Security Plus Short Notesx - Tomax7

acceptablepeasSecurity

Nov 30, 2013 (3 years and 6 months ago)

59 views

Security+ Short Notes:

http://www.ucertify.com/blog/comptia
-
security
-
sy0
-
101
-
short
-
notes
-
exam
-
passing
-
tips.html



General Security Concepts



Kerberos
is an industry standard authentication protocol used to verify user or host identity.



Role
-
based access control (RBAC) is an access control model. In this model, a user can access resources
according to his role in the organization.



Mandatory Access Contr
ol (MAC) is a model that uses a predefined set of access privileges for an object of the
system.



Authentication is a process of verifying the identity of a person, network host, or system process. The
authentication process compares the provided credential
s with the credentials stored in the database of an
authentication server.



Certificate
-
based authentication is the most secure method of authentication. It provides stronger key for
encryption as compared to Digest authentication and sends encrypted passwo
rds across the network. This
prevents unauthorized users from intercepting the passwords.



Anonymous authentication is generally used for public Internet Web sites. Using this method, a user can establish
a connection with a Web server without providing use
rname and password.



Authentication is a process of verifying the identity of a person, network host, or system process. The
authentication process compares the provided credentials with the credentials stored in the database of an
authentication server.



Pa
ssword Authentication Protocol (PAP) transmits user credentials as plaintext.



A certificate is a digital representation of information that identifies authorized users on the Internet and intranets.



Biometrics is a method of authentication that uses physic
al characteristics, such as fingerprints, scars, retinal
patterns, and other forms of biophysical qualities to identify a user.



Mutual authentication is a process in which a client process and server are required to prove their identities to
each other be
fore performing any application function.



User accounts can be disabled, rather than being deleted, as a security measure to prevent a particular user from
logging on.



Multi
-
factor authentication involves a combination of multiple methods of authentication
. For example, an
authentication method that uses smart cards as well as usernames and passwords can be referred to as multi
-
factor authentication.



Anonymous authentication is an authentication method used for Internet communication. It provides limited
ac
cess to specific public folders and directory information or public areas of a Web site.



Biometrics is the most secure method of authentication.



The distributed denial
-
of
-
service (DDoS) attack involves multiple compromised systems to attack a single targe
t.



Eavesdropping is the process of listening in private conversations.



Spoofing refers to the emulation of the identity of a network computer by an attacking computer.



SYN attack refers to a condition in which a hacker sends a bunch of packets that leave
TCP ports half open.



PING is a utility that sends Internet Control Message Protocol (ICMP) request packets to a specified destination
host.



A Denial
-
of
-
Service (DoS) attack is mounted with the objective of causing a negative impact on the performance
of a
computer or network.



A denial
-
of
-
service (DoS) attack is mounted with the objective of causing a negative impact on the performance of
a computer or network.



Brute force attack is the most likely cause of the account lockouts. In this attack, unauthorized
users attempt to
log on to a network or a computer by using multiple possible user names and passwords.



A strong encryption provides the best protection against a man
-
in
-
the
-
middle attack.



Back door is a program or account that allows access to a system
by skipping the security checks.



Brute force attack and Dictionary attack are the types of password guessing attacks.



War driving is the most common method used by attackers to identify wireless networks.



Smurf is an ICMP attack that involves spoofing and

flooding.



Replay attack used by attackers to obtain an authenticated connection on a network.



Teardrop is an attack with IP fragments that cannot be reassembled.



Snooping is an activity of observing the content that appears on a computer

monitor or watc
hing what a user is typing.



Phishing is a type of scam that entice a user to disclose personal information such as social security number,
bank account details, or credit card number.



Dictionary attack is specially used for cracking a password.



Sniffing is

a process of monitoring data packets that travel across a network. The software used for packet sniffing
is known as sniffer.



Sudden reduction in system resources and corrupted or missing files are symptoms of a virus attack.



Boot sector, network files, a
nd system files are vulnerable to virus attacks.



International Computer Security Association (ICSA) is an independent organization that defines standards for
anti
-
virus software.



To minimize potential virus attacks, a virus protection program should be ins
talled on each workstation on a
network.



Updating the anti
-
virus software regularly is the best way of protecting important data against virus attack.



The main difference between worms and Trojan horses is that worms replicate itself from one computer to
a
nother, while Trojan horses do not.



Worm and Trojan horse are based on malicious code.



A logic bomb is a malicious program that executes when a predetermined event occurs.



Stealth virus masks itself from applications or utilities to hide itself by detectio
n of anti
-
virus software.



The following methods can be helpful to eliminate social engineering threat:

o

Password policies

o

Vulnerability assessments

o

Data classification



Auditing is used to secure a network and the computers on a network. It is also used
to track user accounts for file
and object access, logon attempts, etc.



