CompTIA Security+ Exam Objectives 3.3

3.0 Access Control

3.3 Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges.

For this section you want to be aware of the importance of maintaining and implementing certain security groups and roles so that users are given proper privileges and rights on a computer system. Be sure you are aware of centralized and decentralized methods to maintain these security actions.

In order for any company or organization to have a true sense of security on their networks and computer systems, there has to be some sort of system used that will allow for proper security groups and roles so that certain users are only granted the rights and privileges on the system that they need. For any company to establish let alone maintain security, it is vital to ensure that access control models are set so that users are given the proper permissions and rights. Before security groups and roles can be set, the organization needs to determine what users require what privileges and so on, without this the process becomes much more tedious.

When it comes to managing privileges and rights on a network, there are two main ideas to keep in mind: centralization and decentralization. With centralized management of privileges and rights, there are servers that are entirely responsible for implementing, maintaining, and controlling all over the access rights, privileges, and security controls that are put in place. Think of a RADIUS authentication server when you think of a centralized privilege management.

Decentralization privilege management requires that each individual system be responsible for maintaining and implementing these controls and accesses. A workgroup network is an ideal decentralized privilege management system.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 3.2

Access Control 

3.2 Common Access Control Models

Access control is simply the mechanism in which users are given or denied with use and interaction of resources. Access control and authorization are often times interchangeably used as the first part of the process is that the user is given authorization or not to do certain things. Without access control there is no way to prevent. Below are the 3 commonly known access control models that you will need to know:

• ·         MAC – Mandatory access control is often used by military and government environments. MAC is simply the access given based on set rules rather than user discretion. These rules are set in a hierarchical way and are referred to as classifications or security domains. For example, think of unclassified, secret, top secret, and so on. MAC is also used outside of these two entities in the public sector. Many times classifications include public, sensitive, private, and confidential.

The main purpose of using MAC is to avoid disclosure, meaning disclosing confidential information. Think of it like top secret government information being leaked to the public. This event poses a huge national security threat. Consider something like Wikileaks.

• ·         DAC – Discretionary access control is more widely used in the private sector as well as in commercial and home environments. DAC is user controlled but the control mainly lies within the owner’s and creators of resources in the set environment. It is entirely identity based and the model uses access control lists which define which users or given or denied certain accesses. Individual user accounts are often added to DAC to define accesses.

• ·         Role & Rule based access control – Sometimes simply known as RBAC, role & rule based access control differ from each other despite having the same acronym. Role based access control is often known as non-discretionary access control. The access control is based on a user’s job function within the organization that owns the computer system. In essence, role based access control assigns permissions to particular roles or jobs within an organization.

On the other hand, rule based access control depends on rules set by the system administrator. These rules will either allow or deny access to certain resource objects on a computer system. These accesses are stored in Access Control Lists (ACL) and before permission is granted or denied, the operating system checks the rules within the ACL

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 3.1

Access Control

3.1 Access Control Methods

Section 3.1 of the Security+ test focuses on industry access control methods that should be put in place to protect against fraud, network errors, communication failure, and so on. Each of these methods is put in place to minimize the possibility of something going wrong within a company’s infrastructure or personnel.

• ·         Implicit deny – Implicit deny simply means denying all traffic unless it is specifically granted access. Implicit deny means that unless something like traffic on a network is explicitly allowed, it is denied. It isn’t used to deny all traffic, but instead used to deny all traffic that isn’t explicitly granted or allowed.

• ·         Least privilege – The idea behind least privilege is that processes or individuals should be given the rights necessary in order to perform assigned tasks or functions, but no more. Least privilege mostly focuses on rights and actions.

• ·         Separation of duties – Separation of duties is usually put in place to ensure that no one person or entity is able to control all of the functions of a specific critical process. The purpose is to separate these duties to two or more people or entities. This is to protect against fraud, errors, theft, and so on.

• ·         Job rotation – Job rotation to many people is something that is nothing more than personal and managerial gain. However, in the security world, job rotation can help a company protect against errors, fraud, and theft. If one person is left with one job for years and years, it can be easy to slowly but surely implement a method of theft.

Industry access control is something that has become more serious in the work-world today. More and more companies are realizing the importance of these methods to ensure that their personnel are working how they are expected to. Since companies are becoming more technical, activities such as least privilege and implicit deny are extremely important. This way company servers and networks are protected against rogue users and hackers as well as personnel who are seeking to exploit access controls.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.7

Network Infrastructure

2.7 Wireless Networking Vulnerabilities

Wireless networking has become extremely popular in today’s world. With wireless printers, wireless internet, and Bluetooth, we are always seeking ways to go wireless. It seems that anything and everything nowadays can be involved in the new wireless world. From cell phones to MP3 players and even a scale you use to weigh yourself, it seems most things are made to be wireless friendly. Even though it is extremely convenient, wireless networking is extremely vulnerable. Wireless networks as just as, if not more vulnerable to same attacks that can happen to wired networks. However, there is more of a risk with wireless networking because the radio frequency signals can be intercepted without much effort. 

