CompTIA Security+ Exam Objectives 2.1

Network Infrastructure

2.1 Ports and Protocols

In this section, it is definitely important to have a strong grasp on some of the most commonly used ports. For example, you’ll want to know that port 80 is the Hypertext Transfer Protocol (HTTP) port, that port 15 is Netstat, port 25 is SMTP, port 110 is POP3, port 443 is HTTPS, and so on. Some other port numbers you want to familiarize yourself with are:

·         Port 21 – FTP

·         Port 22 – SSH

·         Port 23 – Telnet

·         Port 53 – DNS

·         Port 161/162- SNMP

However, just knowing your port numbers and their functions isn’t enough. You want to be able to differentiate between all of them, know the threats that they face, and then how to mitigate these threats.

Section 2.1 also requires you know the difference between network design elements and components as well as the large variety of threats that can be used to exploit open ports and protocols. For instance, you’ll want to know what a DDOS attack is, how it is done, the damage it does, and what port it exploits to be successful. Also focus on knowing these other attacks:

·         DOS

o   Smurfing

o   Fraggle

o   Land

o   SYN flood

o   Ping flood

·         TCP/IP hijacking

·         Spoofing

·         DOS

·         DNS poisoning

·         Null sessions

·         Replay

Be sure to note how these threats pose security issues to a network and how networks can be patched and configured in a way that the network isn’t as vulnerable. You’ll also want to know how to protect your network in the case of a successful attack.

Even though some companies worry very little about these types of attacks, the fact is that any server or website on the internet can easily become a victim of one. For example, DOS and DDOS attacks are extremely popular these days, yet companies still neglect to have the proper configuration and mitigation techniques to avert these types of attacks. For instance, a main ISP in Myanmar has apparently been suffering from constant DDOS attacks since October. Also recently in the news is a group known as “Anonymous” who have been DDOS attacking various IRAA websites.

CompTIA Security+ Exam Objectives 1.6

          Systems Security

               1.6    Purpose of Virtualization Technology

The idea behind section 1.6 is to be aware and able to express what virtualization is, what it does, and the security positives and negatives that it brings.

The use of virtualization technology, most notably virtual machines, is extremely popular today. It involves the process of allocating and presenting the physical resources of one type of computer hardware and then using it in multiple-operating system instances. Basically, if you opt to use virtualization technology, you can get rid of the common one server, one application mindset and are able to run and control numerous virtual machines on one single physical machine. However, these virtual machines will appear to be entirely separate entities. Though the technology may seem new, it has been around since 1972, when IMB offered a way to segment the VM/370 OS resources. Virtualization can also be used on servers, where a single server can host many different logical machines.

You’ll also want to focus on virtualization from the security point of view. When using virtual machines, you can easily test different security tools and applications before applying them to your ‘real’ network. This type of technology is great when you’re in the developing and testing part of creating a secure network.

On the flip side, virtualization also poses as a security threat. If someone were to ever gain access to the system, they have access to not everything just on the physical machine, but the virtual machines as well. However, attacks on virtual machines are rarely heard of, though the technology is becoming more and more widespread, which may push some to target them.

Today, even though cloud computing has made its way into the spot-light, virtualization technology still has the stronghold. Moving away from virtual computers, people are looking towards new virtualization technologies including virtual security, virtual desktops, virtual encryption, virtual storage, and many other things.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.5

     Systems Security

       1.5  Implementing Security Applications

You understand why security is important and how you can safeguard your computer and network manually and through the use of hardening processes, but section 1.5 focuses on using certain types of software and applications that provide even more security. This is just another layer of the blanket of security that your network demands. Be aware of the terms below and know how they work, what their purpose is, and how they implement different types of security.

·         HIDS

·         Antivirus

·         Anti-spam

·         Pop-up blockers

·         Personal software firewalls

Some of them are self-explanatory such as a pop-up blocker, but do you know why a pop-up blocker is important? Note that pop-up blockers keep pop-ups from being run and leaving a cookie on your hard drive. You’ll want to know how firewalls work and how they can be used in the case of an attack against your compute or network.

HIDS is the host-based intrusion detection system, which is used to analyze all of the dynamic behavior of a computer system. They usually monitor the file system objects but can be used to monitor portions of the memory that should not be changed. The application also analyzes the state of the system, a process which comes in handy when a hacker plants a keylogger, botnet, spam, etc. HIDS will look for any changes and report them.

