CompTIA Security+ Exam Objectives 3.3

3.0 Access Control

3.3 Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges.

For this section you want to be aware of the importance of maintaining and implementing certain security groups and roles so that users are given proper privileges and rights on a computer system. Be sure you are aware of centralized and decentralized methods to maintain these security actions.

In order for any company or organization to have a true sense of security on their networks and computer systems, there has to be some sort of system used that will allow for proper security groups and roles so that certain users are only granted the rights and privileges on the system that they need. For any company to establish let alone maintain security, it is vital to ensure that access control models are set so that users are given the proper permissions and rights. Before security groups and roles can be set, the organization needs to determine what users require what privileges and so on, without this the process becomes much more tedious.

When it comes to managing privileges and rights on a network, there are two main ideas to keep in mind: centralization and decentralization. With centralized management of privileges and rights, there are servers that are entirely responsible for implementing, maintaining, and controlling all over the access rights, privileges, and security controls that are put in place. Think of a RADIUS authentication server when you think of a centralized privilege management.

Decentralization privilege management requires that each individual system be responsible for maintaining and implementing these controls and accesses. A workgroup network is an ideal decentralized privilege management system.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 3.2

Access Control 

3.2 Common Access Control Models

Access control is simply the mechanism in which users are given or denied with use and interaction of resources. Access control and authorization are often times interchangeably used as the first part of the process is that the user is given authorization or not to do certain things. Without access control there is no way to prevent. Below are the 3 commonly known access control models that you will need to know:

• ·         MAC – Mandatory access control is often used by military and government environments. MAC is simply the access given based on set rules rather than user discretion. These rules are set in a hierarchical way and are referred to as classifications or security domains. For example, think of unclassified, secret, top secret, and so on. MAC is also used outside of these two entities in the public sector. Many times classifications include public, sensitive, private, and confidential.

The main purpose of using MAC is to avoid disclosure, meaning disclosing confidential information. Think of it like top secret government information being leaked to the public. This event poses a huge national security threat. Consider something like Wikileaks.

• ·         DAC – Discretionary access control is more widely used in the private sector as well as in commercial and home environments. DAC is user controlled but the control mainly lies within the owner’s and creators of resources in the set environment. It is entirely identity based and the model uses access control lists which define which users or given or denied certain accesses. Individual user accounts are often added to DAC to define accesses.

• ·         Role & Rule based access control – Sometimes simply known as RBAC, role & rule based access control differ from each other despite having the same acronym. Role based access control is often known as non-discretionary access control. The access control is based on a user’s job function within the organization that owns the computer system. In essence, role based access control assigns permissions to particular roles or jobs within an organization.

On the other hand, rule based access control depends on rules set by the system administrator. These rules will either allow or deny access to certain resource objects on a computer system. These accesses are stored in Access Control Lists (ACL) and before permission is granted or denied, the operating system checks the rules within the ACL

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 3.1

Access Control

3.1 Access Control Methods

Section 3.1 of the Security+ test focuses on industry access control methods that should be put in place to protect against fraud, network errors, communication failure, and so on. Each of these methods is put in place to minimize the possibility of something going wrong within a company’s infrastructure or personnel.

• ·         Implicit deny – Implicit deny simply means denying all traffic unless it is specifically granted access. Implicit deny means that unless something like traffic on a network is explicitly allowed, it is denied. It isn’t used to deny all traffic, but instead used to deny all traffic that isn’t explicitly granted or allowed.

• ·         Least privilege – The idea behind least privilege is that processes or individuals should be given the rights necessary in order to perform assigned tasks or functions, but no more. Least privilege mostly focuses on rights and actions.

• ·         Separation of duties – Separation of duties is usually put in place to ensure that no one person or entity is able to control all of the functions of a specific critical process. The purpose is to separate these duties to two or more people or entities. This is to protect against fraud, errors, theft, and so on.

• ·         Job rotation – Job rotation to many people is something that is nothing more than personal and managerial gain. However, in the security world, job rotation can help a company protect against errors, fraud, and theft. If one person is left with one job for years and years, it can be easy to slowly but surely implement a method of theft.

Industry access control is something that has become more serious in the work-world today. More and more companies are realizing the importance of these methods to ensure that their personnel are working how they are expected to. Since companies are becoming more technical, activities such as least privilege and implicit deny are extremely important. This way company servers and networks are protected against rogue users and hackers as well as personnel who are seeking to exploit access controls.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.7

Network Infrastructure

2.7 Wireless Networking Vulnerabilities

Wireless networking has become extremely popular in today’s world. With wireless printers, wireless internet, and Bluetooth, we are always seeking ways to go wireless. It seems that anything and everything nowadays can be involved in the new wireless world. From cell phones to MP3 players and even a scale you use to weigh yourself, it seems most things are made to be wireless friendly. Even though it is extremely convenient, wireless networking is extremely vulnerable. Wireless networks as just as, if not more vulnerable to same attacks that can happen to wired networks. However, there is more of a risk with wireless networking because the radio frequency signals can be intercepted without much effort. 