For this section, be aware of the risks of using wireless networking.

·         Data emanation – To put it simply, data emanation is electronic eavesdropping. As data travels throughout a computer or through the wires or access points of a network, a magnetic field is generated. This magnetic field can be read and unauthorized users can gain access to personal data. The problem is that this data can be intercepted and put into the wrong hands.

·         War driving – War driving is simply when a user, often times with malicious intent, uses a tool to seek out wireless network signals. An example would be a man who drives around with a laptop with a network card set to promiscuous mode, meaning it is constantly seeking for a WAP to communicate with. Once access is gained, the user can use the Internet access or damage your computer’s data.

·         SSID broadcast – Most wireless networks today are assigned a SSID. They are routinely broadcasted which means any device that offers the option to automatically connect to a network can be used and a connection can be made. This puts your network and information at risk.

·         Blue jacking – When spam or unsolicited messages are sent over a Bluetooth connection. Though a vulnerability, blue jacking is truly more of an annoyance than it is a huge threat to wireless networks.

·         Bluesnarfing – Bluesnarfing involves gaining unauthorized access through the use of a cell phone, a PDA, or a similar device. Once access is gained, the user is able to freely copy and steal data.

·         Rogue access points – Access points added to your wireless network that you haven’t authorized are considered to be rogue access points. Sometimes these access points can be set by someone looking to attack your wireless network. However, in most cases, the point is set by you or someone else who utilizes your network, except most times these access points are not given proper security and are therefore extremely vulnerable. Think man in the middle attack.

·         Weak encryption – Sometimes the cryptographic keys used to encrypt a file or a network can be too short or extremely easy to guess, which puts your data at risk. Most times these keys are less than 64-bits and can be cracked with the proper program.

Because wireless computing and networking is so popular today, companies are stepping up their efforts to include security controls to help fight against the threats of using wireless connections. Think of smart phones and how companies are trying to find ways to prevent Bluetooth hacking.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.6

Network Infrastructure

2.6 Transmission Media Vulnerabilities

You will rarely see questions on the CompTIA Security+ test dealing with vampire taps, simply because they are so aged and are rarely used these days. 

·         Vampire tap – A vampire tap is a connection to a coaxial cable that uses a hole drilled into the cable so that a clamp can be placed and connected to the inner conductor part of the cable. These types of taps are often used to connect some sort of device such as PC or printer to be connected to the cable. The tap allows for new connections to be made as long as the cable is in use. Administrators can use it to increase bus-topology network sections.

The entire problem with transmission media, especially coaxial cables is that they can be tapped into. Vampire taps can be used maliciously by rogue users who are seeking to attack a network.

Not much has been done with coaxial cables. Today companies are working to make them smaller and thinner, but the fact is that most people don’t use these cables anymore.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.5

Network Infrastructure

2.5 Network Device Vulnerabilities

Network devices of all types are vulnerable to many different security risks and threats. This is why hardening is important, so that the chance of a threat actually becoming a malicious reality is extremely low. Switches, firewalls, routers and anything else connected to a network are all vulnerable to some sort of attack. For this section, keep these attacks in mind and correlate the risk that they carry.

·         Privilege escalation – Privilege escalation is when a user is able to obtain higher permissions than those given by the system administrator. This can happen accidentally when an administrator assigns the wrong privileges, but in most cases, privilege escalation occurs when a user is trying to steal access. Many times a rogue user will find a flaw within the computer’s programming to use an exploit to gain administrative rights to a computer. Others will use keystroke loggers to gain access. This is why operating systems on every piece of hardware need to be patched and updated as necessary.

·         Weak passwords – Weak passwords on any level, from guest accounts all the way up to administrative accounts are a huge security risk. Any computer or any other piece of hardware with weak passwords is susceptible to password guessing, password crackers, and other threats.

·         Back doors – Hackers and crackers will often find and exploit backdoors that developers did not fix when programming. Back doors also include RAT tools that are placed by hackers to gain full control of your computer.

·         Default accounts – Default accounts are extreme vulnerabilities because most computer users know that they exist. When a hacker is looking to gain access to your information, he/she can opt to crack the password to the default account and in no time will have access to your files. Many times computer users forget to change the default passwords on these accounts which makes them even more vulnerable.

·         DOS – Denial of service attacks are common and can be used at anytime against any type of network or computer that lacks the proper security.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.3

Network Infrastructure

2.3 Appropriate Use of Network Security Tools

You should know that the absolute best and easiest way to keep a computer safe is to physically isolate it from any sort of outside contact. However, this isn’t always possible, so to keep security at a high level, networks and online environments have become extremely complex. In the end, the most important thing is to secure the devices by using security tools to secure physical items.