The following types of activities can be audited:

o

Network logons and logoffs

o

File access

o

Printer access

o

Remote access service

o

Application usage

o

Network services


Communication
Security



Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point
-
to
-
Point Tunneling Protocol (PPTP). It
provides tunneling, address assignment, and authentication.



Virtual private network (VPN) uses a tunneling protocol to span public networks,

such as the Internet, without
security risk. VPN enables remote users to access corporate networks securely by using a tunneling protocol
such as PPTP or L2TP.



PPP is a remote access protocol that supports encryption.



UDP port 49 is the default port for
TACACS.



Internet Protocol Security (IPSec) is a standard
-
based protocol that provides the highest level of VPN security.
IPSec uses Authentication Header (AH) for data integrity and Encapsulating Security Payload (ESP) for data
confidentiality.



IPSEC is us
ed with a tunneling protocol to provide security.



Point
-
to
-
Point Protocol (PPP) works on the OSI model’s data
-
link layer.



Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over unsecured
channels.



UDP port 170
1 is the default port for L2TP.



IPSec operates at the network layer of the Open Systems Interconnect (OSI) model.



Secure Shell (SSH) is a protocol. It uses public key encryption as the main method for user authentication.



PPTP an L2TP are tunneling proto
cols.



Tunneling is a process used by remote users to make a secure connection to internal resources after establishing
an Internet connection.



PPTP is used to securely connect to a private network by a remote client using a public data network, such as the

Internet.



IEEE 802.1X standard provides an authentication framework for wireless LANs. It uses the Extensible
Authentication Protocol (EAP) that works on Ethernet, Token Ring, or wireless LANs to exchange messages for
the authentication process.



Extensib
le Authentication Protocol (EAP) is an authentication protocol that provides support for a wide range of
authentication methods, such as smart cards, certificates, one
-
time passwords, public keys, etc.



The Secure Shell (SSH) protocol is used to establish
a secure TELNET session over TCP/IP.



The two most commonly used methods for providing e
-
mail security are Pretty Good Privacy (PGP) and
Secure/Multipurpose Internet Mail Extensions (S/MIME).



Hoax is a false warning about a virus. It is commonly spread thro
ugh e
-
mail messages.



E
-
mail filtering should be implemented to protect an organization from spam.



Pretty Good Privacy (PGP) is an encryption method that uses public
-
key encryption to encrypt and digitally sign e
-
mail messages during communication between e
-
mail clients.



Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) are two ways of sending
secure e
-
mail messages over the Internet.



Spam is a term that refers to the unsolicited e
-
mails sent to a large number of e
-
mail
users.



Simple Mail Transfer Protocol (SMTP) is a protocol for sending e
-
mail messages between servers.



Post Office Protocol version 3 (POP3) is a protocol used to retrieve e
-
mails from a remote mail server.



Internet Message Access Protocol (IMAP) is a pro
tocol that allows an e
-
mail client to access and manipulate a
remote e
-
mail file without downloading it to the local computer.



If no expiration date is set for a cookie, it expires when the session ends.



Simple Mail Transfer Protocol (SMTP) is a common pro
tocol for sending e
-
mails over the Internet.



The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web
server.



Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documen
ts via the
Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide
communication privacy, authentication, and message integrity.



Secure Sockets Layer (SSL) session keys are available in 40
-
bit and 128
-
bit l
engths.



SNMP uses UDP port 161 by default.



TCP port 143 is the default port for Internet Message Access Protocol 4 (IMAP4).



Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the
Internet. Secure Sockets
Layer (SSL) uses a combination of public key and symmetric encryption to provide
communication privacy, authentication, and message integrity.



IEEE 802.11b is an extension of the 802.11 standard. It is used in wireless local area networks (WLANs) and
provi
des 11 Mbps transmission speeds in the bandwidth of 2.4 GHz.



SSL and TLS protocols are used to provide secure communication between a client and a server over the
Internet.



Buffer overflow is a situation in which an application receives more data than it i
s configured to accept. This
usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the
application.



Hypertext Transfer Protocol Secure (HTTPS) is a protocol used in the Universal Resource Locater (URL) address
line to connect to a secure site.



Common Gateway Interface (CGI) defines the communication link between a Web server and Web applications.



Cookie contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in
t
he memory or hard disk of client computers. A Web site stores information, such as user preferences and
settings in a cookie.



JavaScript and Perl can be used to create and store cookies on client computers.



Packet filtering is a process of monitoring data

packets that travel across a network.



HTTP protocol is responsible for requesting Web pages from a Web server and sending back the responses to a
Web browser.