For this section, be aware of the risks of using wireless networking.

·         Data emanation – To put it simply, data emanation is electronic eavesdropping. As data travels throughout a computer or through the wires or access points of a network, a magnetic field is generated. This magnetic field can be read and unauthorized users can gain access to personal data. The problem is that this data can be intercepted and put into the wrong hands.

·         War driving – War driving is simply when a user, often times with malicious intent, uses a tool to seek out wireless network signals. An example would be a man who drives around with a laptop with a network card set to promiscuous mode, meaning it is constantly seeking for a WAP to communicate with. Once access is gained, the user can use the Internet access or damage your computer’s data.

·         SSID broadcast – Most wireless networks today are assigned a SSID. They are routinely broadcasted which means any device that offers the option to automatically connect to a network can be used and a connection can be made. This puts your network and information at risk.

·         Blue jacking – When spam or unsolicited messages are sent over a Bluetooth connection. Though a vulnerability, blue jacking is truly more of an annoyance than it is a huge threat to wireless networks.

·         Bluesnarfing – Bluesnarfing involves gaining unauthorized access through the use of a cell phone, a PDA, or a similar device. Once access is gained, the user is able to freely copy and steal data.

·         Rogue access points – Access points added to your wireless network that you haven’t authorized are considered to be rogue access points. Sometimes these access points can be set by someone looking to attack your wireless network. However, in most cases, the point is set by you or someone else who utilizes your network, except most times these access points are not given proper security and are therefore extremely vulnerable. Think man in the middle attack.

·         Weak encryption – Sometimes the cryptographic keys used to encrypt a file or a network can be too short or extremely easy to guess, which puts your data at risk. Most times these keys are less than 64-bits and can be cracked with the proper program.

Because wireless computing and networking is so popular today, companies are stepping up their efforts to include security controls to help fight against the threats of using wireless connections. Think of smart phones and how companies are trying to find ways to prevent Bluetooth hacking.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.6

Network Infrastructure

2.6 Transmission Media Vulnerabilities

You will rarely see questions on the CompTIA Security+ test dealing with vampire taps, simply because they are so aged and are rarely used these days. 

·         Vampire tap – A vampire tap is a connection to a coaxial cable that uses a hole drilled into the cable so that a clamp can be placed and connected to the inner conductor part of the cable. These types of taps are often used to connect some sort of device such as PC or printer to be connected to the cable. The tap allows for new connections to be made as long as the cable is in use. Administrators can use it to increase bus-topology network sections.

The entire problem with transmission media, especially coaxial cables is that they can be tapped into. Vampire taps can be used maliciously by rogue users who are seeking to attack a network.

Not much has been done with coaxial cables. Today companies are working to make them smaller and thinner, but the fact is that most people don’t use these cables anymore.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.5

Network Infrastructure

2.5 Network Device Vulnerabilities

Network devices of all types are vulnerable to many different security risks and threats. This is why hardening is important, so that the chance of a threat actually becoming a malicious reality is extremely low. Switches, firewalls, routers and anything else connected to a network are all vulnerable to some sort of attack. For this section, keep these attacks in mind and correlate the risk that they carry.

·         Privilege escalation – Privilege escalation is when a user is able to obtain higher permissions than those given by the system administrator. This can happen accidentally when an administrator assigns the wrong privileges, but in most cases, privilege escalation occurs when a user is trying to steal access. Many times a rogue user will find a flaw within the computer’s programming to use an exploit to gain administrative rights to a computer. Others will use keystroke loggers to gain access. This is why operating systems on every piece of hardware need to be patched and updated as necessary.

·         Weak passwords – Weak passwords on any level, from guest accounts all the way up to administrative accounts are a huge security risk. Any computer or any other piece of hardware with weak passwords is susceptible to password guessing, password crackers, and other threats.

·         Back doors – Hackers and crackers will often find and exploit backdoors that developers did not fix when programming. Back doors also include RAT tools that are placed by hackers to gain full control of your computer.

·         Default accounts – Default accounts are extreme vulnerabilities because most computer users know that they exist. When a hacker is looking to gain access to your information, he/she can opt to crack the password to the default account and in no time will have access to your files. Many times computer users forget to change the default passwords on these accounts which makes them even more vulnerable.

