Security+ Exam Objectives 4.7

4.7 Conduct periodic audits of system security settings.

Alongside with other audits, it’s also important to routinely audit system security settings. This includes group policies, user accounts and accesses, and so on. Neglecting this type of audit leaves an open hole for a rogue user or an unauthorized user to gain access to important information. In this section, you’ll want to know how and why it is important to complete the following audits:

• User access and rights review – A review of assigned resource privileges, determining who needs to have access to what by way of privileges. Privileges being how much information a user account has access to. Frequently user accounts will be setup via the Principle of Least Privilege which declares a user account the bare minimum access needed for the user to perform their tasks. However, when a user finds a way to exploit their access privileges this is known as privilege abuse, gaining access to information or privileges that they have not been assigned. Often times this abuse can be related to administration errors such as assigning new privileges to a user account while forgetting to remove the old privileges. Other times the abuse is malicious and due to a hacker attacking the system and manipulating the system to give themselves more privileges than they are entitled to.

• Storage and retention policies – As technology progresses and the needs for security become more evolved there arises a problem as to what needs storing and where is the safest place to store data. HIPAA (Health Insurance Portability and Accountability Act) and Sarbox (Sarbanes-Oxley Act 1996) decided when and for how long data should be stored and secured in an organization’s system.

• Group policies – In a group policy, one baseline can be established so that all computers on the company’s network are all using the same Operating System as defined in the company’s security policy. This makes it easier on the Network Admin to provide a policy for the entire system without making a baseline for each computer on the network individually.

 
Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification.

Security+ Exam Objectives 4.6

4.6 Logging Procedures and the Results

Auditing is truly one of the baselines of security and defense in a network. Without auditing, you will be oblivious to any security violations that may have occurred or could occur. Auditing should always involve logging and set procedures to do so properly. In the section, you want to keep the fact that auditing is important to security and without it, there is no way to trace and understand how a certain violation occurred.

• Security application – While there are many other specific logging techniques for other security applications; there are three general rules of thumb that apply to most security applications.  All logged entries should be as specific and detailed as possible. The more detailed a log the easier it becomes to track down violations. A backup version of the logging record should be kept on a separate system for security reasons.

• DNS – Focuses on two main activities, queries for zone transfer and changes to zone data. The DNS logs all changes to allow the tracking of invalid entries into the zone file and the time in which the entry occurs.

•  System – The organization controls all of the factors of the system including who has access and when and the length of time these logs are kept in the database.

• Performance – Less important than security applications, performance logging takes a log of events that exceed a set parameter; these records should still be kept secure and private.

• Access – Any events of attempted access to sensitive material or any repeated attempts to log in to a sensitive area should be logged and noted on a centralized logging server.

• Firewall – Records all attempts, successful or failed, to gain access to the system.

• Antivirus – Log records include all notifications of malicious software gaining access to the system.  

Visit GetCertify4Less or our new site GetCertified4Less to save on your certification.

Security+ Exam Objectives 4.5

4.5 Monitoring Methodologies

Section 4.5 deals with ways to monitor a network and system. There are certain methodologies for tools which dictate how they function and help the tool determine whether something is abnormal, benign, or malicious. Without these monitoring methods, a system is extremely vulnerable. Remember, security is and should be multi-layered.

• Behavior-based – In order for this method to work a baseline has to be established so that from there on any changes that are detected can be reported, including attacks and intrusions. However, the drawback to using behavior based attack is that it’s difficult to determine what is benign or malicious since the tool is automatic.

• Signature-based – This method relies on a database consisting of known malicious or unwanted activity. The strength of this method is the speed in which it detects intrusions into the system is exceptionally fast; however, if an intrusion occurs and the data is not in the database of known files, then the new intrusion will not be detected. The fix for this problem however is constant updating of the database to recognize new threats.

• Anomaly-based – Relying on valid forms of entry in a database, anomaly-based methods detect any and all anomalies that try to gain access to the system. Generally used in protocols since all protocols are known and well defined in the database with any variation of the protocol labeled as an anomaly. The weakness here is that malicious items can get through into the system through regular traffic and remain unnoticed because the data does not exceed the accepted value.

Microsoft Launches IT Certification Reality Show

Microsoft Learning launched a new online reality show it is calling Career Factory intended to follow nine individuals through their IT pursuits. Microsoft is proving them with training, resources and free exams for four months to help them reach their goals. The Born to Learn site is hosting the show.