Encryption is a method of securing data while it travels over the Internet. The encryption soft
ware encodes
information from plain text to encrypted text, using specific algorithms with a string of numbers known as a key.



Lightweight Directory Access Protocol (LDAP) is used to query and modify information stored within the directory
services.



The L
ightweight Directory Access Protocol (LDAP) is a protocol for clients to query and manage information in a
directory service over a TCP connection.



The following attributes are used by Lightweight Directory Access Protocol (LDAP) to notify the names of act
ive
directory elements:

o

DC: It is the Domain Component tag that identifies a part of the DNS name of a domain such as COM.

o

OU: It is the Organizational Unit tag that identifies an OU container.

o

CN: It is the Common Name tag that identifies the common
name configured for an Active Directory
object.



Secure Socket Layer (SSL) is a technology built
-
in the Web server and browser to encrypt data traveling over the
Internet. The Secure Socket Layer (SSL) protocol provides communication privacy, authentication
, and message
integrity by using a combination of public
-
key and symmetric encryption.



Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security.



Passive detection is a type of intruder detection that i
nvolves logging network events to a file for an administrator
to review later.



In order to configure a wireless LAN to provide security, set the authentication type for the wireless LAN to Shared
Key, disable SSID Broadcast, and enable MAC address filterin
g on all the wireless access points. On each client
computer, add the SSID for the wireless LAN as the preferred network.



In order to secure wireless networks, use techniques such as closed network, SSID spoofing, and MAC address
filtering.



Only users wit
h the correct WEP key can authenticate from the access point of the network.



Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs).


Infrastructure Security



Firewall is used to protect the network against unauthori
zed access.



The Web browser’s Security setting controls the way in which a Web browser receives information and downloads
content from Web sites.



Routers prevent broadcasts from crossing over subnets.



Firewall should be installed between the LAN and the I
nternet to protect a LAN against external access and
misuse.



Firewall is available both as software and hardware. You can implement hardware
-
based firewall for security with
minimum administrative effort.



NSLOOKUP utility queries the DNS server to check w
hether or not the zone database contains the correct
information.



Blocking all the packets, unless they are explicitly permitted, is the most secure policy for a firewall.



Switch reads the destination’s MAC address or hardware address from each incoming da
ta packet and forwards
the data packet to its destination. This reduces the network traffic.



Firewall performs packet screening for security on the basis of port numbers.



Smart card is a device that contains a microprocessor and permanent memory. It is us
ed to securely store public
and private keys for log on, e
-
mail signing and encryption, and file encryption.



A fibre optic cable provides maximum security against electronic eavesdropping on a network.



Fiber
-
optic cable is used for high
-
speed, high
-
capaci
ty data transmission. It uses optical fibers to carry digital data
signals in the form of modulated pulses of light.



RG
-
59 type of coaxial cable is used for cable TV and cable modems.



Fiber
-
optic cables use light as a transmission media.



The extranet will

be used to specify the nature of access to the Web site. The extranet is an area on a Web site
that is available only to a set of registered visitors.



VPN is an example of extranet.



Demilitarized zone (DMZ) or perimeter network is a small network that
lies in between the Internet and a private
network.



A perimeter network is also known as a demilitarized zone or DMZ. It has a connection to the Internet through an
external firewall and a connection to the internal network through an interior firewall. It

protects a network from
unauthorized traffic.



Network Address Translation (NAT) is a technique that hides internal network hosts from the public network.



Bastion host is a computer that must be made secure because it is accessible from the Internet and he
nce is
more vulnerable to attacks.



Extranet is an area of a company’s Web site, which is available only to selected customers, suppliers, and
business partners. It allows users limited access to a company’s Intranet.



The DMZ is an IP network segment that c
ontains resources available to Internet users such as Web servers, FTP
servers, e
-
mail servers, and DNS servers.



Rogue employees and dial
-
up connections are threats to network security.



A honey pot is a computer that is used to attract potential intruders
or attackers. It is for this reason that a honey
pot has low security permissions. A honey pot is used to gain information about the intruders and their attack
strategies.



NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) reso
lution problems.



In case users are unable to access a Web site by entering the Web site address while able to access the Web
site by using the IP address. This is because the DNS server has no entry for the host name of the Web site.



Start of Authority (SO
A) record is the first record in any DNS database file.



FTP uses port 20 and 21 by default.



IIS provides the FTP, SMTP, and NNTP services with HTTP.



NTFS supports security features, such as encryption using Encrypting File System (EFS) and file and folder
level
permissions.



Port 53 is the default port for DNS zone transfer.



UDP port 137 is the default port for the NetBIOS name service.