·         DOS – Denial of service attacks are common and can be used at anytime against any type of network or computer that lacks the proper security.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.3

Network Infrastructure

2.3 Appropriate Use of Network Security Tools

You should know that the absolute best and easiest way to keep a computer safe is to physically isolate it from any sort of outside contact. However, this isn’t always possible, so to keep security at a high level, networks and online environments have become extremely complex. In the end, the most important thing is to secure the devices by using security tools to secure physical items.

·         NIPS – Network Intrusion-Prevention Systems. NIPS are often used with NIDS. NIPS can be both hardware and software based. The systems can range from intrusion detection to detection with prevention. NIPS will scan for configuration weaknesses and will detect attacks after they occur. Inline NIPS can prevent an attack and can proactively provide support from damage happening to machines on a network

·         NIDS – Network-Based Intrusion-Detection System. Used to monitor packet flow. NIDS can also be used to locate certain packets that may have slipped through the firewall but are not allowed. They are great for picking up DoS attacks as well as access by unauthorized users.

·         Firewalls – Firewalls offer great protection but shouldn’t be the only security tool used on a network. They are placed on networks and computers and are used to control undesired access by those outside of the network. Firewalls can be hardware, software, and a mixture of both. Firewalls should be the first line of defense, but not the only or last. Be aware of the different types of firewalls including proxy service firewalls, packet-filtering firewalls and others.

·         Honeypot – A honeypot is used to attract and then trap malicious users who try to penetrate a vulnerable computer system. They are often used in conjunction with other security tools.

·         Proxy servers – Proxy servers are similar to proxy-level firewalls as they both are placed between the Internet and the network at hand. Proxy servers are great for logging, caching, and security. When a request is sent to the proxy server for an Internet service, the request has to pass through certain filters and check back with the cache from previously visited web pages.

·         Internet content filters – Internet content filters filter what sort of websites and applications can and cannot be ran. Certain words, phrases, and terms are compared to the content of applications and web pages to either allow access or deny it. These filters are popularly used at schools and in the workplace. Think of Vista’s Parental Controls.

·         Protocol analyzers – Protocol analyzers are great for two things. For one they can gather packet-level information from the network to help troubleshoot a problem. When the packets are captured, they are decoded into readable data. These analyzers are also useful when it comes to monitoring, such as unwanted or unexpected network traffic.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.2

Network Infrastructure

2.2 Network Design Elements & Components

In section 2.2, you’re looking to know the main differences between various network design elements and components. You should know that when creating a network security policy, you have to have a set list of procedures to follow in order to defend each and every user from data loss and harm. This means implementing proper security elements such as firewalls, VLANS, and so on. You’ll want to know what these elements and components can do for your network’s security.

• ·         DMZ – Demilitarized zone is a small network between the internal and the Internet. It allows outside users to have access to information said to be necessary but will not share internal information. Basically outside users can access data, but none of the data will be internal. This way your network has a shield of privacy and security. Many network engineers opt to put mail and web servers on the DMZ since they are often exposed to the internet. But this calls for upkeep with patches and further hardening.

• ·         NAC – Network Access Control. NAC is extremely effective in protecting networks from malicious hosts by ensuring proper configuration on computers. NAC will examine a computer and based on the results it gets, will either grant or not grant access to the network. Computes that aren’t given access are often times put on a guest VLAN or redirected to a different server. Know what the access requestor, policy decision point, and policy enforcement point are. Be aware of integrating NAC inline, switch based, host based, and out-of-band.

• ·         VLAN – Virtual Local Area Network is used to combine network nodes into the same broadcast domain without worrying about physical attachment. Can be used to reduce the amount of broadcast traffic in a switched network because it can create multiple isolated LANS.

• ·         NAT – Network address translation is a liaison that works between the Internet and an internal network. NAT lets many computers connect to the Internet by using a single IP address. This way, the internal network is hidden from the outside world because it uses a private IP address.

Also make note of network interconnections, subnetting, and telephony. Remember, this section is all about how you can use these various items to boost network security.

Going along with network security, many companies have opted to include built-in security features for networks. NETGEAR, a popular networking company, has added to its ProSafe Plus Switch line with models that have QoS prioritization for both voice and video traffic as well as VLAN configuration. The switches also offer protection against DoS attacks.