Each character has a different starting point and career goals.  Which character resembles you? To learn more about Steve, Tim, Kevin, Bojan, Eddie, Rabib, Neil, Simon and Caroline visit Born to Learn

Get certified with the cast.  Visit GetCertify4Less or our new site GetCertified4Less to save on your Microsoft certification.

Security+ Exam Objectives 4.4

4.4 Use monitoring tools on systems and networks and detect security-related anomalies.

Penetration testing and vulnerability scanning are only a few ways to keep up to date on the system’s status. However, to continue on a path to true security, more companies have began to use other tools such as performance and systems monitors. These tools enable the security to observe and develop trends in down time, the changes in job focus, and the need for infrastructure upgrades.

Monitoring tools vary in usage and purpose, though the end result is to have a more secure network and system. You want to be aware of each of the tools and know exactly how and what they are used for.

• Performance monitor – A tool used to watch and correlate data from the activity of system metrics to known baselines, malicious anomalies, and problem trends. Constant observation using a performance monitor is imperative to a security admin, as deviations from the policies can be spotted whilst using this tool.

• Systems monitor – A systems monitor oversees CPU usage, memory consumption, free hard drive space and various other important functions. Systems and Performance monitors are very similar in the way they track activity but they differ in what they’re used to observe. Performance monitors are used to track user interactions while system monitors are used to observe the physical side of the system.

• Performance baseline – This is the comparison point used in the above systems, the baseline is established in accordance to a policy or by group approval and then serves as the starting point in monitoring the system.

Protocol analyzers –These tools are used to target network traffic and examine the contents. By capturing packets the information can be stored onto a storage device or into memory. Protocol analyzers can be utilized in detecting communication problems in software and hardware.  

To save on your IT Certification of for questions about getting certified visit GetCertify4Less or GetCertified4Less

Security+ Exam Objectives 4.3

4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.

Penetration testing, sometimes known as ethical hacking, should be used where vulnerability scanning has failed, as penetration testing goes further by actively seeking out and trying to shut down the security system. These tests are often carried out by white hat security specialists instead of the everyday systems admin. When these tests are in process, it is rare that the IT or security staff of the company is aware. This way not only can system security be looked at, but also how the personnel react to a specific attack.

A penetration test will assume the role of a malicious attacker actively trying to cause harm to the system and shut down the security of said system. Whereas the vulnerability scan will try and effectively find a hole or weakness in the system by probing and other passive measures. Companies tend to prefer vulnerability scanning as the process never actually hampers the current security of the system

GetCertify4Less and GetCertified4Less

IT Certifications Grow in Importance in Hiring Process

IT Certifications Grow in Importance in Hiring Process, but Employers Challenged by Evaluation, Validation Issues, CompTIA Study Finds

Greater emphasis on validated skills as companies struggle to fill IT staff openings

Downers Grove, Ill., February 7, 2011 – Employers are inclined to rely more heavily on professional certifications when hiring information technology (IT) workers, but are challenged by credential evaluation and validation issues, research from CompTIA, the non-profit trade association for the information technology (IT) industry, reveals.

Professional certifications are already viewed by hiring managers as a high-value validation of IT skills. The CompTIA study suggests certifications will grow in importance as organizations seek to fill tech jobs.

Among IT hiring managers nearly two-thirds (64 percent) rate IT certifications as having extremely high or high value in validating skills and expertise. Eight in ten human resources (HR) professionals surveyed believe IT certifications will grow in usefulness and importance over the next two years.

But employers also expressed concerns about some aspects of using IT certifications in the hiring process. There is a perception among some hiring IT managers that the HR department does not have a solid understanding of IT certifications. Some firms also said verifying a job candidate’s credentials can be a challenge due to the time involved (cited by 44 percent of hiring IT managers) and effort required (38 percent).

“The value of certifications can be enhanced in a numbers of ways,” noted Tim Herbert, vice president, research, CompTIA. “Stronger links with education; easier methods of verification; greater understanding of what IT certifications can and cannot do; and more organizational support for certifications as part of a professional development program all would be positive steps in this direction.”

Nearly 1,700 business, HR and IT executives participated in the survey, designed to gain insight into how they evaluate job candidates; the role of IT certifications in the hiring process; and how organizations support professionals’ development.