Malicious e
-
mails can be prevented from entering the network from the non
-
existing domains by enabling DNS
reverse lookup o
n the e
-
mail server. DNS reverse lookup enhances the security of a network by confirming the
identity of incoming e
-
mails.



System hardening is a term used for securing an operating system.



Hotfix is a collection of files used by Microsoft for software upda
tes that are released between major service pack
releases. It is generally related to security problems.



Access control list (ACL) is a rule list containing access control entries. It is used to allow or deny access to
network resources.



NTFS file system p
rovides file
-
level security.



Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to
computers, so that they can communicate with other network services. It reduces the complexity of managing
network clien
t IP address configuration.



System hardening is a term used for securing an operating system. It can be achieved by installing the latest
service packs, removing unused protocols and services, and limiting the number of users with administrative
privileges
.



Directory service is a network service that stores and organizes information about a computer network’s users
and network resources, and that allows network administrators to manage users’ access to the resources.



Service pack is a medium by which produc
t updates are distributed. It is a collection of Fixes and Patches in a
single product. It contains updates for system reliability, program compatibility, and security.



It is responsible for the resolution of IP addresses to media access control (MAC) addr
esses of a network
interface card (NIC).



Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and
information among all member devices in an IP multicast group.



Internet Control Message Protocol (ICMP) protocol
provides maintenance and error reporting function.



TFS has all the basic capabilities of FAT and it provides better file security, improved disk compression and
support for larger hard disks.


Basics of Cryptography



Symmetric encryption is a type of encryp
tion that uses a single key to encrypt and decrypt data. Symmetric
encryption algorithms are faster than public key encryption.



Public key and private key re used in asymmetric encryption.



NTLM version 2 uses 128
-
bit encryption. It is the most secure form
of challenge/response authentication.



Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data.



Asymmetric encryption is a type of encryption that uses two keys, namely a public key and a private key pair for
data enc
ryption.



Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a
message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses symmetric
encryption key algorithm to encrypt
data.



Digital signature is a personal authentication method based on encryption and authorization codes.



Message authentication code (MAC) is a mechanism that applies an authentication scheme and a secret key to a
message, so that the message can only be v
erified by the intended recipient. It provides integrity checks based
on a secret key.



Digital signature is a personal authentication method based on encryption and authorization codes. It is created
by implementing a public
-
key encryption.



Confidentiality

is a term that refers to the protection of data against unauthorized access.



Non
-
repudiation is a mechanism which proves that the sender really sent a message.



Integrity ensures that no intentional or unintentional unauthorized modification is made to da
ta.



Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point
-
to
-
Point Tunneling Protocol (PPTP). It
provides tunneling, address assignment, and authentication.



Public Key Infrastructure (PKI) provides security through data encryption and digital

signature.



Certification authority (CA) is an entity in a network, which manages security credentials and public keys for
message encryption. It issues certificates that confirm the identity and other attributes of a certificate in relation to
other entit
ies.



Certificate Enrollment Protocol (CEP) allows Cisco devices to acquire and utilize digital certificates from
Certification Authorities (CAs).



Certificate Management Protocol (CMP) provides functionalities for advanced management associated with the
use

of digital certificates such as certificate issuance, exchange, revocation, invalidation, etc.



Online Certificate Status Protocol (OCSP) is used to verify the status of a certificate.



International Data Encryption Algorithm (IDEA) operates on 64
-
bit bloc
ks using a 128
-
bit key.



Twofish symmetric key block cipher operates on 128
-
bits block size using key sizes up to 256 bits.



Certificate server is a standards
-
based, highly customizable server program for managing the creation, issuance,
and renewal of digit
al certificates.



In a decentralized privilege management environment, user accounts and passwords are stored on each server.


Operational / Organizational Security



Shielding is a way of preventing electronic emissions that are generated from a computer or
network from being
used by unauthorized users for gathering confidential information.



Incremental backup backs up files that are created or changed since the last full or incremental backup.



Sanitization is the process of removing the content from the medi
a so that it is difficult to restore.



Declassification is the process of assessing the risk involved in discarding particular information.



Incremental backup is the fastest backup process. It backs up files that are created or changed since the last full
o
r incremental backup, and clears the archive bit.



RAID provides high availability of data.



A minimum of three disks are required for RAID
-
5 volumes.



Due Care policy identifies the level of confidentiality of information on a computer. It specifies how the
information
is to be handled.



A backup policy is a documentation of guidelines that are used to create archival copies of important data.



A chain of custody is a documentation that shows who has collected and accessed each piece of evidence. It is a
docume
ntation of guidelines that computer forensics experts use to handle evidences.



A retention policy is a company policy, which is set by a network administrator to allow users to retain their e
-
mails and documents for a fixed period of time.