GetCertify4Less and GetCertified4Less

Certification Changes for 2010 and 2011

2010 has been a year of change for IT Certification...and it is not done yet.  Here are some Certification changes scheduled for the rest of 2010:

•  DoD Directive 8570.01 certification deadline is December 31, 2010. More information on DOD 8570.01 can be found here.
• CompTIA Bridge exams retire December 31, 2010
• CompTIA "Certified for Life" ends December 31, 2010
• CompTIA  RFID+ (RF0-001) exam retires December 31, 2010, no replacement
• CompTIA CDIA+ (225-030)  exam retires December 31, 2010, no replacement
• CompTIA Server+ exam SK0-002 will retire; the replacement for this exam is SK0-003

Here are a few changes expected in 2011:

• CompTIA A+ will include Windows 7 Operating System January 2011
• CompTIA Project+ 2003 will retire March 31, 2011
• CompTIA Security+ SYO-301 expected to be released. The new objectives for the SYO-301 are available here.
• Microsoft is planning to retire several certification exams on  March 31st, 2011. List of exams can be found here.

Most notably would be the change of the CompTIA certification policy.  Full details on the CompTIA certification policy can be found here.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.1

Network Infrastructure

2.1 Ports and Protocols

In this section, it is definitely important to have a strong grasp on some of the most commonly used ports. For example, you’ll want to know that port 80 is the Hypertext Transfer Protocol (HTTP) port, that port 15 is Netstat, port 25 is SMTP, port 110 is POP3, port 443 is HTTPS, and so on. Some other port numbers you want to familiarize yourself with are:

·         Port 21 – FTP

·         Port 22 – SSH

·         Port 23 – Telnet

·         Port 53 – DNS

·         Port 161/162- SNMP

However, just knowing your port numbers and their functions isn’t enough. You want to be able to differentiate between all of them, know the threats that they face, and then how to mitigate these threats.

Section 2.1 also requires you know the difference between network design elements and components as well as the large variety of threats that can be used to exploit open ports and protocols. For instance, you’ll want to know what a DDOS attack is, how it is done, the damage it does, and what port it exploits to be successful. Also focus on knowing these other attacks:

·         DOS

o   Smurfing

o   Fraggle

o   Land

o   SYN flood

o   Ping flood

·         TCP/IP hijacking

·         Spoofing

·         DOS

·         DNS poisoning

·         Null sessions

·         Replay

Be sure to note how these threats pose security issues to a network and how networks can be patched and configured in a way that the network isn’t as vulnerable. You’ll also want to know how to protect your network in the case of a successful attack.

Even though some companies worry very little about these types of attacks, the fact is that any server or website on the internet can easily become a victim of one. For example, DOS and DDOS attacks are extremely popular these days, yet companies still neglect to have the proper configuration and mitigation techniques to avert these types of attacks. For instance, a main ISP in Myanmar has apparently been suffering from constant DDOS attacks since October. Also recently in the news is a group known as “Anonymous” who have been DDOS attacking various IRAA websites.

CompTIA Security+ Exam Objectives 1.6

          Systems Security

               1.6    Purpose of Virtualization Technology

The idea behind section 1.6 is to be aware and able to express what virtualization is, what it does, and the security positives and negatives that it brings.

The use of virtualization technology, most notably virtual machines, is extremely popular today. It involves the process of allocating and presenting the physical resources of one type of computer hardware and then using it in multiple-operating system instances. Basically, if you opt to use virtualization technology, you can get rid of the common one server, one application mindset and are able to run and control numerous virtual machines on one single physical machine. However, these virtual machines will appear to be entirely separate entities. Though the technology may seem new, it has been around since 1972, when IMB offered a way to segment the VM/370 OS resources. Virtualization can also be used on servers, where a single server can host many different logical machines.

You’ll also want to focus on virtualization from the security point of view. When using virtual machines, you can easily test different security tools and applications before applying them to your ‘real’ network. This type of technology is great when you’re in the developing and testing part of creating a secure network.

On the flip side, virtualization also poses as a security threat. If someone were to ever gain access to the system, they have access to not everything just on the physical machine, but the virtual machines as well. However, attacks on virtual machines are rarely heard of, though the technology is becoming more and more widespread, which may push some to target them.

Today, even though cloud computing has made its way into the spot-light, virtualization technology still has the stronghold. Moving away from virtual computers, people are looking towards new virtualization technologies including virtual security, virtual desktops, virtual encryption, virtual storage, and many other things.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.5

     Systems Security

       1.5  Implementing Security Applications

You understand why security is important and how you can safeguard your computer and network manually and through the use of hardening processes, but section 1.5 focuses on using certain types of software and applications that provide even more security. This is just another layer of the blanket of security that your network demands. Be aware of the terms below and know how they work, what their purpose is, and how they implement different types of security.