Know the difference between antivirus software and anti-spam. Antivirus programs are used to protect against known threats including viruses, worms, trojans, etc. These programs can be used to diagnose as well as to quarantine and eventually clean any type of infections.

You’ve probably heard the whole “if you want security, get a Mac, no one exploits them” talk, but in today’s world, no computer platform is 100% safe. When Apple released their Mac OS X 10.6.x, better known as Snow Leopard, various people were able to exploit a hole within the Java application. This goes to show that there is a strong need for security application. In fact, well-known company ESET Cybersecurity has created an antivirus program that works across the most widely used computer flatforms: Windows, Mac, and Linux.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.4

Systems Security

     1.4  Application Security Procedures

Section 1.4 is full of key terms that you want to be aware of. Not only should you be able to define what they do, but you want to consider how the term applies to applicant security. By now you know that security controls can be put in place through both software and hardware. When it comes to application (software) security, there are certain settings and procedures that can be done to fend off any type of unauthorized access. Below are a few of the terms described and the security procedures provided:

• ·       ActiveX – A product of Microsoft that adds functionality to websites. Often times it facilitates multimedia viewing, such as videos, as well as to change certain functions of a browser. Hackers have found ways to exploit holes within ActiveX to install malicious software. ActiveX now prompts a user to ensure that the ActiveX script is from a website they trust.

• ·         Java – Created by Sun Microsystems and allows applications to run under any and all operating systems. It is widely used for web development, though many programmers never thought to, or didn’t know how, to add security into the applications they were creating.

• ·         Browser – From Firefox to IE to Opera and Safari, to browse the internet, you need a functioning browser. Browsers have always been a wide target of attacks, though newer browsers and updates of older browsers allow for more security control with added pop-up blockers, addons, plugins, and other things.

• ·         Scripting – Scripts are basically programs that can be coded in various languages such as Perl, Python, JavaScript, and so on. With scripts, they can be exploited and put on the victim’s computer.

• ·         Cookies – Most websites will leave a cookie on your computer, especially when the website asks to remember your login preferences. The cookie is homed on your hard drive and can be retrieved by the website each time. However, though cookies themselves aren’t malicious, the personal information they hold can be gained and used in malicious ways.

• ·         Instant messaging – Instant messaging has been a popular way to communicate but the port that most of these programs use is extremely vulnerable to being exploited.

Nowadays, with application security being seen as a huge importance, many companies that create and distribute software are actually taking the time during the beginning development process to add-in pre-built security features. Companies are even looking to pay people to find bugs and security flaws within their programs. A very popularly known company doing this is no other than Google.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.3

Systems Security

    1.3    OS Hardening and Server Security

With section 1.3, you’ll want to of course have knowledge of some of the more important terms in the section. Make sure that you can define them and use them in a real life situation. Section 1.3 is all about ensuring security on both operating systems as well as on servers. This section has a lot to do with software and the security updates sent out by the various software companies. These include:

Hotfixes

Service pack

Patches

Patch management

Security templates

Group policies

Configuration baselines

Be sure that are able to know the difference between all of them, as some of them are pretty similar in uses. For example, know the service packs, patches, hotfixes, and security updates are all provided by vendors of a certain piece of software to upgrade, improve, and fix issues that have been brought to light. It’s also crucial that you know how important it is to deal with the upkeep of patch management.

This section is all about operation system hardening; be sure to know what it is, the various methods of doing it, and why it is important. Having a non-secure OS poses a line of threats but by adding security programs such as anti-virus, firewalls, and others, greatly improve a computer’s security.

Be aware of how crucial security baselines are and remember that all companies should/need to have one drafted for true security. You will also want to make note of the various ways to harden and further secure an OS. For example, getting rid of all nonessential software highly increases a computer’s security. Also be aware of the importance of documenting anything from network design and implementation.

October stands as a month marked by increased security patches released by Microsoft. In fact, the company broke its own record of 36 fixes to reduce security vulnerability in October when they released patches to cover 49 vulnerabilities.

GetCertify4Less and GetCertified4Less

New CompTIA Storage+ Powered by SNIA Exam

CompTIA, the world leader in vendor-neutral IT credentials,  and SNIA, the Storage Networking Industry Association, the global leader for the storage industry and storage end users, are building a brand-new, vendor-neutral certification examination in storage networking and information management. It will be called “CompTIA Storage+ Powered by SNIA,” and it is scheduled to be released in 2011.