Experience, track record and accomplishments rank as the most important factors when evaluating job candidates, according to the study. But education and credentials such as certifications also rank high. For example, 86 percent of hiring managers indicate IT certifications are a high or medium priority during the candidate evaluation process.

“From the employer’s perspective, top benefits of IT certification are validation of an individual’s ability to understand new or complex technologies, higher productivity and more insightful problem solving,” said Herbert.

The study suggests that certifications will become even more important as employers struggle to find individuals to fill job openings. Despite a virtual buyer’s market for hiring, roughly eight in ten HR executives in the United States said it’s challenging to find the right candidate with the right skill set to fill their openings. Many IT managers in the study share a similar view. For certain positions, the pool of available talent is not as deep as they would like it to be.

“Now more than ever there’s little margin for error for making a bad hire,” Herbert said. “In an environment of needing to do more with less, organizations cannot afford the time and cost of bringing on a new employee who cannot contribute immediately.”

The CompTIA study Employer Perception of IT Training and Certification is the result of two separate online surveys: to 1,385 business and IT executives that made a recent IT hiring decision in the United States, United Kingdom and South Africa; and to 300 HR professionals in the U.S. The complete report is available at no cost to CompTIA members who can access the file at www.CompTIA.org or by contacting research@comptia.org.

Original press release from CompTIA can be found here.

GetCertify4Less and GetCertified4Less

Security+ Exam objectives 4.2

4.2 Vulnerability Assessments

For section 4.2, you’ll want to gather information that deals with using certain tools to seek out weaknesses in a system. These tools can be used to prevent a major breach in said system. A successful security project requires constant vigilance and monitoring alongside with routine vulnerability assessments.

        

•  Port scanners – An assessment tool used to determine the status of a target system’s port by sending probes or test packets. The target port can be either open, or closed. By sending a SYN flagged packet to an open TCP port then the response will be a SYN/ACK flagged packet, however, if the TCP port is closed the received packet will be a RST packet. If a firewall is present then no response may be received.

•  Vulnerability scanners – These are tools used to find know weaknesses, vulnerabilities, or holes in a system by using a series of probes and scripts. They can be run either inside the network or outside and are not designed to cause damage to the target system although they can cause slow performance on the system.

• Protocol analyzers – Used to target network traffic and examine the contents. By capturing packets the information can be stored onto a storage device or into memory. Protocol analyzers can be utilized in detecting communication problems in software and hardware

• OVAL – (Open Vulnerability and Assessment Language) is an internal security program with the intent to make available tools and information in a standard format for the world.  OVAL is based on XML (Extensible Markup Language.)

•  Password crackers – These are tools used to obtain information on passwords that are forgotten or unknown to the user by way of four main cracking techniques: dictionary, brute force, hybrid and pre-computed hash. Though they can be used negatively, one can also use them to test the true strength of system passwords.

Network mappers – A network mapper is a tool that passively builds an infrastructure map of a network by utilizing protocol analyzers and port scanners.

GetCertify4Less and GetCertified4Less

Security+ Exam Objectives 4.1

4.0 Assessments & Audits

4.1 Risk assessments and implementing risk mitigation.

Identifying potential risks and deploying ways to prevent said risks through mitigation, assignment and acceptance are an important part of any company or organization’s security. Without thorough assessments and audits, it will be extremely challenging to properly secure a network and computer systems. The fact is that there is no surefire way to completely secure a network. Though, assessments and risk mitigation skills can be used to help provide the best possible security system.

Risk assessment is used to help limit the number of risks that a company has to face. This often involves finding out the threats that the system or network has and finding ways to minimize them. It is also extremely important to look and patch any vulnerabilities that may exist. Vulnerabilities can be found easily and when they are not taken care of properly, your entire network is at risk.

There are several different formulas for analyzing risks: ALE (Annual Loss Expectancy), ARO (Annualized Rate of Occurrence), SLE (Single Loss Expectancy), and EF (Exposure Factor). Know what these risk assessments are and how you would go about implementing them for risk mitigation. For the test, be aware of these formulas and know what they are used for. For example, know what the annual loss expectancy is and how it relates to risk. You’d want to know that ALE deals with dollars and the monetary amount that could potentially be lost to a certain risk.

GetCertify4Less and GetCertified4Less