·         HIDS

·         Antivirus

·         Anti-spam

·         Pop-up blockers

·         Personal software firewalls

Some of them are self-explanatory such as a pop-up blocker, but do you know why a pop-up blocker is important? Note that pop-up blockers keep pop-ups from being run and leaving a cookie on your hard drive. You’ll want to know how firewalls work and how they can be used in the case of an attack against your compute or network.

HIDS is the host-based intrusion detection system, which is used to analyze all of the dynamic behavior of a computer system. They usually monitor the file system objects but can be used to monitor portions of the memory that should not be changed. The application also analyzes the state of the system, a process which comes in handy when a hacker plants a keylogger, botnet, spam, etc. HIDS will look for any changes and report them.

Know the difference between antivirus software and anti-spam. Antivirus programs are used to protect against known threats including viruses, worms, trojans, etc. These programs can be used to diagnose as well as to quarantine and eventually clean any type of infections.

You’ve probably heard the whole “if you want security, get a Mac, no one exploits them” talk, but in today’s world, no computer platform is 100% safe. When Apple released their Mac OS X 10.6.x, better known as Snow Leopard, various people were able to exploit a hole within the Java application. This goes to show that there is a strong need for security application. In fact, well-known company ESET Cybersecurity has created an antivirus program that works across the most widely used computer flatforms: Windows, Mac, and Linux.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.4

Systems Security

     1.4  Application Security Procedures

Section 1.4 is full of key terms that you want to be aware of. Not only should you be able to define what they do, but you want to consider how the term applies to applicant security. By now you know that security controls can be put in place through both software and hardware. When it comes to application (software) security, there are certain settings and procedures that can be done to fend off any type of unauthorized access. Below are a few of the terms described and the security procedures provided:

• ·       ActiveX – A product of Microsoft that adds functionality to websites. Often times it facilitates multimedia viewing, such as videos, as well as to change certain functions of a browser. Hackers have found ways to exploit holes within ActiveX to install malicious software. ActiveX now prompts a user to ensure that the ActiveX script is from a website they trust.

• ·         Java – Created by Sun Microsystems and allows applications to run under any and all operating systems. It is widely used for web development, though many programmers never thought to, or didn’t know how, to add security into the applications they were creating.

• ·         Browser – From Firefox to IE to Opera and Safari, to browse the internet, you need a functioning browser. Browsers have always been a wide target of attacks, though newer browsers and updates of older browsers allow for more security control with added pop-up blockers, addons, plugins, and other things.

• ·         Scripting – Scripts are basically programs that can be coded in various languages such as Perl, Python, JavaScript, and so on. With scripts, they can be exploited and put on the victim’s computer.

• ·         Cookies – Most websites will leave a cookie on your computer, especially when the website asks to remember your login preferences. The cookie is homed on your hard drive and can be retrieved by the website each time. However, though cookies themselves aren’t malicious, the personal information they hold can be gained and used in malicious ways.

• ·         Instant messaging – Instant messaging has been a popular way to communicate but the port that most of these programs use is extremely vulnerable to being exploited.

Nowadays, with application security being seen as a huge importance, many companies that create and distribute software are actually taking the time during the beginning development process to add-in pre-built security features. Companies are even looking to pay people to find bugs and security flaws within their programs. A very popularly known company doing this is no other than Google.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.3

Systems Security

    1.3    OS Hardening and Server Security

With section 1.3, you’ll want to of course have knowledge of some of the more important terms in the section. Make sure that you can define them and use them in a real life situation. Section 1.3 is all about ensuring security on both operating systems as well as on servers. This section has a lot to do with software and the security updates sent out by the various software companies. These include:

Hotfixes

Service pack

Patches

Patch management

Security templates

Group policies

Configuration baselines

Be sure that are able to know the difference between all of them, as some of them are pretty similar in uses. For example, know the service packs, patches, hotfixes, and security updates are all provided by vendors of a certain piece of software to upgrade, improve, and fix issues that have been brought to light. It’s also crucial that you know how important it is to deal with the upkeep of patch management.

This section is all about operation system hardening; be sure to know what it is, the various methods of doing it, and why it is important. Having a non-secure OS poses a line of threats but by adding security programs such as anti-virus, firewalls, and others, greatly improve a computer’s security.

Be aware of how crucial security baselines are and remember that all companies should/need to have one drafted for true security. You will also want to make note of the various ways to harden and further secure an OS. For example, getting rid of all nonessential software highly increases a computer’s security. Also be aware of the importance of documenting anything from network design and implementation.

October stands as a month marked by increased security patches released by Microsoft. In fact, the company broke its own record of 36 fixes to reduce security vulnerability in October when they released patches to cover 49 vulnerabilities.

GetCertify4Less and GetCertified4Less