunch of packets that leave
TCP ports half open.

PING is a utility that sends Internet Control Message Protocol (ICMP) request packets to a specified destination

A Denial
Service (DoS) attack is mounted with the objective of causing a negative impact on the performance
of a
computer or network.

A denial
service (DoS) attack is mounted with the objective of causing a negative impact on the performance of
a computer or network.

Brute force attack is the most likely cause of the account lockouts. In this attack, unauthorized
users attempt to
log on to a network or a computer by using multiple possible user names and passwords.

A strong encryption provides the best protection against a man
middle attack.

Back door is a program or account that allows access to a system
by skipping the security checks.

Brute force attack and Dictionary attack are the types of password guessing attacks.

War driving is the most common method used by attackers to identify wireless networks.

Smurf is an ICMP attack that involves spoofing and


Replay attack used by attackers to obtain an authenticated connection on a network.

Teardrop is an attack with IP fragments that cannot be reassembled.

Snooping is an activity of observing the content that appears on a computer

monitor or watc
hing what a user is typing.

Phishing is a type of scam that entice a user to disclose personal information such as social security number,
bank account details, or credit card number.

Dictionary attack is specially used for cracking a password.

Sniffing is

a process of monitoring data packets that travel across a network. The software used for packet sniffing
is known as sniffer.

Sudden reduction in system resources and corrupted or missing files are symptoms of a virus attack.

Boot sector, network files, a
nd system files are vulnerable to virus attacks.

International Computer Security Association (ICSA) is an independent organization that defines standards for
virus software.

To minimize potential virus attacks, a virus protection program should be ins
talled on each workstation on a

Updating the anti
virus software regularly is the best way of protecting important data against virus attack.

The main difference between worms and Trojan horses is that worms replicate itself from one computer to
nother, while Trojan horses do not.

Worm and Trojan horse are based on malicious code.

A logic bomb is a malicious program that executes when a predetermined event occurs.

Stealth virus masks itself from applications or utilities to hide itself by detectio
n of anti
virus software.

The following methods can be helpful to eliminate social engineering threat:


Password policies


Vulnerability assessments


Data classification

Auditing is used to secure a network and the computers on a network. It is also used
to track user accounts for file
and object access, logon attempts, etc.

The following types of activities can be audited:


Network logons and logoffs


File access


Printer access


Remote access service


Application usage


Network services


Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point
Point Tunneling Protocol (PPTP). It
provides tunneling, address assignment, and authentication.

Virtual private network (VPN) uses a tunneling protocol to span public networks,

such as the Internet, without
security risk. VPN enables remote users to access corporate networks securely by using a tunneling protocol
such as PPTP or L2TP.

PPP is a remote access protocol that supports encryption.

UDP port 49 is the default port for

Internet Protocol Security (IPSec) is a standard
based protocol that provides the highest level of VPN security.
IPSec uses Authentication Header (AH) for data integrity and Encapsulating Security Payload (ESP) for data

IPSEC is us
ed with a tunneling protocol to provide security.

Point Protocol (PPP) works on the OSI model’s data
link layer.

Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over unsecured

UDP port 170
1 is the default port for L2TP.

IPSec operates at the network layer of the Open Systems Interconnect (OSI) model.

Secure Shell (SSH) is a protocol. It uses public key encryption as the main method for user authentication.

PPTP an L2TP are tunneling proto

Tunneling is a process used by remote users to make a secure connection to internal resources after establishing
an Internet connection.

PPTP is used to securely connect to a private network by a remote client using a public data network, such as the


IEEE 802.1X standard provides an authentication framework for wireless LANs. It uses the Extensible
Authentication Protocol (EAP) that works on Ethernet, Token Ring, or wireless LANs to exchange messages for
the authentication process.

le Authentication Protocol (EAP) is an authentication protocol that provides support for a wide range of
authentication methods, such as smart cards, certificates, one
time passwords, public keys, etc.

The Secure Shell (SSH) protocol is used to establish
a secure TELNET session over TCP/IP.

The two most commonly used methods for providing e
mail security are Pretty Good Privacy (PGP) and
Secure/Multipurpose Internet Mail Extensions (S/MIME).

Hoax is a false warning about a virus. It is commonly spread thro
ugh e
mail messages.

mail filtering should be implemented to protect an organization from spam.

Pretty Good Privacy (PGP) is an encryption method that uses public
key encryption to encrypt and digitally sign e
mail messages during communication between e
mail clients.

Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) are two ways of sending
secure e
mail messages over the Internet.

Spam is a term that refers to the unsolicited e
mails sent to a large number of e

Simple Mail Transfer Protocol (SMTP) is a protocol for sending e
mail messages between servers.

Post Office Protocol version 3 (POP3) is a protocol used to retrieve e
mails from a remote mail server.

Internet Message Access Protocol (IMAP) is a pro
tocol that allows an e
mail client to access and manipulate a
remote e
mail file without downloading it to the local computer.

If no expiration date is set for a cookie, it expires when the session ends.

Simple Mail Transfer Protocol (SMTP) is a common pro
tocol for sending e
mails over the Internet.