CompTIA and SNIA are looking for Subject Matter Experts (SMEs) to help create the new exam.  The workshop will be held January 31st - February 4th, 2011 at CompTIA Headquarters, Downers Grove, Illinois.

More information on CompTIA Storage+ Powered by SNIA and the SME workshop can be found here.

GetCertify4Less and GetCertified4Less

DOD 8570 Certification Deadline Approaching

DoD Directive 8570.01 requires all individuals possessing privileged access to a DoD Information System be properly trained and certified in the secure operation of computer systems used throughout the DoD’s Global Information Grid.  DOD 8570 certification must be completed before December 31, 2010.


More information on DOD 8570 can be found here.
GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.2

    Systems Security

    1.2   Security Risks for Hardware and Peripheral Devices

When it comes to security for hardware and peripherals, there is a multi-layer necessity that has to be in place. Without these layers of protection to safe-keep data and other information, the security of a computer and even an entire network can be put at risk. For the 1.2 section of the test, you’ll want to be aware of these risks.

BIOS (basic input/output system) – BIOS is the software/firmware installed on a hard drive’s EEPROM. Once booted, BIOS will initiate most of the hardware components such as the video card, sound card, optical drive, and so on. BIOS attacks are extremely popular and have been for some time because of the amount of ‘power’ that BIOS has. These attacks are also popular because is it rare that many people take the time to monitor and/or secure the BIOS. BIOS can be exploited manually as well as through malicious code sent to infect it.

Cell phones – The amount of things you can do with a cell phone continues to grow and more of the most recent advances are focused on interaction with the internet; just think of the iPhone. Because of this, cell phones are becoming a huge threat to security. Not only can cell phones be used to transport malicious code and/or confidential data, they can be used to obtain personal information. The other problem comes about when the cell phone is used as a USB device.

USB devices – Almost all people who have some sort of need to use a computer own a USB device. Most portable devices nowadays, including video cameras, cell phones, digital cameras, and others all connect to the computer through the USB port. Even though this method is extremely convenient and easy for the user, these devices pose a huge security threat. For one, most computers built recently can be booted off of a USB. This gives the user the chance to boot using another OS which then overrides the originally installed OS. Also, USB devices can be used to leak sensitive information as well as to place malicious code onto a hard drive.

Removable storage – Removal storage is another convenient yet security-compromising tool. These devices include smartcards, flashcards, CD-Rs, DVD-Rs, and so on. For the same reasons as mentioned, removable storage is dangerous because it can be used to share confidential data as well as to infect a computer through malicious code.

Network attached storage – Network attached storage is connected directly to the LAN that is used as a means to store network files without a dedicated file server. Think of this type of storage as a ‘smarter’ hard drive with the ability to communicate with the network. The problem with NAS is that rogue users can exploit the device and gain all sorts of information that may be highly confidential. Malicious code and data corruption are possible as well.

Security risks will always be alive and well as long as we have computers, the internet, and people who are unwilling or uneducated on securing their hardware and peripherals. However, these risks are taken much more seriously now. In 2008, the Department of Defense as well as certain military institutions banned the use of USB devices on government-owned computers. The ban was put in place after several computers were infected with the Agent.btz. Virus and the SillyFDCWorm. In May of 2010, Threats Report: First Quarter 2010 reported that the biggest thread was a worm that infected a computer and any USB devices that would be connected to it.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 1.1

 

1.0 Systems Security

      1.1   Security Risks and Threats

The first portion of the CompTIA Security+ class deals with systems security and covers items such as viruses, trojans, worms, spam, rootkits, and other terms. To be successful in this portion of the class and test, you’ll want to know a few of the key terms that shape the first section:

                                           Virus                          Rootkits

                                           Trojan                        Adware

                                           Worm                         Botnets

                                           Spyware                     Logic bomb

                                           Spam                          Privilege escalation

Even if you know the definitions, you’ll want to know the differences between the terms. For example, a virus and a trojan aren’t the same, and neither is a worm. A virus works by attaching to an existing file, usually an executable, or a program, and it spreads when the infected file is shared. A worm is in fact a virus and works similarly, but there isn’t any need for human interaction for the infection to spread. A trojan does not infect files and does not self-replicate. Instead, they work by appearing to be a legitimate program that, once opened and installed, will do damage.