·         NIPS – Network Intrusion-Prevention Systems. NIPS are often used with NIDS. NIPS can be both hardware and software based. The systems can range from intrusion detection to detection with prevention. NIPS will scan for configuration weaknesses and will detect attacks after they occur. Inline NIPS can prevent an attack and can proactively provide support from damage happening to machines on a network

·         NIDS – Network-Based Intrusion-Detection System. Used to monitor packet flow. NIDS can also be used to locate certain packets that may have slipped through the firewall but are not allowed. They are great for picking up DoS attacks as well as access by unauthorized users.

·         Firewalls – Firewalls offer great protection but shouldn’t be the only security tool used on a network. They are placed on networks and computers and are used to control undesired access by those outside of the network. Firewalls can be hardware, software, and a mixture of both. Firewalls should be the first line of defense, but not the only or last. Be aware of the different types of firewalls including proxy service firewalls, packet-filtering firewalls and others.

·         Honeypot – A honeypot is used to attract and then trap malicious users who try to penetrate a vulnerable computer system. They are often used in conjunction with other security tools.

·         Proxy servers – Proxy servers are similar to proxy-level firewalls as they both are placed between the Internet and the network at hand. Proxy servers are great for logging, caching, and security. When a request is sent to the proxy server for an Internet service, the request has to pass through certain filters and check back with the cache from previously visited web pages.

·         Internet content filters – Internet content filters filter what sort of websites and applications can and cannot be ran. Certain words, phrases, and terms are compared to the content of applications and web pages to either allow access or deny it. These filters are popularly used at schools and in the workplace. Think of Vista’s Parental Controls.

·         Protocol analyzers – Protocol analyzers are great for two things. For one they can gather packet-level information from the network to help troubleshoot a problem. When the packets are captured, they are decoded into readable data. These analyzers are also useful when it comes to monitoring, such as unwanted or unexpected network traffic.

GetCertify4Less and GetCertified4Less

CompTIA Security+ Exam Objectives 2.2

Network Infrastructure

2.2 Network Design Elements & Components

In section 2.2, you’re looking to know the main differences between various network design elements and components. You should know that when creating a network security policy, you have to have a set list of procedures to follow in order to defend each and every user from data loss and harm. This means implementing proper security elements such as firewalls, VLANS, and so on. You’ll want to know what these elements and components can do for your network’s security.

• ·         DMZ – Demilitarized zone is a small network between the internal and the Internet. It allows outside users to have access to information said to be necessary but will not share internal information. Basically outside users can access data, but none of the data will be internal. This way your network has a shield of privacy and security. Many network engineers opt to put mail and web servers on the DMZ since they are often exposed to the internet. But this calls for upkeep with patches and further hardening.

• ·         NAC – Network Access Control. NAC is extremely effective in protecting networks from malicious hosts by ensuring proper configuration on computers. NAC will examine a computer and based on the results it gets, will either grant or not grant access to the network. Computes that aren’t given access are often times put on a guest VLAN or redirected to a different server. Know what the access requestor, policy decision point, and policy enforcement point are. Be aware of integrating NAC inline, switch based, host based, and out-of-band.

• ·         VLAN – Virtual Local Area Network is used to combine network nodes into the same broadcast domain without worrying about physical attachment. Can be used to reduce the amount of broadcast traffic in a switched network because it can create multiple isolated LANS.

• ·         NAT – Network address translation is a liaison that works between the Internet and an internal network. NAT lets many computers connect to the Internet by using a single IP address. This way, the internal network is hidden from the outside world because it uses a private IP address.

Also make note of network interconnections, subnetting, and telephony. Remember, this section is all about how you can use these various items to boost network security.

Going along with network security, many companies have opted to include built-in security features for networks. NETGEAR, a popular networking company, has added to its ProSafe Plus Switch line with models that have QoS prioritization for both voice and video traffic as well as VLAN configuration. The switches also offer protection against DoS attacks.

GetCertify4Less and GetCertified4Less

Certification Changes for 2010 and 2011

2010 has been a year of change for IT Certification...and it is not done yet.  Here are some Certification changes scheduled for the rest of 2010:

•  DoD Directive 8570.01 certification deadline is December 31, 2010. More information on DOD 8570.01 can be found here.
• CompTIA Bridge exams retire December 31, 2010
• CompTIA "Certified for Life" ends December 31, 2010
• CompTIA  RFID+ (RF0-001) exam retires December 31, 2010, no replacement
• CompTIA CDIA+ (225-030)  exam retires December 31, 2010, no replacement
• CompTIA Server+ exam SK0-002 will retire; the replacement for this exam is SK0-003

Here are a few changes expected in 2011:

• CompTIA A+ will include Windows 7 Operating System January 2011
• CompTIA Project+ 2003 will retire March 31, 2011
• CompTIA Security+ SYO-301 expected to be released. The new objectives for the SYO-301 are available here.
• Microsoft is planning to retire several certification exams on  March 31st, 2011. List of exams can be found here.

Most notably would be the change of the CompTIA certification policy.  Full details on the CompTIA certification policy can be found here.

GetCertify4Less and GetCertified4Less