The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web

Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documen
ts via the
Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide
communication privacy, authentication, and message integrity.

Secure Sockets Layer (SSL) session keys are available in 40
bit and 128
bit l

SNMP uses UDP port 161 by default.

TCP port 143 is the default port for Internet Message Access Protocol 4 (IMAP4).

Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the
Internet. Secure Sockets
Layer (SSL) uses a combination of public key and symmetric encryption to provide
communication privacy, authentication, and message integrity.

IEEE 802.11b is an extension of the 802.11 standard. It is used in wireless local area networks (WLANs) and
des 11 Mbps transmission speeds in the bandwidth of 2.4 GHz.

SSL and TLS protocols are used to provide secure communication between a client and a server over the

Buffer overflow is a situation in which an application receives more data than it i
s configured to accept. This
usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the

Hypertext Transfer Protocol Secure (HTTPS) is a protocol used in the Universal Resource Locater (URL) address
line to connect to a secure site.

Common Gateway Interface (CGI) defines the communication link between a Web server and Web applications.

Cookie contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in
he memory or hard disk of client computers. A Web site stores information, such as user preferences and
settings in a cookie.

JavaScript and Perl can be used to create and store cookies on client computers.

Packet filtering is a process of monitoring data

packets that travel across a network.

HTTP protocol is responsible for requesting Web pages from a Web server and sending back the responses to a
Web browser.

Encryption is a method of securing data while it travels over the Internet. The encryption soft
ware encodes
information from plain text to encrypted text, using specific algorithms with a string of numbers known as a key.

Lightweight Directory Access Protocol (LDAP) is used to query and modify information stored within the directory

The L
ightweight Directory Access Protocol (LDAP) is a protocol for clients to query and manage information in a
directory service over a TCP connection.

The following attributes are used by Lightweight Directory Access Protocol (LDAP) to notify the names of act
directory elements:


DC: It is the Domain Component tag that identifies a part of the DNS name of a domain such as COM.


OU: It is the Organizational Unit tag that identifies an OU container.


CN: It is the Common Name tag that identifies the common
name configured for an Active Directory

Secure Socket Layer (SSL) is a technology built
in the Web server and browser to encrypt data traveling over the
Internet. The Secure Socket Layer (SSL) protocol provides communication privacy, authentication
, and message
integrity by using a combination of public
key and symmetric encryption.

Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security.

Passive detection is a type of intruder detection that i
nvolves logging network events to a file for an administrator
to review later.

In order to configure a wireless LAN to provide security, set the authentication type for the wireless LAN to Shared
Key, disable SSID Broadcast, and enable MAC address filterin
g on all the wireless access points. On each client
computer, add the SSID for the wireless LAN as the preferred network.

In order to secure wireless networks, use techniques such as closed network, SSID spoofing, and MAC address

Only users wit
h the correct WEP key can authenticate from the access point of the network.

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs).

Infrastructure Security

Firewall is used to protect the network against unauthori
zed access.

The Web browser’s Security setting controls the way in which a Web browser receives information and downloads
content from Web sites.

Routers prevent broadcasts from crossing over subnets.

Firewall should be installed between the LAN and the I
nternet to protect a LAN against external access and

Firewall is available both as software and hardware. You can implement hardware
based firewall for security with
minimum administrative effort.

NSLOOKUP utility queries the DNS server to check w
hether or not the zone database contains the correct

Blocking all the packets, unless they are explicitly permitted, is the most secure policy for a firewall.

Switch reads the destination’s MAC address or hardware address from each incoming da
ta packet and forwards
the data packet to its destination. This reduces the network traffic.

Firewall performs packet screening for security on the basis of port numbers.

Smart card is a device that contains a microprocessor and permanent memory. It is us
ed to securely store public
and private keys for log on, e
mail signing and encryption, and file encryption.

A fibre optic cable provides maximum security against electronic eavesdropping on a network.

optic cable is used for high
speed, high
ty data transmission. It uses optical fibers to carry digital data
signals in the form of modulated pulses of light.

59 type of coaxial cable is used for cable TV and cable modems.

optic cables use light as a transmission media.

The extranet will

be used to specify the nature of access to the Web site. The extranet is an area on a Web site
that is available only to a set of registered visitors.

VPN is an example of extranet.

Demilitarized zone (DMZ) or perimeter network is a small network that
lies in between the Internet and a private

A perimeter network is also known as a demilitarized zone or DMZ. It has a connection to the Internet through an
external firewall and a connection to the internal network through an interior firewall. It

protects a network from
unauthorized traffic.

Network Address Translation (NAT) is a technique that hides internal network hosts from the public network.

Bastion host is a computer that must be made secure because it is accessible from the Internet and he
nce is
more vulnerable to attacks.

Extranet is an area of a company’s Web site, which is available only to selected customers, suppliers, and
business partners. It allows users limited access to a company’s Intranet.

The DMZ is an IP network segment that c
ontains resources available to Internet users such as Web servers, FTP
servers, e
mail servers, and DNS servers.

Rogue employees and dial
up connections are threats to network security.

A honey pot is a computer that is used to attract potential intruders
or attackers. It is for this reason that a honey
pot has low security permissions. A honey pot is used to gain information about the intruders and their attack

NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) reso
lution problems.