Knowing the difference between adware and spyware is also a must. Spyware is installed unknowingly when someone downloads freeware. Adware often comes when you download freeware and ads are displayed when you use the software. They allow the software to produce some sort of income as well as to encourage people to buy the product. Spyware is very similar but it will track your surfing habits to show ads related to your activity. Spyware is intrusive and can open holes to be exploited.

Viruses, worms, trojans, botkits, and plenty of other threats are always on the rise. Most recently, there are plenty of security risks and threats that we all face. From phishing pages that draw spam to our emails and viruses sent through emails that spread when an infected link is clicked, with the internet booming, the risks and threats continue to as well. Most recently, the biggest worry seems to be those targeting social networking websites. There is plenty of spam on these websites and you’ll often time find plenty of links that are either spam links or links that are infected. The most notable virus to speak of in October was the Virus.Win32.Murofet virus that was known to infect PE files. The links that the virus created were made using an md5 hash and the end product was a biz, .org, .com, .net, or .info link with the string ending with /forum.

GetCertify4Less and GetCertified4Less

CompTIA Strata Exams

CompTIA's Strata program offers fundamental to advanced certificates that validate a wide range of subjects in information technology (IT).The CompTIA Strata Certificate Program is designed for:

• Individuals seeking a new career in IT
• Students new to the IT and technology job market
• Professionals in technology sales careers
• Individuals considering CompTIA A+ or other IT industry certifications
• Certified or seasoned IT career professionals who want to enhance their credentials 

There are three Strata exams to choose from:

     CompTIA Strata IT Fundamentals

Exam code: FC0-U41 

The CompTIA Strata IT Fundamentals exam is designed to show that a successful candidate has the knowledge to identify technology and computer hardware basics, compatibility issues and common errors, software installation and functions, security risks and prevention, as well as some Green IT and preventative maintenance practices.

The Strata IT Fundamentals certificate is ideal for individuals and students new to the IT job market as well as the increasing number of professionals changing careers to IT or technology-related fields.  Many entering an IT career will continue to pursue higher certifications in CompTIA A+, and with specialized experience, CompTIA Network+ and CompTIA Security +.  

      CompTIA Strata IT for Sales  

Exam code: FC0-TS1

The CompTIA Strata IT for Sales exam is designed to show that the successful candidate has the knowledge to effectively engage a customer, identify types of technology users, coordinate with technical staff, ensure customer satisfaction, and provide appropriate solutions based on customer requirements - including Green IT and preventative maintenance.

The Strata IT for Sales certificate is ideal for students or individuals entering a sales career as well as seasoned sales professionals new to selling technology products and solutions.

     CompTIA Strata Green IT

Exam code: FC0-GR1 

CompTIA's Strata Green IT certificate is designed to enhance an IT professional's experience, knowledge, and existing IT credentials to incorporate emerging technologies shaping the global green IT industry today. IT professionals that pass the Green IT exam validate that they have the aptitude needed to effectively implement and measure green IT programs and investments, including:

• A specialized knowledge of current IT methodologies
• The ability to develop, deploy, and calculate true ROI for green IT initiatives
• Knowledge of cost-cutting power management and IT virtualization techniques
• Proven understanding of environmentally-sound waste disposal
• An awareness of global organizations mandating standards and regulations

The Strata Green IT certificate is ideal for IT professionals who have decision making authority over a company's IT infrastructure or work in implementing green IT initiatives such as an IT manager, data center or facilities / operations manager, IT technician, and system or network administrator.

Prerequisites:

It is recommended that candidates taking the exam for Strata Green IT have a minimum of 18 months of technical experience with CompTIA A+, CompTIA Server+ or other IT credential.

For more information on the Strata exams visit CompTIA

To save on your Strata Certification visit GetCertify4Less

GetCertify4Less and GetCertified4Less

New CompTIA Security+ Exam

It looks like CompTIA will be updating the Security+ exam soon.  The new objectives for the SYO-301 are available here. No word yet on when the new exam will be released or if there will be a bridge exam for those certified in Security+ 2008. Below is a breakdown of SYO-201 vs. SYO-301. Update: CompTIA SYO-301 Security+ exam to be release in late 2011.

GetCertify4Less and GetCertified4Less