In case users are unable to access a Web site by entering the Web site address while able to access the Web
site by using the IP address. This is because the DNS server has no entry for the host name of the Web site.

Start of Authority (SO
A) record is the first record in any DNS database file.

FTP uses port 20 and 21 by default.

IIS provides the FTP, SMTP, and NNTP services with HTTP.

NTFS supports security features, such as encryption using Encrypting File System (EFS) and file and folder

Port 53 is the default port for DNS zone transfer.

UDP port 137 is the default port for the NetBIOS name service.

Malicious e
mails can be prevented from entering the network from the non
existing domains by enabling DNS
reverse lookup o
n the e
mail server. DNS reverse lookup enhances the security of a network by confirming the
identity of incoming e

System hardening is a term used for securing an operating system.

Hotfix is a collection of files used by Microsoft for software upda
tes that are released between major service pack
releases. It is generally related to security problems.

Access control list (ACL) is a rule list containing access control entries. It is used to allow or deny access to
network resources.

NTFS file system p
rovides file
level security.

Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to
computers, so that they can communicate with other network services. It reduces the complexity of managing
network clien
t IP address configuration.

System hardening is a term used for securing an operating system. It can be achieved by installing the latest
service packs, removing unused protocols and services, and limiting the number of users with administrative

Directory service is a network service that stores and organizes information about a computer network’s users
and network resources, and that allows network administrators to manage users’ access to the resources.

Service pack is a medium by which produc
t updates are distributed. It is a collection of Fixes and Patches in a
single product. It contains updates for system reliability, program compatibility, and security.

It is responsible for the resolution of IP addresses to media access control (MAC) addr
esses of a network
interface card (NIC).

Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and
information among all member devices in an IP multicast group.

Internet Control Message Protocol (ICMP) protocol
provides maintenance and error reporting function.

TFS has all the basic capabilities of FAT and it provides better file security, improved disk compression and
support for larger hard disks.

Basics of Cryptography

Symmetric encryption is a type of encryp
tion that uses a single key to encrypt and decrypt data. Symmetric
encryption algorithms are faster than public key encryption.

Public key and private key re used in asymmetric encryption.

NTLM version 2 uses 128
bit encryption. It is the most secure form
of challenge/response authentication.

Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data.

Asymmetric encryption is a type of encryption that uses two keys, namely a public key and a private key pair for
data enc

Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a
message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses symmetric
encryption key algorithm to encrypt

Digital signature is a personal authentication method based on encryption and authorization codes.

Message authentication code (MAC) is a mechanism that applies an authentication scheme and a secret key to a
message, so that the message can only be v
erified by the intended recipient. It provides integrity checks based
on a secret key.

Digital signature is a personal authentication method based on encryption and authorization codes. It is created
by implementing a public
key encryption.


is a term that refers to the protection of data against unauthorized access.

repudiation is a mechanism which proves that the sender really sent a message.

Integrity ensures that no intentional or unintentional unauthorized modification is made to da

Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point
Point Tunneling Protocol (PPTP). It
provides tunneling, address assignment, and authentication.

Public Key Infrastructure (PKI) provides security through data encryption and digital


Certification authority (CA) is an entity in a network, which manages security credentials and public keys for
message encryption. It issues certificates that confirm the identity and other attributes of a certificate in relation to
other entit

Certificate Enrollment Protocol (CEP) allows Cisco devices to acquire and utilize digital certificates from
Certification Authorities (CAs).

Certificate Management Protocol (CMP) provides functionalities for advanced management associated with the

of digital certificates such as certificate issuance, exchange, revocation, invalidation, etc.

Online Certificate Status Protocol (OCSP) is used to verify the status of a certificate.

International Data Encryption Algorithm (IDEA) operates on 64
bit bloc
ks using a 128
bit key.

Twofish symmetric key block cipher operates on 128
bits block size using key sizes up to 256 bits.

Certificate server is a standards
based, highly customizable server program for managing the creation, issuance,
and renewal of digit
al certificates.

In a decentralized privilege management environment, user accounts and passwords are stored on each server.

Operational / Organizational Security

Shielding is a way of preventing electronic emissions that are generated from a computer or
network from being
used by unauthorized users for gathering confidential information.

Incremental backup backs up files that are created or changed since the last full or incremental backup.

Sanitization is the process of removing the content from the medi
a so that it is difficult to restore.

Declassification is the process of assessing the risk involved in discarding particular information.

Incremental backup is the fastest backup process. It backs up files that are created or changed since the last full
r incremental backup, and clears the archive bit.

RAID provides high availability of data.

A minimum of three disks are required for RAID
5 volumes.

Due Care policy identifies the level of confidentiality of information on a computer. It specifies how the
is to be handled.

A backup policy is a documentation of guidelines that are used to create archival copies of important data.

A chain of custody is a documentation that shows who has collected and accessed each piece of evidence. It is a
ntation of guidelines that computer forensics experts use to handle evidences.

A retention policy is a company policy, which is set by a network administrator to allow users to retain their e
mails and documents for a fixed period of time.